Other BriefingsFlipkart’s Dark Pattern Self-Audit: What it Means for Businesses in India
Flipkart’s dark patterns self-audit shows how India’s new CCPA guidelines are reshaping e-commerce. Learn the compliance lessons for your business.
On September 17, 2025, Flipkart Group, an e-commerce company, announced the completion of a self-audit in all its digital platforms – Flipkart, Myntra, Flipkart Wholesale, and Cleartrip. The exercise was carried out to remove dark patterns in line with guidelines from the CCPA.
The declaration submitted by the company to the Union Ministry of Consumer Affairs can become a benchmark in India’s digital compliance environment and a step toward consumer-first practices in India’s digital economy.
Understanding India’s dark patterns guidelines
India’s digital economy, projected to reach US$1 trillion by 2030, will depend heavily on building trust and having a transparent business model. The central government is investing its effort in ensuring a fair, ethical digital ecosystem through strict oversight of manipulative online practices that compromise consumer autonomy. Therefore, firms that prioritize transparency and design consumer interactions around fairness will gain lasting advantage.
The CCPA issued Guidelines for Prevention and Regulation of Dark Patterns on November 30, 2023, which defines dark patterns as deceptive design elements in a website or app’s user interface or user experience that intentionally mislead, influence, or pressure users into taking actions they did not plan or wish to take, such as making unintended purchases or sharing personal data.
The guidelines identify 13 specific prohibited dark patterns: false urgency, basket sneaking, confirm shaming, forced action, subscription traps, interface interference, bait and switch, drip pricing, disguised advertisements, nagging, trick wording, SaaS billing, and rogue malware. These practices are classified as unfair trade practices under Section 2(47) of the Consumer Protection Act, 2019.
In May 2025, after consultations with industry stakeholders, the CCPA issued an advisory that required all digital platforms to conduct self-audits and submit compliance declarations within three months. It covered more than 50 platforms across e-commerce, fintech, travel, streaming, food-tech, and med-tech sectors. Flipkart is one of the first large players to declare completion of the directive.
Takeaways from Flipkart’s self audit
The Flipkart Group has announced the audit report has been formally submitted to the Ministry of Consumer Affairs, marking Flipkart as one of the first major Indian e-commerce groups to undertake such an independent review.
In a Press Note, the company highlighted that it has invested significantly in ethical design practices, internal controls, and awareness programs to prevent manipulative online tactics that could compromise consumer choice.
According to Rajneesh Kumar, Chief Corporate Affairs Officer at Flipkart Group, the initiative underscores the company’s ongoing commitment to maintaining high standards of compliance and responsible marketplace conduct.
Proactive compliance as the new norm
Flipkart became a trend setter in conducting self-audit rather than waiting for government actions. Rajneesh Kumar, Flipkart’s Chief Corporate Affairs Officer, emphasized that self-audit “reinforces our role as a responsible digital marketplace” and aligns with “the government’s vision of a transparent digital economy”.
The Ministry welcomed the declaration, stating it “demonstrates a clear commitment to putting consumer interests first” and will “serve as a significant benchmark for other platforms”. The endorsement from the Ministry means that self-auditing may become the gold standard for regulation in coming months.
Shift from reactive regulation to self-regulation
Allowing self-audit by companies is part of the philosophy where businesses take responsibility for monitoring their own design practices.
Flipkart ‘s completion of this self-audit is expected to have significant implications for India’s e-commerce sector. The company has created formal accountability mechanisms that can go a long way in improving consumer trust and reduce the risk of government interference. It is a departure from earlier approaches where penalties followed only after violations were discovered.
What this means for businesses and digital platforms
Competitive advantages of transparent practices
Consumer research shows that 77 percent of Indian buyers act on personalized recommendations, and transparent platforms are more likely to secure repeat purchases. In this environment, transparent, consumer-first practices are your competitive differentiators.
