Dark patterns: UX tricks in the sights of legislators and courts

Have you ever felt pressured by a website – for example because a countdown suddenly expired or because it claimed in bright red that “Only 1 room left!”, even though you had the feeling that this couldn’t be true? Or were you desperately looking for the cancel button to end a subscription and were trapped in a veritable maze of confirmation questions? Such manipulative design tricks are called dark patterns. They aim to push users into actions that they did not actually intend to take. Recently, dark patterns have increasingly become the focus of legislators and courts. At EU level, the new Digital Services Act (DSA) expressly prohibits these deceptive UX strategies, and regulations have also been tightened in German law (e.g. UWG and BGB) to prevent manipulative design tricks. This blog post explains which common marketing tricks fall under this category – from fake countdowns to hidden unsubscribe buttons – and how to design your user interface in a legally compliant and user-friendly way in order to avoid warnings and penalties. After all, a brief success through deception can quickly have expensive legal consequences and permanently destroy the trust of users.

What are “dark patterns”?

Dark patterns are manipulative design patterns in the user interface (websites, apps, etc.) that deliberately mislead users or urge them to take certain actions that they would not have taken without this design nudge. Unlike good UX design, which helps the user to make informed decisions, dark patterns use psychological tricks to force more sales, more data or longer usage times, for example. Typical dark patterns play with time pressure, deception or hidden controls. Because such methods usually work to the detriment of users, they are not only considered unethical, but are also increasingly illegal. The EU legislator has explicitly banned dark patterns for the first time in Article 25 DSA – online platforms may no longer design their interfaces in such a way that the consumer’s freedom of choice is distorted or significantly impaired. This EU-wide prohibition has been directly in force since February 2024. German laws also already contain rules against such misleading and undue influence, for example in the Unfair Competition Act (UWG) and in consumer law.

The important thing is: Not all convincing marketing is a dark pattern. Permissible usability tricks ensure a good user experience without deceiving the user or forcing them to do anything. Dark patterns, on the other hand, cross the line – they create a lack of transparency and mistrust. In the next section, we look at which specific design tricks fall under these prohibited dark patterns.

Common dark pattern tricks and why they are now banned

A number of questionable tactics have become established in e-commerce and online marketing and are now being targeted by the regulatory authorities. Here are some of the most common dark patterns and how legislators assess them:

