“Dark Patterns: When Your Phone Tricks You”, A 2025-26 Crackdown

Published On: July 12, 2026

Authored By: Manshirat Kaur
Jai Narain Vyas University

Abstract

“Only two rooms left at this price!” “87 people are viewing this product right now!” These manufactured cues are classic examples of dark patterns — user interface tricks that manipulate our decisions every time we shop, book, or subscribe online. In September 2025, the Central Consumer Protection Authority (CCPA) began enforcing India’s dark pattern rules in earnest, fining FirstCry ₹2 lakh for drip pricing. In December 2025, Zepto was fined ₹7 lakh for drip pricing and basket sneaking.[1] These actions pushed “dark patterns” firmly into public discussion.

So who is the CCPA? It derives its rule-making power from Section 18 of the Consumer Protection Act, 2019. In 2023, the CCPA released the Guidelines for Prevention and Regulation of Dark Patterns, defining a dark pattern as any design practice deliberately crafted to manipulate a consumer’s decision-making or subvert their choice.[2]

These practices are treated as an “unfair trade practice” under Section 2(47) of the Consumer Protection Act, 2019.[3] This means that if a platform tricks a consumer through tactics such as the Roach Motel, False Urgency, or Forced Action, the consumer can file a complaint against it.

I. Why Dark Patterns Are Illegal in India: The Legal Framework

1. Consumer Protection Act, 2019 — Section 2(47): Section 2(47) covers any practice that falsely represents goods or services, gives misleading guarantees, or influences a consumer’s choice through misleading means.

Dark patterns fall squarely within this section because they are, at their core, deceptive designs — interfaces engineered to push users toward choices they never intended to make. Hiding the “unsubscribe” button or adding hidden charges at checkout are classic tactics platforms use to trick users.[3]

2. Central Consumer Protection Authority Guidelines, 2023: Notified on 30 November 2023 under the Consumer Protection Act, 2019, these guidelines prohibit 13 categories of dark patterns. Some of the most common are False Urgency, Basket Sneaking, Subscription Trap, Forced Action, and Confirm Shaming.[4]

3. IT Rules, 2021 — Rule 3(1)(a): This rule requires every intermediary — apps and websites alike — to clearly publish its rules, regulations, privacy policy, and user agreement in simple, accessible language,[5] so users know their rights and obligations before they engage with a platform.

II. Common Dark Patterns

1. False Urgency/Scarcity: “Only a few pieces left!” “Sale ending soon!” A ticking timer that resets on refresh while the stated stock count stays the same is designed to make you buy before you’ve thought it through.

2. Roach Motel: Signing up takes one click; leaving takes an obstacle course. Try deleting an account on some platforms and you’ll find yourself routed from page to page — trapped in a service you no longer want.

3. Hidden Costs/Drip Pricing: A product is listed at ₹2,999. At checkout, tax, a convenience fee, and a platform charge appear, and the price climbs to ₹4,200. The real cost is concealed until the final step to preserve the illusion of a good deal.

4. Confirm Shaming: The popup you try to close offers a “No” button worded to induce guilt — “No, I hate saving money” or “No thanks, I like paying full price.” The discomfort of clicking something so self-deprecating often pushes users to click “Yes” instead.

5. Bait and Switch: A “Free Trial” lures you in and asks for card details upfront. When the trial ends, money is deducted without clear notice, and the cancel button is hidden or hard to find.

6. Disguised Advertisement: A prominent “Download” button turns out to be an advertisement, while the real download link is small and tucked away at the bottom of the page — leading users to land on unrelated sites full of unwanted downloads.

7. Forced Action: Signing up offers no email option — only “Continue with Google” or “Login with Facebook,” forcing users to share personal data. The same logic drives paywalls that block a free article until the reader subscribes.

III. Case Studies: 2025–26 Highlights

FirstCry — September 2025: The CCPA imposed a ₹2 lakh penalty on FirstCry for drip pricing, misleading advertisements, and unfair trade practices. The platform displayed its MRP as “inclusive of all taxes” but added GST at checkout, cutting the advertised discount from roughly 27% to about 18.2%. This was the CCPA’s first monetary penalty following the 2023 guidelines.[6]

Zepto — December 2025: The CCPA fined Zepto ₹7 lakh for drip pricing and basket sneaking. Zepto displayed lower prices during product selection, but prices rose at checkout once handling fees and a pre-selected Zepto Pass membership were added without explicit consent. The order was one of the CCPA’s most closely watched actions to date, coming shortly before Zepto’s planned IPO.[7]

Mass Crackdown — January 2026: Separately, the CCPA imposed penalties totalling ₹44 lakh on several e-commerce platforms for facilitating the sale of walkie-talkies advertised as “license-free” or “100% legal” without disclosing required telecom licensing. Flipkart, Amazon, Meesho, and Meta (Facebook Marketplace) were fined ₹10 lakh each; JioMart, Talk Pro, Chimiya, and MaskMan Toys were fined ₹1 lakh each. This action was grounded primarily in telecom-licensing and misleading-advertisement violations rather than the 13 dark pattern categories, though the CCPA framed it as part of its broader consumer-protection enforcement drive.[8]

