What is Section 508 compliance?

Section 508 of the Rehabilitation Act of 1973 requires U.S. federal agencies to make their information and communication technology (ICT) accessible to people with disabilities. This includes websites, software, documents, multimedia, and hardware. The law also applies to vendors who sell ICT products or services to the federal government — meaning compliance is required to win and maintain government contracts.

What is a VPAT and why do I need one?

A Voluntary Product Accessibility Template (VPAT) is a standardized document that explains how your digital product conforms to Section 508 accessibility standards. Federal procurement officers require VPATs when evaluating vendor products. An Accessibility Conformance Report (ACR) is the completed VPAT. Without a current, accurate VPAT/ACR, your product cannot be considered for federal contracts.

🏛️ Federal Compliance Standard

Section 508 Compliance: VPAT, Audits & Source-Level Remediation

Q: What WCAG version does Section 508 require?

The 2017 Section 508 refresh adopted WCAG 2.0 Level AA as the technical standard for web-based ICT. However, the DOJ's 2024 Title II rule references WCAG 2.1 AA, and WCAG 2.2 is increasingly cited in federal proceedings. Compliapoint audits to WCAG 2.1 AA (minimum) and recommends WCAG 2.2 AA for the strongest compliance posture.

Q: Who must comply with Section 508?

All U.S. federal agencies must comply with Section 508 when they develop, procure, maintain, or use ICT. This extends to contractors and vendors: any organization that sells digital products or services to the federal government must prove those products meet Section 508 standards. Organizations receiving federal funding may also have Section 508 obligations.

Section 508 of the Rehabilitation Act requires all federal agencies — and every vendor that sells to them — to make digital products accessible. Without a current VPAT/ACR, your product won't be considered for federal contracts. Compliapoint provides the audit, remediation, and documentation you need to win and maintain government business.

Start Your Assessment What We Deliver →

Who Must Comply with Section 508

Federal Agencies

Every U.S. federal agency must make its ICT accessible when developing, procuring, maintaining, or using technology. This includes websites, internal tools, documents, multimedia, and hardware. Agencies including DHS, the Department of Education, and SSA have faced lawsuits for non-compliance.

Government Vendors & Contractors

Any organization selling digital products or services to the federal government must prove those products meet Section 508 standards. Federal procurement officers require a current VPAT/ACR as part of vendor evaluation. No VPAT = no consideration for the contract.

Federally Funded Organizations

Organizations receiving federal funding — including universities, research institutions, state agencies, and nonprofits — may have Section 508 obligations for the technology they purchase and deploy with federal dollars.

📋 Section 508 + Title II Convergence

The DOJ's 2024 Title II rule requires state and local government websites to conform to WCAG 2.1 AA by April 24, 2026. If you're a vendor selling to both federal and state/local government, you need Section 508 compliance (WCAG 2.0 AA minimum) AND Title II readiness (WCAG 2.1 AA). Compliapoint audits to WCAG 2.2 AA, covering all requirements with a single engagement.

What Compliapoint Delivers for Section 508

VPAT / ACR Documentation — Completed Voluntary Product Accessibility Template documenting conformance against Section 508 and WCAG criteria. Ready for procurement submission.
Comprehensive WCAG Audit — Every page, form, document, and interactive element tested against WCAG 2.1 AA (minimum) with detailed findings report
Source-Level Remediation — Permanent fixes in your actual HTML, CSS, templates, and application code
Document Remediation — PDFs, Word documents, PowerPoint presentations, and Excel files tagged for assistive technology per Section 508 requirements
Multimedia Accessibility — Video captioning, audio descriptions, and transcript creation per WCAG 1.2
Compliance Certificate — Dated, signed documentation for procurement officers and legal defense
Detailed Audit Trail — Every finding documented with before/after evidence of remediation
Ongoing Monitoring — Optional monthly monitoring to maintain compliance as content changes

Section 508 Technical Requirements

The 2017 Section 508 refresh harmonized federal requirements with WCAG 2.0 Level AA and international standards (EN 301 549). Key technical areas include:

Web Content (Chapter 5)

All web-based ICT must conform to WCAG 2.0 Level AA success criteria. This covers websites, web applications, intranets, and any browser-based tools. Compliapoint audits to WCAG 2.2 AA for maximum coverage.

Electronic Documents

PDFs, Word documents, Excel spreadsheets, and PowerPoint presentations must be structured for assistive technology. This includes proper heading hierarchy, alt text, reading order, and form field labels.

Software & Applications

Desktop and mobile applications must be operable by keyboard, compatible with screen readers, and conform to WCAG success criteria. This includes both web applications and native software.

Functional Performance (Chapter 3)

ICT must be usable by people with visual, hearing, mobility, cognitive, and speech disabilities. If specific technical requirements can't be met, equivalent access must be provided through alternative means.

Frequently Asked Questions

What is Section 508 and who does it apply to?

Section 508 of the Rehabilitation Act requires federal agencies to make their ICT accessible to people with disabilities. It extends to all vendors, contractors, and organizations that sell digital products or services to the federal government, as well as organizations receiving federal funding. Federal procurement regulations (FAR 39.2) require accessibility standards in all ICT acquisitions.

What is a VPAT/ACR and why do I need one?

A VPAT (Voluntary Product Accessibility Template) is a standardized document format. When completed with your product's specific conformance data, it becomes an ACR (Accessibility Conformance Report). Federal procurement officers require current VPATs/ACRs when evaluating vendor products. Without one, your product will not be considered for government contracts.

What WCAG version does Section 508 require?

The 2017 Section 508 refresh adopted WCAG 2.0 Level AA. However, the DOJ increasingly references WCAG 2.1 AA (as in the 2024 Title II rule), and WCAG 2.2 is being cited in federal proceedings. Compliapoint recommends auditing to WCAG 2.2 AA, which is backward-compatible and covers all 2.0 and 2.1 requirements.

Can federal agencies be sued for Section 508 violations?

Yes. Several agencies have faced lawsuits for Section 508 non-compliance, including DHS, the Department of Education, and the Social Security Administration. For vendors, the consequence is losing existing contracts or being disqualified from new procurement opportunities.

Related Compliance Standards

Win Government Contracts with Documented Compliance

Compliapoint delivers the VPAT/ACR, audit trail, and source-level remediation federal procurement requires.

Start Your Assessment