Sophie-Charlotte Sommer is a student of IT Security and Information Technology at Ruhr University Bochum. At G DATA, she focuses on accessibility in the company’s Security Awareness Trainings as part of the G DATA academy. Her bachelor thesis, “Exploring Accessible and Inclusive IT Security: A Systematic Literature Review on Security Practices for People with Disabilities”, was written in cooperation with the Max Planck Institute for Security and Privacy.
Sophie, what does digital accessibility mean and why is it essential?
Sophie: Accessibility plays a role in all areas of life and is therefore far more than a ramp at the entrance, an accessible restroom, or a tactile guidance system. Digital accessibility means that products – including websites, software, or learning platforms – are designed so that all people can use them, regardless of physical, sensory, or cognitive limitations. This includes enabling visually impaired users to rely on screen readers, allowing people with motor impairments to operate software without a mouse, and providing clear structures for people with cognitive disabilities. Accessibility is also crucial for hearing-impaired individuals, as they rely on subtitles or sign language translations.
What legal accessibility requirements apply to software?
Sophie: A key guideline is the Web Content Accessibility Guidelines (WCAG), which serve as the global standard for accessible web content. They define three conformance levels: A as the basic level, AA as the recommended standard, and AAA as the highest level. Public authorities in the EU must comply with at least the AA standard. Additionally, the German Accessibility Strengthening Act, effective from June 2025, will require companies to make digital products and services accessible, or else face sanctions or exclusion from the market.
There are also European regulations, such as EU Directive 2016/2102 on the accessibility of websites and mobile applications. Public-sector organizations are particularly affected, but companies increasingly need to prepare as well. A good example of successful implementation are the websites of many job centers, which have been optimized for screen readers and offer intuitive navigation.
Which accessibility standards must software—and therefore our Security Awareness Trainings—meet?
Sophie: For software to be accessible, it must be perceivable, operable, understandable, and robust. Content must be accessible to people with visual or hearing impairments as well as those with cognitive disabilities. Text must not be too small, and videos should include subtitles or audio descriptions. Navigation must be simple and possible without a mouse, for example through keyboard controls or voice recognition.
Security Awareness Trainings face the same challenges. They must be designed so that all users can navigate them with ease. At the G DATA academy, several key measures have already been implemented: all videos include subtitles, colours are not used as the sole means of differentiation, and learning content is structured to avoid unnecessary cognitive load. However, there is room for improvement. In particular, screen reader compatibility should be enhanced and tested to ensure that blind or severely visually impaired users can work with the content without difficulties.
What challenges arise when developing accessible software?
Sophie: A major issue is that many software solutions could theoretically be accessible, but practical implementation often falls short. For example, Moodle—a popular learning platform—meets the WCAG 2.1 AA standard, but professors or administrators frequently fail to upload subtitles for their videos. This shows that accessibility is not only a technical challenge but also an organizational one.
Another major challenge is that different user groups often have conflicting requirements. While blind users need detailed text descriptions, long texts can create additional barriers for people with dyslexia. These conflicting needs can be difficult to reconcile.
Additionally, many developers implement accessible features technically but never test them with actual users. A screen reader may be supported in theory, yet unexpected issues arise in real usage. Therefore, meeting standards alone is not enough. Those responsible must continuously test and adapt accessible software in practice.
How accessible are our Security Awareness Trainings already – and where is there room for improvement?
Sophie: The G DATA academy team has already implemented many strong measures. For hearing-impaired users, the trainings are fully accessible because all audio content is subtitled. For users with color vision deficiencies, there are clear markers that do not rely solely on color.
Accessibility is more challenging for blind or severely visually impaired people. Screen reader compatibility needs to be examined in more detail. Providing full audio descriptions of all content would also be a valuable improvement.
For people with cognitive impairments, it is helpful that they can take as much time as they need to complete the trainings. However, we still need to evaluate whether simplified language could be beneficial for complex topics such as data protection or IT security.
What does the future of accessible Security Awareness Training look like?
Sophie: The next step is a systematic review of screen reader compatibility to identify and address potential barriers. At the same time, we should consider how to provide audio support for all interactive elements.
Another exciting challenge is the diversity of user needs: a training optimized for blind users is not automatically suitable for people with cognitive disabilities. In the long term, customizable trainings tailored to different disabilities could be a solution.
What many overlook: accessible software benefits not only people with disabilities. Features such as adjustable font sizes or intuitive navigation also make applications easier to use for older people or inexperienced users.
Why is accessibility worthwhile for companies?
Sophie: It’s not just about complying with the law – accessibility is an opportunity. Companies that make their software accessible to everyone reach a wider audience, improve user experience, and increase long-term customer satisfaction. Subtitles, for example, are not only helpful for deaf users but also for people watching videos without sound. Good contrast design benefits not only visually impaired users but also anyone using their phone in bright sunlight.
Put simply: an elevator is not only practical for people in wheelchairs – parents with strollers or travelers with heavy luggage benefit as well. The same applies to digital accessibility.
Companies that offer accessible Security Awareness Trainings reach a broader audience and strengthen their reputation as socially responsible organizations. Those who invest early in accessibility remain competitive and avoid legal risks in the long run.
Thank you very much for the interesting conversation!
Sophie: My pleasure!
