Deceptive Design Laws in the EU: DSA, DFA, and the Push for Digital Fairness in 2026
The European Union has advanced regulations against deceptive design, known as dark patterns, through the Digital Services Act (DSA), effective since 2024. This law prohibits manipulative practices in online interfaces. It bans tactics that distort users' ability to make informed choices, requires clear labeling of advertisements, and ensures easy account deletion. Building on this, the EU Digital Fairness Act (DFA) legislative proposal is expected in the third or fourth quarter of 2026, following a public consultation from July 17 to October 9, 2025, and an impact assessment in the second quarter of 2026. These developments address gaps highlighted in the 2024 EU Fitness Check, which estimated annual consumer harm from online issues at €7.9 billion according to EU Commission data.
For consumers in Colombia using cross-border online services, these laws help identify manipulative tactics like hidden opt-outs or disguised ads. Businesses targeting EU users must ensure compliance to avoid risks, while legal professionals can track how these standards influence global digital protections.
What Are Dark Patterns Under EU Law?
Dark patterns refer to practices that materially distort or impair the ability of users to make autonomous and informed choices, either intentionally or in effect. This definition comes from recital 67 of the DSA (EP Think Tank).
The 2024 EU Fitness Check of consumer law on digital fairness describes them as unfair commercial practices deployed through the structure, design, or functionalities of digital interfaces. The European Data Protection Board (EDPB) issued guidelines in early 2022, updated a year later, focusing on their use in social media platforms.
These definitions establish a foundation for recognizing interfaces that nudge users toward unintended actions, such as subscriptions or data sharing, without transparent options. They emphasize the role of design in subverting user autonomy, providing a consistent lens across EU regulatory efforts.
Current EU Regulations: Digital Services Act (DSA) and Existing Coverage
The DSA, effective since 2024, explicitly prohibits a range of dark pattern tactics across online platforms. It mandates that all advertising be clearly labeled and makes essential actions, like account deletion, easy to find (CBTW Tech). These rules apply broadly to digital services, enhancing user autonomy.
Before the DSA, at least 13 pieces of EU legislation addressed dark patterns to varying degrees, including GDPR Articles 4(11) and 7 on consent, and Article 22 of the Consumer Rights Directive. EU Commission data indicates 89% of consumers can recognize such patterns.
These combined protections form a framework already in force, covering aspects like consent validity and unfair terms to limit manipulative designs.
Upcoming Changes: EU Digital Fairness Act (DFA) Timeline for 2026
The DFA aims to introduce uniform rules against manipulative digital design methods. Its development includes a public consultation launched on July 17, 2025, running until October 9, 2025 (2B Advice). An impact assessment follows in the second quarter of 2026, leading to a final legislative proposal in the third or fourth quarter of 2026 (Streamlex).
This timeline responds to evidence from the 2024 Fitness Check, which underscored the need for stronger, dedicated protections, including addressing the estimated €7.9 billion in annual consumer harm.
EU Fitness Check 2024: Evidence Driving New Deceptive Design Rules
Published on October 3, 2024, the EU Fitness Check of consumer law on digital fairness evaluated protections against manipulative design in digital environments. It concluded that existing regulations leave consumers inadequately protected despite their coverage of unfair practices (EP Think Tank).
The assessment defines dark patterns in the context of digital interfaces and serves as a key catalyst for the DSA's enforcement and the forthcoming DFA proposal. It highlights persistent gaps that necessitate targeted legislation, such as inconsistent application across member states.
Comparing EU Deceptive Design Frameworks: DSA vs. DFA vs. Existing Laws
The DSA, existing laws, and anticipated DFA differ in scope, specificity, and timing. The table below compares them based on key aspects.
| Framework | Prohibitions | Definitions | Status | Key Metrics |
|---|---|---|---|---|
| DSA | Prohibits dark patterns distorting choices; requires ad labeling, easy account deletion | Recital 67: practices materially impairing autonomous decisions | Enforced since 2024 | Addresses broad online services |
| DFA | Expected uniform rules against manipulative digital design methods | Builds on Fitness Check: unfair practices in digital interfaces | Proposal Q3-Q4 2026 | €7.9B annual harm estimate (EU Commission data) |
| Existing Laws (13+) | Covers via consent, unfair terms (e.g., GDPR Art. 4(11)/7, Consumer Rights Dir. Art. 22) | Varied, pre-DSA interpretations | In force pre-2024 | 89% consumer recognition (EU Commission data) |
This comparison shows the DSA's immediate enforceability, the DFA's prospective harmonization, and existing laws' foundational role.
Practical Steps for Compliance and Consumer Protection in Light of EU Laws
Businesses can align with DSA requirements by ensuring advertisements are unambiguously labeled, account deletion is straightforward, and interfaces avoid distorting user choices. Review designs against recital 67 and Fitness Check definitions to identify potential dark patterns.
Consumers should look for clear opt-out options, verify ad labels, and test account closure processes. For platforms serving EU users from Colombia, adopting these practices supports compliance with global standards.
Next, consult the DSA text and Fitness Check report for detailed guidance, and monitor DFA updates through official EU channels.
FAQ
What is the EU Digital Services Act (DSA) and how does it regulate deceptive design?
The DSA, effective since 2024, prohibits dark patterns that impair informed choices per recital 67, requires ad labeling, and ensures easy account deletion (CBTW Tech).
When is the EU Digital Fairness Act (DFA) expected to be proposed?
The DFA legislative proposal is expected in Q3-Q4 2026, after a Q2 2026 impact assessment and July-October 2025 public consultation.
What did the 2024 EU Fitness Check reveal about dark patterns?
Published October 3, 2024, it found inadequate consumer protections against manipulative digital designs despite existing laws.
How many EU laws already address dark patterns before DSA and DFA?
At least 13 pieces, including GDPR and the Consumer Rights Directive.
What are examples of dark patterns prohibited by the DSA?
Practices that distort or impair autonomous decisions, such as those subverting clear navigation or consent.
How can businesses prepare for potential DFA rules in 2026?
Audit interfaces against DSA and Fitness Check definitions, ensure ad transparency, and simplify key actions like deletion.