Brussels, 16 April 2025 – The European Union (EU) has taken significant steps to tackle dark patterns – frequently understood as manipulative design tricks that nudge users into choices they didn’t intend, often for the benefit of service providers. At least 13 pieces of legislation already cover these practices (see table below).
Yet despite this, the idea of creating new rules on Digital Fairness is gaining traction. It’s the wrong response. The priority should be clarifying how existing laws interact, not adding more. While no single regulation captures every possible dark pattern, together, the existing framework is robust. Clear guidelines would help ensure effective enforcement and reduce unnecessary complexity for businesses.
Dark patterns are already in decline
Regulatory action is already working. For example, the GDPR (Articles 4(11) and 7) and the Consumer Rights Directive (Article 22) have eliminated pre-ticked boxes, requiring explicit consent instead. This shows that targeted enforcement can drive meaningful change.
Rather than draft new laws, the EU should double down on enforcement and ensure consistent interpretation across Member States.
A patchwork of rules (and authorities)
One major challenge is that enforcement is inconsistent. Depending on the case, dark patterns may fall under consumer protection – dealt with by national courts – or data protection, overseen by supervisory authorities.
This leads to conflicting decisions and regulatory uncertainty, which has real consequences:
✖ Uneven protection for consumers across the EU
✖ A complex, costly compliance landscape for businesses
✖ Patchy enforcement leaves room for rogue actors.
Instead of expanding the rulebook, the EU should focus on harmonising enforcement and clarifying how existing rules work together. The European Commission could issue harmonised guidelines that:
✔ Explains how existing laws interact and which takes precedence
✔ Encourages aligned enforcement across Member States
✔ Reduces compliance costs and legal uncertainty
Without this clarity, both businesses and consumers face a confusing regulatory maze.
Flexible rules beat prescriptive bans
Tackling manipulative practices matters, but expanding the blacklist under the Unfair Commercial Practices Directive (UCPD) is not the answer. Overly prescriptive bans risk prohibiting legitimate business practices and oversimplifying nuanced consumer interactions.
Take countdown timers: they can pressure users, but they can also serve useful functions, like signalling stock levels or time-limited discounts. A blanket ban would miss that nuance.
Likewise, defining dark patterns by colours, layout, or button placement could create rigid restrictions that ignore context, and fail to capture future tactics we haven’t seen yet.
A principles-based approach, focused on intent and actual harm, is far more effective and future-proof than prescriptive rules that risk becoming outdated.
What the EU should do instead
If the EU wants to boost competitiveness and protect consumers, it should simplify, not multiply, the rules. Instead of legislating again, the Commission should:
✔ Create clear guidelines that consolidates existing rules without introducing new obligations
✔ Push for consistent interpretation across Member States
✔ Strengthen cooperation among regulators to close enforcement gaps
Currently, businesses face different compliance obligations depending on their location or which authority they deal with. A true “Single Market for Enforcement” would mean a more coherent, predictable, and enforceable system.
It would also allow authorities to act faster and more effectively to protect consumers, without burdening compliant companies.
A level playing field for online and offline commerce
What’s legal in a shop should be legal online. That’s the only way to ensure a fair and competitive single market.
Offline, retailers guide customers with in-store layouts, product placements, and signage. Supermarkets strategically arrange shelves to influence decisions. Online, similar techniques, such as navigation flows or product highlights, are often criticised as “dark patterns”.
But digital environments often offer more transparency, not less. The European Commission’s own data shows 89% of consumers can already recognise dark patterns. That’s not a sign of failure. It’s a sign of success, showing that awareness is high.
Yes, some groups, such as minors, need extra protections. But regulating based on a lowest-common-denominator approach risks overreach, stifling innovation without improving outcomes.
The goal should be technology-neutral regulation that protects consumers and enables responsible business growth.
European tech calls for clarity, not complexity
Consumer protection and business innovation can go hand in hand. Addressing dark patterns doesn’t require a new law. It requires smarter enforcement of the many we already have.
The EU should focus on:
✔ Better use of existing enforcement tools
✔ Stronger coordination across regulators
✔ Clear, practical guidelines that works for both enforcers and businesses
Adding another law risks more confusion, higher costs, and less innovation, without delivering tangible benefits for consumers.
Let’s not reinvent the wheel. Let’s make what we already have work better.
