If you’re involved in the field of web accessibility and follow laws and regulations relating to accessibility, California AB 1757 looks like something to celebrate. Among the bigger causes for celebration is that the law allows for service providers to be sued as well. Why is that good news? In my opinion, it is good news because countless small businesses have been sued in the last several years for websites that are inaccessible. Although I feel that business owners should be ensuring that they comply with the law, I also feel that they should also trust that the people who build their website and the platforms that the website is built on are delivering accessible projects. Holding service providers accountable via the law is, unfortunately, the only way this will happen. So why do I think the bill is unfit for duty? Let’s take a look.
First, a small disclaimer: This bill has gone under considerable revisions. So my comments are only guaranteed to apply to the version I’ve stored, as of today, on the Wayback Machine
The Good Parts
The bill is focused on more than just standards conformance
The current version of the bill says that the website must “…provide equally effective communication or fails to facilitate full and equal enjoyment of the entity’s goods and services… ” This, to me, is a good thing because it indicates that although it is possible that a website conforms to WCAG it is also possible that the website is still inaccessible.
The bill holds service providers accountable
Specifically, the bill makes you accountable if you “… intentionally, negligently, recklessly, or knowingly construct, license, distribute, or maintain for online use, an internet website that [is inaccessible]…” In other words, it takes away all of the many excuses used by service providers. Even better, it means ignorance is no excuse.
The bill voids all disclaimers
The bill says “The bill would provide that a provision within a contract between a person or entity and a resource service provider that seeks to waive liability under these provisions, or otherwise shift liability to a person or entity that pays, compensates, or contracts with the resource provider, as provided, is void…” In other words, if you hire someone to make your website, they cannot add any disclaimer of liability on their part and, if they try to, any such disclaimer is immediately void.
Individual employees of service providers are exempted
The bill says that “Resource Service Provider” does not include “An individual who is hired by a resource service provider, but does not have a contract directly with the entity who owns the website, including a manual accessibility tester.”. In other words you won’t have any personal liability if you’re an employee of the service provider.
The burden of proof is on the plaintiff
This is really the case for all other accessibility laws that I’m aware of, but the law is clear to point out that a plaintiff who files a lawsuit must provide evidence that the website is inaccessible.
No exemption for third party code
I won’t go into the specific language used, because it is actually discussed in a handful of places, but the summary is that you can’t dodge liability by claiming that the code comes from a third-party and you cannot redirect or link to a third-party as a way to avoid your own liability. This is especially true if the third-party content is required for your website. For example, if you operate a website that takes payments and you redirect users to a page that is technically from PayPal or Stripe or whatever, you’re still on the hook. This is amazing news because a ton of issues within e-commerce sites are actually the result of inaccessible stuff from third-parties (I’m looking at you, Bazaarvoice).
It specifically makes it unlawful for reviewers to overstate their credentials
The bill summary says: “The bill would also make it unlawful for a resource provider to intentionally, negligently, knowingly, or recklessly make certain false representations, including that the resource provider is a professional reviewer or otherwise qualified to assess the accessibility of an internet website.”. More on that in a bit, but I definitely like that they’re basically saying “a website isn’t accessible just because you say it is” Sort of.
It allows the website owner to go after the service provider
The bill says “The following parties may bring a civil action pursuant to subdivision … A person or entity that pays, compensates, or contracts with, the resource service provider…” It goes on to say that the plaintiff (in other words, the website owner) can sue for “all damages, including, but not limited to, any statutory damages and attorney’s fees … and all costs of bringing their internet website into conformance to the internet website-related accessibility standard. ”
A service provider can get sued by the government
It also says that “The Attorney General, the Civil Rights Department, or a district attorney, county counsel, or city attorney…” can sue as well and can be awarded attorney’s fees as well as injunctive relief (a court order saying the website must be fixed).
It does not hold the service provider liable for a website changed by the customer
It does not:
Establish liability under subdivision (a) if a resource service provider establishes that, after the date when the resource service provider constructed, licensed, distributed, or maintained [the site]… an entity other than the resource service provider, without the knowledge or permission of the resource service provider, altered the internet website or resource in a manner that directly resulted in [the website becoming inaccessible]
The Bad Horrible: Certification
Despite the above, there are a handful of things in this bill that are misguided and, in fact, preposterous: its many mentions of “Certification”.
The bill would provide that an entity’s internet website is presumed to provide equally effective communication and to facilitate full and equal enjoyment of the entity’s goods and services to all members of the public for the purpose of determining whether an award of statutory damages is warranted, as specified, if the internet website has a certain certification…
An entity’s internet website is presumed to provide equally effective communication and to facilitate full and equal enjoyment of the entity’s goods and services to all members of the public for the purpose of determining whether an award of statutory damages is warranted under subdivision (a) of Section 52 or
54.3 if both of the following criteria are satisfied:(A) The internet website has a certification by a professional reviewer that all of the following are true:
(i) The internet website is designed and intended to conform to the internet website-related accessibility standard.
