India has quietly opened one of the world's most ambitious experiments in regulating user-interface design. The Central Consumer Protection Authority (CCPA) is now actively pushing major e-commerce platforms to audit themselves against the Guidelines for Prevention and Regulation of Dark Patterns, 2023, notified under the Consumer Protection Act. Advisories have gone out, a joint working group has been convened, and platforms have been given a window to self-assess and remove offending patterns from their interfaces. The era when 'just nudging users a little harder' was a tolerated growth tactic is ending — at least in law.
What the Guidelines Actually Do
Notified by the CCPA on 30 November 2023, the guidelines define dark patterns as deceptive design practices that mislead, coerce, or manipulate consumers into choices they would not otherwise make. They list 13 specified dark patterns, treating each as an unfair trade practice under the Consumer Protection Act, 2019. The catalogue is, by global standards, unusually granular:
- False urgency — fake countdowns, fabricated stock scarcity
- Basket sneaking — items, donations, or insurance silently added at checkout
- Drip pricing — fees revealed only at the final payment step
- Subscription traps — easy to sign up, near-impossible to cancel
- Disguised advertisements, confirm shaming, forced action, interface interference, bait and switch, nagging, trick wording, SaaS billing, and rogue malwares
The list is binding on all platforms and sellers operating in India, not just domestic players. That alone makes it a globally significant rulebook — India's internet user base is among the largest in the world, and the same checkout flow used in Bengaluru is often shipped from a codebase in San Francisco or Seattle.
From Paper to Practice
For most of 2024 and 2025, the guidelines lived largely on paper. That is changing. The Department of Consumer Affairs has been convening platforms, issuing notices, and signalling that the self-assessment window is the start of a compliance posture, not the end. Quick-commerce apps, travel aggregators, OTT subscriptions, ticketing sites, and large marketplaces are all in scope. The working group's job is to translate the legal text into reviewable interface specifications — what counts as a 'manipulative' default, when a discount banner crosses into false urgency, how prominently cancellation must appear.
The Pro-Innovation Case for Acting
It is tempting, in this magazine, to default to a sceptical posture toward any new digital regulation. We resist that here. Dark patterns are not a contested category — they are documented, behaviourally studied, and globally condemned by regulators ranging from the US Federal Trade Commission to the European Commission. The FTC's 2022 staff report 'Bringing Dark Patterns to Light' catalogued strikingly similar harms; the EU's Digital Services Act (Article 25) bans the most egregious manipulative interfaces; the OECD has published comparative work on the same patterns.
Genuinely deceptive UX is not innovation. It is rent-extraction from the cognitive frictions of users who cannot read every screen. A startup that competes on a clean checkout flow is structurally disadvantaged against an incumbent that monetises 'oops' clicks. Banning the worst behaviours helps the honest competitor and protects the long-term legitimacy of digital commerce.
Where Enforcement Can Go Wrong
That said, the harder problem with dark-pattern law is not whether to act — it is how. India's guidelines, like most globally, define patterns in language that requires judgement to apply. A countdown timer can be 'false urgency' or a genuine flash sale. A default tick-box can be 'forced action' or a sensible safety setting. A persuasive nudge can be 'nagging' or good onboarding. Three risks deserve attention as the CCPA scales enforcement:
1. Definitional drift
If the working group's interpretations are not published transparently, platforms will face moving targets — and compliant design becomes a guess. Clear, illustrated guidance (the UK CMA's approach is a good model) reduces both consumer harm and compliance cost.
2. Over-broad sweeps that chill legitimate UX
Personalisation, A/B testing, and persuasive copy are not inherently abusive. Enforcement should target deception and coercion, not persuasion. Otherwise, the rules push platforms toward bland, low-conversion interfaces that benefit nobody, including consumers who lose useful prompts.
3. Inconsistency with sectoral regulators
RBI, IRDAI, SEBI, and TRAI all touch UX in their own domains. Without coordination, a checkout screen could face conflicting demands from four regulators. The Department of Consumer Affairs should be the convening forum, not a fifth voice.
A Reasonable Path Forward
The right posture for industry is engagement, not litigation. The self-assessment window is a genuine opportunity to fix the obvious offenders — pre-ticked add-ons, last-step fees, dark-pattern cancel flows — and to surface the genuinely ambiguous cases to the working group with worked examples. The right posture for the CCPA is proportionality: graduated enforcement that begins with notice-and-cure, reserves penalties for repeat or egregious offenders, and publishes a living playbook of compliant patterns.
India is not the first country to take dark patterns seriously, but with the scale of its internet market it may end up setting the de facto global standard for what an e-commerce checkout is allowed to look like. Done well, this is exactly the kind of consumer-protection regulation a pro-innovation policy framework should welcome — clearing out manipulative practices that distort markets while leaving room for the creative, well-designed interfaces that actually move commerce forward.