Annex: EU Laws Addressing Dark Patterns, Misleading Practices, and Associated Tactics
This table outlines key EU laws that contain provisions tackling dark patterns, deceptive design practices, and misleading consumer tactics. It provides a summary of the relevant provisions, their role in preventing manipulation, and the enforcement authorities responsible for their implementation.
| Legislation | Year | Provisions | How It Addresses Dark Patterns | Enforcing Authority |
| Unfair Commercial Practices Directive (UCPD) (2005/29/EC) | 2005 | Article 6 (misleading actions), Article 7 (misleading omissions) | Prohibits deceptive commercial practices, including false urgency, hidden costs, and misleading information that influence consumer behaviour. | National consumer protection authorities, national courts |
| Directive on Consumer Rights (2011/83/EU) | 2011 | Article 8 (Formal requirements for distance contracts), Article 6 (Information requirements for distance and off-premises contracts) | Ensures consumers receive clear, upfront information before making purchases, addressing dark patterns that obscure key contractual details or create confusion. | National Consumer Protection Authorities, European Commission |
| General Data Protection Regulation (GDPR) ((EU) 2016/679) | 2016 | Article 7 (Conditions for consent), Article 5(1)(a) (Principles of data processing) | Requires explicit, informed consent for data collection, preventing deceptive opt-in tactics (e.g., pre-checked boxes). Targets misleading consent mechanisms. | National Data Protection Authorities (DPAs), European Data Protection Board (EDPB) |
| Omnibus Directive ((EU) 2019/2161) | 2019 | Recital 47, 54, 56 | Strengthens transparency in online marketplaces, including clearer disclosures about ranking criteria and personalised pricing. Limits deceptive subscription and cancellation practices. | National consumer protection authorities, European Commission |
| UCPD Guidance (C/2021/9320) | 2021 | Section 4.2.7 (Data-driven practices and dark patterns) | Provides official guidance on how the UCPD applies to dark patterns, offering enforcement authorities a framework to assess deceptive design practices. | National consumer protection authorities, European Commission |
| Digital Markets Act (DMA) (Regulation (EU) 2022/1925) | 2022 | Article 6(1)(f) (Obligations for gatekeepers regarding consent withdrawal) | Ensures that consumers can easily withdraw consent or unsubscribe from services, preventing manipulative tactics by dominant platforms. | European Commission, National Competition Authorities |
| Digital Services Act (DSA) ((EU) 2022/2065) | 2022 | Recital 67, Article 25 (online interface design and organisation) | Prohibits deceptive interface designs that manipulate users into unintended actions, such as misleading button placements or opt-out confusion. | European Commission, Digital Services Coordinators (Member State authorities) |
| General Product Safety Regulation (GPSR) ((EU) 2023/988) | 2023 | Article 8 (Obligations of economic operators), Annex I (Specific safety requirements) | Ensures that digital products do not use misleading or deceptive interfaces that could compromise consumer safety or lead to unintended purchases. | National Market Surveillance Authorities, European Commission |
| Directive on Financial Services Contracts Concluded at a Distance ((EU) 2023/2673) | 2023 | Recital 41 | Prevents misleading design practices in online financial transactions, ensuring transparency in terms and conditions. | National financial regulators, consumer protection authorities |
| Data Act ((EU) 2023/2854) | 2023 | Recital 38 | Prohibits unfair data access practices and misleading consent mechanisms that push users into unnecessary data sharing. | National data protection authorities (DPAs), European Data Protection Board (EDPB) |
| Regulation on Transparency and Targeting of Political Advertising ((EU) 2024/900) | 2024 | Recital 75 | Prevents manipulative design techniques in political ads, ensuring clear disclosures and preventing misleading targeting strategies. | National electoral authorities, European Commission |
| Directive Empowering Consumers for the Green Transition ((EU) 2024/825) | 2024 | Recital 1, 2, 3 | Strengthens consumer protection against misleading sustainability claims (greenwashing) and ensures that environmental impact information is clearly presented. | National consumer protection authorities, European Commission |
| Artificial Intelligence (AI) Act ((EU) 2024/1689) | 2024 | Articles 5(1)(a) and (b)) | Introduces new prohibitions on dark patterns, without mentioning the term specifically. The AI Act prohibits subliminal techniques, purposefully manipulative or deceptive techniques or use of AI systems that exploit vulnerabilities based on age, disability or a specific social or economic situation. | Each EU Member State designates its own authorities – it could be the competition authority, the telecommunication authority or another national authority. |
About the European Tech Alliance
EUTA represents leading European tech companies that provide innovative products and services to more than one billion users. Our 33 EUTA member companies from 15 European countries are popular and have earned the trust of consumers. As companies born and bred in Europe, for whom the EU is a crucial market, we have a deep commitment to European citizens and values.
With the right conditions, our companies can strengthen Europe’s resilience and technological autonomy, protect and empower users online, and promote Europe’s values of transparency, rule of law and innovation to the rest of the world.
The EUTA calls for boosting Europe’s tech competitiveness by having an ambitious EU tech strategy to overcome growth obstacles, making a political commitment to clear, targeted and risk-based rules, and enforcing rules consistently to match the globalised market we are in.
For media inquiries, please contact:
Victoria de Posson, EUTA Secretary General
E-mail: victoria@eutechalliance.eu
E-mail: info@eutechalliance.eu
Phone: +32 476 25 08 16
www.eutechalliance.eu
