Accessibility Metrics That Actually Predict Legal Risk

The best "legal risk metrics" are actually barrier metrics on critical journeys. A site with 500 accessibility issues but zero blockers in checkout has lower legal risk than a site with 50 issues but a keyboard trap blocking purchase completion. Total issue volume is a weak signal. Severity, location, and regression patterns are stronger predictors.

Volume metrics ("number of issues") are weak predictors; severity + location + regression rate are stronger. Seyfarth Shaw reports 8,800 ADA Title III federal lawsuits in 2024. TestParty research based on Court Listener data shows 77% of these target e-commerce businesses. The common thread isn't "sites with many accessibility issues." It's sites where users couldn't complete core tasks: purchasing products, creating accounts, accessing services.

Continuous controls reduce risk more than one-time scores. An organization with a 95 Lighthouse accessibility score but no CI gates, no monitoring, and no remediation process has unstable risk. An organization with an 85 score but continuous prevention, detection, and correction has improving risk. Metrics should measure not just current state but trajectory and controls. This article defines the metrics that actually predict legal exposure.

Key Takeaways

Measuring the right accessibility metrics enables better risk prediction and resource allocation.

• Critical journey barrier rate is the key metric – Percentage of steps in core journeys containing blockers for keyboard or screen reader use
• Regression metrics predict stability – Regressions per release and MTTR show whether accessibility is improving or degrading
• Evidence maturity matters in disputes – Percentage of releases with accessibility artifacts, remediation PRs, and coverage metrics demonstrate due diligence
• Defect-type metrics align with real failures – Focus on common patterns: labeling, interactive control naming, keyboard operability
• Total issue count is misleading – 500 low-severity issues may be lower risk than 5 blockers in checkout

Starting with a Caveat

Intellectual honesty requires acknowledging limitations.

No Metric Predicts Lawsuits Precisely

Accessibility lawsuits result from complex factors:

• User experience of specific individuals
• Decisions of specific law firms
• Industry targeting patterns
• Publicity of company
• Geographic jurisdiction
• Prior complaint history

No metric reliably predicts whether you specifically will be sued this year. Anyone claiming otherwise is selling something.

Metrics Measure Risk Proxies

What we can measure are proxies for risk:

• Barriers that block user access (more barriers = higher probability of frustrated users)
• Evidence gaps (less evidence = weaker defense if issues arise)
• Regression patterns (increasing issues = increasing exposure)

These proxies inform risk-aware decision-making without guaranteeing specific outcomes.

Defining "Legal-Risk-Relevant" Defects

Not all accessibility defects carry equal legal weight.

High-Risk Defect Characteristics

A defect is particularly relevant to legal risk when it:

+------------------------------------------+----------------------------------------------------+
|              Characteristic              |                   Why It Matters                   |
+------------------------------------------+----------------------------------------------------+
|       Blocks core task completion        |  User literally cannot purchase, apply, register   |
+------------------------------------------+----------------------------------------------------+
|       Occurs in public-facing flow       |   Not internal tools; services offered to public   |
+------------------------------------------+----------------------------------------------------+
|   Affects common disability categories   | Vision, motor impairments have established case law |
+------------------------------------------+----------------------------------------------------+
|            Persists over time            |          Shows lack of remediation effort          |
+------------------------------------------+----------------------------------------------------+
|             Lacks workaround             |            User has no alternative path            |
+------------------------------------------+----------------------------------------------------+

A missing form label on a checkout page is higher risk than the same issue on an internal admin tool.

Lower-Risk (But Still Important) Defects

Some defects are accessibility failures but lower legal risk:

• Minor contrast issues (4.4:1 instead of 4.5:1)
• Best practice violations vs. WCAG failures
• Issues in low-traffic secondary flows
• Issues with clear workarounds

These still matter for users and should be fixed—but they're not the highest priority from a legal risk perspective.

Critical Journey Barrier Rate (CJBR)

CJBR is the most predictive single metric for legal risk.

Definition

Critical Journey Barrier Rate: Percentage of steps in critical user journeys that contain a blocker for keyboard-only or screen reader use.

