Can individual employees be fined for dark patterns in Australia?

Yes. Under ACL accessorial liability provisions, any individual who was "knowingly concerned in" a contravention can face personal penalties of up to $2.5 million. This includes directors, product managers, UX designers, and marketing managers who designed, approved, or implemented the dark pattern.

Do Australian dark pattern laws apply to overseas companies?

Yes. The ACL applies to conduct in trade or commerce that affects Australian consumers, regardless of where the company is incorporated. The ACCC has filed proceedings against US-based companies including JustAnswer and global companies including Microsoft for dark patterns targeting Australian consumers.

Can dark patterns trigger disability discrimination claims in Australia?

Yes. Dark patterns that rely on visual hierarchy, colour contrast, or complex navigation disproportionately affect users with disabilities. Under the Disability Discrimination Act 1992, websites are "services" that must be accessible. A dark pattern that is difficult for able-bodied users may be impossible for users with disabilities, creating discrimination risk.

What regulators enforce dark pattern laws in Australia?

Multiple regulators have jurisdiction. The ACCC enforces the ACL at the federal level. State fair trading bodies (NSW Fair Trading, Consumer Affairs Victoria, etc.) can independently enforce the ACL. The OAIC enforces the Privacy Act for consent-related dark patterns. ASIC enforces financial services regulation for insurance and warranty dark patterns.

16 Dark Pattern Compliance Facts Australian Businesses Miss

Most Australian businesses know dark patterns are “a thing.” Fewer know that the legal framework is already in place to penalise them — and almost none understand the full scope of their exposure.

Here are 16 facts about dark pattern compliance in Australia that compliance teams, founders, and product managers routinely miss. Each one represents a real enforcement risk that most businesses aren't checking for.

1. Section 48 of the ACL Already Bans Drip Pricing — Since 2011

Most commentary about drip pricing focuses on the upcoming Unfair Trading Practices Bill. But section 48 of the Australian Consumer Law has required single-price disclosure for goods and services since 2011. If a price is displayed in connection with a supply of goods or services, any component that is quantifiable at that time must be included in the displayed price.

This means every mandatory booking fee, processing fee, or service charge that only appears at checkout has been technically non-compliant for over a decade. The ACCC has recently increased enforcement, as the Dendy Cinemas infringement notice demonstrates.

Why this matters: You don't need to wait for new legislation to be prosecuted for drip pricing. The legal basis already exists. What's changing is the ACCC's willingness to enforce it — and the severity of penalties when it does.

2. Directors Can Be Held Personally Liable — Including Bankruptcy

Under section 224 of the ACL, individuals who are “knowingly concerned in” or who “aided, abetted, counselled or procured” a contravention can be held personally liable. This includes company directors and officers.

Personal penalties for individuals can reach $2.5 million per contravention. The ACCC can also seek disqualification orders preventing individuals from managing corporations. And unlike corporate penalties, personal liability survives corporate insolvency — a director can face personal bankruptcy from ACL contraventions even if the company is wound up.

Why this matters: Dark pattern compliance is not just a corporate risk. If you're a director who knows about dark patterns on your website and doesn't act, your personal assets are on the line.

3. Your UX Designer Can Be Personally Fined (Accessorial Liability)

Accessorial liability under the ACL extends to anyone who was “knowingly concerned in” a contravention. This can include the UX designer who implemented the dark pattern, the product manager who specified it, and the marketing manager who approved the copy.

The ACCC v Kogan.com case established that individuals within a company can be personally liable for misleading conduct they designed or approved — not just directors. The test is whether the individual had knowledge of the essential facts that made the conduct a contravention.

Why this matters: If your UX team is implementing confirm-shaming copy, misleading visual hierarchies, or obstructive cancellation flows, those individuals have personal legal exposure. This isn't theoretical — the ACCC routinely names individuals in its proceedings.

4. Unfair Contract Term Penalties Went From $0 to $50M in November 2023

Before 9 November 2023, unfair contract terms under the ACL carried no financial penalty. If a court found a term unfair, it was simply declared void. The business faced no fine, no deterrent — just an order to stop using that specific term.