• Artificial scarcity (“Only 1 piece available!”) – Shops suggest a low stock quantity or limited availability in order to create pressure to buy. If this information is not true, it is misleading advertising. For example, it is considered deception under Section 5 (2) No. 1 UWG to present a product as almost sold out, although in reality there is still plenty in stock. Such false shortages can be cautioned. The legal situation is clear: The Black List of Unfair Commercial Practices prohibits per se the use of untrue claims about short-term availability to urge consumers to make a hasty purchase. Genuine scarce stock may be communicated – but only if the information is correct and not artificially created.
• False time pressure (countdown timer) – The urgency trick works in a similar way. A ticking timer signals that an offer will end in x minutes in order to persuade the user to act immediately. This is legally problematic if the time pressure is merely feigned. A countdown must actually show the real remaining time, otherwise it is a deception. Similarly, a discount promotion may not be extended endlessly – such sham deadlines violate the transparency requirement. Real time-limited offers are permitted, but not endless timers that simply start again from zero (as some “Hurrify” plugins did before they were banned, for example).
• Hidden cancellation channels (“Roach Motel”) – The “easy in, hard out” principle: companies make signing up for a contract or subscription child’s play, but canceling it extremely complicated. A classic example of this was Amazon’s former Prime cancellation process, which was fittingly called “Iliad” (after Homer’s epic, endless tale). Users had to click through countless subpages, reject interim offers and find well-hidden buttons to finally cancel their subscription. Such machinations are not only user-unfriendly, but now also illegal. In Germany, Section 312k of the German Civil Code has stipulated the “cancel button” since July 2022: Consumers must be able to cancel contracts on websites with just a few clicks, as easily as signing them. If there is no clearly visible cancel button or if it is deliberately hidden, there is a risk of warnings – and even more serious: the customer can terminate the contract at any time without notice. To put it plainly: if you obstruct the termination process, you not only risk getting into trouble with the Wettbewerbszentrale & Co. but, in the worst case, losing your paying subscribers in one fell swoop.
• Preset checkboxes (opt-out instead of opt-in) – Perhaps you have already experienced this: when making an online purchase, a checkmark is automatically set for a newsletter or an additional paid service, and you are only spared if you actively remove it. Such pre-ticked checkboxes have been used by resourceful marketers to obtain consent or additional sales that many users would otherwise not give voluntarily. However, legally, the prohibition of tying and the principle of voluntary, active consent apply. A pre-ticked box does not count as valid consent – this was clearly decided by the Regional Court of Munich I (judgment of 4.6.2018, 4 HK O 8135/17). Users must actively give their consent themselves, for example by deliberately ticking a box. Otherwise, there is no effective consent to newsletter advertising or additional costs, for example. Companies that work with hidden or unclear opt-in boxes must expect to receive warnings under competition law – and may even face fines in the area of data protection. The EU consumer directives also prohibit additional charges that are slipped in via pre-set options. For founders, this means: Hands off automatically activated boxes – every extra service must be offered transparently and selected voluntarily by the user.
• Misleading buttons and “trick questions ” – Another dark pattern is deliberately confusing labels or dialogs that mislead the user. Examples: A gray “Continue” button that actually triggers a paid upgrade, while the free option is hidden in an inconspicuous link. Or a pop-up with a suggestive question such as “Do you really want to give up the great benefits?”, where the buttons are labeled “Yes, secure benefits” and “No, I’m giving up voluntarily”. Such confirm-shaming tricks attempt to influence the user with emotionally colored options. From a legal point of view, this quickly moves into unfair territory, namely the deliberate concealment of contractual declarations. In Germany, for example, §312j BGB stipulates that an order button must be clearly labeled “zahlungspflichtig bestellen” or similar – misleading labels are ineffective. As a general rule, buttons and options must be clearly and neutrally understandable. If the “decline” option is deliberately hidden or formulated in a deterrent way (e.g. “No, I don’t want to save any money”), this can be considered unlawful commercial influence. Cookie banners are a well-known area: it is not permitted to highlight the “Accept all” button in bold, while the “Reject selection” option is buried somewhere in the privacy settings. Both options (accept/reject) must be equally easily accessible and designed – anything else violates data protection and competition law.

These are just a few examples – the range of dark patterns is wide, from intrusive pop-ups and hidden costs to fake reviews. It is important to note that all of these tricks can be warned if they deceive or unduly harass consumers. And we have recently introduced clear laws to put a stop to such manipulation. Of course, this realization is only slowly gaining ground – a recent study found that even after the dark pattern ban came into force in the DSA, all the major apps and platforms examined still used manipulative designs. However, consumer associations and authorities are becoming increasingly active in cleaning up the mess.

Current cases: How authorities are taking action against dark patterns

Current cases at home and abroad show that dark patterns are not only banned in theory, but also punished in practice. Both consumer protection organizations in Europe and the US Federal Trade Commission (FTC) have recently taken action against companies that use dark UX tricks:

