ClearPath Audits

Laws & Standards

Every finding in our reports is linked to a specific law, regulation, or technical standard. Here is the complete legal framework we audit against.

Federal Laws & Regulations

Americans with Disabilities Act (ADA) Title III

42 U.S.C. § 12182

Standard: WCAG 2.2 Level AA (DOJ Final Rule, March 2024)

Prohibits discrimination against individuals with disabilities. Federal courts and the DOJ have increasingly applied Title III to websites, requiring WCAG 2.1/2.2 AA conformance.

Applies to: All places of public accommodation — including websites of businesses open to the public
Enforcement: DOJ litigation, private lawsuits (no cap on attorney fees)

Section 508, Rehabilitation Act

29 U.S.C. § 794d

Standard: WCAG 2.0 AA (with ADA pushing to 2.2 AA)

Federal electronic and information technology must be accessible. Sets WCAG 2.0 AA as the floor. Many state agencies mirror Section 508 requirements.

Applies to: Federal agencies and their contractors; increasingly referenced in private suits
Enforcement: Federal agency enforcement; contractor compliance requirements

FTC Act § 5

15 U.S.C. § 45

Standard: FTC Dark Patterns Guidance (Sept 2022)

Prohibits unfair or deceptive acts and practices. The FTC has used this authority to take action against dark patterns in subscription services, consent flows, and checkout manipulations.

Applies to: All commercial websites and apps
Enforcement: FTC civil penalties up to $50,120/violation, injunctions

ROSCA

15 U.S.C. § 8401–8405

Standard: FTC Click-to-Cancel Rule (2024)

Requires clear disclosure of recurring charge terms before obtaining billing information, and simple cancellation mechanisms. "Click-to-cancel" rule finalized in 2024.

Applies to: Online subscription and negative-option programs
Enforcement: FTC enforcement, state AG actions

21st Century Communications and Video Accessibility Act (CVAA)

47 U.S.C. § 303

Standard: FCC CVAA Regulations

Requires closed captions on online video content that was previously captioned on TV.

Applies to: Video programming on the internet distributed by TV broadcasters or pay-TV providers
Enforcement: FCC enforcement, complaints

CAN-SPAM Act

15 U.S.C. § 7701

Standard: FTC CAN-SPAM Guidance

Requires clear identification, honest subject lines, working opt-out mechanisms. Dark patterns that bury unsubscribe links or make opt-out difficult violate this law.

Applies to: Commercial email senders
Enforcement: FTC enforcement, up to $50,120/email violation

State Laws by State

Our audits are tailored to the state where your company is incorporated or operates. Laws vary significantly — California and New York have particularly aggressive enforcement environments.

California

Unruh Civil Rights Act

Cal. Civil Code § 51–53

Prohibits business discrimination based on disability. Courts have applied Unruh to websites, allowing plaintiffs to recover $4,000+ per violation.

California Consumer Privacy Act / CPRA

Cal. Civil Code § 1798.100 et seq.

Prohibits dark patterns in consent flows for data collection, sale, or sharing. The California Privacy Protection Agency (CPPA) has issued specific dark-pattern regulations.

California AB 2273 (Age-Appropriate Design Code)

Cal. Civil Code § 1798.99.28

Bans dark patterns targeting minors. Requires privacy by default for services likely accessed by children under 18.

California Automatic Renewal Law

Cal. Business & Professions Code § 17600

Requires clear disclosure of auto-renewal terms and simple cancellation. One of the strictest state-level "click-to-cancel" laws in the US.

California AB 434

Cal. Government Code § 7405

Requires state agency websites to comply with WCAG 2.0 AA. Sets the standard other California government entities must meet.

New York

NY State Human Rights Law (NYSHRL)

N.Y. Exec. Law § 296

Prohibits disability discrimination in places of public accommodation. Courts have applied this to websites, and NY plaintiffs frequently pair NYSHRL with ADA claims.

NYC Human Rights Law

N.Y.C. Admin. Code § 8-101

Broader than state law — applies to any business with an NYC nexus. Frequently used in web accessibility suits due to its more favorable damage provisions.

NY Digital Fair Repair Act

N.Y. Gen. Bus. Law § 399-nn

While primarily about device repair, signals NY legislative willingness to regulate digital practices.

Florida

Florida Civil Rights Act

Fla. Stat. § 760.01

Prohibits discrimination in places of public accommodation. Courts have applied it to websites in accessibility cases.

Florida Deceptive and Unfair Trade Practices Act (FDUTPA)

Fla. Stat. § 501.201

Prohibits unfair or deceptive acts in commerce. Dark patterns that manipulate consumer decisions can trigger FDUTPA liability.

Texas

Texas Human Resources Code

Tex. Hum. Res. Code § 121.003

Prohibits discrimination against persons with disabilities in public accommodations, including digital ones.

Texas Deceptive Trade Practices-Consumer Protection Act (DTPA)

Tex. Bus. & Com. Code § 17.41

Broad prohibition on deceptive trade practices. Dark patterns can constitute actionable misrepresentations under DTPA.

Illinois

Illinois Human Rights Act

775 ILCS 5/5-102

Prohibits disability discrimination in public accommodations, applied to websites by Illinois courts.

Illinois Biometric Information Privacy Act (BIPA)

740 ILCS 14

Requires informed written consent for biometric data collection. Dark patterns in consent flows for face/fingerprint recognition can violate BIPA.

Colorado

Colorado Anti-Discrimination Act (CADA)

C.R.S. § 24-34-601

Prohibits disability discrimination in public accommodations, including websites.

Colorado Privacy Act (CPA)

C.R.S. § 6-1-1301

Explicitly prohibits dark patterns in consent interfaces for data processing. Effective July 2023.

Washington

Washington Law Against Discrimination (WLAD)

RCW 49.60

Prohibits disability discrimination in public accommodations, applicable to websites per state court interpretations.

My Health My Data Act

RCW 70.372

Regulates collection and use of consumer health data. Requires consent that is free from dark patterns.

Note: This is not an exhaustive list and does not constitute legal advice. Your jurisdiction may have additional applicable laws. Always consult qualified legal counsel for specific legal guidance.

Know which laws apply to your site.

Our audits automatically identify which federal and state laws apply based on your company location and business type.

Request an Audit