The Treasury Laws Amendment (More Competition, Better Prices) Act 2022 changed this fundamentally. From November 2023, using an unfair contract term attracts the same penalties as other ACL contraventions: up to $50 million, three times the benefit, or 10% of turnover.

Many subscription dark patterns — auto-renewal clauses, difficult cancellation terms, unilateral price change provisions — are also potentially unfair contract terms. This means they now carry double enforcement exposure: under the misleading conduct provisions and the UCT regime.

Why this matters: If your subscription terms include clauses that create significant imbalance, aren't reasonably necessary, and would cause detriment to the consumer, they're now $50M penalties — not just voidable terms. Review your terms of service alongside your UX. For more on this, see our subscription trap compliance guide.

5. The ACCC Runs Active Website Sweeps — Your Site May Already Be Flagged

The ACCC doesn't wait for complaints. It conducts proactive compliance sweeps across entire industry sectors, using both manual review and automated scanning tools to identify potentially non-compliant websites.

In 2024, the ACCC conducted sweeps specifically targeting subscription practices and drip pricing in the following sectors: online retail, travel and accommodation, entertainment and ticketing, and software/SaaS. The results directly informed several of the enforcement actions in our enforcement roundup.

The ACCC has also partnered with the International Consumer Protection and Enforcement Network (ICPEN) for coordinated global sweeps of dark patterns in online marketplaces.

Why this matters: Even if no consumer has complained about your website, the ACCC may have already reviewed it. Proactive compliance is not just good practice — it's a hedge against enforcement action that may already be in progress.

6. The Privacy Act Creates a Second Enforcement Front

Dark patterns in consent mechanisms — cookie banners, data collection opt-ins, privacy settings — don't just trigger ACL risk. They also create exposure under the Privacy Act 1988, which is undergoing its own major reform process.

The proposed Privacy Act amendments include a statutory tort for serious privacy breaches, stronger consent requirements, and the concept of “fair and reasonable” data handling. A cookie consent banner that uses dark patterns to steer users toward “Accept All” could simultaneously breach the ACL (misleading conduct) and the Privacy Act (invalid consent).

The Office of the Australian Information Commissioner (OAIC) has flagged dark patterns in consent mechanisms as a priority issue. The maximum penalty under the Privacy Act is already $50 million for serious or repeated interferences with privacy.

Why this matters: Your privacy consent UX is now a dual-risk area. A manipulative cookie banner could attract enforcement from both the ACCC and the OAIC — two separate regulators, two separate penalty regimes, arising from the same design choice.

7. The UTP Bill Introduces Two Entirely New Legal Concepts

The Unfair Trading Practices Bill doesn't just increase penalties for existing offences. It creates two new legal concepts that have no direct precedent in Australian law:

Unreasonable manipulation: Conduct that manipulates a consumer's decision-making process through techniques that exploit cognitive biases, emotional responses, or information asymmetries.
Unreasonable distortion: Conduct that distorts the environment in which a consumer makes a decision — the interface, the information architecture, the visual hierarchy — in a way that impairs autonomous choice.

These concepts go beyond the current s18 “misleading or deceptive” test. Under s18, the question is whether the conduct creates a false impression. Under the new provisions, the question is whether the conduct manipulates the decision-making process itself — even if the consumer isn't technically “misled” about any specific fact.

Why this matters: Dark patterns that currently survive an s18 analysis — because no specific factual misrepresentation exists — will be caught by the new provisions. Confirm-shaming, false hierarchy, and nagging are the categories most affected.

8. Foreign Companies Are Not Immune

The ACL applies to conduct that occurs in trade or commerce within Australia, or that affects Australian consumers. A company doesn't need an Australian office, Australian incorporation, or an .com.au domain to be subject to ACCC enforcement.

The JustAnswer case demonstrates this directly — JustAnswer is a US-based company with no Australian operations. The ACCC filed Federal Court proceedings regardless. Similarly, the Microsoft case targets the global company's conduct toward Australian subscribers.

Why this matters: If your website targets Australian consumers — through .com.au domains, AUD pricing, Australian shipping options, or Australian-specific marketing — you're subject to the ACL regardless of where your company is incorporated.

