WCAG 2.2 Is Now an ISO Standard: What Changes for 2026 Compliance

WCAG (Web Content Accessibility Guidelines) is the international standard for web accessibility, developed by the W3C (World Wide Web Consortium). The progression:

Timeline:
• WCAG 2.0: December 2008
• WCAG 2.1: June 2018
• WCAG 2.2: October 2023 (W3C Recommendation)
• WCAG 2.2 ISO: October 2025 (ISO/IEC 40500:2025)

Why ISO Recognition Matters:

The ISO standard designation gives WCAG 2.2 additional legal weight:
• Referenced in international regulations and contracts
• Recognized across borders without country-specific adoption
• Provides clear technical standard for procurement
• Signals long-term direction for accessibility requirements

Relationship to ADA Compliance:

The DOJ's April 2024 Title II final rule specifies WCAG 2.1 Level AA as the required standard. However:
• WCAG 2.2 is backward compatible (meeting 2.2 also meets 2.1)
• Future DOJ guidance may adopt 2.2
• Best practice is to target 2.2 for future-proofing
• Some new 2.2 criteria address real user barriers

Conformance Levels:

Like previous versions, WCAG 2.2 has three conformance levels:
• Level A: Minimum accessibility (25 criteria)
• Level AA: Standard compliance target (13 additional criteria)
• Level AAA: Enhanced accessibility (9 additional criteria)

The DOJ requires Level AA, which includes both A and AA criteria.

WCAG 2.2 adds 9 new success criteria. Here are the ones most relevant for Level AA compliance:

Level A New Criteria:

2.4.11 Focus Not Obscured (Minimum)
• When a component receives keyboard focus, it must not be entirely hidden
• Sticky headers, chat widgets, and cookie banners cannot completely cover focused elements
• Partial obscuring is allowed at Level A; Level AA (2.4.12) requires full visibility

*Why it matters*: Users navigating by keyboard lose track of where they are if focused elements disappear behind overlays.

3.2.6 Consistent Help
• If help mechanisms exist (contact info, chat, FAQ links), they must be in consistent locations across pages
• Applies to human contact options, self-help options, and automated contact mechanisms

*Why it matters*: Users with cognitive disabilities rely on predictable page layouts to find assistance.

3.3.7 Redundant Entry
• Information previously entered by users should not need to be re-entered in the same session
• Auto-populate or allow selection from previously entered data
• Exceptions: security, expired data, user-deleted data

*Why it matters*: Re-entering information creates barriers for users with memory or motor difficulties.

Level AA New Criteria:

2.4.12 Focus Not Obscured (Enhanced)
• Stricter version: focused element must be FULLY visible (not just partially)
• No part of the focused component may be hidden by author-created content

2.5.7 Dragging Movements
• Any functionality using dragging must have single-pointer alternative
• Drag-and-drop must also work with click/tap
• Examples: sliders, sortable lists, map panning

*Why it matters*: Users with motor impairments may not be able to perform drag operations.

2.5.8 Target Size (Minimum)
• Touch/click targets must be at least 24x24 CSS pixels
• OR have sufficient spacing from adjacent targets
• Exceptions: inline links in text, user-agent controlled elements

*Why it matters*: Small targets are difficult for users with motor impairments or on mobile devices.

3.3.8 Accessible Authentication (Minimum)
• Login cannot require cognitive function test (memory, puzzle, transcription)
• Must allow: password managers, copy/paste, alternative authentication
• CAPTCHAs that require transcription fail this criterion

*Why it matters*: Complex authentication excludes users with cognitive disabilities.

Level AAA New Criteria:

2.4.13 Focus Appearance
• Focus indicators must meet specific size and contrast requirements

3.3.9 Accessible Authentication (Enhanced)
• Stricter version with fewer exceptions

For organizations already targeting WCAG 2.1 AA, here is what WCAG 2.2 adds:

You May Already Fail 2.2 If:

1. Sticky headers/footers cover focused elements • Chat widgets that overlay page content • Cookie consent banners that don't move • Fixed navigation covering form fields • *Fix*: Ensure focused elements scroll into view above/below fixed elements

2. Your login uses image CAPTCHAs • 'Select all images with traffic lights' fails 3.3.8 • Text CAPTCHAs requiring transcription fail • *Fix*: Implement alternative authentication (email link, passkeys, accessible CAPTCHA)

3. Drag-and-drop has no alternative • Sortable lists requiring drag • Map controls only via dragging • Slider inputs without keyboard/arrow support • *Fix*: Add buttons, arrow keys, or click-to-move alternatives

4. Touch targets are too small • Icons under 24x24 pixels • Tightly packed navigation links • Mobile menu items too close together • *Fix*: Increase target size or add spacing

5. Multi-step forms require re-entry • Shipping forms don't remember billing address • Error correction clears other fields • *Fix*: Pre-populate from session data, offer 'same as' options

What WCAG 2.2 Removed:

Notably, WCAG 2.2 removed Success Criterion 4.1.1 (Parsing), which required valid HTML. This was removed because modern browsers and assistive technologies are much better at handling markup errors than they were in 2008.

