Dark Patterns in Digital Platforms: A Regulatory and Consumer Protection Perspective

Dark Pattern Digital

By – Kaushiki and Astha Sehgal

Table of Contents

Introduction

In India’s rapidly digitizing economy, online delivery platforms such as Zomato, Swiggy, Blinkit, Zepto, and Amazon etc., have become more than mere conveniences, they are woven into the everyday routines of urban and semi-urban life. Be it hurried professional orders or lunch between meetings, a family relies on late-night grocery deliveries, and a student in a tier two city gets textbooks at their doorstep with a single tap. What once required time, travel, and negotiation is now accomplished through sleek apps that promise speed, choice, and efficiency. Yet this seamlessness comes at a hidden price. Behind the colourful icons and cheerful notifications lies a complex architecture of influence: design strategies that do not simply facilitate consumer choice but actively shape and, at times, subvert it. These manipulative design choices known as ‘dark patterns’ operate quietly, nudging consumers toward decisions that maximize platform profits while eroding the principle of free and informed consent. Far from being harmless quirks of user experience, they represent a sophisticated form of digital consumer exploitation.

Understanding Dark Patterns

What are dark patterns?

The term, ‘dark patterns’ was first coined in 2010 by Harry Brignull, a British user experience (UX) designer. Brignull introduced the concept on his website darkpatterns.org (now rebranded as deceptive.design) to describe them as tricky design tactics that push or mislead people into making choices that help businesses but harm users’ interests. His work categorized different types of dark patterns such as roach motel (easy to get into, hard to get out), sneak into basket, and confirm shaming many of which are now directly relevant to our present online delivery and e-commerce platforms.

Common Dark Pattern Tactics on Platforms

To start with, dark patterns on online delivery platforms appear in ways that are cleverly hidden yet surprisingly common. They include the strategic concealment of additional charges, false urgency cues such as ‘only one item left’, ‘default opt-ins for add-ons’, and ‘complex cancellation’ or ‘refund processes designed to discourage exit’. These practices raise questions that go beyond design ethics, they implicate core principles of consumer law, data protection, and fair competition. At the core is a key question, are consumers really making free choices in digital marketplaces, or are those choices being shaped by hidden design tricks and information gaps. 

Conceptual Definition and Consumer Impact

In conceptual terms, dark patterns are deceptive or manipulative design element embedded in digital interfaces, such as websites, apps, and online platforms that compromise a consumer’s ability to make free, informed, and autonomous choices. They do not necessarily involve false statements, but rather the presentation of information in a way that nudges or pressures users into decisions favourable to the business. Typically, e-commerce entities, platforms, sellers, and advertisers resort to such unethical practices to boost sales, usage, or supply of goods and services, often prioritising profits over consumer safety. With dark patterns becoming a global concern, it becomes essential to explore how India’s legal and regulatory system responds to these practices, what enforcement tools are in place, and whether the current framework is truly capable of protecting consumer autonomy in a fast-changing digital economy.

Global Approaches to Dark Patterns

Around the world, regulators are waking up to the challenges posed by dark patterns, with many countries taking strong steps to curb manipulative digital practices. 

The European Union

The European Union has taken a particularly strong stance through the Digital Services Act (DSA) 2022 and the Unfair Commercial Practices Directive 2005, both of which prohibit manipulative user interfaces that mislead consumers or compromise their autonomy. The General Data Protection Regulation (GDPR) 2018 has further established high standards for consent, striking directly at consent-related dark patterns.

United States and Other Jurisdictions

In the United States, the Federal Trade Commission (FTC) has pursued enforcement actions against subscription traps, deceptive default settings, and manipulative data collection practices. It has also issued policy guidance warning businesses against using design tricks to undermine consumer choice. Meanwhile, jurisdictions like the United Kingdom and Australia have launched inquiries into the competition law dimensions of dark patterns, arguing that they not only harm consumers but also distort fair competition by rewarding deceptive business models.

Why a Comparative Lens Matters

This comparative perspective underscores that dark patterns are a transnational challenge. Building on these global lessons, India is charting its own course to tackle dark patterns in the digital economy. 

India’s Regulatory Framework

The rise of dark patterns in India in the digital marketplace has pushed our regulators to sharpen their consumer protection framework. 

