Digital Accessibility Certification & Continuous Compliance
See where your website may be exposed — and what it takes to become compliant
Scan a URL, identify likely compliance gaps, and move toward certification with continuous monitoring. Built for Puerto Rico municipalities, hospitals, and healthcare organizations navigating active federal deadlines.
Automated screening does not constitute a legal opinion. Expert review is required for full compliance assessment.
El escaneo automatizado no constituye una opinión legal. Se requiere revisión experta para una evaluación completa de cumplimiento.
Operational Risk
Five reasons compliance is a business-critical issue
Digital accessibility noncompliance is not a technical inconvenience. It is a federal legal obligation with direct financial, contractual, and operational consequences.
Federal Funding Exposure
Organizations receiving federal Medicaid, CMS, or HHS funds risk funding loss under Section 504 noncompliance.
DOJ Enforcement Deadlines
DOJ enforcement is active — the IFR extension under 28 CFR §35.200(b)(1)–(2) gives 12 more months to comply, not 12 more months to start. Organizations that delay risk OCR complaints, federal audits, and loss of Medicaid, CMS, and HHS funding.
Procurement Friction
Inaccessible digital assets block contract eligibility and vendor qualification with federal agencies.
OCR Complaint Liability
A single OCR complaint triggers mandatory corrective action and documentation review.
Compliance Decay
Websites and documents change continuously. A one-time fix does not equal ongoing compliance.
Municipalities and agencies serving 50,000+ residents. 28 CFR §35.200(b)(1) — as extended by the DOJ IFR (+12 months).
All HHS fund recipients, including hospitals and universities. 45 CFR Part 84, with §84.84 governing web/mobile accessibility.
Municipalities under 50,000 residents and all special districts. 28 CFR §35.200(b)(2) — as extended by the DOJ IFR (+12 months).
Covered Entities
Which organizations are legally required to comply
ADA Title II, HHS Section 504, HIPAA, and CMS Price Transparency requirements apply broadly across government, healthcare, and federally funded organizations. The question is not whether you are covered — it is how quickly you must act.
Municipalities / Municipios
Hospitals & Health Systems
Health Plans & Insurers
State & Government Agencies
Private Businesses
Vendors & Federal Contractors
Regulatory Update
Understanding the April 2026 DOJ Extension
On April 24, 2026, the U.S. Department of Justice issued an Interim Final Rule (IFR) extending the ADA Title II web-accessibility compliance deadlines by 12 months under 28 CFR §35.200(b)(1) and (b)(2). The extension is not a reprieve — it is additional time to execute, not to begin.
What the IFR Changed
The IFR adds exactly 12 months to each original ADA Title II web-accessibility deadline. Large public entities (50,000+ residents) now must comply by April 24, 2027; smaller entities and special districts by April 26, 2028. The WCAG 2.1 Level AA conformance standard itself did not change, and no substantive obligations were relaxed. Only the compliance date moved.
Who Gets the 12 Months
Only ADA Title II-covered public entities receive the extension: state and local governments, Puerto Rico's 78 municipalities, state agencies, public universities, transit authorities, and special districts. It does NOT extend HHS Section 504 deadlines (which remain May 11, 2026, under 45 CFR Part 84, including §84.84 for hospitals and universities). Private businesses under ADA Title III, CMS Price Transparency obligations, and HIPAA-regulated entities are unaffected.
What You Must Do NOW
Use the 12-month window for execution, not deferral. Commission a WCAG 2.1 AA baseline audit within 30 days. Remediation on a typical government website runs 6–10 weeks per domain; portals, PDFs, and third-party widgets often require another 8–12 weeks. Leave three months at the end for verification, documentation, and procurement-ready certification. Starting in Q1 of the deadline year is already too late — OCR complaints are actionable the day the deadline passes.
Legal Citations
ADA Title II IFR extension: 28 CFR §35.200(b)(1) — large public entities — and 28 CFR §35.200(b)(2) — small entities and special districts. HHS Section 504 web/mobile accessibility: 45 CFR Part 84, with 45 CFR §84.84 specifically governing hospitals, universities, and other HHS fund recipients. Technical conformance standard: WCAG 2.1 Level AA. Enforcement authority: U.S. Department of Justice (DOJ) Civil Rights Division and HHS Office for Civil Rights (OCR).
