NEW DELHI: India's consumer watchdog has fined edtech platform PhysicsWallah and cybersecurity software company McAfee for using online design practices that allegedly steered consumers toward purchases and subscription decisions, the latest enforcement action in the government's crackdown on so-called dark patterns.
In separate orders, the Central Consumer Protection Authority (CCPA) imposed a penalty of ₹5 lakh on PhysicsWallah and ₹1 lakh on McAfee Software India Pvt. Ltd., according to a statement issued by the department of consumer affairs on Wednesday. Both companies have been directed to discontinue the identified practices and ensure consumers can make purchasing and subscription decisions without manipulation or undue influence.
The action was taken under the Consumer Protection Act, 2019, the Consumer Protection (E-Commerce) Rules, 2020, and the Guidelines for Prevention and Regulation of Dark Patterns, 2023, the ministry said.
Checkout nudges
In PhysicsWallah's case, the regulator took suo moto cognizance of certain practices on the platform and found that a ₹10 donation to the PW Foundation was automatically selected during checkout and added to the final payable amount without explicit consumer consent.
According to the authority, consumers were also shown emotionally persuasive messages linked to children's education, healthcare and marriages that encouraged them to retain the donation option. The regulator further found that courses advertised as "free" could be accessed only after users shared personal information such as mobile numbers and email addresses.
The content offered through the free courses remained unchanged across user accounts, the CCPA observed, suggesting that mandatory collection of personal information was not necessary for accessing the material.
It classified the practices as "basket sneaking", "confirm shaming" and "forced action" under the Dark Patterns Guidelines.
In its order, the CCPA held that consumer consent cannot be presumed through pre-selected options and must be obtained through a clear and affirmative action. The regulator also said that advertising courses as free without clearly disclosing mandatory registration and data-sharing requirements amounted to a misleading representation.
The authority noted that the concerns were particularly significant because a large portion of the platform's users comprise students, including minors.
The practices violated provisions relating to consumer rights, misleading advertisements and unfair trade practices under the Consumer Protection Act, besides breaching the e-commerce rules and dark pattern guidelines, it said.
Renewal pressure
In a separate order, the CCPA examined McAfee's subscription-renewal interface and found that consumers were not provided with a neutral choice when deciding whether to renew their subscriptions.
Users were presented with two options—"Renew Now" and "Accept Risk"—with the latter effectively characterising non-renewal as a risky decision, the regulator said.
According to the authority, the phrase "Accept Risk" implied that consumers would be exposed to cybersecurity threats if they chose not to renew their subscriptions, a claim that could not be guaranteed by the company.
The CCPA found that the interface exerted pressure on consumers to continue their subscriptions and identified multiple dark patterns, including confirm shaming, interface interference, trick questions and forced action.
The regulator said subscription decisions should be made freely and without fear-based messaging or deceptive design techniques. It concluded that the interface amounted to an unfair trade practice and impaired consumers' ability to provide explicit and informed consent.
The authority directed McAfee to ensure that no such dark patterns are deployed on its website, applications or other digital interfaces in future.
Queries sent to spokespersons of PhysicsWallah and McAfee were not immediately answered on Wednesday.
Wider crackdown
The latest enforcement action comes as the government steps up scrutiny of manipulative online design practices. The Guidelines for Prevention and Regulation of Dark Patterns, notified in November 2023, identify 13 categories of prohibited practices, including basket sneaking, confirm shaming, forced action, interface interference and trick questions.
In June 2025, the CCPA issued an advisory asking e-commerce companies and digital platforms to undertake self-audits and remove dark patterns from their interfaces.