Digital Compliance by Industry

ADA & Web Accessibility (Title III)

Any trades business with a public-facing website is a "place of public accommodation" subject to ADA Title III. Courts have found service contractors liable for inaccessible websites. The most common failures — missing alt text on project photos, low-contrast text, inaccessible forms — are trivially scanned by plaintiff's attorneys.

Priority actions: WCAG 2.1 AA compliance audit, accessible contact and booking forms, alt text on all project imagery, keyboard-navigable menus.

Risk level: Moderate to high. The plaintiff bar targets trades businesses specifically because they often have older websites with easily-identifiable failures.

A2P 10DLC / SMS Compliance

Field service platforms (ServiceTitan, Jobber, Housecall Pro) send appointment reminders, technician-on-the-way alerts, and review requests via SMS. All require A2P 10DLC registration and TCPA-compliant consent. The FCC's 2024 one-to-one consent rule means legacy "consent to contact" forms that didn't identify your company specifically may no longer be compliant.

Priority actions: Verify A2P registration with your SMS platform; audit consent language on all web forms; add dedicated opt-out mechanisms.

Privacy Policy & Call Recording

Trades businesses collect home addresses, service history, call recordings (many use AI transcription for coaching), payment data, and review data. Your privacy policy must disclose all of this. In two-party consent states (CA, FL, IL, PA, WA, and others), call recording requires disclosure to both parties at the start of the call.

PCI DSS

Online payment pages, customer portals, and over-the-phone card processing are all in scope. Most trades companies using Stripe or Square are in SAQ A scope — the simplest — as long as their payment form is truly hosted by the processor. PCI DSS v4.0's new script management requirements (Req. 6.4.3) may require auditing third-party scripts on payment pages.

AI Tools

AI chatbots must be disclosed as AI. AI call transcription requires two-party consent in applicable states. AI review responses that fabricate customer sentiment violate FTC guidelines. See AI & Compliance.

ADA Title II + Section 504 — Hard Deadlines

Public schools are covered under both ADA Title II (as government entities) and Section 504 of the Rehabilitation Act (as recipients of federal funding). The 2024 DOJ Title II final rule requires WCAG 2.1 AA compliance for public school websites and mobile apps by April 24, 2026 (larger districts) or April 26, 2027 (smaller districts).

This covers: the main school/district website, parent portal, student information system (public-facing), food service pages, enrollment forms, athletic registration, and any other digital service provided to the public or to families.

The Office for Civil Rights (OCR) at the Department of Education enforces Section 504 and regularly investigates complaints about inaccessible school websites and documents. An OCR complaint can trigger a compliance review of the entire district's digital accessibility program.

FERPA — Student Record Privacy

FERPA (Family Educational Rights and Privacy Act) governs student education records. Schools cannot disclose student records to third parties without consent. Any technology platform (LMS, student information system, AI tutoring tool) that stores student data must have a FERPA-compliant data sharing agreement. This is an active enforcement area as AI tools proliferate in education.

COPPA — Children's Privacy

COPPA (Children's Online Privacy Protection Act) restricts online collection of personal information from children under 13. If your school website or a school-deployed app collects data from students under 13, COPPA applies. Schools can provide consent on behalf of parents in educational contexts (COPPA's school official exception), but must have data sharing agreements in place.

PDF & Document Accessibility

Schools publish enormous volumes of PDFs: enrollment forms, student handbooks, class schedules, lunch menus, IEP-related documents, board meeting agendas, budget reports. All must be accessible under Section 504 and the Title II final rule. Legacy scanned documents in archives are among the most difficult remediation challenges.

AI Tools in the Classroom

AI tutoring, grading assistance, and content generation tools deployed in schools must be FERPA-compliant (no student data used for AI training without consent), COPPA-compliant for students under 13, and disclosed in T&Cs and acceptable use policies. EU AI Act classifies educational AI as potentially high-risk. Several states have issued AI guidance for schools specifically.

A2P / SMS (Parent Communication)

Mass text systems (Remind, ParentSquare, SchoolMessenger) sending alerts to parents require A2P 10DLC registration and TCPA-compliant consent. Emergency alert systems have some TCPA exemptions, but general communications (event reminders, lunch balance alerts) do not.

ADA Title II — Hard Legal Deadline

The 2024 DOJ Title II final rule establishes hard compliance deadlines for every state and local government entity. There is no "best efforts" defense — non-compliant entities are subject to DOJ complaint investigations and potential consent decrees.

What's covered: Every digital touchpoint — the main city/county website, online permit applications, utility payment portals, GIS and mapping tools, public meeting livestreams, public records request portals, parks and recreation registration, transit information and schedules, and any digital service provided to the public.

Specific exceptions in the final rule: Archived content (documents maintained for historical reference only, not altered), preexisting conventional electronic documents (PDFs, Word files posted before the compliance date, with exceptions for forms and documents needed to participate in services), and content on individual employee personal social media accounts.

Section 508 (Federal Funding Recipients)

Municipalities receiving federal funding (which is most of them through grants, HUD, DOT, etc.) must also comply with Section 508 for any technology procured or developed with federal funds. This applies to procurement decisions — you must require accessibility from technology vendors.

PCI DSS (Online Payments)

Utility payment portals, permit fee pages, and court payment systems all create PCI scope. Many municipalities use third-party government payment platforms (GovPay, PayIt, Official Payments, Invoice Cloud) which manage PCI compliance when properly configured. Municipalities must verify these vendors' PCI compliance status and ensure data processor agreements are in place.

Privacy & Open Records

Government entities must balance privacy obligations with open records/FOIA requirements. State open records laws may require disclosure of government data — including data about AI systems used by government — while privacy laws require protection of personal information. Municipalities implementing AI-powered services (AI chatbots for citizen services, AI crime prediction tools, AI-assisted permitting) must address public disclosure requirements in their jurisdiction.

AI in Government Services

Government use of AI is subject to heightened scrutiny. The Biden Executive Order on AI (October 2023) established AI safety and transparency requirements for federal agencies. Many states are enacting AI transparency laws specifically for government use — requiring disclosure when AI is used in decisions affecting residents, and providing recourse rights. Municipalities deploying AI chatbots, AI permitting tools, or AI-assisted law enforcement tools should consult with legal counsel on disclosure obligations.

PDF & Document Accessibility

Municipal archives contain decades of scanned documents — zoning maps, ordinances, meeting minutes, budget documents. The Title II final rule's exception for "archived" content has a specific definition: it must be maintained for reference only and not altered. Any document that is actively used to deliver services must be made accessible. New documents published after the compliance deadline must meet WCAG/PDF standards.