Dark Patterns 2026: The FTC's New Click-to-Cancel Rule Applied to Banners
ON THIS PAGE
- Dark Patterns 2026: The FTC's New Click-to-Cancel Rule Explained
- Key provisions of the FTC
- The End of the Subscription Trap: Understanding the 2026 Negative Option Rule
- How the FTC Defines Simple Cancellation in Digital Interfaces
- Penalties for Non-Compliance: What’s at Stake for SaaS and E-commerce?
- Recordkeeping Requirements: Verifying Express Informed Consent
- FTC Click-to-Cancel Compliance Checklist
- Frequently Asked Questions
The Federal Trade Commission (FTC) updated its Negative Option Rule, and now directly targets subscription traps and dark patterns. The FTC mandates that cancelling subscriptions must be as easy as signing up.
The provisions of the rule also target subscription traps and dark patterns.
Read the blog to learn what is considered dark patterns in 2026, and how to comply with the FTC's Negative Option Rule.
Dark Patterns 2026: The FTC's New Click-to-Cancel Rule Explained
The Federal Trade Commission’s Negative Option Rule, also known as the Click-to-Cancel rule requires sellers to make automatic renewals and subscription services easy to cancel and transparent. The FTC mandates that cancelling subscriptions must be as easy as signing up. The provisions of the rule target subscription traps and dark patterns.
Dark patterns are deceptive designs, user interfaces, and marketing techniques, deliberately intended to mislead users and to get user consent to collect their data, increase sales, get the signup, etc.
Dark patterns are often found in cookie banners, when they nudge users into giving consent to cookies that collect personal data.
An example of a dark pattern in cookie banners is pre-checked checkboxes that force users to subscribe to marketing emails when they sign up for a product or service.
Another example of dark patterns in cookie banners could be a banner that only allows users to accept cookies.
Dark patterns are banned by data protection laws such as the GDPR in the EU or the DPA 2018 in the UK, that require explicit user consent to set cookies.
However, companies still use dark patterns, especially in subscriptions. Subscribing to a newsletter or paid membership was easy, but cancelling was often confusing, requiring calls or multi-step processes.
The Federal Trade Commission (FTC) updated its Negative Option Rule, and now directly targets subscription traps and dark patterns. The FTC mandates that cancelling subscriptions must be as easy as signing up.
The FTC's "Click-to-Cancel" rule was finalized in late 2024 and began enforcement in 2025/2026.
The FTC's "Click-to-Cancel" rule directly impacts banners by prohibiting deceptive design to trap users into subscription-based, auto-renewal, or free-to-pay conversion. For example, some businesses used to trap users by allowing them to subscribe to paid services easily online, but required phone calls for cancellation. Now, it becomes illegal to require chatbots or phone calls for cancellation.
The FTC's "Click-to-Cancel" rule applies not only to consumer transactions but also to business-to-business transactions.
Key provisions of the FTC
While the FTC rule is often called the "Click-to-Cancel" rule, its provisions extend beyond the cancellation requirements. The provisions have the following four key requirements:
1. Prohibited misrepresentations
The FTC targets "trick or trap" methods and prohibits misrepresentations such as confusing language, hidden fees, or using a deceptive design that misleads consumers or pressures them to accept the banner.
Websites can’t offer a free trial and then automatically switch to a paid plan after the trial ends.
2. Mandatory Disclosures
The new rule emphasizes transparency. Businesses must clearly and publicly disclose the subscription terms before billing clients.
Before starting billing clients, businesses must clearly disclose the following information:
- The fact that consumers will be charged, or that the charges will increase after the trial period, unless the customer cancels the service.
- The deadline by which the consumer must cancel the service to avoid future charges.
Businesses must provide dates or frequencies for the cancellation. Phrases like “billed monthly” is usually enough to meet this requirement. - The costs and frequency of the charges
Businesses must state if the amount is fixed or variable. Taxes or shipping costs could be excluded, but it should be clear that they are extra. - The simple cancellation mechanism
Cancellation should be as easy as it was to subscribe to the service.
3. Simplified cancellation process
For online transactions: The new regulation requires businesses to provide a simple cancellation mechanism. If a customer signs up online, they must be able to cancel their subscription online as well. No more calls or multi-step paths.
Businesses must offer simple cancellation procedures so that customers can end their subscription with a few clicks.
For telephone transactions: Businesses must provide a working telephone number that could be used during normal business hours and is no more expensive than the phone number used to sign up.
For in-person transactions: Businesses must provide an in-person method of cancellation similar to the method used to sign up, as well as an electronic method or telephone number to cancel.
4. Express informed consent
FTC’s "Click-to-Cancel" rule required obtaining clients’ express, informed consent before charging them. Such consent must be separate from the rest of the transaction.
