WCAG 2.2 New Success Criteria: What Changed in October 2023?
WCAG 2.2 was finalized by the W3C on October 5, 2023, adding nine new success criteria and removing one (4.1.1 Parsing, deprecated as browser AT support matured). The new criteria address focus visibility, motor-accessible drag interactions, reduced cognitive burden from repeated data entry, and authentication that does not rely on cognitive tests. Organizations with WCAG 2.1 AA conformance need to address six new AA-level criteria.
2.4.11 Focus Appearance — Making Focus Indicators Visible
For the first time, WCAG 2.4.11 (Level AA) establishes concrete requirements for focus indicators. The indicator must enclose the component with an area at least the perimeter times 2 CSS pixels and achieve 3:1 contrast between focused and unfocused states. A thin blue outline on white often fails — most design systems need a redesigned focus indicator with greater thickness and contrast.
Implementing a Compliant Focus Indicator
A 2px solid outline offset by 2px with sufficient color contrast reliably meets 2.4.11. Using outline-offset in CSS creates a visible gap improving both clarity and contrast measurement. Many teams use a high-contrast brand color with a white inner ring via box-shadow to ensure 3:1 against both dark and light backgrounds.
2.5.7 Dragging Movements — Accessibility for Motor Disabilities
SC 2.5.7 (Level AA) requires that any drag-based functionality — sortable lists, sliders, map panning, file uploads — also be achievable via a single-pointer action without dragging. A sortable list might add up/down arrow buttons. A file upload might supplement drag-and-drop with a file picker button. Compliance requires an alternative path, not removing drag entirely.
2.5.8 Target Size (Minimum) — Bigger Touch Targets
SC 2.5.8 (Level AA) requires touch targets to be at least 24 by 24 CSS pixels, with an exception when offset from neighboring targets by at least 24px of spacing. Inline text links are exempt. Adding padding: 12px to small icon buttons using CSS padding or ::after pseudo-elements typically satisfies 2.5.8 without any visual change.
3.3.7 Redundant Entry — Stop Asking Users to Repeat Themselves
SC 3.3.7 (Level AA) requires that information previously entered by the user is auto-populated or available to select in multi-step processes. Checkout flows asking for a name again after account creation directly fail this criterion. The fix: persist data across steps using session state and pre-populate fields.
3.3.8 Accessible Authentication — No Cognitive Puzzles Required
SC 3.3.8 (Level AA) prohibits authentication steps relying solely on cognitive function tests unless an alternative is provided. CAPTCHAs requiring deciphering distorted text fail unless an alternative exists. Compliant alternatives include object recognition CAPTCHA, copy-paste OTP fields, email magic links, passkey authentication, or a customer service alternative path.
How to Audit Your Site for WCAG 2.2 Compliance
- Run automated scans with axe-core 4.8+ which includes WCAG 2.2 rule sets
- Manually test focus appearance on all interactive components via keyboard navigation
- Identify every drag interaction and verify a non-drag alternative path exists
- Measure touch target sizes using DevTools computed styles
- Map all multi-step forms and flag fields that ask for previously submitted information
- Test authentication flows without completing CAPTCHA to identify failures
Sarah Mitchell
Senior Accessibility Consultant
A certified accessibility consultant at BuildWithAccess helping organizations achieve WCAG compliance and build more inclusive digital experiences.
Need help making your site accessible?
We offer free consultations to assess your current accessibility posture and recommend a path forward.
Get a Free Consultation