--- title: "DSA Dark Patterns: interface design checks for online platforms" canonical_url: "https://www.sorena.io/artifacts/eu/digital-services-act/dark-patterns" source_url: "https://www.sorena.io/artifacts/eu/digital-services-act/dark-patterns" author: "Sorena AI" description: "Article 25 DSA guidance for reviewing online platform interfaces for deceptive, manipulative, or choice-distorting design patterns." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "DSA dark patterns" - "Digital Services Act Article 25" - "online platform interface design" - "deceptive design" - "UX compliance review" - "Digital Services Act" - "DSA" - "dark patterns" - "Article 25" - "online platform" - "interface design" - "UX review" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # DSA Dark Patterns: interface design checks for online platforms Article 25 DSA guidance for reviewing online platform interfaces for deceptive, manipulative, or choice-distorting design patterns. *Artifact Guide* *EU* ## DSA Dark Patterns A focused guide to Article 25 of the Digital Services Act for reviewing online platform interfaces that may deceive, manipulate, or impair free and informed user decisions. Use it to plan UX tests, product review gates, evidence capture, and escalation checks without stretching the DSA beyond the official text and Commission guidance. Article 25 of the Digital Services Act applies to providers of online platforms. It prohibits designing, organising, or operating online interfaces in ways that deceive or manipulate recipients of the service, or otherwise materially distort or impair their ability to make free and informed decisions. This page translates that rule into concrete interface-review checks while preserving the limits in the DSA text, including the carve-out for practices already covered by the Unfair Commercial Practices Directive or the GDPR. ## What Article 25 Covers Treat dark-pattern review as an online-platform interface review, not as a catch-all rule for every digital service. The DSA text places Article 25 in the section for online platforms and says the provider must not design, organise, or operate interfaces in a way that deceives, manipulates, or materially distorts or impairs users' free and informed decisions. The rule is not limited to intentional deception. Recital 67 covers practices that distort or impair autonomous and informed choices either on purpose or in effect. That makes product outcomes important: a design can create Article 25 risk even when the design brief describes the feature as engagement, conversion, or retention optimisation. - Confirm that the reviewed service is an online platform before assigning Article 25 obligations. - Identify the user decision at issue: sign-up, subscription, cancellation, consent, purchase, ranking choice, account setting, reporting flow, or another platform choice. - Separate Article 25 review from practices already covered by Directive 2005/29/EC or Regulation (EU) 2016/679, because Article 25 says its prohibition does not apply to those covered practices. - Record whether the issue is deception, manipulation, non-neutral presentation, excessive friction, persistent re-prompting, or a hard-to-change default. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng?ref=sorena.io) - Article 25 states the binding DSA prohibition on deceptive, manipulative, or choice-distorting online platform interfaces. - [European Commission - Digital Services Act Questions and Answers](https://digital-strategy.ec.europa.eu/en/faqs/digital-services-act-questions-and-answers?ref=sorena.io) - Commission Q&A explains dark patterns as platform designs that trick users into choices they otherwise may not make. ## Interface Patterns To Test Before Release Use the examples in Article 25 and recital 67 as test scenarios. Review the live interface, mobile layout, accessibility states, localised copy, notification timing, default settings, and any experiment variant, because the DSA wording covers the structure, design, and functionality of the interface. A useful test does not ask only whether the screen is technically usable. It asks whether the user can understand the decision, compare options neutrally, decline or reverse the choice without disproportionate friction, and avoid repeated pressure after a choice has already been made. - Choice prominence: check whether one option receives stronger visual, auditory, ordering, colour, size, or placement treatment when the user is asked to decide. - Repeated requests: test pop-ups, banners, interstitials, and notification loops that keep asking after the user has already chosen. - Cancellation parity: compare the steps, time, labels, authentication demands, and dead ends for terminating a service against subscribing to it. - Exit and purchase friction: inspect whether users can discontinue purchases, sign out, or leave a transaction without unreasonable difficulty. - Defaults and settings: test whether privacy, payment, subscription, recommendation, or communication defaults are very difficult to find or change. - Misleading controls: review button labels, disabled states, countdowns, scarcity messages, unavailable cheap offers, and similar-product redirects for deception or material distortion. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng?ref=sorena.io) - Recital 67 and Article 25 identify examples including non-neutral presentation, repeated pop-ups, harder cancellation, and difficult-to-change defaults. - [European Commission - Digital Services Act Questions and Answers](https://digital-strategy.ec.europa.eu/en/faqs/digital-services-act-questions-and-answers?ref=sorena.io) - Commission Q&A gives practical dark-pattern examples such as misleading buttons, difficult unsubscription, and unavailable cheaper products. ## Evidence And UX Review Controls Evidence should show what a user actually saw and how the design was assessed against Article 25. Keep enough detail for a reviewer to reconstruct the journey without relying on a product manager's memory or a later interface version. Do not rely on conversion metrics as proof that a design is acceptable. High completion, retention, or opt-in rates may be exactly why a choice-distorting pattern needs review. Pair analytics with qualitative walkthroughs, accessibility review, complaint signals, and evidence of alternative designs considered. - Maintain a journey inventory for decisions that affect money, data sharing, subscriptions, cancellation, visibility, recommendations, advertising settings, account status, or marketplace transactions. - Save dated screenshots or recordings for desktop, mobile, logged-in, logged-out, accessibility, and localised states before launch and after material changes. - Keep experiment briefs, variants, guardrails, stopping criteria, and reviewer notes for A/B tests that change prompts, defaults, ranking, cancellation, or purchase flows. - Document the Article 25 assessment for each risky journey: user decision, interface element, risk pattern, source basis, mitigation, approver, and release version. - Track complaint themes, support contacts, refund requests, cancellation failures, unsubscribe failures, and regulator or Digital Services Coordinator contacts that suggest users were misled or could not reverse a choice. - Require legal, product design, accessibility, data protection, and trust-and-safety review before shipping high-impact interface changes. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng?ref=sorena.io) - Article 25 grounds the need to review design, organisation, operation, and functionality of online platform interfaces. - [European Commission - Digital Services Act overview](https://digital-strategy.ec.europa.eu/en/policies/digital-services-act?ref=sorena.io) - Commission overview frames the DSA as giving users more control and choices when navigating online platforms and search engines. ## Adjacent DSA Checks That Often Surface In Dark-Pattern Reviews Article 25 is the core dark-pattern rule, but an interface review often touches other DSA controls. Keep those checks separate so the page does not overstate Article 25: ad transparency, recommender options, protection of minors, marketplace information, and VLOP or VLOSE systemic-risk duties each have their own DSA basis. For platforms accessible to minors, review persuasive or addictive design with additional care. Commission guidance on protection of minors recommends disabling by default features that contribute to excessive use and removing persuasive design features aimed predominantly at engagement, while noting that following the guidelines is voluntary and does not automatically guarantee compliance. - Ads: if the interface presents advertisements, test whether ads are clearly identifiable and whether targeting disclosures are directly and easily accessible. - Recommenders: if a recommender system is used, review whether users receive plain-language information about main parameters and available options to modify or influence them. - Minors: for platforms accessible to minors, test privacy, safety, security, excessive-use features, manipulative commercial practices, and age-assurance choices against Article 28 and Commission minors guidance. - VLOPs and VLOSEs: for designated services, connect dark-pattern findings to systemic-risk assessment, mitigation, audit, compliance-function, data-access, and non-profiling recommender-option work where those obligations apply. - Marketplaces: if the platform enables distance contracts with traders, check whether interface design enables trader information and product-safety information obligations rather than hiding or weakening them. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng?ref=sorena.io) - The DSA text separately covers online advertising, recommender transparency, protection of minors, marketplace interface duties, and VLOP/VLOSE obligations. - [European Commission - Guidelines on protection of minors under the DSA](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors?ref=sorena.io) - Commission minors guidance supports review of excessive-use, persuasive-design, manipulative commercial, and age-assurance controls for platforms accessible to minors. - [European Commission - DSA very large online platforms and search engines](https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops?ref=sorena.io) - Commission VLOP/VLOSE overview supports the limited point that designated services have additional risk, audit, recommender, advertising repository, and data-access duties. ## Release Checklist For DSA Dark-Pattern Review Use this checklist before approving a new or changed online platform journey. It is designed for product, legal, design, accessibility, trust-and-safety, data protection, and compliance reviewers who need a practical record tied to Article 25. The checklist should be repeated when the journey changes materially, when experiments alter choice architecture, when a new user segment or Member State language is added, or when complaints show that users may not understand or control the decision. - The reviewed service is classified, and Article 25 is applied only where the service is an online platform. - The user decision, affected interface screens, variants, defaults, and exit paths are identified. - The review checks the Article 25 examples: unequal prominence, repeated requests, harder termination, difficult choices, unreasonable purchase or sign-out friction, nudging in transactions, and hard-to-change defaults. - Adjacent checks are separated for GDPR, unfair commercial practices, ads, recommenders, minors, marketplace duties, and VLOP/VLOSE systemic-risk duties. - Evidence includes screenshots or recordings, experiment variants, analytics used, complaint signals, accessibility findings, localisation review, mitigation decisions, approvers, and release version. - A named owner can pause launch, change the interface, or require further testing when the design may deceive, manipulate, or materially impair free and informed decisions. Sources for this answer: - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng?ref=sorena.io) - Article 25 and recital 67 provide the checklist criteria for interface prominence, repeated requests, cancellation friction, defaults, and free informed decisions. - [European Commission - Digital Services Act Questions and Answers](https://digital-strategy.ec.europa.eu/en/faqs/digital-services-act-questions-and-answers?ref=sorena.io) - Commission Q&A supports practical examples such as tricking users to subscribe, hiding buttons, misleading controls, and difficult unsubscription. *Recommended next step* *Placement: before sources* ## Turn dark-pattern checks into a reusable UX review record Sorena can help product, legal, design, accessibility, and trust teams review online platform journeys against the cited DSA interface-design restrictions and keep evidence for future changes. - [Open Research Copilot for DSA interface questions](/solutions/research-copilot.md): Ask source-linked questions about Article 25, online platform scope, minors guidance, recommender controls, and VLOP/VLOSE obligations using the sources on this page. - [Talk through a UX review](/contact.md): Review a platform journey, experiment, cancellation flow, or minors-facing interface against the DSA dark-pattern controls on this page. ## Primary sources - [Regulation (EU) 2022/2065 (Digital Services Act)](https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng?ref=sorena.io) - Primary legal source for Article 25 online interface design restrictions, recital 67 examples, Article 26 advertising, Article 27 recommender systems, Article 28 minors, and VLOP/VLOSE provisions. - Quote: "make free and informed decisions" - [European Commission - Digital Services Act Questions and Answers](https://digital-strategy.ec.europa.eu/en/faqs/digital-services-act-questions-and-answers?ref=sorena.io) - Commission Q&A explains dark patterns in plain language and lists examples such as misleading buttons, difficult unsubscription, and unavailable cheaper offers. - Quote: "Dark patterns are a way of designing online platforms" - [European Commission - Digital Services Act overview](https://digital-strategy.ec.europa.eu/en/policies/digital-services-act?ref=sorena.io) - Commission overview supports the user-rights context for more control, more choices, ad transparency, dark-pattern prohibition, and safer platform design. - Quote: "Ban on dark patterns" - [European Commission - Guidelines on protection of minors under the DSA](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors?ref=sorena.io) - Commission minors guidance supports additional review of persuasive design, excessive-use features, manipulative commercial practices, and age assurance where platforms are accessible to minors. - Quote: "following these guidelines is voluntary" - [European Commission - DSA very large online platforms and search engines](https://digital-strategy.ec.europa.eu/en/policies/dsa-vlops?ref=sorena.io) - Commission VLOP/VLOSE overview supports the limited statement that designated services have additional duties on systemic risks, audits, recommender options, advertising repositories, and data access. - Quote: "over 45 million users in the EU" ## Related Topic Guides - [DSA Ads and Recommender Systems: transparency duties, user choice, and evidence](/artifacts/eu/digital-services-act/ads-and-recommender-systems.md): A grounded DSA guide to ad labels, targeting restrictions, recommender parameter disclosure, non-profiling options for VLOPs and VLOSEs, ad repositories, and compliance evidence. - [DSA Applicability