• Amazon Prime under fire: In June 2023, the FTC filed a complaint against Amazon, alleging that the company had lured consumers into Amazon Prime and prevented them from canceling. According to the FTC complaint, Amazon deliberately used manipulative interface designs – the same dark patterns – in order to lure millions of customers into ongoing Prime subscriptions without their express consent. The cancelation path was intentionally designed to discourage customers from canceling. Amazon’s management is even said to have actively prevented changes that would have made it easier to cancel for profit reasons. This case makes it clear that even industry giants come under fire for such practices. In Europe, Amazon has pre-empted a similar procedure through cooperation – following complaints from consumer associations, Amazon had to make its Prime subscription cancelable with just two clicks and introduce a clearly visible “Cancel now” button as early as 2022. EU Justice Commissioner Didier Reynders made it clear: “Manipulative design or ‘dark patterns’ must be prohibited”. Public pressure is working: Today, canceling a Prime subscription is much more user-friendly than before – a success for consumer advocates.
• Epic Games / Fortnite: Another prominent example is the video game provider Epic Games. It was accused by the FTC of using perfidious dark patterns in its game Fortnite to entice players (including children) to make unwanted in-game purchases. The button assignment in the game was so confusing that even a single wrong button press led to unintentional purchases. In addition, children were able to store in Fortnite without parental consent – and customers who complained to the credit card company about incorrectly debited amounts were blocked by Epic without further ado. The result: Epic Games had to pay an incredible 245 million dollars in fines and refunds in 2023. The authorities also issued an order requiring Epic to stop using dark patterns to enforce payments. This case was one of the clearest victories against dark patterns to date – it shows that such deceptive maneuvers can have serious financial consequences, even for big players.
• Fashion shopping apps (Temu, Shein): Consumer protectors are also cracking down in Germany. The Federation of German Consumer Organizations (vzbv) recently conducted investigations into manipulative designs in popular shopping apps such as Shein and Temu. The result: despite the new legal situation, numerous dark patterns were found. The vzbv did not hesitate for long and has already sent Temu and Shein warning letters/requests to cease and desist. One specific example is the welcome procedure in the Shein app: new users were immediately bombarded with flashing pop-ups and time-limited discount offers to urge them to register. When you tried to close the window, a final attempt appeared à la “Are you sure you want to go? You could get coupons now!” – a classic coercion pop-up designed to make it difficult to leave.

Example: The shopping app Shein confronted users with a series of intrusive pop-ups and artificial urgency. First, a welcome offer with limited-time discount coupons entices users, then they have to register – and if they try to click away, a confirmation question (“Are you sure you want to go?”) appears with the login highlighted. Such dark patterns have been warned by consumer advice centers.

Cookie banners are also in the sights of consumer advocates: German authorities and associations have repeatedly warned companies whose cookie consent windows violate the rules – for example, because the “Accept all” button is overly clear, while “Reject” was hidden or only accessible via detours. This resulted in warnings and even fines, as manipulative cookie banners are considered illegal under both data protection law (keyword: GDPR) and competition law.

The message is clear: dark patterns are no longer a trivial offense. Regulators around the world – from the EU to consumer protection agencies and the FTC – are taking a close look and cracking down. For companies, especially young start-ups, this means a considerable risk of warnings if they rely on such methods. There is not only the threat of legal costs, but also a PR disaster if you are publicly pilloried. In the next step, we will therefore look at how you as a founder can design your UX/UI in a legally compliant and user-friendly way to avoid falling into this trap in the first place.

Making UX/UI legally compliant and user-friendly – tips for founders

The good news is that you can be successful without dark patterns – often even more successful because you gain the trust and satisfaction of your customers. Here are some tips on how to design your website or app so that it both complies with legal requirements and is perceived as fair by users:

• Honesty about availability and offers: If you advertise scarce stocks or time discounts, make sure that this information is true. For example, only display “only 2 pieces left” if this is really the case – and take down the notice as soon as supplies arrive. The same applies to countdown timers: only use them for real promotions that really end and don’t just keep resetting the timer. Transparency pays off – customers quickly notice if an “offer ends in 00:00” is still available the next day, and this undermines your credibility.
• Create urgency without deception: Of course you can occasionally build up suspense or point out limited deals. But do so in a measured and correct manner. Avoid formulations that stir up unnecessary panic. Instead of “Today only, then gone forever!!!”, you could use more serious wording: “Promotion valid until date, while stocks last”. If an offer was successful, it is absolutely legitimate to extend it if demand is high – but communicate this openly (“extended by 1 week due to high demand”) instead of always setting a new deadline in secret. Rule of thumb: Don’t play tricks with facts.
• Clear cancellation process: Make it easy for your customers to cancel contracts or terminate subscriptions. Place a clearly visible “Cancel contract” button on your customer profile or footer, as required by law. Do not require any unnecessary hurdles for the termination – a maximum two-step process (click on cancel, then final confirmation) is completely sufficient. Additional login details, telephone confirmations or even faxes are a no-go these days. A simple, transparent termination process protects you from the risk of warnings and shows your customers that you are playing fair. Remember: what good is a subscription that has been kept by trickery if the frustrated customer never comes back?
• User-centered consent: Design opt-in options in such a way that the user really consciously agrees. Leave checkboxes empty by default and clearly formulate what consent is being given for (e.g. “I would like to receive the newsletter” instead of a nebulous “Stay informed”). Always use a double opt-in for newsletters or advertising to be on the safe side. And offer an easy way to revoke consent at any time (e.g. unsubscribe link in every email). In this way, you are not only acting in a legally compliant manner, but also gain subscribers who are genuinely interested instead of those who have accidentally ticked the box.
• Clear and neutral buttons: Make sure your buttons are clearly labeled. Every action should be understandable for the user. Avoid double negations or misleading button texts. If an action is subject to a charge, this must be clearly stated (keyword “order with payment” in the checkout). Make sure that alternative options (such as “decline”, “no thanks” or “use basic version only”) are immediately visible and accessible. If in doubt, make the call-to-action button conspicuous – but don’t hide the alternative somewhere in the body text. Example cookie banner: Two equivalent buttons “Accept all” and “Only necessary cookies” show that you respect freedom of choice – a small but subtle difference to those banners that hide the reject link in gray on gray (which is expressly prohibited).
• No annoyance from pop-ups: Use pop-ups and overlays sparingly and carefully. A newsletter or discount pop-up on the first visit can be okay – as long as it is easy to close and does not reappear immediately. Avoid cascading pop-ups (one window after the other) and respect the user’s “no”. If someone clicks away the offer, accept it instead of asking “Are you sure? Really safe?”. Pop-ups that are too aggressive may even be legally prohibited as unreasonable harassment. Also consider mobile users: nothing is more annoying than a cell phone display that is overlaid by windows that are difficult to close. Less is more – concentrate on targeted messages that offer added value instead of driving users away with constant pop-ups.
• Trust through transparency: Perhaps the most important piece of advice: build on trust instead of tricks. A company that treats its customers openly and fairly will benefit from customer satisfaction and recommendations in the long term. Dark patterns may drive up conversion rates in the short term, but they cause damage in the long term – not only legally, but also to your image. Studies show that users become frustrated and lose trust in the brand if they feel tricked. In contrast, transparent, ethical design decisions strengthen customer loyalty. If your UX signals “We have nothing to hide and you remain in control”, users will be happy to come back and remain loyal to you.

In conclusion, if in doubt, it is better to avoid dark patterns. Even if some practices (still) appear legal, it is not worth optimizing at the expense of users. Legislation continues to evolve – what is a gray area today may be illegal tomorrow. And the next wave of warnings is sure to come for those who believe they can increase their turnover by using tricks. Sustainable business success is better achieved through honesty, user-friendliness and legal compliance.

Conclusion

Dark patterns are tempting: they promise fast completion figures, more newsletter subscriptions, more sales – but the price is high. Users feel deceived, trust is lost and there is now the threat of tangible legal consequences ranging from warning letters to fines in the millions. As the founder of an online business, you should take these warning signs seriously. The EU and Germany have tightened the screws to prohibit manipulative UX tricks. Fake countdowns, hidden unsubscribe buttons, preset checkboxes, etc. can get you into real trouble today – and they are simply no longer up to date.

The good news is that you can create successful user experiences without deception. Focus on clarity, truth and simple, customer-friendly processes. Not only will you avoid the risk of a warning, you will also gain the trust of your users. A disappointed customer who senses a trap won’t come back in a hurry – a satisfied one, on the other hand, will be happy to stay and recommend you to others. With this in mind, let’s make dark patterns a relic of the past together. A fair web is not only in the interest of consumers, but ultimately also the foundation for the sustainable success of online companies.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.