The AccessMark Method
A structured four-phase compliance methodology
Each phase builds on the last. Organizations move from exposure identification through certified compliance and into ongoing defensibility.
All public-facing digital properties are assessed — websites, mobile apps, PDFs, online forms, and downloadable documents. The audit combines automated scanning tools with expert manual evaluation, covering keyboard navigation, screen reader behavior, focus management, color contrast, and document structure. Deliverable: Scorecard with severity rankings and remediation roadmap, cited to federal regulatory code.
📋 Deliverable: Scored audit report + prioritized remediation roadmapCode fixes, content corrections, and document remediation applied to all identified violations. AccessMark produces detailed technical specifications; your development team or AccessMark-trained developers execute. Every remediation action is logged for compliance documentation. Deliverable: Remediated digital properties and a complete remediation log.
🔧 Deliverable: Remediated properties + remediation logFormal compliance verification against WCAG 2.1 AA, ADA Title II, Section 504, and applicable CMS requirements. Documentation is structured to serve as legal evidence of due diligence — not a generic report. The attestation package is formatted for submission to OCR, DOJ, or any federal oversight body. Deliverable: Certification letter, attestation package, and OCR/DOJ-ready documentation.
✅ Deliverable: Certification letter + OCR/DOJ-ready attestation packageAccessibility degrades as content changes. Phase 4 maintains your compliance status through automated monthly scans, quarterly expert reviews, regression alert reports, and annual re-certification. Organizations subject to ongoing OCR oversight require documented continuous compliance records. Deliverable: Monthly compliance dashboard, alert reports, and revalidation support.
📊 Deliverable: Monthly dashboard + alert reports + annual re-certificationFree Accessibility Scan
Scan any webpage for real WCAG 2.1 AA violations
Paste a URL. We run axe-core — the same open-source scanning engine government auditors use — against the live page and return actual violations, grouped by category and mapped to your regulatory deadline.
Continuous Monitoring
Compliance is not a one-time event
Accessibility degrades as content changes
Every content update, design change, or new document upload is a potential compliance regression. Monitoring catches them before they become OCR complaints.
Build a documented compliance record
Ongoing monitoring creates a time-stamped compliance history — the most defensible evidence in a federal investigation or OCR corrective action review.
Annual re-certification keeps validity current
AccessMark certification is valid for 12 months. Annual re-certification confirms continued conformance and refreshes your attestation package for any regulatory inquiry.
Required under ongoing OCR oversight
Organizations that have received an OCR complaint or corrective action plan are typically required to demonstrate ongoing compliance monitoring. AccessMark provides the documented record.
Sector Pathways
Your organization's specific compliance pathway
State & Government Agencies
Applicable Regulations
- ADA Title II — 28 CFR §35.200
- HHS Section 504 — 45 CFR Part 84
- Section 508 — 36 CFR Part 1194
- Executive Order 13166 (Language Access)
Assets Typically in Scope
- Agency websites and web portals
- Benefit enrollment and claims systems
- Regulatory publications and digital archives
- Public-facing apps and mobile tools
Why Urgency Differs
State agencies face both ADA Title II deadlines and ongoing OCR oversight under Section 504. Federal grant conditions may also require documented accessibility compliance as a condition of continued funding.
Recommended: Full Program with Monitoring
Puerto Rico Municipalities
Applicable Regulations
- ADA Title II — 28 CFR §35.200(b)(1)–(2) (April 24, 2027 large / April 26, 2028 small, IFR-extended)
- EO 13166 — Spanish language access
- HHS Section 504 (if health services received)
Assets Typically in Scope
- Municipal government website
- Citizen service portals and forms
- Official PDF notices and ordinances
- Emergency communications and alerts
Why Urgency Differs
All 78 Puerto Rico municipalities are public entities under ADA Title II (28 CFR §35.200), not private businesses. Large municipalities serving 50,000+ residents (San Juan, Bayamón, Carolina, Ponce) must comply by April 24, 2027. Smaller municipalities have until April 26, 2028. Both dates reflect the DOJ's 12-month IFR extension under 28 CFR §35.200(b)(1) and (b)(2).
