The Central Consumer Protection Authority (CCPA) has imposed penalties on PhysicsWallah and McAfee Software India Pvt Ltd for allegedly using dark patterns on their digital platforms. The regulator said these practices misled consumers and unfairly influenced their purchasing decisions
The Central Consumer Protection Authority (CCPA) has levied penalties on the education technology platform PhysicsWallah and the cybersecurity company McAfee Software India Pvt Ltd for allegedly using dark patterns on their digital platforms.
The CCPA said these practices misled consumers and influenced their purchasing decisions.
The consumer watchdog, led by Chief Commissioner Nidhi Khare and Commissioner Anupam Mishra, imposed a Rs.5 lakh penalty on PhysicsWallah and Rs.1 lakh on McAfee. Both firms were also instructed to stop the identified practices and ensure that consumers can make choices based on clear information, without manipulation or undue pressure.
The CCPA’s action was taken under the Consumer Protection Act, 2019, the Consumer Protection (E-Commerce) Rules, 2020, and the Guidelines for Prevention and Regulation of Dark Patterns, 2023.
According to the CCPA, the scrutiny of PhysicsWallah began after the authority took suo motu notice of certain practices on the platform.
The regulator found that during checkout, a Rs.10 donation to the PW Foundation was automatically selected and added to the total amount payable without obtaining consumers’ explicit consent. It also noted that users were shown emotionally charged messages tied to children’s education, healthcare, and marriages encouraging them to keep the pre-selected donation option.
In addition, the authority observed that courses advertised as free could only be accessed after users provided personal details such as their mobile number and email address.
However, the CCPA’s review concluded that the course content available through these free courses was the same across different user accounts, suggesting that collecting personal information was not necessary to access the material.
The CCPA identified several dark patterns on PhysicsWallah’s platform, including basket sneaking (automatic inclusion of donations), confirm shaming (discouraging users from deselecting options), and forced action (requiring personal information before granting access to free content).
The regulator said consumer consent cannot be assumed through pre-selected options and must be obtained through clear, affirmative action. It further stated that describing courses as free without adequately disclosing mandatory registration and data-sharing requirements amounted to a misleading practice.
The CCPA concluded that these conduct impaired consumers’ ability to make free and informed choices and amounted to unfair trade practices under consumer protection laws. It also raised concerns that a large share of PhysicsWallah’s users are students, including minors, making the alleged practices especially harmful from a consumer protection standpoint.
McAfee Software India Pvt Ltd was penalised separately for its subscription renewal process, which the regulator said did not give consumers a neutral option regarding whether to continue their subscriptions. The CCPA noted that consumers were shown two prominent choices ‘Renew Now’ and ‘Accept Risk’ which effectively framed non-renewal as a risky decision.
The authority observed that the wording ‘Accept Risk’ implied that choosing not to renew would expose consumers to cybersecurity threats, a claim the company could not guarantee or substantiate. The CCPA also found that the renewal interface created pressure to keep paying for subscriptions, identifying multiple dark patterns in the process, including confirm shaming, interface interference, trick question, and forced action.
The CCPA stated that subscription choices should be voluntary and free from fear-based messaging or manipulative design. It determined that McAfee’s renewal interface used deceptive practices that could influence consumer decisions and therefore constituted an unfair trade practice.
The authority directed McAfee to remove such practices from its website, applications, and other digital interfaces and to ensure compliance with consumer protection rules.
The latest enforcement action is part of the CCPA’s wider drive against dark patterns in the digital marketplace. The Guidelines for Prevention and Regulation of Dark Patterns, 2023, notified in November 2023, list 13 categories of dark patterns considered unfair trade practices, including basket sneaking, confirm shaming, forced action, interface interference, and trick questions.
To improve compliance, the regulator also issued an advisory in June 2025 instructing e-commerce companies and digital platforms to conduct self-audits and remove manipulative design practices from their interfaces. The CCPA said the intent of these steps is to enhance transparency in digital transactions and protect consumers from deceptive online conduct that can distort purchasing decisions.