Until recently, such deceptive designs practices were dealt with under broader provisions of the Consumer Protection Act, 2019 (“2019 Act”), alongside the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules 2020”) and the Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022 (“2022 Guidelines on Misleading Advertisements”). While the said laws treated dark patterns as one of the unfair trade practices or misleading ads, the growing complexity of online platforms made it clear that a more targeted approach was needed. 

The 2023 Dark Pattern Guidelines

Responding to this, the government introduced the ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’ also referred as (CCPA Dark Pattern Guidelines) (“2023 Dark Pattern Guidelines”) under Section 18 of the 2019 Act. These 2023 Dark Pattern Guidelines are designed to directly curb manipulative digital practices that are ‘intentionally crafted to mislead’ users. 

The Role of the CCPA

Any violation of these Guidelines invites strict penalties under the Consumer Protection Act, 2019. In case of disputes, the matter ultimately falls within the jurisdiction of the Central Consumer Protection Authority (CCPA) – a regulatory body established in 2020 under Section 10(1) of the 2019 Act. The CCPA has wide-ranging powers, including the authority to investigate unfair trade practices, issue directions, impose penalties, and order the discontinuation of deceptive advertisements or business models. It also has the mandate to protect, promote, and enforce the rights of consumers across India, thereby serving as the apex body to ensure compliance with the Dark Pattern Guidelines.

Types of Dark Patterns Identified

Illustrative List under 2023 Guidelines

To provide clarity on what constitutes dark patterns, the 2023 Dark Pattern Guidelines include Annexure 1, which sets out an indicative list of practices termed as ‘Specified Dark Patterns’. This list is not exhaustive, but illustrative in nature i.e. in other words, these do not limit the scope of dark patterns to only those practices expressly listed but rather offer examples to guide interpretations1.

  1. False urgency: Creating a false sense of urgency in the consumers or a feeling of scarcity to prompt immediate purchases.
  2. Basket sneaking: Adding extra items or services to the user carts or adding automatic payments to charity/donation at checkout without the consent of a user leading to an increase in the total payable amount.
  3. Confirm shaming: Adding a feeling of fear, shame, ridicule, or guilt-inducing tactics to manipulate users into purchasing. For example: Add the gold subscription at just Rs.11. 

Yes: “Add the subscription for awesome deals!”

No: “No thanks, I hate saving money”

  1. Forced action: involves forcing consumers into taking an action they may not want to take, such as signing up for a service to access content. 
  2. Subscription trap: when businesses make it difficult for users to cancel a subscription. For instance, hiding the cancel option, adding too many steps, or creating confusing processes that discourage cancellation.
  3. Interface Interference: This tactic involves making it difficult for consumers to take certain actions, such as cancelling a subscription or deleting an account.
  4. Bait and switch: When a user is misled with the promise of one product or service but ends up receiving something different i.e. often of lower value or quality.
  5. Drip pricing: Concealing pricing information until after purchase confirmation, misleading users about costs or the need for additional purchases. 
  6. Disguised advertisement: these are advertisements that are designed to look like other types of content, such as news articles or user-generated content.
  7. Nagging: Overwhelming users with excessive requests, information, options, or interruptions unrelated to their intended transactions. 
  8. Trick question: Using confusing or vague language to misguide users or prompt specific actions. 
  9. SaaS billing: This refers to tricky practices in subscription-based software services where users are charged repeatedly, sometimes without clear reminders or easy ways to manage or stop the payments. 
  10. Rogue malwares: This involves tricking users into thinking their device is infected, often through fake warnings, and then pushing them to pay for bogus “fixes” that actually install harmful software instead.
  11. Each of these dark patterns is designed to exploit consumer psychology and restrict free choice.

