Knowledge Center / GIGW / WCAG
MeitY / W3C · India / Global

GIGW & Web Accessibility (WCAG) Audit

Government website guidelines and web accessibility compliance audit.

1. Introduction: Accessible and Compliant Government Digital Services

The Guidelines for Indian Government Websites and Apps (GIGW) and the Web Content Accessibility Guidelines (WCAG) together form the backbone of accessible, usable, secure and citizen-centric digital service delivery in India. GIGW is issued by the Ministry of Electronics and Information Technology (MeitY), Government of India, and produced through the National Informatics Centre (NIC). Its current release, GIGW 3.0 (2023), is deeply harmonised with WCAG 2.1 at Level AA, published by the World Wide Web Consortium (W3C) as the globally recognised technical standard for web and mobile accessibility.

GIGW is not merely an aesthetic style guide. It is a compliance and conformance framework that Government of India departments, ministries, state governments, public sector undertakings (PSUs), autonomous bodies and their vendors are expected to adopt so that public-facing websites, web applications and mobile apps are Universal (accessible to Persons with Disabilities and all demographics), Usable, secure, well-designed and legally defensible. Compliance signals include the GIGW/STQC 'Certified Quality Website' certification and the accessibility conformance mark. WCAG conformance additionally has statutory teeth in India through the Rights of Persons with Disabilities (RPwD) Act, 2016, which mandates accessible electronic and information technology for all persons, and via Rule 15 of the RPwD Rules that references the accessibility standards notified by MeitY (which point to GIGW/WCAG).

This guide is written for two audiences at once: the auditor or assessor who must verify conformance and issue findings against defined success criteria, and the implementer, product owner or development team that must build, remediate and sustain conformance. It walks through the full assessment lifecycle: scoping, requirement enumeration (every WCAG principle, guideline and success criterion plus every GIGW compliance area), the phased implementation approach, the conformance/scoring model, the audit process, evidence collection, roles, KPIs and readiness. We enumerate WCAG's four POUR principles, its 13 guidelines, and all Level A / AA / AAA success criteria families, alongside GIGW's design, content, management, security, mobile-app and quality domains.

Copyright and Licensing Note
WCAG 2.0, WCAG 2.1 and WCAG 2.2 are W3C Recommendations published by the World Wide Web Consortium (W3C) and its Web Accessibility Initiative (WAI), made available under the W3C Software and Document Notice and Licence. GIGW 3.0 is Crown/Government content published by MeitY/NIC, Government of India. This guide is original CyberSigma commentary. Success criterion identifiers (e.g. SC 1.1.1) and guideline titles are cited as factual references only; the normative text of the standards is NOT reproduced here. For binding requirements always consult the official W3C WCAG Recommendation and the official MeitY GIGW document. Certification against GIGW is administered through STQC (Standardisation Testing and Quality Certification), a MeitY body.

2. What is GIGW and WCAG

WCAG (Web Content Accessibility Guidelines) is the international technical standard for making web content and applications accessible to people with disabilities, including visual, auditory, physical, speech, cognitive, language, learning and neurological disabilities. It is organised as a layered framework: four foundational principles, thirteen guidelines under those principles, and testable success criteria (SC) under each guideline. Each success criterion is assigned a conformance level: A (minimum), AA (mid, the near-universal legal/procurement target), or AAA (highest). WCAG 2.0 (2008) contained 61 success criteria; WCAG 2.1 (2018) added 17 to reach 78, focusing on mobile, low-vision and cognitive needs; WCAG 2.2 (2023) added 9 more (and removed one), addressing further cognitive and motor needs. Each SC is supported by non-normative Techniques and Understanding documents.

GIGW (Guidelines for Indian Government Websites and Apps) is MeitY's national framework that operationalises accessibility, usability, security, and quality for Indian public sector digital properties. GIGW 3.0 is structured around a set of compliance areas covering website/app design and architecture, content, accessibility (mapping directly to WCAG 2.1 AA), technology and security, management and maintenance, and mobile application specifics. GIGW compliance is verifiable through a documented checklist and is a precondition for hosting under NIC infrastructure and for the STQC 'Certified Quality Website' and accessibility certifications. In short: WCAG defines the global accessibility 'what' and 'how testable'; GIGW wraps WCAG inside an Indian government-specific quality, security and governance envelope.

