top of page

 Legal Regulation of Dark Patterns: The European Union

The increasingly noticeable negative impact of dark patterns on users has garnered the attention of governments worldwide. As a pioneer in global digital governance, the European Union (EU) has enacted multiple laws to address dark patterns. This short article will explain how the EU uses legislation to curb the proliferation of dark patterns.


 Introduction to Dark Patterns


Dark patterns refer to user interface designs that exploit human psychology and behavioral biases to mislead or trick users into making involuntary or detrimental choices. These design techniques are often used to increase conversion rates, generate revenue, or collect more user data, but they often sacrifice user autonomy and rights. Common dark patterns include Roach Motel, Bait and Switch, Nagging, and Preselection. The EU has regulated dark patterns through various laws to prevent their harmful effects, including the Digital Services Act, the Unfair Commercial Practices Directive, the General Data Protection Regulation, and the Consumer Rights Directive.


Digital Services Act (DSA)


Article 25 of the Digital Services Act stipulates that the design, organization, or operation of online interfaces must not deceive, manipulate, or otherwise significantly distort the ability of users to make free and informed decisions. Article 31 further mandates that if an online platform provides contract conclusion functions (e.g., online shopping platforms), it must ensure that the online interface design allows merchants to disclose product information, terms, and contact information to comply with relevant EU laws.


Due to the more specific and particular regulations of the Unfair Commercial Practices Directive and the General Data Protection Regulation, they take precedence in individual cases. Therefore, the Digital Services Act mentions that the aforementioned provisions serve only as supplements to the Unfair Commercial Practices Directive and the General Data Protection Regulation.


 Unfair Commercial Practices Directive (UCPD)


Although the term "dark patterns" is not explicitly used, the Unfair Commercial Practices Directive actually covers many common dark pattern types. The directive stipulates that commercial practices must not be misleading, aggressive, harassing, coercive, unduly influencing, or otherwise unfair. The annex to the directive explicitly mentions several examples of unfair commercial practices, including:


- Bait advertising (not displaying or misrepresenting products, refusing to deliver within a reasonable time, price discrepancies between advertisement and sale, feigning urgency, etc.)

- Misleading information (false product quality claims, inaccurate promotional terms, etc.)


 General Data Protection Regulation (GDPR)


Although the General Data Protection Regulation focuses on the processing of personal data, some regulations also apply to dark patterns, especially in cases involving consent for data collection and processing. The GDPR requires that the processing of personal data must be lawful, fair, and transparent, with protective measures taken throughout the processing. Data subjects must give free, specific, and informed consent. Additionally, based on the GDPR, the EU has issued the Dark Patterns in Social Media Platforms Guidelines, which provide specific examples of dark patterns, such as:


- Information overload

- Ignoring important information

- Misleading users


These dark patterns often lead users to make decisions about their personal data that have potential harm, often without their awareness or willingness.


 Consumer Rights Directive (CRD)


The Consumer Rights Directive stipulates that if a merchant requires consumers to bear any form of additional costs, explicit consent from the consumer must be obtained again. If preselection is used to gain consumer consent for additional costs, the consumer can request a refund from the merchant.




Through multiple laws, the EU regulates dark patterns, demonstrating its commitment to protecting user rights and ensuring fairness in the digital environment, regardless of punitive measures. This article will compare existing Taiwanese laws on this basis to analyze the regulation and future development of dark patterns in Taiwan.



Regulation - 2022/2065 - EN - DSA - EUR-Lex (

Directive - 2005/29 - EN - EUR-Lex (

Regulation - 2016/679 - EN - gdpr - EUR-Lex (

Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them | European Data Protection Board (

Directive - 2013/36 - EN - Capital Requirements Directive - EUR-Lex (



Editor: Doris Lin, Harvey Huang

bottom of page