- within Consumer Protection topic(s)
- with readers working within the Transport industries
- within Transport topic(s)
Background: A New Era of Digital Fairness
European Commission President Ursula von der Leyen has tasked Commissioner McGrath with preparing the Digital Fairness Act (DFA) to tackle manipulative digital practices — dark patterns, addictive design, influencer marketing, and profiling that exploits consumer vulnerabilities. Such practices have been witnessed across a wide range of sectors, from social media, and e-commerce to gaming environments, where monetisation models and user engagement design have become key regulatory flashpoints.
The DFA emerges at a time when the digital and data regulatory environment is increasingly complex and burdensome particularly for small and medium-sized businesses. While the Digital Services Act (DSA), Digital Markets Act (DMA), Data Act, Artificial Intelligence Act (AI Act), and the Directive empowering consumers for the green transition (EmpCo Directive) already tackle aspects of digital fairness, their mandates are fragmented. Alongside the review of the Consumer Agenda 2025 – 30, the DFA aims to bring clarity and coherence to the EU's digital regulatory landscape, close gaps, and harmonise protections across sectors — from online shopping and streaming to interactive entertainment.
The DFA also arrives at a time when several companies are subject to parallel investigations by different authorities, which underscores the complexity of an already crowded framework. For example, Meta's pay-or-consent business model has triggered parallel discussions among competent authorities centered around consumer law concerns, data protection, and digital laws. Enforcement activity includes complaints filed by the Bureau Européen des Unions de Consommateurs (BEUC)'s,1 DSA information requests, DMA proceedings, and coordinated Consumer Protection Cooperation (CPC) Network action.2 Temu has also been subject to the Commission's enforcement under the DSA, and the BEUC filed complaints against Temu under the DSA framework for failing to protect consumers, invoking several issues such as dark patterns, lack of clear information to consumers about sellers, and circulation of unsafe products. Consumer protection authorities in several member states (Hungary, Ireland, Poland, Germany, and Italy) have launched simultaneous consumer law actions against the e-commerce giant.
The hope of many is that the consolidation of consumer protection rules will bring clarity and reduce the need for multiple overlapping investigations. Others are skeptical, arguing that the DFA risks duplicating existing regulations rather than streamlining enforcement.3
Timeline
| Date/Period | Event | Description |
| 17 July 2025 – 24 October 2025 | Public consultation period | Businesses, consumer groups, and stakeholders have the opportunity to provide input to shape the rules |
| Q1 2026 | Final impact assessment and consultation summary | Commission publishes a summary report of the public consultation and impact assessment |
| Q3/Q4 2026 | Draft legislative proposal | Expected release of the DFA draft |
| 2026 – 27 | EU legislative process | Parliament and Council debate, amend, and adopt legislation; entry into force could follow by late 2027 |
Limitations and Gaps in Current EU Digital Legislation
Despite their broad ambitions, the DSA, DMA, Data Act, and AI Act are all narrow by design, focusing on specific technologies, actors, or market segments.
For instance, the AI Act covers only a small subset of consumer-facing technologies: Tools such as chatbots and customer service assistants face minimal obligations unless they engage in explicitly manipulative practices. Even emotion recognition AI, which raises ethical and scientific concerns, is considered high risk but remains permissible, leaving significant gaps in safeguards for consumers.
The DSA, for its part, covers "intermediary services" and "platforms" while the DMA applies to the "core platform services" gatekeepers provide. Other widely used digital services (e.g., video games, dating apps, health and fitness apps, streaming, Internet of Things apps, and news sites with comment sections) are largely outside of its scope. Meanwhile, core consumer protection areas — including advertising standards, price transparency, contract fairness, and remedies — remain governed by EU consumer law and national civil laws rather than the new digital legislation.
The fragmented framework means that while the existing digital framework addresses certain high-profile risk scenarios, many everyday interactions — such as those involving interactive entertainment and in-game monetisation systems — still fall between the cracks. Several stakeholders also argue that certain core obligations such as bans on targeted ads to minors and overall protection of vulnerable users should apply more broadly across EU consumer law. Others identify a need to remedy the lack of consistent oversight over algorithmic transparency and recommender systems, which currently operate with somewhat limited accountability despite their significant influence on user behavior.
How the DFA Fits in
The DFA is not intended to replace existing legislation; rather, it will serve as a horizontal, harmonising framework, filling gaps across EU digital and consumer law. It will complement current rules to create a coherent approach to fairness across all online sectors.
For example, the EmpCo Directive targets the substance of environmental claims, prohibiting vague or unsubstantiated green statements. The DFA will support the EmpCo Directive's objectives by regulating the presentation methods of such claims — tackling manipulative design techniques (e.g., default "green" options or dark patterns around eco labels in marketplaces).