9. Publication Orders Force Public Admission on Your Own Website

One of the most underappreciated enforcement tools in the ACCC's arsenal is the publication order under section 246 of the ACL. This allows a court to order a business to publish, at its own expense, a notice admitting to the contravention — on its own website, in industry publications, and in national media.

The reputational damage from a publication order often exceeds the financial penalty. Imagine being required to display a notice on your homepage for 12 months stating that your website used dark patterns to mislead consumers. For brand-dependent businesses, this is devastating.

Why this matters: The penalty isn't just the fine. The ACCC increasingly seeks publication orders as part of its enforcement strategy, specifically because they cause reputational consequences that deter future non-compliance.

10. Infringement Notices Need No Court — The ACCC Acts Unilaterally

For certain ACL contraventions, the ACCC can issue infringement notices without going to court. These are administrative penalties — typically $19,800 for a listed corporation — that can be issued directly by the ACCC based on its own assessment.

The Dendy Cinemas and Dreamscape/Crazy Domains cases were resolved through infringement notices. The amounts are modest, but the process is fast, low-cost for the ACCC, and creates a compliance record that increases penalties for future contraventions.

Why this matters: The ACCC doesn't need to go to Federal Court to start penalising you. Infringement notices are the opening move — and they establish a pattern that justifies court proceedings if the behaviour continues.

11. State Consumer Protection Regulators Are Also Active

The ACCC isn't the only regulator enforcing against dark patterns. Each state and territory has its own fair trading body that can enforce the ACL within its jurisdiction:

NSW Fair Trading — actively investigating subscription practices
Consumer Affairs Victoria — focused on drip pricing in events and hospitality
Queensland Office of Fair Trading — targeting misleading online representations
WA Consumer Protection — conducting sector-wide compliance reviews

These regulators can bring proceedings under the ACL independently of the ACCC. A business could face simultaneous enforcement from the ACCC and one or more state regulators for the same dark pattern.

Why this matters: Focusing only on ACCC risk underestimates your total enforcement exposure. State regulators are increasingly sophisticated and resourced, and they often target smaller businesses that the ACCC deprioritises.

12. Systems Unconscionability Captures Your Entire Checkout Flow

Section 21 of the ACL prohibits unconscionable conduct in connection with the supply of goods or services. Critically, the courts apply a systems unconscionability doctrine — they assess the design of the system as a whole, not just individual interactions.

This means a checkout flow where each individual step might be defensible in isolation can still be unconscionable when considered as a system. A pre-checked add-on, a hidden fee, a misleading visual hierarchy, and a difficult cancellation process might each survive individual scrutiny — but together, they create a system designed to extract maximum revenue through manipulation.

The ACCC v Quantum Housing case established that systems unconscionability looks at the totality of the business's conduct toward consumers — the design, the process, and the cumulative effect.

Why this matters: You can't defend dark patterns by arguing each element is individually compliant. Courts look at the system. If your overall user experience is designed to manipulate, the individual elements don't need to be individually misleading for the system to be unconscionable.

13. Extended Warranty Add-ons Create Triple Liability

Extended warranty and protection plan add-ons are one of the most common checkout dark patterns — pre-selected, visually prominent, and presented in a way that implies the standard product is inadequate without additional coverage.

Under Australian law, these add-ons create triple liability:

ACL s18/s29: If the presentation implies the consumer needs the warranty when consumer guarantees under Part 3-2 of the ACL already provide substantial protection, that's a misleading representation.
ACL s29(1)(m): Specific prohibition on misleading representations about the existence or effect of consumer guarantee rights.
Insurance regulation: If the “warranty” is actually an insurance product, selling it without an Australian Financial Services Licence triggers Corporations Act contraventions enforced by ASIC.

Why this matters: Extended warranty dark patterns don't just risk ACCC enforcement — they can trigger ASIC enforcement for unlicensed financial services. Two regulators, two penalty regimes, from one pre-checked checkbox.