AttributeWCAGGIGW
IssuerW3C / WAI (Web Accessibility Initiative)MeitY / NIC, Government of India
ScopeWeb content and applications, globallyIndian government websites, web apps and mobile apps
Current version referencedWCAG 2.1 (2018), WCAG 2.2 (2023)GIGW 3.0 (2023)
Structure4 Principles, 13 Guidelines, testable Success CriteriaCompliance areas: design, content, accessibility, security, management, mobile
Conformance levelsA, AA, AAAGIGW compliant + STQC certification; accessibility target WCAG 2.1 AA
Legal linkage in IndiaRPwD Act 2016 accessibility mandateMeitY policy; referenced for government adoption
Certifying bodyN/A (self/third-party conformance claims)STQC (testing & certification)

3. Who Must Comply

WCAG conformance is expected of virtually any organisation delivering digital services, driven by procurement rules, anti-discrimination law and accessibility mandates across jurisdictions. GIGW compliance is mandated for Indian public sector entities. The following classes of stakeholders fall within scope.

StakeholderApplicabilityTypical driver
Central government ministries and departmentsGIGW mandatory; WCAG 2.1 AA requiredMeitY policy, RPwD Act 2016
State governments and UT administrationsGIGW mandatory for public portalsState IT policy aligned to MeitY
Public Sector Undertakings (PSUs) and autonomous bodiesGIGW expected for citizen-facing propertiesParent ministry directive
Statutory bodies, regulators, commissionsGIGW and WCAG AAPublic duty, RPwD compliance
Vendors / system integrators building govt portalsMust deliver GIGW/WCAG-compliant systemsContract / RFP clauses, STQC audit
Private enterprises (banking, telecom, e-commerce)WCAG AA increasingly requiredRPwD Act, procurement, ADA/EN 301 549 equivalents
Educational institutions and universitiesWCAG AA for portals and LMSEqual opportunity, RPwD
Any org bidding for government contractsGIGW/WCAG conformance as eligibilityRFP eligibility criteria
  • Persons with Disabilities (PwD) are the primary beneficiaries whose needs the standards protect — visual, hearing, motor, speech, cognitive and neurological.
  • Global legal analogues that make WCAG AA the de facto baseline include Section 508 (US), the ADA, the European Accessibility Act, EN 301 549, AODA (Ontario) and the UK Equality Act / PSBAR.
  • In India, non-compliance can attract scrutiny under the RPwD Act 2016 and departmental audit findings, and can block STQC certification and NIC hosting clearance.

4. Structure of GIGW and WCAG

WCAG is built on the POUR model — Perceivable, Operable, Understandable, Robust — the four principles under which all guidelines and success criteria are grouped. GIGW 3.0 organises requirements into compliance areas that embed WCAG accessibility inside a broader quality/security/governance structure. The tables below present both structures at a glance before the master checklist enumerates every requirement.

4.1 WCAG principles and guidelines

PrincipleGuideline no.GuidelineFocus
Perceivable1.1Text AlternativesAlt text for non-text content
Perceivable1.2Time-based MediaCaptions, audio description, transcripts
Perceivable1.3AdaptableProgrammatic structure, meaningful sequence, orientation, input purpose
Perceivable1.4DistinguishableColour, contrast, text resize, reflow, spacing
Operable2.1Keyboard AccessibleFull keyboard operability, no traps
Operable2.2Enough TimeAdjustable timing, pause/stop/hide
Operable2.3Seizures and Physical ReactionsFlash thresholds, animation
Operable2.4NavigableBypass blocks, titles, focus order, link purpose, headings
Operable2.5Input ModalitiesPointer gestures, target size, motion actuation
Understandable3.1ReadableLanguage of page/parts, unusual words
Understandable3.2PredictableOn focus/input consistency, consistent navigation
Understandable3.3Input AssistanceError identification, labels, error prevention
Robust4.1CompatibleParsing, name/role/value, status messages

