India Employer Forum

Compliance

Dark Patterns in Advertising: Regulatory Overview and Compliance

  • By: India Employer Forum
  • Date: 16 June 2025

Share This:

Dark patterns and deceptive user interface (UI) and user experience (UX) design elements have emerged as a growing concern in India’s rapidly expanding digital economy. These manipulative design strategies are intentionally crafted to mislead users into making decisions they would not have made otherwise. Commonly used in e-commerce, digital advertising, and online subscriptions, dark patterns raise significant consumer protection, data privacy, and regulatory compliance issues.

Understanding Dark Patterns in UX

Dark patterns are UI/UX techniques that exploit cognitive biases to influence user behaviour. Examples include:

  • Basket Sneaking: Adding products (e.g., insurance, donations) to a cart without explicit user consent.
  • Subscription Traps: Making it difficult for users to cancel recurring subscriptions.
  • Confirm Shaming: Guilt-tripping users into opting in.
  • Forced Action: Requiring users to perform unrelated actions to proceed (e.g., allowing access to personal data for app usage).

Such practices may help digital platforms boost revenue or user metrics in the short term, but they undermine consumer trust and invite regulatory scrutiny.

National Regulatory Framework for the Prevention of Dark Patterns Usage

India has taken a firm stance against dark patterns, particularly through interventions led by the Central Consumer Protection Authority (CCPA) and aligned ministries.

1. CCPA Guidelines for Prevention and Regulation of Dark Patterns, 2023

Issued under the Consumer Protection Act, 2019, these guidelines define and prohibit 13 types of dark patterns. Applicable to all digital platforms, including advertisers, sellers, and service providers, they aim to ensure a fair user experience and transparency.

Key aspects include

  • Scope: Covers advertisements, online platforms, and sellers operating in India.
  • Definitions: Codifies 13 dark patterns, including “Drip Pricing,” “False Urgency,” and “Bait and Switch.”
  • Enforcement: Enables consumer complaints through the National Consumer Helpline (NCH), with CCPA empowered to investigate and penalise violators under Section 18 of the Act.

2. Digital Personal Data Protection Act (DPDPA), 2023

The DPDPA introduces data governance obligations that intersect with dark pattern regulations:

  • Consent Requirements: Consent must be free, informed, specific, and unambiguous. Dark patterns that obscure terms or nudge users to provide consent contravene this standard.
  • Privacy by Design: Obligates data fiduciaries to embed privacy principles in product architecture, antithetical to dark pattern logic.
  • Penalties: Non-compliance may attract fines up to ₹250 crore per violation, depending on the severity.

Together, the DPDPA and CCPA guidelines form a comprehensive regulatory framework addressing both deceptive interfaces and underlying data practices.

State-Level Developments for Regulation of Dark Patterns in Design

While consumer protection remains a central subject under the Constitution of India, states are increasingly stepping in to operationalise and reinforce national mandates.

Maharashtra

The Maharashtra FDA (Food and Drug Administration) has started examining e-commerce advertising practices, especially in health-related apps, for misleading claims and hidden charges. In coordination with the Department of Consumer Affairs, the state is conducting periodic audits.

Tamil Nadu

The Tamil Nadu Consumer Protection and Empowerment Committee has begun an awareness initiative in collaboration with local chambers of commerce. The campaign aims to educate SMEs and startups on avoiding deceptive design elements and aligning with the CCPA guidelines.

Karnataka

Through its tech-forward policies, Karnataka’s Department of IT, BT, and S&T has issued advisories to digital service providers in the state’s startup ecosystem, promoting adherence to ethical design and discouraging dark patterns in consumer interfaces.

Delhi

Delhi’s Department of Legal Metrology is integrating dark pattern indicators into its routine e-commerce inspections. It collaborates with the central Ministry of Consumer Affairs to monitor basket sneaking and auto-renewal tactics among digital platforms operating within the NCT.

Though enforcement remains uneven, these examples reflect a growing convergence between central guidelines and state-level operational frameworks.

Global Power and Benchmarking

India’s regulatory actions are consistent with global trends:

  • The EU’s Digital Services Act bans manipulative UI practices and enforces transparency in recommender systems.
  • The California Consumer Privacy Act (CCPA) prohibits dark patterns that interfere with consumer opt-out choices and mandates equal access regardless of consent.
  • OECD Guidelines advocate for “fair and transparent digital conduct,” urging member countries to curb deceptive UX.

India’s 2023 guidelines explicitly benchmark against such global standards, making them internationally harmonised.

Compliance Considerations for Organisations

Given the regulatory environment, compliance teams should integrate dark pattern mitigation into broader governance and audit frameworks. Key steps include:

  1. UX Design Audits: Review digital interfaces for violations of CCPA guidelines and DPDPA consent norms.
  2. Policy Alignment: Update privacy policies, cookie banners, and subscription flows to reflect informed consent principles.
  3. Training and Awareness: Conduct workshops for product, design, and marketing teams on what constitutes a dark pattern.
  4. Complaint Handling Protocols: Set up internal redressal mechanisms to respond to dark pattern-related consumer complaints.
  5. Third-party Vendor Review: Assess compliance among partners and vendors responsible for digital marketing or payment interfaces.

By embedding ethical design and transparency into digital product development, companies can not only meet compliance obligations but also build long-term trust.

Conclusion

The regulation of dark patterns represents a critical evolution in India’s digital compliance landscape. The CCPA’s 2023 guidelines, supported by the DPDPA (Digital Personal Data Protection Act), 2023 and amplified by state-led initiatives, signal a clear move toward ethical and transparent digital engagement. For compliance professionals, the task ahead involves operationalising these norms into day-to-day product and design decisions, ensuring platforms uphold user autonomy and informed consent.

As India’s digital economy grows, so will the scrutiny. Proactive compliance, continuous design evaluation, and alignment with user-first principles are now essential for navigating the regulatory environment and avoiding penalties in an increasingly aware digital marketplace.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

IEF Editorial Team

A New Chapter for Working Women: Maternity Leave…

Maternity benefits play a vital role in ensuring employment stability, protecting women’s financial independence, and providing necessary support during pregnancy and early motherhood. In India, the Maternity Benefit Act of...

IEF Editorial Team

Environmental Compliance in India: Green Mandates and the…

India’s environmental compliance regime has entered a transformative phase. Through judicial rulings to legislative reforms, the country has established environmental protection as a cornerstone of economic development. The Supreme Court’s...

IEF Editorial Team

Workplace Safety Must Be a Core Business Commitment,…

A tragic explosion at a chemical plant in Andhra Pradesh in June 2025, reportedly caused by a malfunction in the quality control unit’s dryer, has once again brought the issue...

IEF Editorial Team

Strengthening Workplace Safety: India’s OSH Evolution

In May 2025, three workers tragically died from asphyxiation while cleaning a septic tank at a dyeing unit in Karaipudur, near Tiruppur, Tamil Nadu. This tragedy exposed severe safety lapses...

Post an Article

    Subscribe Now



    I've read and accept the Privacy Policy.