Similarly, the Data Act governs access to and sharing of data generated by connected products and services, aiming to stimulate innovation and interoperability. However, it primarily focuses on commercial and B2B contexts, leaving gaps in consumer-facing practices. The DFA will bridge those gaps by ensuring data-driven consumer interactions — such as algorithmic recommendations, dynamic pricing, or automated opt ins — are conducted fairly and transparently. It will reinforce consumer rights to understandable, nonmanipulative, and equitable treatment in digital environments.
The DFA will also extend fairness obligations to sectors such as gaming, ensuring transparency and antimanipulation rules under the DSA apply not only to large platforms but also to smaller players. DMA principles will be broadened beyond gatekeepers to include smaller market participants.
In terms of substantive obligations, the DFA will clarify and consolidate existing laws. For instance, dark patterns are currently addressed across multiple legislative acts, but they are described using varied terminology (e.g., "coerce," "deceive," "manipulate," "subvert," "materially distort"). The linguistic variations have led to some confusion and risks of parallel enforcement under, for example, Article 25 of the DSA and the Unfair Commercial Practices Directive (UCPD).4 Gaming companies, for example, face uncertainty around design practices such as loot boxes and in-game nudges, which may fall under multiple (sometimes conflicting) definitions of manipulation. Similarly, e-commerce platforms struggle with diverging interpretations of what constitutes misleading default settings or consent flows, making it difficult to design interfaces that are both user-friendly and legally compliant across jurisdictions. Even app stores and subscription-based services face ambiguity around renewal flows and cancellation friction,5 where practices intended to retain users may be construed as manipulative under one regime (e.g., DSA, Article 25 or GDPR Article 7) but permissible under another (e.g., UCPD, Recital 18 & Article 5).
DFA's Key Focus Areas
| Focus Area | Description | Current Regulatory Gap |
| Dark Patterns | Misleading interfaces that pressure users into decisions | Partially addressed under the DSA (Article 25); gaps remain for nonplatform services |
| Addictive Design | Features engineered to maximise time, attention, or spending, especially for children | Addressed under the DSA to some extent through provisions protecting minors or vulnerable groups (Articles 14, 28, and 34); age verification, however, is now a broader concern |
| Unfair Personalisation Practices | Profiling-driven advertising, recommendations, or dynamic pricing that exploit vulnerabilities | Fragmented coverage under DSA (Articles 26, 27, and 28), DMA (Article 15), Data Act (Article 6.2.b) and AI Act (Article 5); many B2C interactions are unregulated |
| Misleading Marketing by Influencers | False or exaggerated endorsements, especially in health and finance | Fake likes or followers addressed by the UCPD (point 22 of Annex I), but enforcement is uneven |
| Price Manipulation | Final price differs from advertised price during purchase | Limited coverage; mainly handled by general consumer law |
| Digital Contracts | Hidden renewal clauses, difficult cancellations, automatic subscriptions, or unexpected price hikes | Regulated by general consumer law; gaps remain under digital acts |
Conclusion and DFA Preparedness
The DFA is set to become a cornerstone of EU consumer protection in the digital era. Unlike existing regimes that are fragmented by scope, type of technology, and/or market power thresholds, the DFA aims to operate as a horizontal framework, aligning substantive consumer protections with the realities of today's online environments.
Regardless of your sector, now is the time to take proactive steps in anticipation of the DFA.
First, conduct a comprehensive design audit — review user interfaces for potentially manipulative or addictive elements; ensure personalisation logic is clearly disclosed; avoid default opt ins such as preticked boxes; and assess age-gated content, consent flows, and monetisation strategies. Pay particular attention to pricing transparency and the simplicity of purchase and cancellation processes, which are likely to face heightened scrutiny under emerging fairness standards.
Second, prepare for regulatory harmonisation by aligning practices across member states and reducing reliance on jurisdiction-specific interpretations, thereby minimising compliance risks in a more unified enforcement landscape.
Footnotes
1 Under consumer law (30 November 2023) and the General Data
Protection Regulation (GDPR) (29 February 2024).
2 The CPC network launched a coordinated action against Meta on 22 July 2024 on the basis of potential breaches of the Unfair Commercial Practices Directive (Directive 2005/29/EC) and Unfair Contract Terms Directive (Directive 93/13/EEC).
3 See, "Digital Fairness Act: do we need new laws or simply better enforcement?," DigitalEurope, 17 October 2025.
4 Article 25 of the DSA prohibits online platforms from deploying dark patterns but excludes practices "covered by" the UCPD and GDPR.
5 I.e., the difficulty users encounter when trying to cancel subscription.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