Why It Matters

Legal risk concentrates in critical journeys because:

• These are where users experience harm (can't complete task)
• These are where business value exists (revenue, conversions)
• These are what plaintiffs describe in complaints
• These are what settlements require fixing

Critical Journeys to Measure

+-----------------------------+----------------------------------+
|           Journey           |        Why It's Critical         |
+-----------------------------+----------------------------------+
|   Signup/account creation   |   Required for service access    |
+-----------------------------+----------------------------------+
|     Login/authentication    |   Required for account access    |
+-----------------------------+----------------------------------+
|       Checkout/payment      |        Revenue-generating        |
+-----------------------------+----------------------------------+
|      Account management     |   User control over their data   |
+-----------------------------+----------------------------------+
|       Contact/support       |    Ability to report problems    |
+-----------------------------+----------------------------------+
|       Job application       |        Employment access         |
+-----------------------------+----------------------------------+
|       Core product use      |    Primary value proposition     |
+-----------------------------+----------------------------------+

Calculating CJBR

For each journey:

1. List all steps (form, page, interaction)
2. Test each step for keyboard operability
3. Test each step for screen reader compatibility
4. Count steps with blockers
5. Calculate: blockers / total steps

Example:

• Checkout journey: 5 steps
• Step 3 (payment form) has unlabeled fields
• CJBR = 1/5 = 20% (one step is blocked)

A CJBR of 0% on critical journeys is the target. Any non-zero value represents real legal risk.

Regression-Based Metrics

Regression metrics measure stability and trajectory.

Accessibility Regressions Per Release

Definition: Number of new accessibility issues introduced in each release.

Why it matters: Organizations with high regression rates have unstable accessibility. Even if they fix issues, new ones appear constantly. This indicates systemic problems (lack of CI gates, poor component practices).

Target: Near zero. A mature accessibility program prevents regressions.

Mean Time to Remediate (MTTR)

Definition: Average time from accessibility issue detection to deployed fix.

Why it matters: MTTR measures response capability. Fast MTTR means issues don't persist long; slow MTTR means extended exposure.

+------------+----------------------------------------------+
|    MTTR    |               Risk Implication               |
+------------+----------------------------------------------+
|   Hours    |   Excellent response; issues don't persist   |
+------------+----------------------------------------------+
|    Days    |       Good response; minimal exposure        |
+------------+----------------------------------------------+
|   Weeks    |     Moderate response; issues accumulate     |
+------------+----------------------------------------------+
|   Months   |     Poor response; significant exposure      |
+------------+----------------------------------------------+

Target: Critical issues < 72 hours; high issues < 2 weeks.

Escaped Defect Rate

Definition: Percentage of accessibility issues found in production that should have been caught by CI/testing.

Why it matters: High escaped defect rate indicates testing gaps. Issues that CI should catch but doesn't suggest tooling or process failures.

Target: < 10% of issues should "escape" to production.

Evidence Maturity Metrics

In disputes or procurement contexts, evidence of effort matters.

Release Artifact Coverage

Definition: Percentage of releases with accessibility check artifacts (CI logs, test results).

Why it matters: Demonstrates systematic testing rather than sporadic attention. Procurement questionnaires often ask about testing practices; artifact coverage provides proof.

Target: 100% of releases should have accessibility artifacts.

Remediation PR Coverage

Definition: Percentage of critical accessibility issues tied to specific remediation pull requests.

Why it matters: Shows that issues get fixed in source code, not just acknowledged. PR history provides evidence of specific fixes with timestamps.

Target: 100% of critical issues should have remediation PRs.

Design System Coverage

Definition: Percentage of UI using accessible design system primitives.

Why it matters: High design system coverage means accessibility is centralized in tested components. Low coverage means scattered, inconsistent implementation.

Target: > 80% of UI should use design system components.

Defect-Type Metrics

Some defect types appear more frequently in complaints than others.