Test: classify intermediary services, platforms, marketplaces, VLOPs and VLOSEs](/artifacts/eu/digital-services-act/applicability-test.md): A source-grounded EU Digital Services Act applicability test for classifying intermediary services, hosting services, online platforms, marketplaces, VLOPs and VLOSEs. - [DSA Article 28 minors protection guide for online platforms](/artifacts/eu/digital-services-act/minors-protection.md): EU Digital Services Act guide to Article 28 minors protection: platform scope, child-safety measures, targeted ads limits, recommender controls, and grounded evidence. - [DSA average monthly active recipients: what platforms must publish](/artifacts/eu/digital-services-act/faq/average-monthly-active-recipients.md): A grounded FAQ on average monthly active recipients under the EU Digital Services Act, including publication, EU recipient scope, the 45 million VLOP/VLOSE threshold, and evidence records. - [DSA Complaint and Dispute Workflows for Online Platforms](/artifacts/eu/digital-services-act/complaint-and-dispute-workflows.md): Build DSA complaint, appeal, statement-of-reasons, and out-of-court dispute workflows for online platform moderation decisions. - [DSA crisis response for VLOPs and VLOSEs](/artifacts/eu/digital-services-act/crisis-response.md): EU Digital Services Act crisis response guide for VLOPs and VLOSEs: Article 36 Commission decisions, Article 48 crisis protocols, mitigation, governance, requests for information, and records. - [DSA Enforcement and Penalties in the EU](/artifacts/eu/digital-services-act/enforcement-penalties-and-investigations.md): How Digital Services Act enforcement works: Commission and Digital Services Coordinator roles, VLOP and VLOSE investigations, fines, periodic penalty payments, and evidence readiness. - [DSA illegal content notices: what must be included?](/artifacts/eu/digital-services-act/faq/illegal-content-notice.md): A grounded FAQ on EU Digital Services Act illegal-content notices: Article 16 notice elements, acknowledgement, decision notices, trusted flagger priority, statements of reasons, and records. - [DSA Marketplace Trader Traceability FAQ](/artifacts/eu/digital-services-act/faq/marketplace-trader-traceability.md): Answer to what EU Digital Services Act Article 30 requires online marketplaces to collect, verify, display, retain, and evidence for trader traceability. - [DSA Marketplace Trader Traceability Guide](/artifacts/eu/digital-services-act/marketplace-trader-traceability.md): EU Digital Services Act guide for online marketplaces collecting, checking, displaying, storing, and evidencing trader traceability information. - [DSA notice and action plus statements of reasons guide](/artifacts/eu/digital-services-act/notice-and-action-plus-statements-of-reasons.md): A grounded Digital Services Act guide for notice intake, moderation decisions, statements of reasons, DSA Transparency Database submission, complaints, appeals, trusted flaggers, and records. - [DSA Notice and Action Workflow for Hosting Services and Online Platforms](/artifacts/eu/digital-services-act/notice-and-action-workflow.md): A grounded DSA notice-and-action workflow covering notice intake, completeness checks, trusted flaggers, decisions, user communications, statements of reasons, appeals, and records. - [DSA recommender transparency FAQ: Article 27 and VLOP options](/artifacts/eu/digital-services-act/faq/recommender-transparency.md): What EU Digital Services Act recommender transparency requires: main parameters, user options, VLOP/VLOSE non-profiling choices, and evidence to keep. - [DSA researcher data access for VLOPs and VLOSEs](/artifacts/eu/digital-services-act/researcher-data-access.md): Article 40 DSA guide to vetted researcher data access for VLOPs and VLOSEs: DSC requests, eligibility checks, amendment grounds, confidentiality, security, and evidence records. - [DSA service tier classifier for platforms, marketplaces, VLOPs and VLOSEs](/artifacts/eu/digital-services-act/service-tier-classifier-workflow.md): Classify a digital service under the EU Digital Services Act as intermediary, hosting, online platform, marketplace, VLOP or VLOSE, with EU recipient-count evidence and obligation outputs. - [DSA statement of reasons FAQ](/artifacts/eu/digital-services-act/faq/statement-of-reasons.md): When DSA statements of reasons are required, what they must contain, when online platforms submit them to the DSA Transparency Database, and what appeal records to keep. - [DSA statement of reasons log workflow for online platforms](/artifacts/eu/digital-services-act/statement-of-reasons-log-workflow.md): Build a DSA statement of reasons log for moderation decisions, Transparency Database submission, complaint links, retention, and QA controls. - [DSA transparency report template fields and cadence](/artifacts/eu/digital-services-act/dsa-transparency-report-template.md): A source-grounded template outline for Digital Services Act transparency reports, covering applicable service tiers, reporting periods, CSV/XLSX format, retention, statement-of-reasons links, and required evidence tables. - [DSA Transparency Reporting Obligations by Provider Tier](/artifacts/eu/digital-services-act/transparency-reporting.md): A