Consent must be solely for the negative option rule.
Customers’ consent cannot be concealed in other agreements, so you cannot combine consent into Privacy Terms or Terms of Use documents.
Sellers must maintain consent documentation for a minimum of three years in order to prove compliance.
The End of the Subscription Trap: Understanding the 2026 Negative Option Rule
The FTC's Negative Option Rule, also known as the "Click-to-Cancel" rule, is a requirement for sellers to make automatic renewals and subscription services easy to cancel and transparent. Clients must clearly and explicitly consent to renewals and subscription; it could not happen without clients knowledge.
The updated Negative Option Rule expands how the FTC defines unfair or deceptive practices around subscriptions.
Before, enforcement focused mostly on hidden renewal terms, surprise charges, or fine-print disclosures.
Now, the scope is broader, encompassing more cases and situations.
In 2026, the FTC explicitly targets:
- Dark patterns after signing up.
- Complex interface designs that discourage cancellation.
- Emotional manipulation (“Are you sure? Your will miss…” “You will loose…”).
- Asymmetrical effort (easy to join, hard to leave).
To comply with the FTC's Negative Option Rule, sellers must obtain a consumer's express consent to the negative option feature, separate from other transactions.
How the FTC Defines Simple Cancellation in Digital Interfaces
The FTC's Negative Option Rule emphasizes simple cancellation.
According to the rule, cancellation must be:
- Similar in mechanism
If a customer signs up online, they must be able to cancel their subscription online as well. - At least as easy as signup
If it was enough to perform one step for subscription, one step should be enough to cancel their subscription. - Free of unnecessary steps
Sellers can’t hide the cancellation mechanism under various documents or pages.
2026 best practices for FTC’s simple cancellation:
- Provide a visible “Cancel subscription” option inside account settings.
- Allow clients to cancel their subscription through the same medium (web > web, app > app).
- Provide a short confirmation step.
- Provide immediate cancellation or a clear end-of-billing-period notice.
Dark patterns that will now comply with the FTC's Negative Option Rule in 2026:
- Requiring a support ticket.
- Requiring a phone call or live chat.
- Multiple screens designed to confuse or mislead the user.
- Hiding cancellation behind unrelated menus or documentation pages.
- “Downgrade first, then cancel” flows.
Prohibited Misrepresentations: Moving Beyond Hidden Fees
The FTC’s "Click-to-Cancel" regulation shows an evolution in consumer protection, moving beyond hidden fees. Hidden fees (unexpected costs added at checkout) were regulated previously. Now, the new standard is moving further:
The Federal Trade Commission prohibits these misrepresentations as well:
- Transparency of the value proposition
The FTC will start monitoring companies that sell products that don't work as advertised or don’t work at all. Thus, the FTC prohibits junk claims (misrepresentations of a product's efficacy) with the same severity as a junk fee. - The Material Fact standard
In the past, companies might hide the fees and automatic renewal terms deep in the Terms of Service. Now, FTC requires disclosing the auto-renewal option clearly, so that a consumer can easily understand it before ordering a product or service. - Cancellation parity
The extra fee, or a hidden part of a fee was often difficult to refuse. Now, the simple cancellation of FTC effectively eliminates the additional nature of long-term costs by requiring that canceling be just as easy as signing up.
What is a dark pattern in cookie banners in 2026?
The Federal Trade Commission evaluates how easily users could decline cookies, renewals, newsletters, or other services. If a banner offers an easy “Accept all” action but withdrawal of consent is difficult or hidden, regulators can treat such a banner as a dark pattern.
In 2026, common Cookie Banner violations include:
- A bold “Accept all” button with a hidden reject option.
- Giving initial consent is easy, but opting out of consent requires multiple clicks.
- Pre-ticked checkboxes for non-essential cookies.
- Misleading language like “Improve experience” instead of “Advertising”.
- Guilt-based style (“Help us keep the site free”).
Not sure if your website uses cookies? Scan your website for free and see what cookies your website uses:
Penalties for Non-Compliance: What’s at Stake for SaaS and E-commerce?
As of early February 2026, the FTC's Negative Option Rule represents one of the most significant legal risks for subscription-based businesses.
Non-compliance with the FTC's Negative Option Rule can lead to:
- Civil penalties
- Mandatory refunds
- Forced changes to subscription flows
- Long-term monitoring.
Civil Penalties
The maximum civil penalty for "knowing violations" is $53,088 per violation.
Note that the FTC uses a per-violation penalty calculation.
In SaaS and E-commerce, a violation is often defined as each daily transaction or each affected customer, meaning penalties can scale into the millions within days. Such penalties can easily bankrupt small and mid-sized companies.
