December 12, 2023

Web Content Accessibility Guidelines (WCAG) are an internationally recognized accessibility best-practice standard for digital experiences. WCAG 2.2 is the latest version of WCAG since it became a “W3C Recommended” web standard.

The evolution from WCAG 2.1 to 2.2 involves a number of important changes – one being that authentication processes can no longer include a “cognitive function test”. This is a transformative shift for any organization that wants to comply with WCAG yet still employs cognitive function requirements, such as passwords. This makes many traditional authentication methods explicitly incompatible with WCAG guidelines, and therefore incompatible with accepted standards for web accessibility.

iProov is dedicated to user accessibility and inclusivity – values ingrained within our culture and our technologies. As one of the few biometric facial verification providers compliant with WCAG 2.1 AA, we now extend our compliance to WCAG 2.2 AA.

Read on to discover the wider context of WCAG 2.2 and the potential impact of its changes on your organization.

Evolution to WCAG 2.2: What Is It and How Is It Different from 2.1 AA?

WCAG provides recommendations for improving web accessibility, promoting equal access for all, regardless of constraints (such as age, literacy, language, cognitive ability, or disability). WCAG 2.2 is the latest edition, adding 9 new success criteria. You can read more about the specification requirements surrounding each criteria here.

While WCAG 2.2 introduces many significant changes, we believe the most important is Accessible Authentication (3.3.8) – which states that a cognitive function test (such as remembering a password or solving a puzzle) must not be required for any step in an authentication process. It recognizes that remembering a password or solving a puzzle is not inclusive for many people.

The new guidelines are backwards compatible, meaning that by satisfying the requirements of WCAG 2.2, you satisfy the requirements for previous versions, too. So for instance, iProov conforms to both WCAG 2.1 Level AA and 2.2 Level AA.

What does the “AA” refer to?

This refers to the tiers of criteria within WCAG:

  • Level A requirements prohibit any elements that make the product/website inaccessible for people with disabilities to use.
  • Level AA conformances requires that the solution is easy to use and understand for the majority of people (with or without disabilities).
  • Level AAA demands a number of additional requirements and is the highest possible conformance level in WCAG, but it is not required by regulation (so is optional).

How Does iProov Comply With WCAG 2.2 AA?

iProov face biometrics SDKs have achieved WCAG 2.2 Level AA conformance.

Testing for conformance was carried out by external accessibility experts TetraLogical, a member of the W3C and contributor to standards, including WCAG. By virtue of conformance, aligning your face in the oval to iProov with Flashmark isn’t deemed a cognitive function test, as the user doesn’t have to do anything except look into their user-facing camera. This is critical.

Why Is WCAG 2.2 AA Important?

WCAG and accessibility efforts should be a priority for all organizations, because without proper accessibility measures you’re potentially excluding up to 1/5th of the population that live with a disability.

However, WCAG compliance is particularly essential to the public sector organizations. Websites and other digital content created by public sector and other arms of government are often mandated by law to deliver accessible digital content for citizens with some form of disabilities – meaning that meeting WCAG requirements is the easiest way to ensure you’re compliant.

For example, The UK government explicitly states that compliance with WCAG ensures your digital content meets the legal requirements under the Public Sector Bodies Accessibility Regulation. The Government Digital Service (GDS) is already working on how to assess the new WCAG 2.2 rules and will begin monitoring for the extra criteria in October 2024.

In the EU, the Web Accessibility Directive 2016 draws heavily heavily from WCAG, and requires all websites and mobile applications of public sector bodies to comply. While WCAG guidelines are not explicitly tied to US legislation as they are in other countries, adhering to them can provide your organization with a great defence against lawsuits such as ADA Title III for web accessibility.

Even for organizations that are not mandated by law to meet accessibility requirements, compliance to WCAG remains one of the best ways to ensure that your web content is inclusive and accessible for as many people as possible, which should be a key business aim.

iProov Technology Supports Your Compliance with WCAG 2.2

At iProov, we’ve historically questioned the security of passwords and instead recommended authentication that promotes user accessibility. Now with WCAG 2.2, it’s clear that your organization will struggle to meet the international standard for accessible authentication if you use passwords at any stage in your authentication process without clearly offering an alternative.

There needs to be a path through authentication that does not rely on cognitive function tests. So if accessibility is important to your organization, you need to select a solution that does not include them.

Ultimately, the takeaway is that most knowledge-based authentication methods (such as remembering passwords) and possession-based methods (such as retyping one-time passcodes) that are cognitive function tests, which means that your organization cannot comply with the leading internationally recognized standard for accessibility if you rely on them.

iProov solutions provide a non-cognitive function test that you can use to verify and authenticate your users or citizens. Our biometric face verification is incredibly secure, effortless to use, and truly inclusive. Organizations should strive to achieve WCAG compliance, and individuals should check with their authentication vendor if they’re compliant with the new WCAG 2.2 requirements.

If you’d like to learn more about how iProov can secure and streamline your organization’s online verification, authentication, and onboarding with maximum accessibility and inclusivity, book your demo today.