Unlike private sector entities — which may negotiate Rehab Act §504 alternative-access accommodations — municipalities cannot waive Title II web-accessibility obligations. Remediation typically takes 6–10 weeks per domain, so planning must begin now, not in Q1 of the deadline year.
Recommended: Audit + Certification
Hospitals & Health Systems
Applicable Regulations
- HHS Section 504 — 45 CFR Part 84 (May 11, 2026)
- CMS Price Transparency — 45 CFR §180.50
- HIPAA Privacy — 45 CFR §164.520
- ACA Section 1557 — non-discrimination
Assets Typically in Scope
- Patient portals and scheduling platforms
- Price transparency machine-readable files
- Clinical forms, discharge instructions, consent documents
- Telehealth platforms and apps
Recommended: Full Program with Monitoring
Health Plans & Insurers
Applicable Regulations
- HHS Section 504 — 45 CFR Part 84 (May 11, 2026)
- HIPAA Privacy — 45 CFR §164.520
- ACA Section 1557
- Medicare Advantage digital access requirements
Assets Typically in Scope
- Member portal and mobile app
- Drug formulary and coverage documents
- Provider directory and network tools
- Annual notice of coverage / Benefits guide
Recommended: Audit + Certification
Private Businesses
Applicable Regulations
- ADA Title III — Public accommodations
- State equivalents and local ordinances
- Government contractor accessibility clauses
Why Urgency Differs
ADA Title III litigation has increased significantly. Proactive certification provides legal defensibility before a complaint is filed — and documents good-faith compliance efforts, a key factor in ADA enforcement outcomes.
Recommended: Audit Only or Audit + Certification
Vendors & Federal Contractors
Applicable Regulations
- Section 508 — 36 CFR Part 1194
- FAR accessibility clauses (48 CFR 39.2)
- Agency-specific WCAG requirements in RFPs
Why Urgency Differs
Government procurement increasingly requires WCAG 2.1 AA compliance as a contract qualification requirement. An AccessMark certification is a procurement differentiator — and a qualification evidence document for RFP responses.
Recommended: Audit + Certification
Standards & Methodology
How AccessMark determines compliance
Standards alignment
Every AccessMark audit maps findings to applicable regulatory standards — not just WCAG. The deliverable is a legally traceable record, not a generic scan report.
Automated testing tools detect approximately 30–40% of WCAG 2.1 AA violations. The remaining 60–70% require expert manual review — testing keyboard navigation, screen reader behavior, cognitive load, and document structure. AccessMark combines automated scanning with certified expert review for a defensible compliance record.
Bilingual differentiation
AccessMark is the only compliance firm in Puerto Rico offering integrated English/Spanish digital accessibility and language-access review.
For organizations serving Spanish-dominant populations, language access compliance under Executive Order 13166 and Title VI is a separate federal requirement — not covered by WCAG alone. AccessMark reviews both.
Authoritative references
AccessMark methodology aligns with the official U.S. Department of Justice ADA Title II web rule and W3C Web Accessibility Initiative fundamentals.
- ADA Title II Web Accessibility Rule (DOJ, 2024) ada.gov — official rule text and compliance dates
- W3C WAI — Accessibility Fundamentals w3.org/WAI — WCAG, ARIA, and accessibility principles
Frequently Asked
Answers to the questions buyers ask most
Direct, technical answers for municipal, healthcare, and agency decision-makers evaluating their compliance posture.
What does WCAG 2.1 Level AA actually mean?
WCAG 2.1 (Web Content Accessibility Guidelines, version 2.1) is the technical standard cited by federal regulators. Level AA is the middle conformance tier — it's the bar set by ADA Title II (28 CFR §35.200), HHS Section 504 (45 CFR §84.84), and Section 508. It covers keyboard operability, screen-reader compatibility, color contrast ratios (4.5:1 for normal text), captioning for video, resizable text, and consistent navigation. It applies to websites, mobile apps, PDFs, and any digital content a public entity makes available.
What does the DOJ's 12-month IFR extension actually change?