14. Dark Patterns Can Trigger Disability Discrimination Claims

Dark patterns that rely on visual hierarchy, colour contrast, or complex navigation disproportionately affect users with disabilities — including visual impairments, cognitive disabilities, and motor impairments.

Under the Disability Discrimination Act 1992 (Cth) and the Web Content Accessibility Guidelines (WCAG) referenced in Australian accessibility standards, digital interfaces must be accessible. A dark pattern that is difficult for an able-bodied user becomes impossible for a user with a disability.

The Maguire v SOCOG case established that websites are “services” under the DDA. If a dark pattern is inaccessible — for example, a “close” button that is too small for users with motor impairments, or a consent flow that relies solely on colour differentiation — it creates discrimination risk in addition to ACL risk.

Why this matters: Dark patterns and accessibility failures are legally entangled. Fixing dark patterns improves accessibility. Failing to fix them creates a second enforcement vector through the Australian Human Rights Commission.

15. Algorithmic and Personalised Pricing Is the Next Frontier

The ACCC's Digital Platform Services Inquiry has flagged algorithmic pricing and personalised pricing as emerging dark pattern concerns. This includes dynamic pricing that adjusts based on a consumer's browsing history, location, device type, or perceived willingness to pay.

While personalised pricing isn't explicitly prohibited under current law, the ACCC has signalled that prices that vary based on individual consumer profiling — without disclosure — may constitute misleading conduct under s18 or unconscionable conduct under s21. The UTP Bill's “unreasonable distortion” concept is broad enough to capture algorithmic pricing manipulation.

Why this matters: If your pricing engine uses A/B testing, geolocation-based pricing, or machine learning to optimise prices for individual consumers, you're operating in an area the ACCC is actively studying. Disclosure and transparency are your best defence. For a full overview of all dark pattern categories including algorithmic manipulation, see our Dark Pattern Glossary.

16. The Penalty Escalation Trajectory Is Not Slowing Down

Perhaps the most important fact of all: the penalty escalation trajectory shows no sign of plateauing. From $0 in 2014 to $100M in 2024, with $50M per breach (or 30% of turnover) from 2027 — the trend is exponential, not linear.

The ACCC has stated publicly that it intends to seek penalties that are “sufficient to deter” — which means penalties must exceed the profit the company made from the dark pattern. As enforcement data accumulates, the ACCC's ability to quantify the benefit obtained (and therefore the penalty multiplier) improves.

Three factors are accelerating the trajectory:

Political pressure: Consumer protection is a bipartisan priority. Both major parties support stronger enforcement.
International coordination: ACCC enforcement informs (and is informed by) EU, UK, and US actions. Global precedent drives domestic ambition.
Data capability: The ACCC's digital enforcement team is increasingly sophisticated. Automated scanning, consumer complaint data analytics, and international intelligence sharing make detection faster and prosecution more evidence-rich.

Why this matters: The cost of compliance is fixed and modest. The cost of non-compliance is variable and growing. Every quarter you delay remediation, the penalty exposure increases. The maths is clear — and it only goes in one direction.

What to Do Now

These 16 facts share a common theme: the enforcement framework is broader, deeper, and more aggressive than most businesses realise. The risk extends beyond the ACCC to state regulators, the OAIC, ASIC, and the Human Rights Commission. Liability extends beyond the company to directors, product managers, and UX designers. And penalties extend beyond fines to publication orders, injunctions, and disqualification.

The businesses that will be in the best position when the UTP Bill commences in July 2027 are the ones that act now — not because the law requires it today, but because the ACCC is already enforcing under existing provisions and the compliance lead time is measured in months, not weeks.

Start with an audit. Understand where your dark pattern exposure lies across all 10 categories in our Dark Pattern Glossary. Document your findings. Prioritise remediation by risk level. And set up ongoing monitoring so new dark patterns don't creep back in.

Get your compliance baseline in minutes. Run a free scan at trustscan.com.au/scan — it checks your website against all 10 dark pattern categories and maps findings to specific ACL sections.

For the step-by-step audit methodology, read our Unfair Trading Practices Audit guide. For the latest enforcement actions, see our ACCC Enforcement Roundup.