India’s Crackdown On Dark Patterns In The Digital Economy
India has taken a decisive step forward in curbing manipulative digital practices with the Central Consumer Protection Authority (CCPA)’s Guidelines for Prevention and Regulation of Dark Patterns, 2023. Building on these foundational rules, the CCPA issued a fresh advisory on June 5, 2025, demanding proactive compliance by digital platforms to identify and eliminate dark patterns from their interfaces within three months. This comprehensive regulatory action marks a turning point in consumer rights enforcement in India’s growing digital marketplace.
Regulatory Background
Dark patterns are defined under the 2023 guidelines as deceptive user interface (UI/UX) practices designed to trick or mislead users into actions they would not otherwise take—for example, purchasing, sharing data, or subscribing to services—thus violating consumer autonomy and often constituting unfair trade practices.
The guidelines, issued under Section 18 of the Consumer Protection Act, 2019, are applicable to: – All digital platforms offering goods or services in India – Advertisers and sellers – Marketplace and inventory e-commerce entities.
The June 2025 advisory intensifies this regulatory regime, issuing:
- Compliance notices to over 50 platforms across sectors including e-commerce, fintech, travel, streaming, food-tech, and med-tech.
- A three-month deadline for comprehensive self-audit and dark pattern removal.
- An appeal for voluntary public compliance declarations by platforms.
13 Identified Prohibited Dark Patterns
| No. | Dark Pattern | Description | Example |
| 1. | False Urgency | Falsely indicating limited availability or time to pressure quick purchases. | “Only 2 seats left! Book now!” shown when plenty of availability remains. |
| 2. | Basket Sneaking | Auto-adding items (e.g., insurance, donations) at checkout without consent. | Travel sites auto-adding travel insurance unless manually unchecked. |
| 3. | Confirm Shaming | Using guilt-ridden prompts to manipulate user decisions. | “No thanks, I don’t care about saving money” when declining a subscription. |
| 4. | Forced Action | Forcing users to perform unrelated actions to proceed (e.g., newsletter sign-ups). | Forcing users to subscribe to a newsletter to download a free report. |
| 5. | Subscription Trap | Making cancellation difficult, unclear, or hiding auto-debit clauses. | Only allowing subscription cancellation by calling customer support during business hours. |
| 6. | Interface Interference | Manipulating the interface to obscure or highlight options deceptively. | Hiding the “No” button in light grey while the “Yes” button is prominent. |
| 7. | Bait and Switch | Promoting one offer but switching it with another at checkout. | Advertising a phone at a discounted rate, but redirecting to a higher-priced model at checkout. |
| 8. | Drip Pricing | Revealing charges incrementally or post-confirmation. | Showing a base fare for a flight and adding service fees only at final payment. |
| 9. | Disguised Ads | Ads appearing as content or organic user posts without disclosure. | Sponsored influencer posts not marked as paid partnerships. |
| 10. | Nagging | Repetitive prompts or requests unrelated to the core service. | Repeated pop-ups to download an app even after declining. |
| 11. | Trick Wording | Confusing or misleading language to influence consent. | “Uncheck this box if you don’t want to avoid receiving promotions.” |
| 12. | SaaS Billing | Hidden auto-renewals or subscription fees in SaaS products. | A free trial converts to a paid subscription without prior notice. |
| 13. | Rogue Malwares | Malicious code embedded in apps or websites that compromise user control or data. | Apps installing background tracking software without user knowledge. |
Highlights of the June 2025 Advisory
- Platforms must conduct full self-assessments of all digital journeys and interfaces.
- Audit reports must document dark pattern types, prevalence, and remedial actions.
- Platforms are urged to issue public declarations of compliance.
- A Joint Working Group (JWG), including government agencies, law schools, and consumer bodies, has been tasked with reviewing implementation.
- Legal consequences for non-compliance include monetary penalties and corrective directives under the Consumer Protection Act.
Strategic and Legal Implications
Businesses must now: –
- Redesign interfaces to avoid deception and secure informed consent.
- Update privacy policies, subscription workflows, and pricing displays.
- Implement internal compliance frameworks aligned with UI/UX ethics.
- Be prepared for regulatory audits and penalties in cases of continuing violations.
To ensure compliance with the 2023 guidelines and the June 2025 advisory, businesses must now undertake a thorough transformation of their digital operations:
- Redesign Interfaces to Avoid Deception and Secure Informed Consent
- Platforms must critically assess their user journeys, particularly during onboarding, checkout, and subscription flows. All prompts, pop-ups, and interface components must be transparent and free of manipulation.
- For example, eliminating pre-ticked boxes for additional charges or add-on services, and using clear, neutral language for opt-in/opt-out buttons.
- Interfaces should also include easily accessible “cancel” or “decline” options that are visually equivalent to “accept” choices.
- Update Privacy Policies, Subscription Workflows, and Pricing Displays
- Businesses must align their policies and processes with the principles of full disclosure and user autonomy.
- Subscription models must clearly communicate the duration of free trials, the start of billing, and cancellation methods.
- Pricing disclosures should be upfront and cover all mandatory charges before the final payment page, thereby eliminating drip pricing.
- Privacy policies should reflect clarity about consent for data usage and allow granular control over tracking and data-sharing options.
- Implement Internal Compliance Frameworks Aligned with UI/UX Ethics
- Companies must institutionalize dark pattern prevention as part of their compliance and product development lifecycle.
- This includes training design, product, and legal teams on the 13 specified dark patterns.
- Periodic internal audits of customer interfaces must be conducted, supported by checklists, risk logs, and documented approval mechanisms for new user-facing features.
- Be Prepared for Regulatory Audits and Penalties in Cases of Continuing Violations
- With the Joint Working Group (JWG) actively monitoring implementation and the CCPA empowered to penalize non-compliance, platforms must stay audit-ready.
- This includes retaining records of audit results, remedial actions, and compliance declarations.
- Non-compliant platforms may face warnings, delisting orders, public notices, or monetary penalties under the Consumer Protection Act, 2019.
By approaching compliance as a continuous obligation—not a one-time fix—businesses can turn this regulatory requirement into a strategic advantage through enhanced consumer trust, transparency, and ethical design.
The CCPA’s June 5, 2025 advisory is a pivotal moment in India’s digital regulation landscape. By mandating a time-bound self-audit regime and encouraging transparency, it reinforces the principles of fairness, clarity, and respect for user autonomy. Platforms that proactively comply will not only mitigate legal risk but also gain consumer trust in a maturing digital economy.
References:
By entering the email address you agree to our Privacy Policy.