grounded guide to EU Digital Services Act transparency reports, active-recipient publication, statements-of-reasons submissions, VLOP/VLOSE reports, templates, cadence, and evidence. - [DSA VLOP and VLOSE Risk Assessments and Mitigation Guide](/artifacts/eu/digital-services-act/risk-assessments-and-mitigation.md): Grounded guide to Digital Services Act systemic risk assessments, mitigation measures, audits, transparency reports, data access, and governance evidence for VLOPs and VLOSEs. - [DSA VLOP Audit Pack Workflow: Risk, Mitigation, Audit, and Transparency Records](/artifacts/eu/digital-services-act/vlop-audit-pack-workflow.md): Build a DSA VLOP or VLOSE audit pack covering Article 34 risk assessments, Article 35 mitigations, independent-audit evidence, transparency reports, data access, and compliance governance. - [DSA VLOP Risk Assessment FAQ: Article 34, Mitigation, Audits](/artifacts/eu/digital-services-act/faq/vlop-risk-assessment.md): What VLOPs and VLOSEs must assess under the EU Digital Services Act, when to reassess, how Article 35 mitigation and annual audit evidence fit together, and what records to keep. - [DSA vs DMA Platform Rules](/artifacts/eu/digital-services-act/dsa-vs-dma.md): Compare the EU Digital Services Act and Digital Markets Act by scope, designation thresholds, obligations, enforcement, evidence, and practical team ownership. - [DSA vs GDPR: online-platform governance and personal-data obligations](/artifacts/eu/digital-services-act/dsa-vs-gdpr.md): Compare the EU Digital Services Act and EU GDPR by scope, ads, recommenders, minors, transparency, complaints, enforcement, and evidence. - [DSA vs P2B Regulation: EU platform obligations compared](/artifacts/eu/digital-services-act/dsa-vs-p2b.md): Compare the EU Digital Services Act with the Platform-to-Business Regulation for platform scope, business-user terms, content moderation, ranking transparency, complaints, enforcement, and evidence. - [DSA vs Terrorist Content Online Regulation: notice-and-action vs removal orders](/artifacts/eu/digital-services-act/dsa-vs-terrorist-content-online-regulation.md): Compare DSA content-governance duties with the EU Terrorist Content Online Regulation removal-order workflow for scope, timing, evidence, authorities, and team ownership. - [EU Digital Services Act checklist for platforms and hosting services](/artifacts/eu/digital-services-act/checklist.md): A grounded DSA checklist for classifying service tiers, notice-and-action, statements of reasons, complaints, transparency reports, ads, recommenders, trader traceability, VLOP/VLOSE duties, and evidence records. - [EU Digital Services Act Compliance Guide](/artifacts/eu/digital-services-act/compliance.md): DSA compliance guide for intermediary services, hosting providers, online platforms, marketplaces, and VLOP/VLOSE teams: obligations, controls, and evidence to keep. - [EU Digital Services Act FAQ: DSA scope, platform duties, VLOPs, reports, and penalties](/artifacts/eu/digital-services-act/faq.md): Concise EU Digital Services Act FAQ covering intermediary-service scope, active-recipient thresholds, illegal-content notices, statements of reasons, trader traceability, recommender transparency, systemic-risk duties, reporting, penalties, and complaints. - [EU Digital Services Act penalties and fines: caps and enforcement roles](/artifacts/eu/digital-services-act/penalties-and-fines.md): DSA penalty caps and enforcement roles: Member State fines, Commission fines for VLOPs and VLOSEs, 1% procedural fines, and 5% periodic penalty payments. - [EU Digital Services Act requirements by service tier](/artifacts/eu/digital-services-act/requirements.md): Overview of DSA obligations for intermediary services, hosting providers, online platforms, marketplaces, VLOPs and VLOSEs, including notices, complaints, ads, transparency reports, audits, data access and enforcement. - [EU Digital Services Act service types and scope](/artifacts/eu/digital-services-act/service-types-and-scope.md): Classify DSA service scope across mere conduit, caching, hosting, online platforms, marketplaces, online search engines, and VLOP/VLOSE threshold duties. - [EU DSA deadlines and compliance calendar: application dates, reporting cycles, and VLOP clocks](/artifacts/eu/digital-services-act/deadlines-and-compliance-calendar.md): Calendar view of grounded EU Digital Services Act dates: full application, user-number publication, VLOP/VLOSE designation clocks, statements of reasons, and transparency reporting cycles. - [EU DSA Transparency Calendar: reporting, SoR database, AMAR updates](/artifacts/eu/digital-services-act/transparency-calendar.md): Build a DSA transparency calendar for annual reports, statement-of-reasons database submissions, active-recipient updates, and VLOP/VLOSE audit touchpoints. - [EU DSA vs UK Online Safety Act: scope, duties, regulator, and evidence](/artifacts/eu/digital-services-act/dsa-vs-uk-online-safety-act.md): Compare the EU Digital Services Act and UK Online Safety Act for platform scope, risk assessments, child protection, transparency, regulators, enforcement, and owners. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/digital-services-act/dark-patterns