4.2 GIGW 3.0 compliance areas

GIGW areaCoverageRelation to WCAG
Website/App Design & ArchitectureLayout, navigation, branding, responsiveness, IAComplements WCAG operability/perceivability
ContentQuality, currency, plain language, metadata, multilingualSupports WCAG understandable
Web Quality / UsabilityConsistency, broken links, performance, browser compatibilityComplements WCAG robust
AccessibilityDirect adoption of WCAG 2.1 Level AAIs WCAG
Technology & SecuritySecure coding, HTTPS, STQC security audit, hostingBeyond WCAG; govt-specific
Management & MaintenanceOwnership, review cycle, contingency, archival policyGovernance around all above
Mobile ApplicationsApp-specific accessibility, permissions, store hygieneWCAG applied to native apps

5. Master Assessment Checklist

This is the core of the audit. Every WCAG guideline (with its Level A, AA and key AAA success criteria) and every GIGW compliance area is enumerated below, each as a group with a table of what the auditor must verify and the typical evidence the implementer should be ready to produce. No control area is skipped. Success criteria are cited by their WCAG identifier and level.

5.1 Guideline 1.1 — Text Alternatives (Perceivable)

What to verifyTypical evidence
SC 1.1.1 (A) Non-text content: all images, icons, charts, CAPTCHAs and controls have appropriate text alternatives; decorative images are hidden (alt="" / role presentation)Alt-text inventory, screen-reader (NVDA/JAWS/VoiceOver) recording, HTML source of img/svg/area elements

5.2 Guideline 1.2 — Time-based Media (Perceivable)

What to verifyTypical evidence
SC 1.2.1 (A) Audio-only and video-only: transcript or alternative providedTranscript files, media inventory
SC 1.2.2 (A) Captions for prerecorded audio in synchronised mediaCaption/VTT files, video review log
SC 1.2.3 (A) Audio description or media alternative (prerecorded)Audio-description track or descriptive transcript
SC 1.2.4 (AA) Captions for live audioLive-caption service configuration, event recordings
SC 1.2.5 (AA) Audio description (prerecorded)Audio-description tracks, production checklist

5.3 Guideline 1.3 — Adaptable (Perceivable)

What to verifyTypical evidence
SC 1.3.1 (A) Info and relationships conveyed through structure (headings, lists, tables with th/scope, form labels) are programmatically determinableSemantic HTML audit, ARIA landmark map, accessibility-tree export
SC 1.3.2 (A) Meaningful sequence preserved in DOM/reading orderLinearised reading-order review, tabindex audit
SC 1.3.3 (A) Sensory characteristics not the sole cue (not 'click the round button')Content review notes
SC 1.3.4 (AA) Orientation not locked to portrait/landscapeResponsive test on rotated device
SC 1.3.5 (AA) Identify input purpose via autocomplete attributesHTML autocomplete attribute audit of forms

5.4 Guideline 1.4 — Distinguishable (Perceivable)

What to verifyTypical evidence
SC 1.4.1 (A) Colour not the only means of conveying informationDesign review, colour-blind simulation screenshots
SC 1.4.2 (A) Audio control: auto-playing audio >3s can be paused/stoppedMedia behaviour test log
SC 1.4.3 (AA) Contrast minimum 4.5:1 (3:1 large text)Contrast-checker report (e.g. axe/Colour Contrast Analyser)
SC 1.4.4 (AA) Text resizable to 200% without loss of contentBrowser zoom test screenshots
SC 1.4.5 (AA) Images of text avoided except where essentialContent/asset audit
SC 1.4.10 (AA) Reflow at 320 CSS px width without two-dimensional scrollReflow test at 400% zoom
SC 1.4.11 (AA) Non-text contrast 3:1 for UI components and graphicsContrast audit of buttons, focus rings, icons
SC 1.4.12 (AA) Text spacing overrides do not clip contentText-spacing bookmarklet test evidence
SC 1.4.13 (AA) Content on hover/focus is dismissable, hoverable, persistentTooltip/popover interaction test log

