Amazon famously discovered that every 100ms of latency cost them 1% in sales. Google found that an extra 0.5 seconds in search results generation caused a 20% drop in traffic. Walmart determined that for every 1 second of improvement in page load time, conversions increased by 2%.

These aren't edge cases—they're universal patterns. Latency is the invisible tax on every user interaction. Users don't consciously calculate response times, but their brains register delays and translate them into frustration, impatience, and ultimately, abandonment.

Latency requirements specify the performance boundaries that distinguish a responsive, delightful experience from one that tests user patience. They determine whether your system feels fast, acceptable, or frustratingly slow. In a world where competitors are one click away, latency requirements are competitive differentiators.

Before specifying latency requirements, you must understand what latency actually measures and where delays accumulate.

Latency Definition:

Latency is the time elapsed from when a request is initiated to when the response is received. This seemingly simple definition hides complexity because 'initiated' and 'received' can be measured at different points.

The Request Journey:

User clicks button
    │
    ▼ Client processing time (JS render, validation)
    │
    ▼ Network: Client → Edge (DNS, TCP handshake, TLS)
    │
    ▼ Edge processing (CDN, WAF, load balancer)
    │
    ▼ Network: Edge → Application server
    │
    ▼ Application processing (business logic)
    │
    ▼ Network: App → Database
    │
    ▼ Database processing (query execution)
    │
    ▼ Network: Database → App
    │
    ▼ Application processing (response assembly)
    │
    ▼ Network: App → Edge
    │
    ▼ Edge processing (compression, caching)
    │
    ▼ Network: Edge → Client
    │
    ▼ Client processing (render, hydration)
    │
User sees result

Each step contributes to total latency. Your requirements must specify which segments you're measuring and targeting.

Average latency is arguably the most misleading metric in system design. It masks the experience of the users who matter most—those encountering the worst performance.

Why Average Fails:

Consider a system with the following latency distribution:

• 99 requests complete in 50ms each
• 1 request completes in 5,000ms (5 seconds)

Average latency: (99 × 50 + 1 × 5000) ÷ 100 = 99.5ms

The average looks great—under 100ms! But 1 in 100 users waits 5 seconds. If your service handles 1 million requests per day, that's 10,000 users experiencing unacceptable latency daily.

Percentile Metrics:

Percentiles reveal the distribution of latency, not just the center:

Which Percentile to Specify:

Specifying Multiple Percentiles:

Robust latency requirements specify multiple percentiles:

API Latency Requirements:
- P50 (median): ≤ 50ms
- P90: ≤ 100ms  
- P99: ≤ 500ms
- P99.9: ≤ 2,000ms

This specification says: "Most users experience <50ms, the vast majority <100ms, almost everyone <500ms, and essentially nobody waits more than 2 seconds."

Latency requirements should be grounded in human perception, not arbitrary technical targets. Research on user perception provides concrete guidance:

The 100ms/1s/10s Rule:

Jakob Nielsen's research established thresholds that remain valid today:

• 0-100ms: Feels instant. User perceives immediate cause-and-effect.
• 100-300ms: Noticeable delay but feels responsive. User maintains mental flow.
• 300-1000ms: User notices waiting but maintains context. Acceptable for most actions.
• 1-3 seconds: Significant delay. Users start task-switching mentally.
• 3-10 seconds: User attention wanders. Progress indicators essential.
• 10+ seconds: User abandons or loses context entirely.

Mapping Latency to User Actions:

The First Meaningful Paint (FMP) Principle:

For page loads, users don't need everything—they need progress. Modern performance metrics reflect this:

Incorporating User Context:

Latency tolerance varies by user state:

• First visit: Users are more tolerant, exploring
• Habitual use: Expectations are higher, trained by prior experiences
• Critical task: Users demand speed when urgency is high (checkout)
• Background task: More tolerant when multitasking

Your requirements should acknowledge this: "Authentication latency: <500ms P95 (users are focused and impatient). Dashboard load: <2s P95 (users expect first paint quickly but tolerate complete load)."

Complex systems involve multiple components. A latency budget explicitly allocates the total latency target across each component, ensuring the sum of parts doesn't exceed the whole.

Building a Latency Budget:

Consider an e-commerce product page with a 500ms P95 target:

Total Budget: 500ms P95

├── Network (client → edge): 50ms
├── Edge processing (CDN, WAF): 10ms  
├── Network (edge → app): 5ms
├── Load balancer: 5ms
├── Application server: 200ms
│   ├── Auth validation: 20ms
│   ├── Session lookup: 10ms
│   ├── Product fetch: 50ms
│   ├── Pricing calculation: 30ms
│   ├── Inventory check: 40ms
│   ├── Recommendations: 30ms (async, non-blocking)
│   └── Response assembly: 20ms
├── Aggregated DB calls: 150ms
│   ├── Product data: 50ms
│   ├── Pricing data: 30ms
│   └── Inventory data: 70ms
├── Network (app → edge): 5ms
├── Edge processing (compression): 5ms
└── Network (edge → client): 70ms