If you are currently targeting WCAG 2.1 AA for the April 2026 deadline, here is how to plan for 2.2:

Immediate Strategy (Now - April 2026):

1. Meet WCAG 2.1 AA First • This is the legal requirement • Don't let 2.2 planning delay 2.1 compliance • Document your 2.1 compliance for good faith defense

2. Audit for 2.2 Gaps • Test authentication flows for cognitive barriers • Check all drag interactions for alternatives • Measure touch target sizes • Verify focus visibility with sticky elements

3. Fix Easy 2.2 Wins • Target size is often CSS-only fix • Focus obscuring usually requires minor JS • Redundant entry may be quick form update

Medium-Term Strategy (2026-2027):

4. Plan Authentication Updates • Most complex 2.2 requirement • May require vendor coordination • Consider passkeys, magic links, biometric options

5. Address Drag Interactions • Audit all interactive components • Add keyboard alternatives • Test with screen readers

6. Update Testing Procedures • Add 2.2 criteria to audit checklists • Train testers on new requirements • Update automated scanning tools

Why Target 2.2 Even Though 2.1 Is Required:

• Future-proofs your investment
• 2.2 criteria address real user barriers
• European Accessibility Act references 2.2
• Demonstrates leadership and good faith
• Easier than upgrading later

The ISO recognition of WCAG 2.2 has implications beyond US ADA compliance:

European Accessibility Act (EAA):

The EAA became effective June 28, 2025, requiring accessibility for:
• Websites and mobile apps serving EU customers
• E-commerce platforms
• Banking and financial services
• Transportation services
• E-books and e-readers

The EAA references EN 301 549, which incorporates WCAG 2.1/2.2. Organizations selling to EU customers should target WCAG 2.2.

Other International Standards:

• Canada: Accessible Canada Act references WCAG 2.1
• UK: Public Sector Bodies Regulations require WCAG 2.1 AA
• Australia: DDA references WCAG 2.0, moving toward 2.1
• Japan: JIS X 8341-3 harmonized with WCAG

Procurement Implications:

ISO 40500:2025 (WCAG 2.2) provides clear procurement language:
• Government contracts can specify ISO standard
• International organizations reference ISO standards
• Vendor compliance claims are more verifiable
• Cross-border contracts have common reference

For US Organizations:

Even if US law currently requires only WCAG 2.1:
• Global organizations should target 2.2
• E-commerce serving international customers needs 2.2
• Government vendors may see 2.2 in future RFPs
• Proactive compliance demonstrates leadership

Testing for WCAG 2.2 requires both automated and manual approaches:

Automated Testing Updates:

Major accessibility testing tools are updating for 2.2:
• axe-core: Added 2.2 rules
• WAVE: Incorporating 2.2 checks
• Lighthouse: Updating accessibility audits
• Pa11y: Community updates for 2.2

Manual Testing Requirements:

Focus Not Obscured (2.4.11, 2.4.12):
• Tab through all interactive elements
• Verify focused element is visible
• Test with sticky headers/footers present
• Check modal dialogs and overlays

Dragging Movements (2.5.7):
• Identify all drag interactions
• Verify keyboard alternatives exist
• Test single-pointer alternatives
• Use screen reader to navigate

Target Size (2.5.8):
• Measure interactive element dimensions
• Use browser dev tools for pixel measurement
• Check spacing between adjacent targets
• Test on mobile devices

Accessible Authentication (3.3.8):
• Attempt login with password manager
• Verify copy/paste works for credentials
• Check that CAPTCHAs have alternatives
• Test alternative authentication methods

Redundant Entry (3.3.7):
• Complete multi-step forms
• Verify data persists between steps
• Check error correction doesn't clear data
• Test 'same as' functionality

Testing Tools for 2.2:
• Browser dev tools (target size measurement)
• Keyboard-only navigation testing
• Screen readers (NVDA, JAWS, VoiceOver)
• Mobile device testing (touch targets)