5.5 Guideline 2.1 — Keyboard Accessible (Operable)

What to verifyTypical evidence
SC 2.1.1 (A) All functionality operable via keyboardKeyboard-only walkthrough recording
SC 2.1.2 (A) No keyboard trap; focus can move away from any componentFocus-trap test notes
SC 2.1.4 (A) Character key shortcuts can be turned off/remappedShortcut configuration review

5.6 Guideline 2.2 — Enough Time (Operable)

What to verifyTypical evidence
SC 2.2.1 (A) Timing adjustable (extend/turn off/warn) for time limitsSession-timeout config, warning-dialog screenshots
SC 2.2.2 (A) Pause, stop, hide for moving/blinking/auto-updating contentCarousel/ticker control test log

5.7 Guideline 2.3 — Seizures and Physical Reactions (Operable)

What to verifyTypical evidence
SC 2.3.1 (A) Nothing flashes more than three times per second (or under general/red flash thresholds)PEAT flash-analysis report, animation inventory

5.8 Guideline 2.4 — Navigable (Operable)

What to verifyTypical evidence
SC 2.4.1 (A) Bypass blocks (skip link / landmarks) to repeated contentSkip-link test, landmark map
SC 2.4.2 (A) Descriptive, unique page titlesTitle-tag inventory across pages
SC 2.4.3 (A) Logical focus orderTab-order walkthrough recording
SC 2.4.4 (A) Link purpose clear from link text (in context)Link-text audit report
SC 2.4.5 (AA) Multiple ways to locate pages (search, sitemap, nav)Sitemap, search feature evidence
SC 2.4.6 (AA) Descriptive headings and labelsHeading-outline export
SC 2.4.7 (AA) Visible keyboard focus indicatorFocus-visibility screenshots

5.9 Guideline 2.5 — Input Modalities (Operable)

What to verifyTypical evidence
SC 2.5.1 (A) Multipoint/path-based gestures have single-pointer alternativeGesture-alternative test notes
SC 2.5.2 (A) Pointer cancellation (down-event does not execute; up-event abortable)Interaction test log
SC 2.5.3 (A) Label in name: visible label text matches accessible nameAccessible-name audit of controls
SC 2.5.4 (A) Motion actuation has UI alternative and can be disabledMotion-trigger test evidence

5.10 Guideline 3.1 — Readable (Understandable)

What to verifyTypical evidence
SC 3.1.1 (A) Default human language of page set (lang attribute)HTML lang attribute audit
SC 3.1.2 (AA) Language of parts marked where it changesInline lang attribute review

5.11 Guideline 3.2 — Predictable (Understandable)

What to verifyTypical evidence
SC 3.2.1 (A) On focus does not trigger unexpected context changeFocus-behaviour test log
SC 3.2.2 (A) On input does not auto-trigger unexpected changeForm-interaction test log
SC 3.2.3 (AA) Consistent navigation across pagesCross-page navigation comparison
SC 3.2.4 (AA) Consistent identification of components with same functionComponent-labelling audit

5.12 Guideline 3.3 — Input Assistance (Understandable)

What to verifyTypical evidence
SC 3.3.1 (A) Errors identified and described in textForm-error screenshots
SC 3.3.2 (A) Labels or instructions provided for inputsForm label/instruction audit
SC 3.3.3 (AA) Error suggestion provided where knownError-message copy review
SC 3.3.4 (AA) Error prevention for legal/financial/data submissions (reversible, checked, confirmed)Confirmation-flow evidence

5.13 Guideline 4.1 — Compatible (Robust)

What to verifyTypical evidence
SC 4.1.1 (A) Parsing — well-formed markup (note: obsolete in WCAG 2.2 but tested under 2.0/2.1)HTML validator report
SC 4.1.2 (A) Name, role, value for all custom UI components (ARIA)ARIA audit, accessibility-tree export
SC 4.1.3 (AA) Status messages announced without focus change (aria-live)Live-region test with screen reader

