Key Highlights
- 98% of India's top 53 apps use dark patterns. ASCI Academy's "Conscious Patterns" study of 12,000+ screens found 52 out of 53 apps guilty, with an average of 2.7 manipulative patterns per app.
- CCPA fined PhysicsWallah ₹5 lakh and McAfee ₹1 lakh in June 2026 for tricks like pre-ticked donations and fear-based subscription renewal messages.
- 97% of major platforms still use manipulative design, according to a LocalCircles audit conducted between June and September 2025, even after CCPA's self-audit push.
- RBI's new draft rules for banks kick in from July 1, 2026, marking the first time dark patterns get a formal definition and ban inside India's banking regulations.
- Healthtech apps top the deception list with 8.8 dark patterns per app on average, ahead of travel booking (7.2) and fintech (5.3), as per the ASCI report.
What Are Dark Patterns?
Dark patterns are tricks built into a website or app to push you toward a choice you did not actually want to make. A checkbox that is already ticked for you. A "free trial" that quietly becomes a paid subscription. A message that says "No, I like paying more" just to make you feel guilty for declining an add-on. None of this is an accident. It is designed, tested, and deployed on purpose because it increases sales, sign-ups, or data collection.
The term itself was coined by UX designer Harry Brignull back in 2010, but the practice in India exploded once e-commerce, food delivery, edtech, and digital lending apps started competing for the same set of users. When growth targets are aggressive and funding depends on conversion numbers, some product teams start treating user confusion as a feature rather than a bug.
Also Read EPFO New Rules 2026: Now Withdraw Your PF Money via UPI and ATM - Just Like a Bank Account
How Dark Patterns Spread Across Indian Apps
India's digital economy grew fast between 2015 and 2023. UPI made payments frictionless, smartphone data got cheap, and hundreds of apps fought for the same wallet share. In that race, many companies borrowed growth tactics straight from Silicon Valley playbooks, tactics like urgency countdowns, hidden charges revealed only at the last payment step, and subscription flows where cancelling takes five clicks but signing up takes one.
By 2021, complaints to India's National Consumer Helpline about misleading online practices had risen sharply enough that the government decided to step in. The Department of Consumer Affairs began consultations with industry, academia, and consumer groups, and this eventually led to a dedicated set of rules, something no other country had done at that point.
As per the Department of Consumer Affairs, India became the first country in the world to issue standalone guidelines specifically targeting dark patterns.
CCPA’s 2023 Guidelines: The 13 Dark Patterns Under Watch
On November 30, 2023, the Central Consumer Protection Authority (CCPA) notified the Guidelines for Prevention and Regulation of Dark Patterns, 2023. As per CCPA, these guidelines identify 13 specific dark patterns that count as unfair trade practices under the Consumer Protection Act, 2019. The major ones include:
- Basket Sneaking: adding extra items, donations, or charges to your cart without asking
- Confirm Shaming: guilt-tripping language used to stop you from opting out
- Forced Action: making you share data or perform an unrelated action to access something you were promised for free
- Interface Interference: visual design that hides the option you actually want
- Trick Questions: confusing wording that makes you agree to something by mistake
- False Urgency: fake countdown timers or "only 2 left" messages
- Drip Pricing: showing a low price upfront and adding charges only at checkout
- Bait and Switch: advertising one thing and delivering another
- Subscription Trap: easy sign-up, painfully hard cancellation
- Nagging: repeated pop-ups pushing you toward one choice
- Disguised Advertisement: ads made to look like regular content
- Privacy Zuckering: tricking users into sharing more personal data than needed
Any platform found using these can face action under the Consumer Protection Act and the Consumer Protection (E-Commerce) Rules, 2020, specifically Rule 4(9), which says consumer consent for a purchase must be obtained through a clear, affirmative action, not through a pre-ticked box or a manipulated flow.
Also Read RBI Expands Credit Derivatives Market With Total Return Swaps and Credit Index Futures

CCPA Enforcement: From Warnings to Fines
For the first couple of years, the CCPA mostly relied on notices and warnings rather than fines. That changed in 2024 and 2026.
IndiGo and Paid Seat Selection
CCPA found IndiGo was making it difficult for flyers to skip paid seat selection and using confirm shaming lines like "No I will take risk" to push baggage insurance. After the order, IndiGo updated its interface to clearly show that web check-in can be completed without picking a paid seat.
BookMyShow and Pre-Ticked Donations
CCPA found that BookMyShow was auto-adding ₹1 per ticket as a "BookASmile" donation through a pre-ticked box, a textbook case of basket sneaking. The company fixed this by making the donation an active opt-in.