Total: 500ms ✓

Latency Budget Requirements Specification:

Document latency budgets in your requirements:

Latency Budget Requirements (Product Detail Page):

Overall Target: 500ms P95 (server-side), 800ms P95 (user-perceived)

Component Budgets:

1. API Gateway Layer
   - Allocation: 15ms P95
   - Includes: TLS termination, rate limiting, routing
   - Owner: Platform Team
   
2. Application Layer
   - Allocation: 200ms P95
   - Includes: Business logic, response assembly
   - Owner: Product Team
   
3. Database Layer 
   - Allocation: 150ms P95 (aggregate of all queries)
   - Individual query limit: 50ms P95
   - Owner: Data Team
   
4. External Service Calls
   - Allocation: 100ms P95 (aggregate)
   - Fallback: Return cached/default data if exceeded
   - Owner: Integration Team
   
5. Serialization/Transport
   - Allocation: 35ms P95
   - Owner: Platform Team

Buffer: 0ms (fully allocated)
Escalation: If any component exceeds budget by 20%, trigger architectural review.

Tail latency—the latency experienced by the slowest requests (P99, P99.9, P99.99)—is disproportionately important in modern distributed systems. Understanding and specifying tail latency requirements is essential.

Why Tail Latency Matters:

Fan-Out Amplification:

When a single user request fans out to multiple backend services (common in microservices), tail latency compounds:

• If you query 100 backend services and each has P99 = 100ms (1% chance of slow response)
• Probability that at least one is slow: 1 - (0.99)¹⁰⁰ = 63%
• Your user-facing P50 latency is dominated by backend P99!

This is the tail-at-scale problem: systems that look fine in isolation create poor user experience at scale.

Sources of Tail Latency:

Systems don't maintain constant latency as load increases. Understanding and specifying latency behavior under varying load is critical.

The Latency-Throughput Relationship:

As load approaches capacity, latency typically follows a hockey-stick curve:

Latency
│
│                                    ╱
│                                   ╱
│                                  ╱  ← Capacity exceeded
│                                 ╱
│                   ─────────────╱    ← Knee of curve
│    ───────────────              
│                    ↑ Optimal operating range (50-70% capacity)
└─────────────────────────────────────── Load
        0%         50%        80%   100%

Latency Behavior Specification:

Your requirements should specify latency at different load levels:

Latency Under Load Requirements:

1. Baseline (0-50% capacity):
   - P50: 30ms
   - P95: 80ms
   - P99: 200ms

2. Normal (50-70% capacity):
   - P50: 40ms (1.3x baseline)
   - P95: 120ms (1.5x baseline)
   - P99: 350ms (1.75x baseline)

3. High (70-90% capacity):
   - P50: 60ms (2x baseline)
   - P95: 200ms (2.5x baseline)
   - P99: 700ms (3.5x baseline)

4. Critical (90-100% capacity):
   - P50: 100ms (3.3x baseline)
   - P95: 500ms (6.25x baseline)
   - P99: 2000ms (10x baseline)
   - Action: Auto-scaling triggered

5. Overload (>100% capacity):
   - Load shedding activates
   - Accepted requests maintain High-load latency
   - Rejected requests receive 503 within 10ms

Light travels at approximately 200,000 km/s through fiber optics. This creates a hard physical limit on latency between geographically distant points.

Minimum Network Latency by Distance:

Implications for Latency Requirements:

Geographic latency is a floor—you cannot serve users faster than the speed of light allows.

Multi-Region Requirements:

For global services, specify latency requirements per region:

Geographic Latency Requirements:

1. Primary Region (US-East):
   - User-perceived latency: <100ms P95
   - Server-side latency: <50ms P95

2. Secondary Regions:
   - US-West: User <150ms P95 (includes 40ms RTT)
   - Europe: User <200ms P95 (includes 80ms RTT)
   - Asia-Pacific: User <250ms P95 (includes 150ms RTT)

3. Global Fallback:
   - Users hitting non-local region: <500ms P95
   - Acceptable only during regional failure

4. CDN Edge:
   - Static assets served from edge: <50ms P95 globally
   - Dynamic edge compute: <100ms P95 globally

Design Implications:

• If P95 target is 100ms and US-Asia RTT is 150ms, you cannot serve Asian users from US infrastructure alone
• Requirements drive multi-region architecture decisions
• Edge computing can reduce RTT for some operations

We have covered the complete framework for latency requirements. Let's consolidate the essential takeaways:

What's Next:

With latency requirements mastered, we turn to Consistency Requirements. While latency determines how quickly users receive responses, consistency determines how accurate those responses are—whether users see stale data, conflicting information, or perfectly synchronized state. In distributed systems, consistency and latency often trade off directly, making this topic essential for complete non-functional requirement specification.