This Act may be cited as the Barrier‑Free Web Access Act.
The purpose of this Act is to ensure universal, equitable, and non‑discriminatory access to essential digital services by prohibiting inaccessible verification systems and mandating passive, human‑centered, barrier‑free verification methods.
(a) Essential Digital Services
“Essential digital services” include any online service necessary for daily life, public welfare, or economic participation, including but not limited to healthcare platforms, government portals, financial and insurance services, utilities and essential tools, educational institutions, employment platforms, and website builders or hosting services. National regulators may expand this definition as technology evolves.
(b) Traditional CAPTCHA (Prohibited)
“Traditional CAPTCHA” means any verification method requiring users to solve visual, auditory, or puzzle‑based tasks, including image‑selection grids, distorted text, audio challenges, or sensory‑dependent puzzles. Traditional CAPTCHA is prohibited under this Act.
(c) Passive Verification Systems (Permitted)
“Passive verification systems” include non‑interactive, transparent verification methods such as reCAPTCHA v3, reCAPTCHA Enterprise (v3‑only mode), Cloudflare Turnstile, device attestation, behavioral verification, multi‑factor authentication, human‑centered fallback methods, Humane Verification v2 and v3, and non‑interactive Proof‑of‑Work systems. These systems are permitted only if they do not require puzzle‑based, image‑based, or traditional CAPTCHA‑type interactions. A single click such as “Verify you are human” is acceptable, as is Humane radio‑type fallback.
Traditional CAPTCHA is prohibited in all contexts, and reCAPTCHA v2 is explicitly prohibited. No service provider may deploy, maintain, or require traditional CAPTCHA. No fallback method may include image grids, audio challenges, or puzzle‑based tasks.
(a) Requirements
Permitted systems must never require puzzles or image selection, never require audio challenges, never block users solely on automated scoring, must provide a human‑accessible fallback, and must disclose verification methods transparently.
(b) Human‑Accessible Fallback Standards
A fallback must be reachable without prohibited challenges, must provide a response within a reasonable timeframe not exceeding 24 hours for essential services, and must include at least one of the following: live human support, email‑based verification, multi‑factor authentication, or an alternative permitted verification method. Fallbacks consisting solely of unmonitored inboxes or excessive wait times do not meet this requirement.
reCAPTCHA v2 and all interactive verification systems are prohibited. Non‑interactive systems such as Turnstile “Verify you are human” and HV2 single‑checkbox fallbacks without puzzles are explicitly allowed. All prohibited systems must be removed within the remediation period defined in Section 7. After the effective date, no interactive verification system may be used.
(a) Standard Violations
Unintentional barriers or misconfigurations. Remediation window: 30 days. Penalties may include administrative fines and public non‑compliance listing.
(b) Serious Violations
Gross negligence or repeated refusal to comply. Remediation window: 30 days for essential services and 90 days for non‑essential services. Penalties may include higher fines, audits, and regulatory sanctions.
(c) Extreme Violations
Intentional obstruction causing serious harm or interfering with life‑critical services. Remediation window: 48 hours. Penalties may include criminal liability, civil liability for damages, and regulatory sanctions. Sentencing is determined solely by the judiciary of the adopting jurisdiction.
A public compliance classification system shall be maintained: Full Compliance (🟢), Partial Compliance (🟡), Serious Non‑Compliance (🟠), and Extreme Non‑Compliance (🔴). Countdown timers must be displayed for Partial and Serious tiers.
All parties subject to enforcement actions retain the right to representation, the right to present evidence, the right to challenge allegations, and protection against malicious or mistaken accusations.
Organizations shall not be held liable for verification failures caused by third‑party interference, malicious tampering, injected scripts, or external manipulation beyond their control. This section protects service providers from false attribution.
This Act shall take effect one year after adoption by any national government, with regulators authorized to establish transition timelines and compliance procedures.