No Timing

What it asks

Timing is not an essential part of the event or activity presented by the content, except for non-interactive synchronised media (a video playing) and real-time events (a live auction, a live exam where the time limit is the whole point).

Where 2.2.1 lets you keep a session timeout if you offer extensions and warnings, 2.2.3 removes timeouts entirely. Most public-sector services in the EU still target only AA conformance, so 2.2.3 is rarely a hard requirement — but it remains the gold standard for forms, applications, and any flow where dropping out costs the user real work.

How to meet it

• Remove session-expiry timeouts on long-form applications (benefit claims, immigration forms, tax returns).
• Auto-save form state to the server every few seconds so a session timeout — if one must exist for security — never costs the user data.
• Where authentication needs to be refreshed for security reasons, silently re-authenticate in the background using a refresh token rather than logging the user out.
• Provide a separate, explicit “Save and continue later” pattern instead of relying on session lifetime.

Common failures

• Benefits or visa application portals with 15-minute session limits that wipe form state, even when the user is actively typing.
• Educational platforms where quiz timing cannot be removed for students with extended-time accommodations.
• E-commerce checkouts where the basket clears after a fixed window.

Why it matters

This is a AAA criterion that very few commercial sites meet. But for public services, the cost of failing it is high: people abandon benefits applications because their session expires, often more than once, and never come back. Gov.UK and the US Federal Student Aid site have both publicly invested in eliminating timeouts for this reason.