Flipkart has presented itself as a trusted marketplace by taking self-initiative in ensuring transparency in its platform design. For other firms, adopting the same approach could reduce scrutiny from regulators and differentiate them in a crowded digital market.
Risks of non-compliance
The Central Consumer Protection Authority (CCPA), under the Consumer Protection Act, 2019, can impose penalties of up to INR 2 million for violations related to dark patterns. These penalties apply when a company fails to comply with the CCPA’s directives to stop engaging in deceptive user interface practices.
Recent cases show that penalties are actually being levied. Rapido was fined INR 1 million (US$11,277.3) in August 2025 for misleading advertising.
The CCPA has imposed over INR 11.9 million (US$134,200.9) in penalties in 2024 on various entities for consumer rights violations, false advertisements, and unfair trade practices. Since the guidelines came into effect, it has issued 11 notices for dark patterns breaches and over 400 for unfair trade practices.
Non-compliance also creates reputational damage for companies in an environment where consumers expect transparency from brands. Once platforms are perceived as manipulative, the recovery from the fall can be slow, even if they pay the penalties.
Action plan: How companies can stay ahead
Conduct internal audits of digital platforms
Every business should begin by auditing its digital touchpoints, from websites to mobile applications and marketing channels. They should review website design, mobile applications, marketing communications, and customer journey for potential dark patterns. The audit should specifically examine the 13 prohibited practices identified in CCPA guidelines mentioned above.
Organizations should also document those audit findings and remediation efforts to show that they are actually complying with the advisory. These exercises should not be delayed, given there is only a three-month compliance timeline.
Review UI/UX and marketing for manipulative design
User interface and user experience elements require careful scrutiny to ensure they improve rather than manipulate consumer choice.
Companies need to assess their consent mechanisms, subscription processes, cancellation processes, and pricing displays. Marketing teams should review advertising claims for accuracy and ensure that promotional terms are clearly disclosed without relying on fine print or hidden conditions. The Rapido case is an example of how seemingly minor disclosure issues can result in large penalties.
Train teams on compliance and consumer protection norms
Organizations should implement training programs to educate employees about dark patterns, consumer protection requirements, and ethical design principles. Especially teams that directly affect consumer interactions, like product development and consumer service teams, should be trained on priority.
Training modules should cover legal obligations, CCPA’s prohibited practices, and best practices for transparent communication with customers. They can get regular refreshers on what has changed and what should be expected in regulatory terms.
Preparing for future tightening
The present framework and directives are only the beginning of India’s digital governance evolution. The CCPA has already formed a Joint Working Group to identify new manipulative practices and dark patterns. To stay ahead of the curve, businesses can invest in monitoring systems, compliance tools, and ethical design capabilities now, rather than waiting for further updates.
Dark Patterns & Compliance: FAQs
1. What are “dark patterns” in digital products and websites?
Dark patterns are deceptive design practices in user interfaces (UI) or user experiences (UX) that mislead, manipulate, or pressure users into taking actions they did not intend — such as purchasing an item, sharing personal data, or subscribing to a service. They exploit cognitive biases, obscure alternatives, or withhold crucial information, thereby impairing user autonomy and informed decision-making.
2. Are dark patterns illegal in India?
Yes. The Guidelines for Prevention and Regulation of Dark Patterns, 2023, issued under the Consumer Protection Act, 2019, explicitly prohibit such practices. Any platform, advertiser, or seller using deceptive design tactics can face penalties for unfair trade practices, misleading advertisements, or violation of consumer rights.
3. Who is covered under India’s dark patterns guidelines?
The guidelines apply broadly to:
- Online platforms and apps offering goods or services to consumers in India.
- E-commerce marketplaces and digital service providers.
- Advertisers and sellers who design or deploy UI/UX interfaces for consumer interaction.
Even foreign companies targeting Indian users must comply if their services are accessible in India.
4. What are some examples of prohibited dark patterns?
The Indian guidelines list 13 dark patterns that are considered violations, including:
- False urgency: Falsely implying a product or offer will expire soon.