Mandatory refunds
The FTC frequently mandates full refunds for all affected consumers, often reaching back several years.
On September 25, the FTC stated that Amazon will be required to pay a $1 billion civil penalty and provide $1.5 billion in refunds to consumers harmed by Amazon’s deceptive Prime enrollment practices. The $1 billion civil penalty is the largest ever for a lawsuit alleging FTC rule violations, and the $1.5 billion in consumer refunds is the second-highest refund ever obtained by the FTC.
Long-term monitoring
Settlements often include 10 to 20 years of compliance monitoring, where the FTC maintains a "desk" within your company to audit every marketing change.
SaaS and E-commerce businesses must treat the FTC subscription requirements seriously to avoid devastating penalties for non-compliance.
Recordkeeping Requirements: Verifying Express Informed Consent
In order to prove compliance with the FTC’s requirements, businesses must keep records of the information they provide to consumers, and consumer actions taken.
The most important requirement is around user consent. Consumers should provide explicit consent to accept a product with the existing terms. There should be no hidden terms or fees.
The FTC sets the following recordkeeping requirements:
- Businesses must store user express and informed consent. This means that consumers should clearly know what they are consenting to and express explicit consent to use the product.
- Businesses must store the date when consent was given.
- Businesses must store the actual information that users saw when they gave consent.
- Proof that renewal terms were clearly disclosed.
- Proof that consent was affirmative (not implied).
For SaaS teams, this usually means:
- Logging consent events.
- Logging versions of checkout screens.
- Storing renewal terms together with timestamps.
- Keeping records for audits.
Recordkeeping requirements become an important part of compliance with the FTC's Click-to-Cancel rule. Even if you do everything correctly, according to the rule, but can’t prove it, you could face penalties for non-compliance with the FTC.
FTC Click-to-Cancel Compliance Checklist
Use this FTC Click-to-Cancel compliance checklist to evaluate your website compliance:
- Can users cancel online without contacting support?
- Can users cancel as easily as it was to sign up?
- Is the cancel option easy to find?
- Are there no forced retention screens?
- Are renewal terms well explained before consent?
- Do you avoid emotional manipulation when asking for express consent?
- Do you store proof of express informed consent?
- Does your proof of express informed consent contain the date and the information that users saw when they gave consent?
Use CookieScript Consent Management Platform (CMP) to provide a professional Cookie Banner and collect express user consent.
In 2025, CookieScript received the fourth consecutive badge in a row as the leader on G2, a peer review site, and became the best CMP on the market for a whole year!
CookieScript CMP has the following functionalities:
- Cookie banner design customization
- Cookie banner behavior customization
- Google Consent Mode v2 integration
- IAB TCF v2.2 integration
- Google Tag Manager integration
- Integrations with CMS platforms like WordPress, Shopify, Joomla, etc.
- Certification by Google
- CookieScript API
- Cookie Scanner
- Consent recordings
- Third-party cookie blocking
- Geo-targeting
- Local storage and session storage scanning
Frequently Asked Questions
What is the “Click-to-Cancel" rule?
The Federal Trade Commission’s Negative Option Rule, also known as the Click-to-Cancel rule requires sellers to make automatic renewals and subscription services easy to cancel and transparent. Clients must clearly and explicitly consent to renewals and subscriptions. The FTC mandates that cancelling subscriptions must be as easy as signing up. The provisions of the rule target subscription traps and dark patterns.
Does FTC’s click-to-cancel rule apply to Cookie Consent banners?
Yes, even if banners aren’t used for subscriptions. The Federal Trade Commission evaluates user choice. If a banner offers an easy “Accept all” action but withdrawal of consent is difficult or hidden, regulators can treat such banner as a dark pattern. Use CookieScript CMP to deliver a Cookie Banner and obtain express user consent. In 2025, users ranked CookieScript CMP as the best CMP.
What counts as a dark pattern in cookie banners in 2026?
In 2026, common Cookie Banner violations include: a bold “Accept all” button with a hidden reject option; giving initial consent is easy, but opting out of consent requires multiple clicks; pre-ticked checkboxes for non-essential cookies; misleading language like “Improve experience” instead of “Advertising”, and a guilt-based style on a cookie notice. Use CookieScript CMP, the best-ranked CMP by users on G2, to deliver a cookie banner and obtain express user consent.
Can cookie banners show different button colors or sizes in 2026?
Yes, if they don’t influence user choice. Design differences are risky but still allowed. In practice, your cookie banner “Accept” and “Reject” options should have the same prominence, the same contrast, and the same effort. If one option clearly stands out while the other fades into the background, this could be risky. CookieScript CMP provides one of the most adjustable cookie banners. You can choose the design and behavior of your banner.