Dark-patterns audit + remediation program

Description

Dark-patterns prohibitions started as an FTC enforcement theme around forced-action and roach-motel cancellation flows and have since hardened into specific prohibitions across DSA Article 25, the EU Digital Fairness Act draft Article 8, the FTC Click-to-Cancel Rule, the California ROSCA enforcement track, and the Australian Consumer Law unconscionable-conduct doctrine. The prohibitions describe outcomes rather than mechanics, which is the design-relevant distinction: a flow that produces a manipulative outcome through ordinary design choices is treated identically to one that does so deliberately. This is why the audit cadence has to be ongoing rather than one-time, and why design-system guardrails that prevent regressions matter as much as any one-time audit pass. A working prohibition program has three operational pieces. The periodic UX audit covers the high-risk surfaces (purchase, cancellation, consent capture, engagement loops, default settings, subscription renewal, opt-in flows that are paired with opt-out flows of asymmetric friction) against the canonical pattern taxonomy: forced action, hidden costs, sneaking-into-cart, confirmshaming, nagging, disguised ads, false urgency, obstruction, pre-selected options, friction asymmetry between sign-up and cancellation, social-proof manipulation, and the broader "deceptive design" reference taxonomy that the EDPB 03/2022 guidelines and the FTC's 2022 "Bringing Dark Patterns to Light" framework both reference. The remediation backlog turns audit findings into prioritized tickets with ownership, deadlines, and validation criteria; an audit that produces findings without conversion into closed remediation items is essentially documentation that the operator knew about a violation and did not fix it. Design-system guardrails prevent regressions at the framework level: button-prominence parity between accept and reject, equivalent friction for opt-in and opt-out, consistent positive-framing rules, and pre-build linting that catches the canonical patterns before they ship. Accessibility-team review on the same surfaces tends to surface dark-pattern issues as a side effect (the asymmetric-friction patterns that manipulate able-bodied users tend to fully exclude users dependent on assistive technology), so the two reviews often co-locate productively. The statutory anchors are layered. DSA (Regulation (EU) 2022/2065) Article 25 sets the EU prohibition on dark patterns in online-platform interfaces. The EU Consumer Rights Directive (2011/83/EU) plus the proposed Digital Fairness Act layer the broader consumer-protection prohibitions and the explicit addictive-design clauses. EU Omnibus Directive (Directive (EU) 2019/2161) amended UCPD to add specific prohibitions on undisclosed paid placement and false-urgency tactics. FTC Act §5 at 15 U.S.C. §§41-58 plus the Click-to-Cancel Rule and the 16 CFR Part 425 negative-option framework govern the US federal layer. California Business and Professions Code §17600 (ROSCA) plus the Texas DPSA at Tex. Bus. & Com. Code §§541.001-541.205 layer state-level enforcement. Australian Consumer Law (Competition and Consumer Act 2010 Schedule 2) carries the unconscionable-conduct prohibition. China's algorithmic-recommendation provisions and minors-protection regulations include explicit prohibitions on addiction-inducing designs. Evidence formats that satisfy a regulator inquiry include the annual dark-patterns UX audit report, the remediation backlog with closure log, the design-system rules enforcing button-parity and no-pre-checks, screenshot diffs showing remediated flows, and user-research test results validating that the post-remediation flows produce non-manipulative outcomes.

Applicability

Applies when: customer segment is b2c or b2b2c.

How predicates are evaluated

Required by (9 regulations)

• ACL

  ACL unconscionable-conduct prohibition + dark-patterns clause (acl-dark-patterns).

  Competition and Consumer Act 2010, Schedule 2

• Algorithm Provisions

  Cyberspace Administration of China algorithm rules: prohibition on designs that induce user addiction or excessive consumption (china-algo-no-addiction).

  Provisions on the Management of Algorithmic Recommendations in Internet Information Services (jointly issued by CAC, MIIT, MPS, and SAMR; effective March 1, 2022)

• Minors Online Protection

  Regulations on the Protection of Minors in Cyberspace (promulgated by the State Council, Order No. 766, effective January 1, 2024)

• DSA

  DSA Article 25 prohibition on dark patterns in online-platform interfaces.

  Regulation (EU) 2022/2065 of the European Parliament and of the Council (Digital Services Act)

  Source →

• EU CRD

  Directive 2011/83/EU of the European Parliament and of the Council

• DFA

  EU Digital Fairness Act dark-patterns + addictive-design clauses.

  Proposed. no legislative text published

• FTC Act

  15 U.S.C. §§41-58; 16 CFR Parts 255, 425

• TDPSA

  Tex. Bus. & Com. Code §§541.001-541.205

• California SB 976

  Backs SB 976's protective-default posture for minor accounts against engagement-maximizing design.

  California SB 976 (2024), Protecting Our Kids from Social Media Addiction Act

  Source →

Fulfilled by (2)

• In-house build · medium effort
  UX + legal partnership running quarterly audits against the EDPB '03/2022 Dark Patterns' taxonomy + FTC 2022 'Bringing Dark Patterns to Light' framework.
• In-house build · partial · low effort · $
  Build a dark-patterns audit checklist against the Deceptive Design reference taxonomy (deceptive.design).

Magist does not accept payment from vendors. Methodology.

Evidence formats

• annual dark-patterns UX audit report
• remediation backlog + closure log
• design-system rules enforcing button-parity / no-pre-checks
• screenshot diffs showing remediated flows
• user-research test results validating non-manipulative flows