In recent years, the digital transformation has progressed at such a rapid pace that consumers are no longer adequately protected under current EU consumer law. This was concluded by the ‘Digital Fairness Fitness Check’ of the European Commission, which was published in October 2024. The review examined the Unfair Commercial Practices Directive (UCPD), the Consumer Rights Directive (CRD) and the Unfair Contract Terms Directive (UCTD). These core EU consumer laws remain relevant, but do not address the issues that consumers are increasingly encountering online, such as deceptive or addictive interface design, personalised practices that exploit vulnerabilities, difficulties with the cancellation and renewal of digital subscriptions, and situations in which users are driven to accept unfair contract terms.
Following this Fitness Check, the European Commission announced a legislative initiative called the Digital Fairness Act (DFA). Targeting the dark side of digital consumer engagement, the DFA is aimed at updating consumer protection rules in this context. The formal proposal of the DFA is expected by the fourth quarter of 2026 and will make clear whether it may involve a stand-alone regulation, amendments to existing directives or a combination of both.
Key issues that will be addressed
The DFA will function alongside existing frameworks such as the three core EU directives on consumer law, the Digital Services Act (DSA) and the Digital Markets Act (DMA) and the GDPR. Whereas the DSA regulates online intermediaries and platforms, including rules on content moderation, and the DMA imposes competition-style obligations on gatekeeper platforms, the DFA is squarely about online consumer-facing commercial practices. It will specifically target the following key issues addressed by the European Commission:
- Dark patterns and manipulative interfaces
“Dark patterns" are interface choices that manipulate consumers into making decisions they would otherwise not make. Examples include pre-ticked boxes, deceptive cookie banner designs and fake scarcity claims (“only one left at this price!”). While unfair commercial practices are generally prohibited under the UCPD and Article 25 of the DSA contains a targeted ban on certain dark patterns, the DFA is expected to further clarify and reinforce rules against such design tricks.
The DFA will probably introduce clearer standards for features deliberately engineered to maximise time and money spent by users, such as autoplay, push notifications and “daily streaks” that penalise taking a break. Addictive designs will in particular create risks for vulnerable consumers, including children.
- Unfair personalisation and profiling
Unfair personalisation practices include personalised advertising and search results, which are directed at individuals based on profiling of their behaviour, preferences and characteristics, and dynamic pricing. As the GDPR already contains strict conditions regarding profiling, the DFA will need to fit alongside. Rather than revisiting EU data protection law, the concern is to define the consumer-law threshold: when does profiling-driven influence over consumer choices cross the line into unfair commercial practice, regardless of whether the data processing itself is lawful from a pure privacy perspective?
- Misleading influencer marketing
Social media influencers often provide insufficient transparency around paid partnerships and commercial communications. Moreover, it is problematic that consumers, especially children, are targeted with harmful or unhealthy products. The DFA is expected to codify stricter disclosure standards and possibly introduce harm-based restrictions on the types of products that can be promoted to minors.
- Digital contracts, subscriptions and cancellation traps
The DFA will address subscription services that are very easy to sign up for and deliberately complicated to cancel, including automatic renewals and free trials that silently convert into paid subscriptions. The European Commission is considering simplification and symmetry rules here: requiring clear disclosure of subscription terms, mandating simple cancellation mechanisms ("cancel as easily as you subscribed"), and restricting certain upselling practices.
Scope of the DFA
Who will exactly fall within the scope of the DFA will only be clear once the proposal is published, but it is expected that the legislation will apply broadly to:
- any traders offering digital services or goods to consumers in the EU, regardless of where the company is established;
- online platforms and marketplaces and social media services that intermediate between traders and consumers;
- app and game developers and publishers;
- influencers and content creators, to the extent they engage in commercial communications;
- subscription based digital services, such as streaming platforms, cloud services, SaaS providers and news subscription services.
Companies should not assume that their size as small or medium provides an exemption, as consumer law in the EU is generally horizontal. However, the European Commission has emphasised that it does not want to add layers of overlapping obligations, but that simplified, clear rules that reduce compliance complexity for companies are preferable.
Conclusion
While the final shape of the DFA remains uncertain and the legislation may still be several years from entering into force, the direction of travel is clear. The European Commission has signalled that the rules governing digital consumer engagement are going to become substantially more demanding. Platforms, advertisers, marketers and subscription businesses can already take some steps to prepare. Companies should begin assessing their current practices by reviewing their use of dark patterns, personalisation and profiling techniques, subscription models and influencer partnerships in the light of the key issues addressed by the European Commission. In addition, companies can evaluate their compliance frameworks and assess how the DFA relates to existing compliance programmes for the GDPR, DSA and DMA. Keeping a close eye on the legislative process and any further developments will be essential.
The Digital Fairness Act is not merely another regulatory checkbox. It reflects a fundamental shift in how the EU expects digital businesses to treat consumers — and for companies operating in the digital space, the question is no longer whether the rules will change, but whether they will be ready when they do.
Do you have any questions about this topic, or could you use help in preparing your organisation for the arrival of the DFA? Please get in touch with one or our specialists.