PhysicsWallah (June 2026)
In its most detailed order yet, CCPA fined edtech major PhysicsWallah ₹5 lakh. As per CCPA's order dated June 1, 2026, the platform auto-added a ₹10 donation to "PW Foundation" during checkout, used emotional messaging to stop users from removing it, and made users share personal data such as mobile numbers and emails to access courses that were advertised as free. This pre-ticked donation alone had reportedly collected around ₹2.5 crore from users, affecting over 21 lakh accounts. CCPA held that consent must be affirmative and informed, not just technically visible somewhere on the screen.
McAfee (June 2026)
Fined ₹1 lakh on the same day for its subscription renewal page, which showed only two choices, "Renew Now" and "Accept Risk." Calling non-renewal a risk without proof was ruled as confirm shaming, interface interference, and a trick question rolled into one design.
Both companies were directed to remove these practices immediately and file compliance reports.
The Self-Audit Push and Its Real-World Gap
On June 5, 2025, CCPA sent an advisory to over 50 major online platforms, including Amazon, Flipkart, food delivery apps, travel aggregators, ride-hailing firms, and fintech companies, asking them to self-audit within three months and remove any dark patterns. By November 20, 2025, 26 platforms including Zomato, Blinkit, Ixigo, Meesho, and PharmEasy had submitted self-declarations claiming their apps were free of all 13 listed dark patterns.
This sounds like good news. The data tells a different story. As per a LocalCircles audit conducted between June and September 2025, right around the same window as the self-audits, 97% of major online platforms were still found using manipulative design such as hidden fees, drip pricing, false urgency, bait and switch, and forced actions. That is a massive gap between what platforms declared on paper and what users actually experienced while shopping, ordering food, or booking travel.

RBI Steps In: Digital Lending and Now Banking Apps
While CCPA covers all industries broadly, RBI has gone deeper into two specific areas: digital lending and, more recently, banking apps.
Digital Lending Directions, 2025: Notified on May 8, 2025, these consolidated years of earlier circulars into one unified rulebook for banks, NBFCs, and their lending partners (LSPs).
As per RBI, from November 1, 2025, any app showing loan offers from multiple lenders must display them fairly, without ranking logic biased toward one lender, and must avoid dark patterns that nudge a borrower toward a particular choice.
Every borrower must get a digitally signed Key Facts Statement before the loan is disbursed, showing the real APR, all charges, and the repayment schedule clearly. A mandatory cooling-off period was also introduced, at least one day for short-tenure loans and three days for longer ones, during which a borrower can exit by paying only the principal and proportionate interest.
All loan disbursals must go straight into the borrower's bank account, cutting out the practice of routing money through a lending app's own account first. Reporting of all Digital Lending Apps to RBI's Centralised Information Management System (CIMS) portal became mandatory from June 15, 2025.
Draft rules for banking apps (2026): On February 11, 2026, RBI released a fresh draft that, as per RBI, applies to commercial banks and is proposed to take effect from July 1, 2026. For the first time in India's sectoral banking rules, RBI has formally defined a dark pattern as a design practice using interface or user experience elements to mislead or trick users into actions they did not originally intend, undermining consumer autonomy and choice.
The draft directly links such practices to violations under consumer protection law, connecting banking regulation with the broader CCPA framework rather than treating it as a separate silo.
Also Read NPCI Is Changing How You See a UPI Recipient Before You Pay
Why Dark Patterns Are Back in the News This Week?
Dark patterns are trending again in India, and this time it is not one company under fire, it is the whole system being tested at once. Three things collided in the last few weeks and pushed the topic back to the top of the news cycle.
RBI's July 1 Deadline For Banks
The Reserve Bank of India had proposed July 1, 2026 as the date from which its draft Responsible Business Conduct Amendment Directions would apply to commercial banks. As per RBI's February 11, 2026 draft, banks were given roughly five months to remove dark patterns from their apps and websites, run audits and user testing on their digital interfaces, and tighten how consent is captured before selling any financial product.
That date has now passed, which is exactly why the topic is back in headlines this week.
This is not a small compliance memo. As per the draft, if a bank is found guilty of mis-selling, it may have to refund the entire amount paid to the customer and pay compensation on top of it, even in cases where the customer had technically given consent, because the RBI's focus is on whether that consent was genuinely informed rather than engineered through interface design.
