Dark Patterns in E-Commerce: CCPA Guidelines and Compliance in India 2026

Dark patterns, the deceptive design techniques used by digital platforms to manipulate consumer choices, have come under intense regulatory scrutiny in India. If you operate an e-commerce platform, a subscription service, a quick commerce application, or any online business with a consumer-facing interface, compliance with the Central Consumer Protection Authority's (CCPA) dark pattern regulations is now a pressing legal obligation. The CCPA's enforcement actions in 2025 and 2026, including show-cause notices to major platforms and mandatory self-audit requirements, signal that this is no longer a matter of best practice but of legal compliance with real consequences.

The legal framework for dark patterns in India is rooted in the Consumer Protection Act, 2019 and the Guidelines for Prevention and Regulation of Dark Patterns, 2023 issued by the CCPA under Section 18 of the Act. The Guidelines identify thirteen specified dark patterns: false urgency, basket sneaking, confirm shaming, forced action, subscription traps, interface interference, bait and switch, drip pricing, disguised advertisements, nagging, trick questions, SaaS billing, and rogue malware. In June 2025, the CCPA issued a formal Advisory requiring all e-commerce platforms to conduct a mandatory self-audit within three months to detect and eliminate dark patterns, with the compliance period running until 31 December 2026. Platforms must submit self-declarations confirming their interfaces are free from manipulative features, and these declarations must be uploaded prominently on their websites for public access.

The CCPA has moved beyond advisories to active enforcement. Show-cause notices have been issued to eleven companies, including quick commerce platforms and online transport aggregators, for deploying prohibited dark patterns such as false urgency, drip pricing, subscription traps, and nagging. In a notable enforcement action, BookMyShow was scrutinised in February 2025 for basket sneaking through automatically adding a charity donation per ticket via pre-ticked checkboxes without securing explicit consumer consent, leading to interface changes by the platform. The CCPA has also deployed the Jagriti Dashboard, a real-time monitoring tool that scans e-commerce URLs for dark patterns and flags suspicious interfaces. For non-compliant platforms, the CCPA may direct discontinuation of practices and impose penalties under the Consumer Protection Act, 2019.

E-commerce businesses should conduct an immediate interface audit against all thirteen categories of dark patterns identified in the 2023 Guidelines. Particular attention should be paid to checkout flows, subscription management, pricing displays, and consent mechanisms. All pre-ticked boxes, hidden charges, misleading urgency timers, and forced bundling should be removed or restructured to provide clear, voluntary consumer choices. While the CCPA Advisory has been criticised as soft law without specified penalties for non-audit compliance, the underlying Consumer Protection Act provides robust enforcement powers including product recalls, refund orders, and penalties. Sansa Kanoon Pranali Partners advises e-commerce companies on dark pattern compliance audits, consumer protection regulatory strategy, and interface design review to ensure legal compliance.