Align with Common Real-World Failures

WebAIM's 2024 Million report identifies common detectable issues:

+-------------------------------+------------------+--------------------------------------------------+
|          Defect Type          |    Prevalence    |              Why It Matters Legally              |
+-------------------------------+------------------+--------------------------------------------------+
|          Low contrast         |   81% of pages   |     Affects low-vision users; easy to detect     |
+-------------------------------+------------------+--------------------------------------------------+
|        Missing alt text       |   54% of pages   |   Affects blind users; fundamental requirement   |
+-------------------------------+------------------+--------------------------------------------------+
|      Missing form labels      |   48% of pages   |      Prevents form completion; blocks tasks      |
+-------------------------------+------------------+--------------------------------------------------+
|          Empty links          |   45% of pages   |      Meaningless navigation; user confusion      |
+-------------------------------+------------------+--------------------------------------------------+
|         Empty buttons         |   28% of pages   |      Unusable controls; blocks interaction       |
+-------------------------------+------------------+--------------------------------------------------+
|   Missing document language   |   18% of pages   |    Affects pronunciation; international users    |
+-------------------------------+------------------+--------------------------------------------------+

Priority Defect Tracking

Track and prioritize these specific defect types:

• Form labeling: All inputs associated with labels
• Interactive control naming: All buttons and links have accessible names
• Keyboard operability: All interactive elements keyboard accessible
• Focus management: Focus visible, properly managed in modals/navigation
• Alternative text: All informative images have descriptions

Reducing these specific defect types addresses the most common complaint patterns.

The Overlay Signal (Carefully Framed)

Overlay usage correlates with certain risk profiles, though the relationship is nuanced.

What Overlay Presence May Indicate

Reliance on accessibility overlays can indicate:

• Absence of source-level accessibility controls
• Desire for quick fix without engineering investment
• Possible misunderstanding of what accessibility requires
• Potential gaps in testing and remediation practices

What the Data Shows

TestParty research based on Court Listener data found over 1,000 websites using accessibility overlays were named in lawsuits in 2023-2024. The Overlay Fact Sheet documents technical limitations. DOJ guidance emphasizes organizations must ensure accessibility and use tools carefully.

Appropriate Interpretation

Don't claim: "Overlays automatically increase legal risk."

Do observe: "Reliance on overlays without source-level controls may indicate insufficient accessibility infrastructure. Organizations with overlays and no CI gates, no monitoring, and no remediation process have elevated risk compared to those with comprehensive controls."

The correlation is about underlying practices, not overlay presence alone.

A Predictive Scorecard

Combine metrics into a scorecard for overall risk assessment.

Scorecard Components

+------------------------------+----------------+-------------------+---------------+
|            Metric            |    Low Risk    |    Medium Risk    |   High Risk   |
+------------------------------+----------------+-------------------+---------------+
|       CJBR (keyboard)        |       0%       |       1-10%       |     > 10%     |
+------------------------------+----------------+-------------------+---------------+
|     CJBR (screen reader)     |       0%       |       1-10%       |     > 10%     |
+------------------------------+----------------+-------------------+---------------+
|   Regressions per release    |      0-2       |        3-10       |      > 10     |
+------------------------------+----------------+-------------------+---------------+
|   MTTR for critical issues   |   < 72 hours   |   72h - 2 weeks   |   > 2 weeks   |
+------------------------------+----------------+-------------------+---------------+
|         CI coverage          |     > 90%      |       60-90%      |     < 60%     |
+------------------------------+----------------+-------------------+---------------+
|    Design system coverage    |     > 80%      |       50-80%      |     < 50%     |
+------------------------------+----------------+-------------------+---------------+
|    Evidence completeness     |      100%      |       80-99%      |     < 80%     |
+------------------------------+----------------+-------------------+---------------+

Interpreting the Scorecard

• Mostly low risk: Strong controls; maintain and monitor
• Mixed scores: Address high-risk areas; improve processes
• Mostly high risk: Significant exposure; prioritize infrastructure investment

Avoiding Gaming

Scorecards get gamed when disconnected from outcomes. Prevent gaming by:

• Tying metrics to actual barrier removal (not just score improvement)
• Validating with real AT testing
• Connecting to remediation SLAs
• Routing issues to ownership
• Auditing for accuracy periodically

A perfect scorecard with persistent user complaints indicates gaming, not risk reduction.