The draft also folds in NABARD, National Housing Bank, EXIM Bank, SIDBI, NBFCs, housing finance companies, and cooperative banks, so the impact spreads well beyond just the big commercial banks.
CCPA Sent Notices To Platforms That Had Already Declared Themselves "Clean"
This is the part that has genuinely surprised people. Back in November 2025, 26 major platforms, including Amazon, Flipkart, Zomato, Swiggy, Blinkit, MakeMyTrip, BigBasket, and Tata 1mg, submitted self-declarations to CCPA stating their apps were free of all 13 listed dark patterns. The government even called it a "historic step" for consumer protection at the time.
Barely a couple of months later, CCPA issued fresh notices to 15 of these same major platforms after finding that dark patterns were still active on their apps, despite the clean declarations on file.
This is a rare and fairly awkward moment for a regulator, because it exposes the self-audit system's biggest weakness. There was no independent verification process behind those November declarations, and platforms were essentially grading their own homework.
The fact that CCPA had to circle back within weeks confirms what critics had warned when the self-audit advisory was first issued.
A New Report Puts A Rupee Figure On The Damage
The third reason this topic is trending is a report from Datum Intelligence, released in the first quarter of 2026, that finally attaches hard numbers to something everyone suspected but nobody had properly measured.
As per the report, Indian consumers lose between ₹25,000 crore and ₹28,000 crore every year because of dark patterns across online marketplaces. The study surveyed over 2,590 consumers across 50 cities and assessed 12 major platforms spanning quick commerce, e-commerce, and online travel, including Amazon, Flipkart, Myntra, Nykaa, Zepto, Blinkit, Swiggy Instamart, BigBasket, MakeMyTrip, EaseMyTrip, Ixigo, and Cleartrip.
The report found that 88% of India's 304 million online shoppers lose somewhere between ₹78 and ₹87 every month due to deceptive design tactics. That may sound small per person, but multiplied across the shopper base it adds up to more than ₹55,000 crore in gross merchandise value now at risk, as frustrated users cut back spending, compare prices more aggressively, or simply switch to a competing app.
The report also found a 92-point gap between the best and worst performing platforms on a trust score, with Amazon coming out as the most trusted name in e-commerce and Flipkart as the only platform where distrust actually outweighs trust among users surveyed.
In the travel category, MakeMyTrip scored better on consumer trust while Cleartrip ranked among the more harmful platforms in the study.
Where India's Dark Pattern Problem Is Worst
According to ASCI Academy's "Conscious Patterns" report, done in partnership with design firm Parallel HQ, healthtech apps carry the heaviest load of dark patterns at 8.8 per app on average, followed by travel booking at 7.2 and fintech and e-commerce at 5.3 each. Streaming services and gaming apps came out cleaner, at 1.8 and 2.4 patterns per app respectively.
Across all 53 apps studied, four patterns made up 78% of every dark pattern occurrence found. Privacy deception alone accounted for 24% of all cases and appeared in 79% of the apps checked, meaning almost every major Indian app was collecting or using data in ways users did not clearly agree to.
Drip pricing came next at 19%, followed by interface interference at 18% and false urgency at 17%. More than 80% of the apps studied had dark patterns hiding specifically in their settings or account section, and every single e-commerce app in the study made account deletion unnecessarily hard.
Also Read RBI's New NBFC Rules Put Tata Sons' Listing Fate Back in the Spotlight
What "Dark Patterns" Means for Businesses and Consumers
For businesses, especially in edtech, fintech, healthtech, and e-commerce, the direction is clear. Regulators are no longer just issuing advisories, they are issuing orders with financial penalties and public compliance reports. Self-audits without genuine fixes will not hold up against future scrutiny, particularly as RBI extends its dark pattern definition from lending apps into general banking interfaces from mid-2026.
For consumers, the Ministry of Consumer Affairs runs the Jagriti dashboard and the Jago Grahak Jago app, where anyone can report a website or app suspected of using dark patterns. Complaints can also be filed through the National Consumer Helpline. Reading checkout screens carefully, checking pre-ticked boxes, and taking screenshots before completing a purchase remain the simplest ways to protect yourself while the regulatory framework catches up with enforcement.
Sources: Central Consumer Protection Authority (CCPA) orders and guidelines, Press Information Bureau (PIB) releases dated June 3, 2026, Reserve Bank of India notifications on Digital Lending Directions 2025 and draft banking dark pattern rules 2026, ASCI Academy and Parallel HQ "Conscious Patterns" report, LocalCircles audit (June to September 2025), MediaNama reporting, Department of Consumer Affairs (DoCA).