Only the compliance date — not the obligations. Under 28 CFR §35.200(b)(1), large public entities (50,000+ residents) now have until April 24, 2027; under §35.200(b)(2), smaller entities and special districts have until April 26, 2028. WCAG 2.1 AA remains the standard. The extension does NOT apply to HHS Section 504 deadlines (still May 11, 2026), CMS Price Transparency, HIPAA, or ADA Title III private-sector obligations. Think of it as 12 additional months to execute, not 12 months to postpone starting.
What does an AccessMark audit actually include?
Automated scans across every public-facing domain, plus expert manual review covering keyboard navigation, screen-reader behavior (NVDA/JAWS/VoiceOver), focus management, color contrast, form labeling, ARIA use, and document structure (PDFs, forms, embedded widgets). Deliverables: a severity-ranked scorecard cited to federal regulatory code (28 CFR, 45 CFR, WCAG success criteria), a prioritized remediation roadmap, and a bilingual executive summary suitable for procurement and board review. Re-test is included after remediation to support certification.
How long does remediation take?
A typical municipal or hospital website runs 6–10 weeks per domain. Add 8–12 weeks if PDFs, intake forms, patient portals, or third-party widgets (payment, scheduling, formularies) are in scope. Organizations with multiple domains, Spanish-language parallel content, or legacy CMS platforms should budget 4–6 months end-to-end, including audit, remediation, verification, and procurement-ready certification packaging. Starting in Q1 of the deadline year leaves no margin for retest.
What happens if we miss the deadline?
OCR and DOJ complaints become actionable the day after the deadline passes. A single complaint triggers mandatory investigation, corrective-action documentation, and a public-facing resolution. For HHS fund recipients, noncompliance under Section 504 (45 CFR Part 84) puts Medicaid, CMS, and grant funding at risk. For procurement, inaccessible digital assets block federal contract eligibility and vendor qualification. There is no grace period once a deadline has passed — the regulatory posture flips from 'must comply by X' to 'currently in violation'.
Does accessibility apply to our mobile apps and PDFs too?
Yes. ADA Title II (28 CFR §35.200) and HHS Section 504 (45 CFR §84.84) both extend to mobile applications, PDF documents, online forms, and any digital content made available by a covered entity. PDFs used for official notices, ordinances, price transparency files, benefit enrollment, and patient intake are in scope and must be tagged for screen readers. Native mobile apps (iOS and Android) must meet WCAG 2.1 AA equivalent standards through accessible UI components, proper labels, and system-level assistive technology support.
What's the difference between ADA Title II and HHS Section 504?
Jurisdiction and enforcement authority. ADA Title II covers all state and local government public entities (28 CFR §35.200) regardless of federal funding — DOJ is the enforcement authority. Section 504 of the Rehabilitation Act (45 CFR Part 84, §84.84) covers any recipient of HHS funds — hospitals, health plans, public universities, research institutions — and is enforced by HHS OCR. Many organizations are covered by both simultaneously; for example, a Puerto Rico public hospital receiving Medicaid must meet Title II (by April 24, 2027) AND Section 504 (by May 11, 2026, whichever comes first).
Our vendors built our site — are they liable, or are we?
The covered entity — your municipality, hospital, or agency — is legally responsible for conformance under 28 CFR §35.200 and 45 CFR §84.84, regardless of who built or hosts the digital asset. That said, procurement practice typically requires vendors to deliver WCAG 2.1 AA conformant work product and to remediate violations at no additional cost. AccessMark's audit deliverables are designed to plug directly into vendor remediation orders and federal procurement documentation (VPAT/ACR), so you can hold vendors accountable with regulator-ready evidence.
Start here
Run your sample scan
Enter your URL and organization type to see a simulated compliance gap analysis. No commitment required.
Run a sample scanNo commitment required. Sample scans are confidential and do not constitute a legal assessment.
Talk to an expert
Talk to AccessMark about certification
Speak directly with our compliance team about your organization's specific regulatory obligations and the AccessMark certification pathway.
Prefer email? Write to compliance@accessmark.io
We respond within one business day.
Message received
Thank you — we'll be in touch.
Your request has been received by the AccessMark compliance team. We respond within one business day. For urgent matters, email compliance@accessmark.io directly.