CHI '26 · Honorable mention · full-paper review · confidence medium-high

Dark Patterns and the EU Digital Services Act: Mapping Autonomy Violations and Design Factors

Sanju Ahuja , Johanna Gunawan , Nataliia Bielova , Cristiana Teixeira Santos

This is a strong translational HCI paper: its main value is not a new interface technique, but a disciplined framework for connecting dark-pattern analysis to DSA autonomy-violation categories. The contribution is conceptually useful and timely, though its practical reach still depends on legal interpretation and further validation with stakeholders.

Axes Lens

Rare contribution shape, typical evidence profile. The point here is not a score. It is to show what kind of claim the paper makes, and whether the evidence pattern is unusual or baseline in this 268 -review set.

Contribution shape

Knowledge form: normative knowledge typical · 31/268
Novelty type: framework typical · 59/268
Abstraction level: field typical · 41/268
Generalization target: field argument typical · 55/268
Validation mode: mixed methods typical · 136/268

Evidence profile

Evidence strength: moderate typical · 105/268
Claim alignment: strong typical · 231/268
Overclaim risk: medium typical · 210/268

Review Summary

This paper is best read as a translational framework contribution at the field level. Its central insight is that dark patterns cannot be assessed for DSA compliance by intuition alone; instead, analysts need design-oriented reasoning that explains why a practice counts as deception, manipulation, or distortion/impairment. That move is important because it shifts the conversation from a broad moral label (“dark pattern”) to a more operational legal/design vocabulary. The paper’s novelty lies in two linked outputs: a mapping of 59 known dark patterns to the three autonomy-violation types, and eight design factors intended to help determine when a pattern crosses the line into a violation. The validation is not a controlled user study; rather, it is a mixed, interpretive demonstration using the Gray et al. ontology, extension to additional attention-capturing deceptive practices, and an applied legal case involving X’s paid blue checkmarks. That scope is appropriate for the paper’s normative goal, but it also means the evidence supports a framework and argument more than a causal claim about harm. The main limitations are structural: the framework depends on a specific reading of the DSA, on an existing ontology of dark patterns, and on analyst judgment that may not align with user perceptions. The authors also explicitly call for validation with users, regulators, and industry practitioners, which is the right boundary condition for a paper of this kind. Overall, this is a credible and timely CHI contribution that helps bridge HCI and regulation, with moderate evidence strength and a clear path for follow-on empirical work.

What Changed

Canon before

Dark patterns are often discussed as harmful interface tricks or manipulative UX practices, but the paper argues that regulatory assessment under the DSA needs a more explicit mapping from design features to legally defined autonomy-violation categories.

Departure from common sense

The paper’s core move is to treat dark-pattern assessment as a design-interpretation problem rather than a generic harm label: it says that proving a DSA violation requires reasoning about why a specific observed practice fits deception, manipulation, or distortion/impairment. That is a more structured and legally grounded framing than common-sense “this is a dark pattern” judgments.

Actual novelty

The paper claims two concrete contributions: it maps 59 known dark patterns to the three DSA Article 25 autonomy-violation types, and it identifies eight new design factors that help determine when a dark pattern violates autonomy. The novelty is not a new interface artifact, but a new analytical framework for translating dark-pattern design analysis into regulatory categories.

Evidence

The paper grounds its claims in a mapping exercise over 59 dark patterns, extends the framework to additional attention-capturing deceptive practices, and applies it to an in-situ legal case study involving X’s paid blue checkmarks. The evidence supports a field-level regulatory/design framework rather than a user-effect measurement study.

“ This paper maps 59 known dark patterns onto the three autonomy violation types from the DSA and identifies eight new design factors which can help determine when a dark pattern violates autonomy”

actual novelty · Abstract/Introduction (contributions) · confidence 0.80

“ Demonstrating such regulatory violations, however, requires design-oriented reasoning necessary to articulate why an observed design practice constitutes a specific autonomy violation type”

departure from common sense · Abstract/Introduction (problem framing) · confidence 0.74

“ Future avenues for research include validating this framework with users, regulators, and/or industry practitioners to ensure that our mappings are practical, relevant, and effective in addressing present challenges in dark patterns compliance”

limitation · Section 6.3 Limitations and Future Work · confidence 0.82

“ In the legal domain, our “law-to-design” framework is one of the first that aligns dark patterns knowledge to a legal framework of autonomy violations, and demonstrates that HCI methods can contribute to the emerging field of regulatory design auditing by aiding both regulators’ enforcement and platform or designer compliance-by-design efforts in the context of the DSA”

validation scope · Section 5 (Utilising and Extending the Framework) · confidence 0.70

Limits

Method limits

The framework is anchored in a specific legal interpretation of the DSA and in the Gray et al. dark-pattern ontology, so its categories and mappings depend on those prior structures. The paper also does not measure harm directly or empirically test whether the mappings predict outcomes across contexts.

Deployment limits

Use is limited to contexts where the DSA Article 25 framing is relevant and where design features can be interpreted against the paper’s autonomy-violation categories. The authors explicitly note the need for validation with users, regulators, and industry practitioners before treating the framework as broadly operational.

Boundary conditions

The framework is most applicable when an analyst can inspect a design practice closely enough to reason about deception, manipulation, or distortion/impairment. The paper also flags possible mismatch between design interpretations and user perceptions, which means the mapping should not be treated as a substitute for lived experience or legal adjudication.

Position in field

This paper sits at the intersection of HCI, dark-pattern scholarship, and platform regulation. Its contribution is translational: it turns a design-harm vocabulary into a legal-analytic framework for autonomy violations, which may help HCI engage more directly with governance and compliance debates.

Abstract

Dark patterns are design practices that undermine users' ability to make autonomous and informed choices in digital experiences. The EU Digital Services Act (DSA) seeks to protect users from such designs and their effects, with Article 25 prohibiting three autonomy violation types: deception, manipulation and distortion/impairment. Demonstrating such regulatory violations, however, requires design-oriented reasoning necessary to articulate why an observed design practice constitutes a specific autonomy violation type. This paper maps 59 known dark patterns onto the three autonomy violation types from the DSA and identifies eight new design factors which can help determine when a dark pattern violates autonomy. Our mapping of dark patterns to autonomy violations grounds ongoing regulatory debates in design while opening pathways for translational research that reimagines how HCI engages with the governance of design practices.