Mandate for Self-Audit by E-Commerce Platforms to Eliminate ‘Dark Patterns’

A recent order dated December 4, 2025 (“Order”), passed by Central Consumer Protection Authority (“CCPA”) imposing penalties on Zepto for the use of dark patterns, signals a clear shift in how such practices are viewed, particularly where they may not always be obvious or intended. In this Order, while addressing the issue of dark patters, the CCPA looked into the actual impact of the practices, and not whether Zepto intended to mislead the users. Despite the various contentions from Zepto – such as the transparent option to remove any pre-added items from cart, or the fact that operational charges are displayed right before placement of the order, the CCPA relied on the reality test from a user perspective. It highlighted practices and dark patterns on the platform such as Drip Pricing and Basket Sneaking that were evident when attempting a purchase through the platform.

The Zepto order is not an isolated action but a culmination of a steadily evolving regulatory framework. The last few decades have seen the gradual inclusion of e-commerce ecosystem in India under the purview of regulatory scrutiny. With the Information Technology Act, 2000 being the foundational law providing recognition for electronic transactions to the Consumer Protection Act, 2019 addressing the modern digital era issues such as unfair trade practices in e-commerce, there is a deliberate effort to keep up with the pace at which e-commerce businesses are expanding and tackle the various concerns that come with it. In pursuance of such efforts, and with a targeted intention of addressing the deceptive practices on digital marketplaces, the CCPA in an earlier advisory dated June 5, 2025 (“Advisory”) advised e-commerce platforms to conduct self-audits to identify and eliminate “dark patterns”, and to provide a self-declaration confirming that their platforms do not engage in such practices. Through this blog we will understand what dark patters are, how the recent regulatory trends have commercial, and reputational implications for e-commerce businesses and what they need to be mindful of going forward.

What Are “Dark Patterns”?

The Guidelines for Prevention and Regulation of Dark Patters, 2023 (“Guidelines”) issued by Ministry of Consumer Affairs, Food & Public Distribution (“Ministry”), defines dark patterns as “any practices or deceptive design pattern using user interface or user experience interactions on any platform that is designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing the consumer autonomy, decision making or choice, amounting to misleading advertisement or unfair trade practice or violation of consumer rights”. Under the Guidelines the Ministry has identified 13 distinct dark patterns, namely

1. False Urgency: Creating artificial time pressure or scarcity such as fake countdowns to push users into making immediate purchases.
2. Basket Sneaking: Adding paid items, services, or donations to a user’s cart at checkout without their explicit consent.
3. Confirm Shaming: Use of guilt, fear, or ridicule through words or otherwise to pressure users into purchasing something or continuing a subscription.
4. Forced Action: Compelling users to take unrelated actions, such as sharing personal data, or downloading another app, to access the actual product / service.
5. Subscription Trap: Making it difficult for users to cancel subscriptions, or forcing payment details for “free” trials that later auto-renew.
6. Interface Interference: Interfaces that steer users toward certain choices by highlighting or obscuring critical information.
7. Bait and Switch: Advertising a product or outcome to attract users but delivering a different, alternative.
8. Drip Pricing: Revealing additional mandatory charges late in the transaction or after purchase, resulting in a higher final price.
9. Disguised Advertisement: Masking advertisements as regular content to mislead users into engaging with them.
10. Nagging: Repeated and persistent prompts or interruptions that pressure users into actions like sharing data or enabling notifications.
11. Trick Question: Using confusing or vague language or misleading options to steer users into unintended or disadvantageous choices.
12. SaaS Billing: Exploiting recurring billing models through silent renewals, unclear authorisations, or charging for unused features or services.
13. Rogue Malwares: misleading or tricking users into installing malware or paying for fake malware removal tool.