Tackling Dark Patterns- How the CCPA Acts: (Case Studies and Sectors, CCPA’s 2023 Dark Pattern Guidelines, and Enforcement)

Sectors Under the Scanner

The rise of dark patterns is not an abstract concern, it is already unfolding in India’s everyday digital transactions. From food delivery apps to quick commerce and travel booking platforms, manipulative design has quietly seeped into consumer experiences. Food delivery giants like Zomato and Swiggy have faced scrutiny2 for creating ‘false urgency with countdown timers’ and for adding ‘hidden charges’ such as “platform fees” during checkout3. Quick commerce players like Swiggy Instamart have been found inflating base prices , selling for more than MRP or slipping optional add-ons into the cart by default.4 FTC has accused and taken action against global e-commerce giant Amazon for “roach motel” designs, making it very easy to sign up for Prime subscription , but deliberately difficult to cancel through long and confusing steps.5 Beyond food and delivery, Indian travel platforms like MakeMyTrip have been flagged by the Central Consumer Protection Authority (“CCPA”) for misleading urgency messages such as “Only 1 room left at this price” when availability was greater.6

Dark patterns are not only confined to traditional e-commerce websites.  Several other industries have drawn CCPA’s attention to manipulative practices, such as:7

  • Ride-Hailing Apps8: leading platforms like Rapido have been repeatedly flagged by consumers, with most common issues include:
  1. sudden fare hikes at checkout
  2. prompts to add tips for confirmed rides or to increase the chances of securing an early ride
  3. restrictive or unclear cancellation policies, and
  4. pre-selected paid add-ons that users may overlook9

These practices clearly fall within the scope of forced action and drip pricing under the 2023 Guidelines. (Case No: CCPA-2/35/2024-CCPA In the matter of: Misleading advertisement and unfair trade practice by Rapido (Roppen Transportation Services Pvt Ltd)

  • Education & Streaming Platforms: Consumers have also raised concerns about certain education and streaming platforms, such as:
  1. auto-debit charges being right after know-cost trial offers.
  2. subscriptions being started without clear and explicit consent, and;
  3. cancellation processes that are either too complicated or hidden away, making it difficult for users to opt out easily

These practices reflect subscription traps, one of the key dark patterns prohibited under the new framework.

Sectoral Case Studies:
  • When Charity Became a Dark Pattern-The BookMyShow Example (Basket Sneaking):10

BookMyShow, one of India’s largest online ticketing platforms, came under the CCPA’s scrutiny for engaging in a dark pattern practice termed as “Basket Sneaking” for automatically adding Rs.1 per ticket towards its BookASmile charity initiative, without securing consumer consent. This was done through pre-ticked checkboxes, a practice explicitly categorized as “Basket Sneaking” under Clause (2) of Annexure 1 of the 2023 Dark Pattern Guidelines. CCPA’s in February 2025 issued a notice to BookMyShow., subsequent to which the platform updated its user interface to provide a clear, voluntary opt-in option for donations. 

  • Ashwini Chawla v. Flipkart11:

The e-commerce platform ‘Flipkart’ was found to have used deceptive advertising and dark patterns by promising genuine, first-hand products through attractive online ads, misleading consumers. The State Consumer Disputes Redressal Commission, Chandigarh, held this as a combination of dark patterns and unfair trade practices.

  • IndiGo’s Opaque Practises and Confirm Shaming12:

This was highlighted as part of IndiGo’s regular practice of using confirm shaming for its passengers i.e. passengers declining add-ons were presented with the message “No, I will take risk”, a phrasing that subtly pressured users by implying they were making a careless choice. The interface also made it difficult to skip paid seat selection, nudging users toward choosing paid seats, despite a booking fee already being charged.  Following the CCPA’s notice, IndiGo updated its interface: the confirm shaming message was changed to a neutral “No, I will not add to the trip”, and the seat selection process now displays a clear disclaimer beside the “Skip” button: “You can skip preferred seat selection and complete your booking. IndiGo will auto-assign a seat prior to your travel.” 13

Regulatory Action in Practice and Enforcement

Within the act, rules and guidelines: CCPA is the competent authority responsible for interpreting and enforcing the 2023 Dark Pattern Guidelines. Since these guidelines do not specify a separate procedure for consumer complaints, the 2019 Act procedures for addressing unfair trade practices and misleading advertisements are followed. When a violation occurs, the CCPA may act on a consumer complaint or initiate a suo motu inquiry. A preliminary review determines whether a prima facie case exists, after which the matter may proceed to a full investigation. If a violation is confirmed, the CCPA issues an order, which may include penalties and directions to stop or modify the infringing practice. The party concerned is given an opportunity to be heard before a final decision is made. For contravention, the penalties under the 2019 Act for false or misleading advertisements apply: a) First offence: Imprisonment of up to two years and a fine of up to Rupees 10 lakh. b) Repeated offence: Imprisonment of up to five years and a fine of up to Rupees 50 lakh.14