- Basket sneaking: Adding products or services to a cart without consent.
- Confirm shaming: Using guilt-inducing language to pressure users.
- Subscription traps: Making cancellation difficult or hiding terms.
- Forced action: Requiring unrelated actions to access a service.
- Drip pricing: Revealing full costs only late in the checkout process.
5. How do dark patterns rules relate to data privacy laws?
Many dark patterns involve the misuse of consent – such as pre-ticked boxes, confusing consent flows, or coercive prompts to share data. Under India’s Digital Personal Data Protection (DPDP) Act, 2023, such consent is invalid. This can lead to parallel enforcement under both consumer protection and data privacy regulations.
6. How are dark patterns regulated in other jurisdictions?
European Union: Under the GDPR, consent manipulation is prohibited; the Digital Services Act (DSA) and Digital Markets Act (DMA) impose strict UI transparency obligations.
United States: The FTC and California Privacy Rights Act (CPRA) penalize deceptive design, particularly around subscription cancellation, consent, and hidden charges.
Penalties abroad can reach 4-10 percent of global annual turnover, far exceeding Indian fines.
7. Are “nudges” the same as dark patterns?
Not necessarily. Nudges are design choices that guide users toward beneficial decisions (e.g., defaulting to stronger privacy settings) without misleading them. They become dark patterns when they are manipulative, coercive, or deliberately obscure alternatives to serve the company’s interest over the consumer’s.
8. How can businesses ensure compliance?
- Conduct regular UX/UI audits to detect and eliminate manipulative patterns.
- Use plain language and transparent disclosures for pricing, consent, and cancellation.
- Ensure opt-out and cancellation flows are simple, visible, and no harder than opting in.
- Label advertisements and sponsored content clearly.
- Document consent processes and maintain records for audit and regulatory review.
9. What should companies do if they discover a dark patterns in their interface?
- Immediately remove or redesign the problematic feature.
- Notify legal and compliance teams for a risk assessment.
- If necessary, self-report to regulators and offer remedies (e.g., refunds, corrective notices) to mitigate penalties.
- Implement training and internal guidelines to prevent recurrence.
10. What penalties can companies face for using dark patterns?
For false or misleading advertisements: A company can be fined up to INR 1 million for a first offense and up to INR 5 million for subsequent offenses. The misleading advertisements guideline can apply to dark patterns such as “drip pricing” (revealing prices incrementally) or “bait and switch”.
For non-compliance with orders: If a business fails to comply with an order from a consumer forum, it can face imprisonment of up to three years and fines ranging from INR 2,000 to INR 10,000.
Under the Digital Personal Data Protection Act, 2023 (DPDPA): Dark patterns that violate user privacy by obtaining consent deceptively can lead to separate, significant fines under the DPDPA, which can reach up to INR 500 million.
The Central Consumer Protection Authority (CCPA) can also order the recall of goods/services, refunds to consumers, and discontinuation of the deceptive practice.
About Us
India Briefing is one of five regional publications under the Asia Briefing brand. It is supported by Dezan Shira & Associates, a pan-Asia, multi-disciplinary professional services firm that assists foreign investors throughout Asia, including through offices in Delhi, Mumbai, and Bengaluru in India. Dezan Shira & Associates also maintains offices or has alliance partners assisting foreign investors in China, Hong Kong SAR, Vietnam, Indonesia, Singapore, Malaysia, Mongolia, Dubai (UAE), Japan, South Korea, Nepal, The Philippines, Sri Lanka, Thailand, Italy, Germany, Bangladesh, Australia, United States, and United Kingdom and Ireland.
For a complimentary subscription to India Briefing’s content products, please click here. For support with establishing a business in India or for assistance in analyzing and entering markets, please contact the firm at india@dezshira.com or visit our website at www.dezshira.com.
- Previous Article How Cultural Factors Can Impact Foreign Business Success in India
- Next Article GST 2.0: How India’s New HSN and SAC Code Structure Transforms Tax Compliance for Businesses