PhysicsWallah — June 2026: The CCPA fined PhysicsWallah ₹5 lakh for basket sneaking, confirm shaming, and forced-action practices. The edtech platform had auto-added a ₹10 “Donate for PW Foundation” charge through a pre-ticked checkbox at checkout, collecting roughly ₹2.47 crore from over 21 lakh users without obtaining explicit consent.[9]

IV. Consumer Impact and the Awareness Paradox

The central challenge with dark patterns today is what researchers call the “awareness paradox.” According to a 2026 report by Datum Intelligence, 81% of Indian consumers say they can identify common dark patterns such as false urgency timers, forced subscriptions, or hidden charges — yet 85% still report being misled by them.[10] Dark patterns succeed by exploiting decision-making shortcuts rather than a lack of awareness: when a user is tired, rushed, or emotionally distracted, even a subtle nudge can override better judgment. The financial toll is significant — the same report estimates Indian consumers lose approximately ₹25,000–28,000 crore annually to these practices.[10] As a result, a meaningful share of users abandon apps and platforms altogether, eroding trust across the digital economy. This is the backdrop against which the CCPA has insisted that “awareness alone is not sufficient” — compliance and enforcement are required.

V. Regulatory Response and Challenges

The CCPA introduced its Guidelines for Prevention and Regulation of Dark Patterns on 30 November 2023, identifying 13 prohibited practices. Enforcement intensified through 2025–26: FirstCry’s ₹2 lakh fine was the first, followed by penalties against Zepto, Physicswallah, and others, with cumulative fines crossing ₹50 lakh. The government has increasingly classified these practices as “unfair trade practices” under the Consumer Protection Act, 2019, signalling a shift from warnings to enforcement.

Major challenges that remain:

Dark patterns evolve quickly, often faster than regulators can identify and act on new variants. The legal boundary between an “intent to deceive” and a “legitimate design choice” is genuinely difficult to draw. Global platforms such as Meta and Google operate across borders, which complicates enforcement by a domestic regulator. And while a large share of consumers say they can recognise dark patterns, very few actually file complaints — most simply notice, feel frustrated, and move on without reporting the issue.[11]

The CCPA’s 2025–26 enforcement actions mark a beginning rather than an endpoint — stronger detection systems, clearer ethical design standards, and simplified complaint mechanisms are all still needed.

VI. Way Forward and Conclusion

Addressing dark patterns will require action from all sides:

Companies must adopt ethical design standards that place transparency above short-term conversion gains. The CCPA should invest in faster detection systems for emerging dark patterns and simplify the complaint-filing process. Consumers, in turn, should be encouraged to report violations, since awareness without action changes little.

Dark patterns are, at their core, mind games — they exploit how people think and decide rather than what they know. Awareness of these tricks has not been enough to stop them: Indian consumers still lose upward of ₹25,000 crore annually, and trust in digital platforms continues to erode. The CCPA’s 2025–26 enforcement wave shows that regulators are no longer willing to look away. But fines alone will not solve the problem — sustained enforcement and a simplified reporting system are equally necessary, or dark patterns will keep evolving faster than the law can respond.

References

[1] CCPA imposed ₹2 lakh penalty on FirstCry (Digital Age Retail Pvt. Ltd.) for drip pricing, Sept. 26, 2025; CCPA imposed ₹7 lakh penalty on Zepto Marketplace Pvt. Ltd. for drip pricing and basket sneaking, Dec. 2025.
[2] Central Consumer Protection Authority, Guidelines for Prevention and Regulation of Dark Patterns, 2023, issued under the Consumer Protection Act, 2019, Department of Consumer Affairs, Ministry of Consumer Affairs, Food & Public Distribution, Government of India, notified Nov. 30, 2023.
[3] Consumer Protection Act, 2019, § 2(47), No. 35, Acts of Parliament, 2019 (India).
[4] Guidelines for Prevention and Regulation of Dark Patterns, 2023, supra note 2.
[5] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, r. 3(1)(a), G.S.R. 139(E) (Feb. 25, 2021) (India).
[6] CCPA order against Digital Age Retail Pvt. Ltd. (FirstCry), Sept. 2025, under Sections 10, 20, and 21, Consumer Protection Act, 2019.
[7] CCPA order against Zepto Marketplace Pvt. Ltd., Dec. 2025.
[8] CCPA orders against Flipkart, Amazon, Meesho, Meta Platforms Inc., JioMart, Talk Pro, Chimiya, and MaskMan Toys, Jan. 16, 2026, concerning unauthorized sale of walkie-talkies/Personal Mobile Radios.
[9] CCPA order against PhysicsWallah, dated June 1, 2026.
[10] Datum Intelligence, “Dark Patterns in India’s Online Marketplaces,” Q1 2026 report, as reported in Hindustan Times and Business Standard, June 2026.
[11] Consumer Protection Act, 2019, Government of India; Datum Intelligence, “Dark Patterns in India’s Online Marketplaces,” Q1 2026.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top