5.14 WCAG 2.2 additions (where target level includes 2.2)

What to verifyTypical evidence
SC 2.4.11 (AA) Focused component not entirely hidden by author content (focus not obscured minimum)Sticky-header focus test
SC 2.5.7 (AA) Dragging movements have single-pointer alternativeDrag-alternative test log
SC 2.5.8 (AA) Target size minimum 24x24 CSS px (with exceptions)Target-size measurement report
SC 3.2.6 (A) Consistent help mechanism locationHelp-link placement audit
SC 3.3.7 (A) Redundant entry avoided across a processMulti-step form review
SC 3.3.8 (AA) Accessible authentication — no cognitive function test without alternativeAuth-flow review (no CAPTCHA-only, no memory-only)

5.15 GIGW — Design and Architecture

What to verifyTypical evidence
Consistent global header/footer, National Emblem/branding usage, and standard navigationDesign template, brand-usage screenshots
Responsive design across desktop, tablet and mobileResponsive test matrix
Clear information architecture, breadcrumb navigation and homepage link on every pageSitemap, IA diagram
Standard mandatory pages present (About, Contact, Sitemap, Help, Terms, Privacy, Accessibility Statement, Feedback, Hyperlinking policy)Page inventory checklist

5.16 GIGW — Content

What to verifyTypical evidence
Content is accurate, current, authenticated and carries review/update datesContent review register, page timestamps
Plain-language, citizen-centric writing; documents in accessible formats (accessible PDF/HTML) not image-onlyDocument accessibility audit
Metadata, contact of content owner, and multilingual/regional-language support where requiredMetadata audit, language-toggle evidence
Copyright, hyperlinking, privacy and terms policies publishedPolicy pages

5.17 GIGW — Web Quality and Usability

What to verifyTypical evidence
No broken links, no orphan pages, valid markup and CSSLink-checker report, W3C validator output
Cross-browser and cross-device compatibilityCompatibility test matrix
Acceptable page-load performance and optimised assetsPerformance/Lighthouse report
Search functionality and consistent, error-free user journeysSearch test evidence, usability notes

5.18 GIGW — Technology and Security

What to verifyTypical evidence
Site served over HTTPS with valid certificate; secure headers configuredTLS scan, header report
STQC / CERT-In empanelled security audit completed and clear before go-liveSecurity audit certificate, VA/PT report closure
Secure coding practices, input validation, protection against OWASP Top 10SAST/DAST reports, code-review records
Hosting on NIC/authorised infrastructure with backup and DRHosting approval, backup/DR policy

5.19 GIGW — Management and Maintenance

What to verifyTypical evidence
Named website owner / web information manager and governance responsibilitiesRACI, appointment records
Defined content review, update and archival/expiry policyMaintenance policy, archival log
Contingency and continuity plan; version controlBCP document, change log
Periodic accessibility and quality re-audit scheduleAudit calendar, prior audit reports

5.20 GIGW — Mobile Applications

What to verifyTypical evidence
App accessibility (TalkBack/VoiceOver support, focus order, labels, contrast) at WCAG 2.1 AA equivalentMobile screen-reader test recordings
Minimal, justified permissions and clear privacy disclosurePermission manifest, privacy policy
Store listing hygiene, correct ownership, update mechanismStore listing evidence
Secure API communication and data protection in transit/at restMobile security test report

6. Scoping

Accurate scoping determines audit effort, sampling strategy and the boundary of the conformance claim. Because WCAG conformance applies to full pages and complete processes (a claim cannot exclude part of a page), scoping must enumerate the pages, templates, dynamic states and end-to-end user journeys in scope.