Using Metrics Without Gaming Them

Metrics are tools, not goals. Misuse undermines their value.

The Anti-Pattern

Gaming looks like:

• Chasing Lighthouse scores while ignoring keyboard navigation
• Fixing detectable issues while ignoring screen reader experience
• Counting resolved tickets without verifying fixes work
• Celebrating coverage numbers while critical journeys remain broken

The Better Pattern

Effective metric use:

+------------------------------+----------------------------------------------------+
|           Practice           |                    Why It Works                    |
+------------------------------+----------------------------------------------------+
|     Tie metrics to SLAs      |       Issues must be fixed within timeframes       |
+------------------------------+----------------------------------------------------+
|     Connect to ownership     |   Specific teams responsible for specific areas    |
+------------------------------+----------------------------------------------------+
|   Validate with AT testing   |       Metrics confirmed by actual usability        |
+------------------------------+----------------------------------------------------+
|     Track user feedback      |        Real barriers reported by real users        |
+------------------------------+----------------------------------------------------+
|       Fix root causes        |  Component-level fixes, not just instance counts   |
+------------------------------+----------------------------------------------------+

Metrics should drive behavior toward actual accessibility improvement, not toward better-looking dashboards.

FAQ

Can we predict our specific lawsuit risk from these metrics?

No single metric or combination predicts whether you'll be sued this year. Metrics measure risk proxies: the conditions that make lawsuits more or less likely. Organizations with 0% CJBR, near-zero regressions, and strong evidence have lower risk than those with blockers in checkout and no remediation records. But external factors (targeting patterns, jurisdiction, complaint history) also matter.

How do we benchmark against industry?

WebAIM Million provides industry baseline: 95.9% of home pages have detectable failures, averaging 56.8 errors. If you're significantly better than this, you're ahead of most. But "better than average" isn't necessarily "low risk"—the average is quite bad. Benchmark against your own historical performance and target state, not just industry.

What if our metrics look good but we still have complaints?

Good metrics with complaints suggests: (1) metrics aren't measuring what users experience, (2) issues exist outside measured areas, or (3) metrics are being gamed. Investigate complaints specifically: what barrier did the user encounter? Was it in a measured journey? Did CI catch it? Use complaints to calibrate metrics, not dismiss them.

How often should we measure and report?

Continuous measurement (CI provides this automatically). Weekly monitoring reports for operations. Monthly executive summaries. Quarterly trend analysis with leadership. The cadence matches decision-making: operators need frequent data; executives need trends and summaries.

What's the minimum set of metrics to track?

At minimum: CJBR for critical journeys, regressions per release, and MTTR for critical issues. These three metrics tell you: are critical paths accessible (CJBR), is accessibility stable or degrading (regressions), and can you respond when issues arise (MTTR). Add evidence metrics if procurement or legal contexts require documentation.

Should we share metrics externally?

Selectively. Procurement questionnaires may ask for specific data. Public accessibility statements can reference commitment without specific numbers. Avoid publishing metrics that could be used against you in litigation ("we knew we had blockers in checkout"). Share what's required; keep operational detail internal.

Related Resources

Internal Links

• Accessibility and Risk Management
• ADA Website Compliance: What Actually Triggers a Lawsuit
• How Continuous Compliance Works
• Accessibility Technical Debt Explained
• The Role of CI/CD in Accessibility
• Why Manual Audits Don't Age Well

External Sources

• Seyfarth Shaw ADA Title III 2024 Year-End Report
• WebAIM Million 2024 Report
• DOJ ADA Web Guidance
• Overlay Fact Sheet
• CDC 2024 Disability Statistics
• W3C WAI: Evaluating Web Accessibility

This article was written by TestParty's editorial team with AI assistance. All statistics and claims have been verified against primary sources. Last updated: January 2026.