Self-Audit Advisory

In addition to the above, the CCPA has also on 05.06.2025 issued an advisory (Advisory in terms of Consumer Protection Act, 2019 on Self Audit by E-Commerce Platforms for detecting the Dark Patterns on their platforms to create a fair, ethical, and consumer-centric digital ecosystem, CCPA-1/1/2023-ССРА ) directing all the e-commerce platforms to eliminate all the dark patterns. Under Section 18(1) of 2019 Act, all platforms are required to conduct a thorough self-audit within three months to identify manipulative practices and implement corrective measures, ensuring consumer interactions are fair, ethical, and transparent. Effective from 06.06.2025 to 31.12.2026, the advisory provides a forward-looking framework for strengthening consumer protection in the digital economy. The advisory builds upon the 2023 Dark Pattern Guidelines, serving as an interpretative tool while reinforcing existing rules. It also references Rule 4(9) of the E-Commerce Rules, 2020 which mandates that user consent must be obtained through clear and affirmative action. Platforms are encouraged to submit self-declarations confirming that they are not engaging in any dark pattern practices.15

Consumer Remedies

Reporting Dark Patterns

Consumers can report suspected dark patterns in digital platforms using the ‘Jagriti App’ by the Department of Consumer Affairs. Simply enter the URL of any website or e-commerce dark patterns platform you believe is employing deceptive design practices prohibited under the 2023 Dark Pattern Guidelines. Your submission is treated as a formal complaint with the CCPA, which can investigate and take appropriate action. 

Tools for Enforcement – Jagriti App and Dashboard

To enhance enforcement, the CCPA is also using the Jagriti Dashboard, a real-time monitoring tool that scans e-commerce URLs for dark patterns and flags suspicious activity. Combined with consumer reports via the Jagriti App, this system allows the CCPA to identify, regulate, and act against manipulative online practices quickly and effectively.16

Conclusion and Takeaways

Strengths of the Current Framework

The regulators’ approach to curbing dark patterns marks a significant step toward safeguarding consumer choice in the digital world. Through the 2023 Dark Pattern Guidelines, the CCPA’s enforcement measures, and the advisories, the country has built a layered framework that addresses manipulative practices across industries, ranging from e-commerce and ride-hailing to education and streaming. Initiatives like the Jagriti App and Jagriti Dashboard put power back in the hands of consumers, enabling them to flag deceptive designs and ensuring accountability is both proactive and participatory.

Challenges and the Road Ahead

However, challenges still persist. Even with clear rules, enforcement can be tricky i.e. subtle design manipulations, and the sheer diversity of digital platforms make consistent oversight difficult. Annexure 1 of the 2023 Dark Pattern Guidelines offers illustrative examples, not an exhaustive list, leaving some room for debate as new tactics emerge. Self-audit advisories though are a step forward, but they rely heavily on platforms acting in good faith. Regulators must stay alert to evolving technology, while consumers need awareness and digital literacy to exercise their rights fully. 

Final Word

As from now – “Whether it’s ‘Fastest Delivery Ever!’ or ‘Confirm Your Ride Now,’ every click now belongs to the consumer”.  

FAQs

  1. What are dark patterns in digital platforms?

    Dark patterns are deceptive design tactics in apps and websites that manipulate users into making choices they might not otherwise make. They exploit human psychology to drive engagement, push sales, or collect data, often reducing user autonomy.

  2. Who coined the term dark patterns and why?

    The term was coined in 2010 by British UX designer Harry Brignull. He introduced it to expose how interface designs are deliberately structured to trick users into actions that benefit companies but undermine consumer interests.

  3. What are the common types of dark patterns in e-commerce?

    In e-commerce, dark patterns often appear as hidden costs at checkout, fake urgency cues, auto-renewals after free trials, and confusing cancellation processes. Some platforms also use confirm shaming, where guilt-inducing prompts push users into saying yes. These tactics steer consumers into spending more or sharing data without fully informed consent.