  • Define the target: property (website, web app, mobile app), the conformance target (typically WCAG 2.1 Level AA, with GIGW areas for government), and any AAA aspirations.
  • Enumerate page templates and representative unique pages rather than every URL — homepage, landing pages, forms, search results, article/detail pages, transactional flows, error states, authenticated dashboards.
  • Include complete processes end to end (e.g. registration, application submission, payment) — WCAG requires every page in a process to conform for the process to conform.
  • Capture all key states and components: modals, menus, carousels, data tables, date pickers, file uploads, CAPTCHAs, PDFs and other downloadable documents.
  • List assistive-technology and browser combinations to test (NVDA+Firefox, JAWS+Chrome, VoiceOver+Safari, TalkBack+Chrome on Android).
  • Note out-of-scope items explicitly (third-party embedded content, legacy archived pages) and their justification, since these affect the conformance claim.
  • For GIGW, additionally scope security audit boundary, hosting environment and content governance processes.

7. Implementation Approach

A phased approach moves an organisation from unknown accessibility posture to sustained conformance. Each phase below lists core activities and deliverables. 'Shift left' — embedding accessibility into design and development — is far cheaper than late remediation.

7.1 Phase 1 — Discovery and Baseline

  • Activities: define scope and target level; run automated scans (axe, WAVE, Lighthouse, ARC); commission a baseline manual audit on a sample; inventory pages, templates and documents.
  • Deliverables: scope document, baseline conformance report, prioritised defect backlog, GIGW gap register.

7.2 Phase 2 — Planning and Governance

  • Activities: appoint accountable owner; set target date and level; define accessibility policy and design standards; select tooling; plan training.
  • Deliverables: accessibility policy, remediation roadmap with priorities and owners, design-system accessibility guidelines, training plan.

7.3 Phase 3 — Design and Build Remediation

  • Activities: fix defects by severity (blockers first — keyboard traps, missing labels, contrast); embed accessible components in the design system; add ARIA correctly; author accessible documents.
  • Deliverables: remediated components, accessible pattern library, updated code with unit/integration accessibility checks in CI.

7.4 Phase 4 — Verification and Testing

  • Activities: combine automated, manual and assistive-technology testing; usability testing with Persons with Disabilities; verify complete processes; for GIGW run security and quality audits.
  • Deliverables: verification report, screen-reader test evidence, security clearance, corrected-issue log.

7.5 Phase 5 — Conformance Claim and Certification

  • Activities: prepare Accessibility Conformance Report (VPAT/ACR); publish Accessibility Statement; apply for STQC GIGW certification; obtain sign-off.
  • Deliverables: signed conformance claim, published accessibility statement, STQC certificate (where applicable).

7.6 Phase 6 — Sustain and Monitor

  • Activities: integrate accessibility gates into CI/CD; schedule periodic re-audits; monitor feedback channel; retrain teams; re-test after major releases.
  • Deliverables: monitoring dashboard, re-audit schedule, updated backlog, feedback-resolution log.

8. Maturity and Conformance Scoring Model

WCAG itself is pass/fail per success criterion at a chosen level (a page either conforms or it does not), but organisations track a maturity/capability view to plan improvement. The table below presents a five-level maturity model plus the formal WCAG conformance levels.

Maturity levelDescriptionTypical state
Level 0 — AbsentNo awareness or policy; accessibility not consideredNumerous Level A failures, keyboard traps
Level 1 — Initial / ReactiveAd hoc fixes after complaints; automated scans onlyPartial Level A; no manual testing
Level 2 — ManagedPolicy exists; manual audits on key pages; defined target levelApproaching Level AA on core pages
Level 3 — DefinedAccessibility in design system and CI; training in placeLevel AA across most templates
Level 4 — MeasuredMetrics tracked; PwD usability testing; regular re-auditSustained AA; some AAA
Level 5 — OptimisingAccessibility-by-default culture; continuous improvementRobust AA/AAA, low defect recurrence
WCAG conformance levelRequirementTypical use
Level AAll Level A success criteria metAbsolute minimum; insufficient alone
Level AAAll A and AA success criteria metLegal/procurement baseline; GIGW target
Level AAAAll A, AA and AAA met (not required for whole sites)Enhanced accessibility for specific content

9. Assessment and Audit Approach

A defensible audit blends automated coverage (fast, but detects only a minority of issues) with expert manual testing and assistive-technology validation. The recommended process follows WCAG-EM (Website Accessibility Conformance Evaluation Methodology).

