The Department of Justice (DOJ) has set a clear standard for state and local governments: all web content and mobile apps must conform to WCAG 2.1 Level AA. While the rule is simple, following it can be tricky. Most agencies rely on outside vendors for essential tools like payment portals and website builders. Under Title II of the ADA, your organization is still responsible for the accessibility of these services, even if a third party provides them. Moving from a reactive approach to a proactive, defensible strategy requires a shift in how your agency handles new partnerships. By integrating accessibility into the very beginning of your procurement process, you can mitigate legal risk and ensure that digital inclusion is a built-in feature rather than an afterthought.

01. Build leverage early

If you wait until a website is built to think about accessibility, you have already lost your primary source of leverage. You must decide that accessibility is a core requirement before you even start looking for a solution. Once you’ve done that, you should:

Why this matters Procurement is the decisive moment where your agency either builds leverage or inherits long-term remediation debt. Under the DOJ's Title II rule, you are legally responsible for accessibility even when services are delivered through third-party platforms. If WCAG 2.1 Level AA requirements are not in the contract upfront, you lose power to compel fixes later and your staff is stuck with manual workarounds while the agency carries the legal risk.

02. Share the responsibility correctly

A successful strategy relies on a clear division of labor. By defining roles upfront, you ensure that when a barrier is found, there is a clear path to a fix rather than a cycle of finger-pointing. In practical terms, this means dividing ownership as follows:

Why this matters Shared responsibility does not mean shared liability. Under the ADA, the public entity remains accountable for the citizen experience. A clear division of labor prevents "structural risk," where accessibility barriers fall into gray areas and never get fixed. By defining these roles, you ensure the vendor owns the platform-level code while your team focuses on content governance. This creates a defensible "evidence trail" showing regulators that you are exercising active oversight rather than relying on blind faith in a vendor.

03. Write accountability into the contract

Don't rely on a vendor's verbal promise. Your contracts should include enforceable language that protects your agency and provides a safety net if a product falls short of the required standards. To create this legal protection, your agreements should include:

Why this matters Contractual accountability is the only way to shift the cost of remediation back to the vendor. Without these clauses, accessibility barriers become a permanent "remediation debt" that your agency must pay for through manual workarounds or expensive third-party retrofitting. Treating accessibility as a standard product defect—with defined fix timelines and "go-live" authority—ensures that accessibility issues have a clear owner and a resolution deadline, transforming them from legal liabilities into manageable technical tasks.

04. Verify vendor claims

Most vendors will provide a VPAT (Voluntary Product Accessibility Template) to show their product is accessible. Once a vendor fills out a VPAT, it becomes an ACR (Accessibility Conformance Report). You must treat this document as a starting point, not a guarantee. To ensure you aren't stuck with a vendor's mistakes, you should:

Why this matters Vetting vendor paperwork is the final check against "reactive" risk management. A VPAT is only as good as the audit that created it; empty "supports" columns or outdated version numbers are red flags that the vendor has not done the work. By verifying these claims, you ensure your agency is purchasing enforceable accountability rather than a paper shield. accessiBe can support this step by providing expert manual audits and helping you fill out an accurate VPAT, turning your ACR into a living, public record of your due diligence and proactive compliance strategy.

To help you maintain a defensible posture, accessiBe provides professional support for your documentation and auditing needs.

Our experts conduct manual testing to identify barriers that automated tools might miss and help you fill out a VPAT accurately. Once completed, these ACRs live on your website as a public record of your accessibility efforts and a key piece of your compliance strategy, ensuring your documentation remains current as your digital services evolve.

Conclusion: What a strong strategy looks like for 2026

As the April 2026 deadline for ADA Title II approaches, a "defensible" strategy isn't about achieving instant perfection. Instead, it is about proving that your agency has an active, documented process for managing accessibility risk. By following these four steps, you move from a reactive state of "firefighting" to a proactive model where vendors are held accountable and digital services are built to be inclusive from the start. This structured approach not only lowers your legal risk but also ensures that your community can access essential services without barriers.