In recent years, the digital transformation has progressed at such a rapid pace that consumers are no longer adequately protected under current EU consumer law. This was concluded by the ‘Digital Fairness Fitness Check’ of the European Commission, which was published in October 2024. The review examined the Unfair Commercial Practices Directive (UCPD), the Consumer Rights Directive (CRD) and the Unfair Contract Terms Directive (UCTD). These core EU consumer laws remain relevant, but do not address the issues that consumers are increasingly encountering online, such as deceptive or addictive interface design, personalised practices that exploit vulnerabilities, difficulties with the cancellation and renewal of digital subscriptions, and situations in which users are driven to accept unfair contract terms.
Following this Fitness Check, the European Commission announced a legislative initiative called the Digital Fairness Act (DFA). Targeting the dark side of digital consumer engagement, the DFA is aimed at updating consumer protection rules in this context. The formal proposal of the DFA is expected by the fourth quarter of 2026 and will make clear whether it may involve a stand-alone regulation, amendments to existing directives or a combination of both.
Key issues that will be addressed
The DFA will function alongside existing frameworks such as the three core EU directives on consumer law, the Digital Services Act (DSA) and the Digital Markets Act (DMA) and the GDPR. Whereas the DSA regulates online intermediaries and platforms, including rules on content moderation, and the DMA imposes competition-style obligations on gatekeeper platforms, the DFA is squarely about online consumer-facing commercial practices. It will specifically target the following key issues addressed by the European Commission:
- Dark patterns and manipulative interfaces
“Dark patterns" are interface choices that manipulate consumers into making decisions they would otherwise not make. Examples include pre-ticked boxes, deceptive cookie banner designs and fake scarcity claims (“only one left at this price!”). While unfair commercial practices are generally prohibited under the UCPD and Article 25 of the DSA contains a targeted ban on certain dark patterns, the DFA is expected to further clarify and reinforce rules against such design tricks.
The DFA will probably introduce clearer standards for features deliberately engineered to maximise time and money spent by users, such as autoplay, push notifications and “daily streaks” that penalise taking a break. Addictive designs will in particular create risks for vulnerable consumers, including children.
- Unfair personalisation and profiling
Unfair personalisation practices include personalised advertising and search results, which are directed at individuals based on profiling of their behaviour, preferences and characteristics, and dynamic pricing. As the GDPR already contains strict conditions regarding profiling, the DFA will need to fit alongside. Rather than revisiting EU data protection law, the concern is to define the consumer-law threshold: when does profiling-driven influence over consumer choices cross the line into unfair commercial practice, regardless of whether the data processing itself is lawful from a pure privacy perspective?
- Misleading influencer marketing
Social media influencers often provide insufficient transparency around paid partnerships and commercial communications. Moreover, it is problematic that consumers, especially children, are targeted with harmful or unhealthy products. The DFA is expected to codify stricter disclosure standards and possibly introduce harm-based restrictions on the types of products that can be promoted to minors.
- Digital contracts, subscriptions and cancellation traps
The DFA will address subscription services that are very easy to sign up for and deliberately complicated to cancel, including automatic renewals and free trials that silently convert into paid subscriptions. The European Commission is considering simplification and symmetry rules here: requiring clear disclosure of subscription terms, mandating simple cancellation mechanisms ("cancel as easily as you subscribed"), and restricting certain upselling practices.
Scope of the DFA
Who will exactly fall within the scope of the DFA will only be clear once the proposal is published, but it is expected that the legislation will apply broadly to:
- any traders offering digital services or goods to consumers in the EU, regardless of where the company is established;
- online platforms and marketplaces and social media services that intermediate between traders and consumers;
- app and game developers and publishers;
- influencers and content creators, to the extent they engage in commercial communications;
- subscription based digital services, such as streaming platforms, cloud services, SaaS providers and news subscription services.
Companies should not assume that their size as small or medium provides an exemption, as consumer law in the EU is generally horizontal. However, the European Commission has emphasised that it does not want to add layers of overlapping obligations, but that simplified, clear rules that reduce compliance complexity for companies are preferable.
Conclusion
While the final shape of the DFA remains uncertain and the legislation may still be several years from entering into force, the direction of travel is clear. The European Commission has signalled that the rules governing digital consumer engagement are going to become substantially more demanding. Platforms, advertisers, marketers and subscription businesses can already take some steps to prepare. Companies should begin assessing their current practices by reviewing their use of dark patterns, personalisation and profiling techniques, subscription models and influencer partnerships in the light of the key issues addressed by the European Commission. In addition, companies can evaluate their compliance frameworks and assess how the DFA relates to existing compliance programmes for the GDPR, DSA and DMA. Keeping a close eye on the legislative process and any further developments will be essential.
The Digital Fairness Act is not merely another regulatory checkbox. It reflects a fundamental shift in how the EU expects digital businesses to treat consumers — and for companies operating in the digital space, the question is no longer whether the rules will change, but whether they will be ready when they do.
Do you have any questions about this topic, or could you use help in preparing your organisation for the arrival of the DFA? Please get in touch with one or our specialists.