  1. Define the evaluation scope, conformance target (e.g. WCAG 2.1 AA) and any GIGW areas.
  2. Explore the target: identify page types, key functionality, technologies, states and complete processes.
  3. Select a representative sample: structured sample of common pages plus a random sample, ensuring full processes are covered.
  4. Run automated testing across the sample to surface machine-detectable issues and coverage breadth.
  5. Perform manual expert testing: keyboard-only operation, semantics/ARIA review, contrast, reflow, zoom, and content checks.
  6. Perform assistive-technology testing with NVDA, JAWS, VoiceOver and TalkBack across the browser matrix.
  7. Conduct functional/usability testing of complete processes, ideally involving Persons with Disabilities.
  8. Record each failure against its specific success criterion with severity, location, reproduction steps and remediation guidance.
  9. For GIGW, execute security (STQC/CERT-In) and quality/link/performance checks and content-governance review.
  10. Aggregate results, determine conformance level achieved, and produce the report and conformance claim (ACR/VPAT).
  11. Support remediation, then re-test fixed items and issue the final signed conformance statement.

10. Evidence Request List

The following evidence, grouped by category, should be requested from the implementer/product team ahead of and during the audit.

  • Governance: accessibility policy, appointed owner/RACI, GIGW compliance ownership records, roadmap.
  • Design: design system/pattern library accessibility guidance, colour palette with contrast values, wireframes.
  • Code and markup: source of representative templates, ARIA usage documentation, autocomplete/label conventions.
  • Testing artefacts: automated scan reports (axe/WAVE/Lighthouse), manual audit reports, screen-reader test recordings, keyboard walkthrough videos.
  • Media and documents: caption/transcript files, audio-description tracks, accessible PDF/office documents.
  • Conformance: prior Accessibility Conformance Report / VPAT, Accessibility Statement, feedback-channel logs.
  • Security and quality (GIGW): STQC/CERT-In security audit report and clearance, TLS/header scans, link-check and performance reports, hosting/DR approvals.
  • Process evidence: complete-process test recordings (registration, payment), error-handling screenshots, session-timeout configuration.
  • Mobile (if applicable): TalkBack/VoiceOver test recordings, permission manifest, store listing, mobile security report.

11. Roles and Responsibilities

RoleResponsibility
Website/App Owner (Web Information Manager)Accountable for GIGW/WCAG compliance, sign-off and governance
Accessibility Lead / ChampionOwns policy, standards, training and remediation roadmap
UX / Visual DesignerDelivers accessible designs — contrast, focus, layout, target sizes
Front-end DeveloperImplements semantic HTML, correct ARIA, keyboard support
Content Author / EditorProvides alt text, headings, plain language, accessible documents
QA / Accessibility TesterRuns automated, manual and AT testing; logs defects to SC
Security Auditor (STQC/CERT-In)Conducts GIGW security audit and issues clearance
External Auditor / AssessorIndependent conformance evaluation and ACR issuance
Persons with Disabilities (test participants)Provide real-world usability validation

12. KPIs to Track

  • Conformance level achieved per template (A / AA / AAA) and percentage of pages at target level.
  • Number of open accessibility defects by severity (blocker, critical, major, minor) and mean time to remediate.
  • Automated scan pass rate and trend over time.
  • Percentage of design-system components that are accessibility-certified.
  • Number of complete user processes fully conformant end to end.
  • Screen-reader task success rate in usability testing with Persons with Disabilities.
  • Accessibility defects escaping to production per release (defect leakage).
  • Percentage of new content published with alt text and accessible documents on first publish.
  • Time to acknowledge and resolve accessibility feedback from the public channel.
  • GIGW/STQC certification status and security-audit clearance currency.