(ii) The internet website has been tested, in both an automated manner and a manual manner by qualified users, and has been determined to conform to the internet website-related accessibility standard.
(iii) All third-party content that is available on the entity’s internet website by means of a link from the internet website and that allows members of the public to access, view, utilize, conduct transactions with respect to, or in any other way interact with, the entity or the entity’s goods, services, or presentations, has been tested, in both an automated and manual manner, and has been determined to conform to the internet website-related accessibility standard.
(B) The certification described in subparagraph (A) meets all of the following requirements:
(i) The certification is made within the prior 12 months or after revisions to the internet website that impact accessibility, whichever is more recent, and is based on a review that includes testing by qualified users.
(ii) The certification is posted, or available by means of a clearly marked link, on the home page of the entity’s internet website.
(iii) The certification includes a statement from the professional reviewer explaining how that person qualifies to be a professional reviewer. If the professional reviewer is not a Certified Professional in Web Accessibility (CPWA) with a certificate issued by the International Association of Accessibility Professionals (IAAP), the professional reviewer shall list the type of certification that person has obtained from another source of professional training for front-end internet website developers, as well as the criteria for issuance of that certificate, in order to demonstrate that the criteria are equivalent to, or higher than, the requirements for the issuance of a CPWA certificate.
It is easy to see why a “certification” would be highly desirable for a law like this. Being able to defend a website by flashing a certificate in front of a judge or plaintiff’s attorney would help stem the tide of frivolous lawsuits and ease the demand on the courts. There’s just one problem: there is no such thing. There is no industry adopted, independently developed, validated certification process for accessibility. To date, all efforts to create one have failed. There is an organization (of which I am a Board Member) that has begun the process of creating something similar, but actual standards-making processes have not yet begun. Some private companies in accessibility say that they offer a certification, but they do not disclose the certification requirements and they have not undergone any form of third-party review or validation. In other words, they’re about as useful as a little league baseball participation trophy.
The text within the bill doesn’t cite any specific criteria for what certification is required, but instead suggests that a declaration from a person holding a CPWA certification is what’s needed. In fact, re-reading the cited passage above, that seems like the only concrete requirement.
Here are the summarized requirements for the certification, per AB 1757 are that:
- It state that, “The internet website is designed and intended to conform to the internet website-related accessibility standard.”
- The website “…has been tested, in both an automated manner and a manual manner by qualified users, and has been determined to conform to the internet website-related accessibility standard.”
- “The certification is posted, or available by means of a clearly marked link, on the home page of the entity’s internet website.”
- “The certification includes a statement from the professional reviewer explaining how that person qualifies to be a professional reviewer. If the professional reviewer is not a Certified Professional in Web Accessibility (CPWA) with a certificate issued by the International Association of Accessibility Professionals (IAAP), the professional reviewer shall [describe why whatever credentials they have are as good as a CPWA]”
There are a lot of things wrong with the above.
The first thing wrong is quite easy: To date there are under 700 people who hold the CPWA certification, worldwide.
The second thing that is wrong is that the CPWA is, in my opinion, a mid-level certification. A person who holds the CPWA is someone who has passed both the CPACC and the WAS. This means the person has strong foundational knowledge of accessibility, related standards, assistive technology, web development, and testing. But that doesn’t make them qualified to evaluate a website’s accessibility in a legal case! Most notably, it only requires 3 years of experience in the field. Even worse, in my opinion, is that it does not require any professional development experience. In fact, the IAAP specifically states that a candidate does not need to have professional experience writing code. The WAS exam does not include anything more than basic knowledge of testing. It has no in-depth coverage of test methodologies or anything of the sort.
The final, and biggest problem, is that nothing in any discussion which describes the criteria for the certification (of the website), the mechanisms of measurement, nor the methodology that should be used to determine if a website is certified.
AB 1757’s certification requirements are a step sideways
Reading between the lines the inclusion of all of this certification language is probably due to the bill’s critics (of which there are many) looking for a way to allow website owners to have some sort of way to defend themselves against what would undoubtedly become a tsunami of lawsuits.
The whole certification talk might be a bit moot, anyway, because the bill says that the certification must have been “… made within the prior 12 months or after revisions to the internet website that impact accessibility, whichever is more recent…”. As anyone who’s ever made a website can tell you, hardly any business website is ever just launched and left alone. What this means for website owners is that any certification that a business pays for is invalidated as soon as they modify the design or add new content.
All in all, the certification language added to AB 1757 is just adding complexity for no useful reason. Fortunately, the bill has been held up in the Senate Appropriations Committee at the author’s request. It is likely to be reintroduced in 2024. Hopefully the next go-around either ditches the certification talk or addresses the things I’ve mentioned in this post.