Dark Patterns: A shift in perception

Dark patterns have for a long time been embedded into the growth strategy of e-commerce marketplaces, once viewed as persuasive or strategic marketing. The rising awareness regarding consumer rights has however deeply impacted this view. With the prioritisation of the human aspect of such transactions, and consequently the rights of the consumer, such practices are now increasingly considered as unfair as they unconsciously take away the discretion to purchase from the consumers. By way of these practices, consumers may be nudged into transactions they do not intend to make. While businesses may argue that the intention is not to deceive the consumer, the Guidelines, Advisory, and related follow up actions of CCPA, demonstrate that compliance will be assessed based on the effect of these practices on consumer autonomy and choice, rather than the underlying intent.

The Order in the Zepto case reinforces this approach. While Zepto separately filed its self audit report in September 2025 in compliance with the Advisory, the CCPA proceeded with this Order independent of the report and pursuant to its suo motu cognisance undertaken in early 2025. The CCPA’s analysis focused on the actual impact of the platform’s design choices on consumers, making it clear that regulatory scrutiny of dark patterns in India has now moved from advisories to enforcement.

The stance taken by the CCPA is a clear message to all e-commerce platforms – they can no longer defend design choices by pointing to the intent.

What needs to change?

The question that e-commerce companies now need to ask is what impact the design choice has on the consumer irrespective of whether the businesses intended it to have that result. Design choices even though driven entirely by business metrics can result in regulatory scrutiny if they manipulate consumer decisions.

This completely topples the general arguments for business advancement or any other objective that the companies may claim in defence of such dark patterns on their platforms. Even if the design was meant to reduce friction, improve user experience, or increase checkout completion rates and not to deceive, if the outcome influences consumers into unintended purchases or hides material information, the effect potentially overrides the intent. Prompts or urgency messages may be meant to help users make faster or better purchases, but, if they create a sense of pressure that steers them into making an unsound decision, this may be viewed as a dark pattern.

When designing e-commerce platforms and applications, businesses must now step into the shoes of the customer and view the transaction from the other end of the spectrum. They need to assess if the process impacts the decision making of the user in a negative way. The actual effect that each click, hidden price, advertisement and default choices have on the customer psychology should be kept in mind. The dark pattern may not always be obvious but only exposed in the process of user experiences.

The requirement to conduct a self-audit is particularly significant. Unlike traditional compliance, this places the onus on platforms to proactively examine their own interfaces and pricing mechanics. It is an opportunity to re-evaluate all practices with a fresh lens.

It’s also important that in designing platforms, each business rationale relied on is analysed vis-à-vis the consumer impact before being incorporated into the platform. All major interactions on the platform should be identified and cross checked against a checklist of dark patterns.

You can also read our earlier blog, ‘Gearing up for regulatory compliance obligations associated with Dark Patterns‘, where we succinctly encapsulate solutions to regulatory compliance conundrums that businesses need to navigate in light of the Guidelines for Prevention and Regulation of Dark Patterns, 2023 (“Guidelines”) under the Consumer Protection Act, 2019 (“CPA”).

Conclusion

The recent regulatory developments in relation to dark patterns make the choice for e-commerce platforms clear – they must either make a conscious effort of identifying and dropping features on their platforms that are hidden dark patterns, even if these amplified their user engagement and business, or they must face reputational loss and regulatory actions for the same.  

With the evolving digital consumer protection framework in India, e-commerce platforms are expected to demonstrate compliance not just on paper but through practical incorporation of fair practices in their day to day engagement with consumers.

To stay updated with the Regulatory changes and compliance eminating from these, get in touch with us for a compliance management solution (Komrisk) demo.

Authored by: Mehreen Bushra Shafi

Disclaimer

This content is intended for informational purposes only and does not constitute a legal opinion. Readers are encouraged to seek legal counsel prior to acting upon any of the information provided herein. Despite our efforts to maintain accuracy, we do not make representations, warranties or undertakings regarding the quality, completeness or reliability of the content.  This content, including the design, text, graphics, their selection and arrangement, is Copyright 2025, Lexplosion Solutions Private Limited or its licensors. ALL RIGHTS RESERVED, and all moral rights are asserted and reserved.

For any clarifications, please reach out to us at 91-33-40618083 or inquiries@lexplosion.in. Refer to our privacy policy by clicking here.