  4. How do dark patterns affect consumer rights in India?

    Dark patterns mislead consumers, block informed choice, and cause financial or data-related harm. They fall under unfair trade practices and are prohibited under the Consumer Protection Act, 2019 and the 2023 CCPA Dark Pattern Guidelines.

  5. What is the Consumer Protection Act’s role in regulating dark patterns?

    The Consumer Protection Act, 2019 empowers the Central Consumer Protection Authority (CCPA) to act against unfair trade practices, including dark patterns. It allows the CCPA to investigate, issue directions, and impose penalties to protect consumers in digital markets.

  6. What are the 2023 Dark Pattern Guidelines in India?

    The Guidelines for Prevention and Regulation of Dark Patterns, 2023, issued by the CCPA, came into effect on 30 November 2023. They prohibit manipulative design across digital platforms, advertisers, and sellers, and identify 13 specific dark patterns such as false urgency, basket sneaking, confirm shaming, and subscription traps.

  7. Can dark patterns be reported by consumers, and how?

    Yes. Consumers can report dark patterns using the Jagriti App, the National Consumer Helpline (1915 or consumerhelpline.gov.in), or the official complaint portals under the Consumer Protection Act. They may also file cases in consumer courts if needed.

  8. What global regulations exist against dark patterns?

    The EU’s Digital Services Act (2022) and GDPR set strict rules against manipulative design and misleading consent practices. The US Federal Trade Commission (FTC) takes action against deceptive subscriptions and data practices. The UK and Australia regulate such tactics under consumer and competition law.

  9. How has CCPA acted against companies using dark patterns?

    The CCPA has issued notices to platforms like BookMyShow, MakeMyTrip, and Flipkart for practices such as basket sneaking, false urgency, and misleading ads. It has also directed over 50 online platforms to conduct self-audits and certify compliance with the 2023 Guidelines.

  10. What can consumers do to protect themselves from manipulative design?

    Consumers should stay alert to urgency cues, pre-ticked boxes, and hidden costs. Reading terms carefully, checking reviews, and using trusted platforms reduce risks. Awareness of their rights and reporting violations through official channels strengthens consumer protection.

References –

  1. https://www.scconline.com/blog/post/2025/02/27/dark-patterns-outlawed-online-platforms-to-watch-out/
  2. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2150286#:~:text=The%20CCPA%2C%20in%20exercise%20of,on%205th%20June%2C%202025
  4. CPA/2/31/2024-CСРА In the Matter of: Suo Moto case against Swiggy Private Limited (herein referred as ‘Company’) for alleged deficiency in service and unfair trade practice
  5. https://www.ftc.gov/news-events/news/press-releases/2023/06/ftc-takes-action-against-amazon-enrolling-consumers-amazon-prime-without-consent-sabotaging-their
  6. https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=1975721
  7. https://doca.gov.in/ccpa/orders-advisories.php?page_no=1
  8. https://doca.gov.in/ccpa/checkuploaddocs.php?updocs=./uploads/1755685770-CCPA%20Final%20Order%20dated%2020.08.2025-%20Rapido.pdf&unique_id=
  9. https://timesofindia.indiatimes.com/blogs/digital-mehta/dark-pattern-guidelines-govt-warns-e-commerce-platforms-to-comply-or-face-action/
  10. https://www.pib.gov.in/PressReleseDetailm.aspx?PRID=2086980
  11. https://indiankanoon.org/doc/17939411/#:~:text=A%20perusal%20of%20the%20main,contract%20and%20unfair%20trade%20practice
  12. https://www.pib.gov.in/PressReleseDetailm.aspx?PRID=2086980
  13. Ref: F. No. CCPA-2/10/2024-ССРА In the Matter of: Suo Moto case against InterGlobe Aviation Ltd. (herewith also referred as IndiGo Airlines)
  14. Consumer Protection Act, 2019, S. 89.
  15. https://www.pib.gov.in/PressReleasePage.aspx?PRID=1594917#:~:text=Section%20101%2D105%20of%20the,take%20action%20against%20the%20offenders.

More from Neeti Niyaman Team –