13. Readiness Checklist

  • Conformance target defined (e.g. WCAG 2.1 AA) and GIGW areas identified
  • Scope document lists templates, states and complete processes
  • All non-text content has appropriate text alternatives
  • Full keyboard operability with visible focus and no traps
  • Colour contrast meets 4.5:1 (text) and 3:1 (UI/large text)
  • Content reflows at 320px and text resizes to 200% without loss
  • All form fields have labels, instructions and clear error handling
  • Semantic structure, headings, landmarks and ARIA name/role/value correct
  • Captions, transcripts and audio descriptions provided for media
  • Downloadable documents (PDF/office) are accessible
  • Accessibility Statement and feedback channel published
  • Automated, manual and assistive-technology testing completed on the sample
  • Mandatory GIGW pages and policies present
  • STQC/CERT-In security audit cleared (for government properties)
  • Accessibility Conformance Report / VPAT prepared and signed off
  • Re-audit schedule and CI/CD accessibility gates in place

14. Common Gaps

  • Relying on automated scans alone — they detect only around a third of issues, missing keyboard, screen-reader and cognitive problems.
  • Missing or meaningless alt text, and decorative images not hidden from assistive technology.
  • Insufficient colour contrast and no visible keyboard focus indicator.
  • Custom widgets (dropdowns, modals, tabs) built without correct ARIA name/role/value, breaking with screen readers.
  • Keyboard traps in modals, carousels and embedded media.
  • Form fields without programmatic labels and errors conveyed by colour only.
  • Image-only or untagged PDFs treated as accessible content.
  • CAPTCHAs and authentication that impose cognitive/memory tests with no accessible alternative (SC 3.3.8).
  • Content that reflows poorly or locks orientation on mobile.
  • Auto-playing media, moving carousels and time limits with no pause/stop/extend controls.
  • Treating accessibility as a one-off audit rather than a sustained, CI-integrated practice.
  • For GIGW: missing mandatory pages, outdated content, and go-live before security-audit clearance.

15. GIGW / WCAG Mapped to Other Frameworks

Framework / regulationRegionRelationship to WCAG/GIGW
EN 301 549EUAdopts WCAG AA for ICT accessibility procurement
Section 508USAIncorporates WCAG 2.0 AA for federal ICT
ADA (Title II/III)USACourts apply WCAG AA as the practical standard
European Accessibility ActEUMandates accessibility, aligned to WCAG/EN 301 549
AODACanada (Ontario)Requires WCAG AA for public websites
UK Equality Act / PSBARUKPublic bodies must meet WCAG AA
RPwD Act 2016 & RulesIndiaMandates accessible ICT; references GIGW/WCAG
ISO/IEC 40500GlobalIs WCAG 2.0 published as an ISO standard
STQC certification schemeIndiaCertifies GIGW compliance including WCAG AA accessibility
EN 301 549 mobile clausesEU/GlobalExtends WCAG principles to native mobile apps (as GIGW does)

16. How CyberSigma Helps

Partner with CyberSigma for GIGW & WCAG Assurance
CyberSigma brings CERT-In empanelled and QSA-grade rigour to accessibility and government web assurance. We deliver end-to-end GIGW & WCAG 2.1/2.2 AA engagements: baseline audits combining automated, expert-manual and assistive-technology testing (NVDA, JAWS, VoiceOver, TalkBack); WCAG-EM sampled evaluations of complete user journeys; remediation guidance mapped to each success criterion; accessible design-system and component uplift; document remediation; STQC/CERT-In security-audit coordination; and preparation of your Accessibility Conformance Report, Accessibility Statement and GIGW certification pack. We also embed accessibility gates into your CI/CD and train your design, development and content teams so conformance is sustained, not one-off. Talk to CyberSigma to make your citizen and customer digital services accessible, compliant and audit-ready.

Frequently asked questions

What WCAG level should we target?
WCAG 2.1/2.2 Level AA is the common target for legal and GIGW conformance; AAA is aspirational for specific criteria.
Official documents

Need help with GIGW / WCAG?

CERT-In empanelled, PCI QSA senior auditors can take you from reading about it to compliant — with a scoped, guided programme.