What Recent OCR Resolution Agreements Reveal About How Regulators Define 'Compliance'

For risk officers and accessibility-programme directors trying to understand what their institution will be evaluated against if a complaint lands, the most useful primary source is not a regulation but a stack of resolution agreements. The Office for Civil Rights publishes its closed cases at the Recent Resolutions index, and the higher-education web-accessibility cases follow a pattern that has been remarkably consistent across six years and three statutory bases. Reading the agreements rather than the press coverage clarifies what regulators actually require — and what they do not. The defensibility argument the pillar essay makes is built on this pattern: every clause OCR negotiates into a settlement is shaped around documented process, not against scanner scores.

Three agreements anchor the pattern across the period. Ohio State University (2016) established the documentation language. Brown University (2017) added programme architecture. Framingham State University (2021) extended the framework to LMS course content. Each agreement is publicly available; each is short enough to read in one sitting; and each contains language that procurement and general counsel should be able to quote.

Ohio State (OCR Docket No. 15-16-2108)

The Ohio State resolution agreement is foundational because of one sentence buried in the audit-requirements section: "an accessibility audit (Audit) to be completed at regular intervals under the direction of the Web Accessibility Coordinator, during which information provided by the University through its online content is measured against the technical standard(s) adopted in the Web Accessibility Policy. All problems identified through the Audit will be documented, evaluated, and, if necessary, remediated within a reasonable period of time."

The phrase documented, evaluated, remediated is the load-bearing one. It establishes a per-problem record-keeping obligation as the operative compliance signal. Ohio State did not commit to a scanner score. It did not commit to a percentage of WCAG conformance. It committed to a documented process for handling identified problems, with a Coordinator named, regular audits performed, and findings recorded.

What this means for any institution evaluating accessibility tooling: the question OCR asks an investigation target is not for a conformance percentage. It is for the record — the documentation showing what an audit identified, what the institution decided about each finding, and when each item was remediated. A tool that produces a conformance percentage but cannot produce that per-problem record provides nothing the agreement language asks for, and an investigation handed only the percentage cannot evaluate the institution's process. The agreement's compliance signal is the record itself, and the absence of a record is treated as the absence of a process.

Brown University (OCR Complaint No. 01-17-2083)

The Brown agreement builds on Ohio State by adding programme architecture. It requires the institution to "develop a Task Force made up of qualified members of the University community to develop a detailed Strategic Action Plan." The Plan must (i) review and revise policies for new content, (ii) "set up a system to review and ensure the accessibility of its critical and highly utilized online content," (iii) develop a process for expedited remediation upon request, and (iv) deliver website-accessibility training across the institution.

The structural innovation here is that compliance is not the product of a tool. It is the output of a programme — with named responsibility, written policies, prioritisation logic for high-traffic content, and a request-driven remediation channel for content not yet in scope. The Strategic Action Plan is itself a deliverable to OCR; the agreement requires its submission. An institution that arrives at a complaint investigation with no equivalent document is in a substantially worse posture than one that can hand over a written, dated, board-approved plan.

For procurement, the implication is that vendor evaluation should ask whether the tool supports a Strategic Action Plan or whether it substitutes for one. Tools that report scanner findings without producing the records a Plan-shaped programme requires are tools that leave the institutional gap unfilled.

Framingham State (OCR Docket No. 01-21-2153)

The Framingham State agreement is the most recent of the three and the first in this set to reference WCAG 2.1 explicitly. Its definition of "Accessible," in a footnote, captures the regulator's working standard: "'Accessible' refers to information or technology that complies with a digital accessibility standard acceptable to OCR (e.g., WCAG 2.1 level AA, or similar standard), or satisfies other objective criteria to ensure that, at a minimum, individuals with a disability have the opportunity to acquire the same information, engage in the same interactions..."

The agreement's substantive requirements address course materials and the LMS context directly. Framingham State committed to giving "preference to the most accessible textbook" within courses using a specific learning-management platform, and to identifying assistive technology compatible with that platform. The institutional review is course-by-course, not site-wide.

This is the model OCR appears to be applying to higher-ed accessibility going forward: the conformance question is asked of each piece of teaching content and each interaction the student has with the institution's digital infrastructure, not of the institution's marketing website in isolation. For universities relying on Canvas, Brightspace, Blackboard, or Moodle as the primary delivery platform, the relevant compliance question is per-course and per-document — which is exactly the granularity the audit-trail discussion in the defensibility standard describes.

What survives across all five

The same pattern holds in the two agreements not covered in detail above — SUNY Albany (02-17-2405) and Fairleigh Dickinson (02-17-2560). Both require a Plan for New Content with quality-assurance procedures, third-party-vendor flow-down, named coordination, and reporting. Fairleigh Dickinson adds a procedural ceiling worth noting: undue-burden defences may only be asserted by the President of the University, preventing the defence from being invoked at the desk level.

Across all five agreements, the absent terms are as informative as the present ones. The word score does not appear in compliance language. Percentage thresholds are not negotiated. Scanner-tool brand names are not specified or required. Every recorded compliance signal is process- and documentation-shaped: who is responsible, what was decided, when it was remediated, and how the institution is preventing recurrence.

The procurement consequence is direct. A vendor demonstrating a remediation tool with a high WCAG-conformance score is demonstrating against a metric that does not appear in the resolution-agreement language. A vendor demonstrating per-document review records, named-reviewer audit trails, exportable evidence files, and a programme-shaped reporting model is demonstrating against the actual compliance signals OCR has built into every agreement on file.

For institutions selecting accessibility tooling under the new IFR-extended deadlines, the question to ask vendors is the question OCR will ask the institution: produce the record. Tools that can produce it survive an investigation. Tools that report a score but cannot produce the underlying record do not. The contract clauses that codify this distinction are the subject of the defensibility standard's procurement section — every clause there maps to a requirement OCR has put on paper at least once in the agreements above. Institutions thinking about ongoing obligations after a deadline can also draw on prior coverage of accessibility compliance after the deadline for the operational view.