The Central Consumer Protection Authority (CCPA) has fined Zepto Rs 7 lakh for using dark patterns, including drip pricing and basket sneaking, according to Livemint. Notably, the enforcement comes despite the company’s recent self-audit declaration asserting full compliance with the dark pattern rules.
The timing also intersects with a key strategic milestone for Zepto, as it recently received shareholder approval to convert into a public company ahead of a planned June 2026 initial public offering (IPO). The full enforcement order has not been published on the CCPA website yet.
Key Regulatory Findings
According to the order, the CCPA found that Zepto showed mandatory charges, including handling fees, only at the final checkout stage rather than at the beginning of the purchase flow. The regulator also observed that Zepto Pass, a paid add-on, appeared pre-selected during checkout without users giving explicit consent.
The authority concluded that these practices violated the Consumer Protection Act, 2019, and the Guidelines for Prevention and Regulation of Dark Patterns, 2023, which require platforms to collect clear affirmative consent and present all mandatory charges upfront. As a result, the CCPA directed Zepto to redesign its checkout flows, remove all default selections, ensure full price transparency, and submit proof of compliance within 15 days.
For context, this action represents the second enforcement under the dark pattern rules. The CCPA fined Rapido Rs 10 lakh earlier this year for misleading pricing and opt-in practices.
Wider Enforcement Context
Zepto’s penalty comes at a moment when the regulator has begun scrutinising compliance claims across the sector. Between November 24 and 28, the CCPA issued clarification notices to 15 e-commerce and quick commerce platforms after officials reportedly found continued use of dark patterns on their websites and mobile applications despite earlier compliance declarations.
According to Financial Express, the companies that received such notices include Amazon, Blinkit, Swiggy, Flipkart, MakeMyTrip, JioMart, BigBasket and Tata 1mg. The notices reportedly ask platforms to explain why tactics like drip pricing, forced action and subscription traps remain visible and what corrective measures they implemented after their internal audits. Depending on the responses, the regulator may issue further enforcement directions or penalties.
What Did Zepto Claim in Its Compliance Filing?
Earlier this year, Zepto submitted a self-declaration stating that it had reviewed its user interface, user experience and platform workflows and found no instances of any of the 13 prohibited dark patterns identified in the guidelines. The filing said the company maintains ongoing monitoring to prevent future violations.
However, the declaration did not include details on the audit methodology, sample scope, independent review, or specific user journeys examined. It also did not indicate whether any corrective action was taken based on the review. The enforcement order now places scrutiny on those claims and raises questions about the adequacy and accuracy of voluntary compliance filings.
Furthermore, Zepto is not the only platform where compliance declarations and user experience appear misaligned. Voluntary filings published by the CCPA last month varied significantly in depth. Some companies outlined structured review processes, while others submitted brief assurances without describing what was assessed.
IPO Timing, Governance and Public Narrative
The timing of the order is significant because Zepto is preparing to enter the public markets. On November 21, shareholders approved the conversion of the company into a public entity, and the company is expected to file its draft red herring prospectus later this month. The IPO may include a fresh issue of $450 million to $500 million, along with an offer for sale from existing investors.
Public listing brings a different layer of scrutiny. Compliance history, consumer protection posture and design decisions become part of governance and disclosure rather than internal operational choices. Regulatory action, even if financially modest, can shape risk statements, public perception and investor evaluation.
Advertisements
In a recent interview with Forbes, CEO Aadit Palicha acknowledged that Zepto experimented with pricing and delivery fee structures. He said user feedback drove changes and described the earlier approach as a mistake. “I’ll be candid: It was a mistake. We killed it. It won’t happen again,” he said.
Separately, earlier last month Zepto rolled out a pricing revamp that removed handling, surge and small-cart fees, making it the only major quick-commerce platform with zero platform fees, according to Livemint.
The enforcement order now places that public narrative of voluntary correction next to an official finding of non-compliance. That contrast raises questions about how the company interprets compliance obligations versus user sentiment. For a company preparing to go public, that distinction will likely matter.
Business Context and Platform Dynamics
Zepto reported revenue growth of 149% in FY25 and now operates more than 900 dark stores across major metros. Over the same period, it has moved beyond grocery delivery and added categories including apparel, personal care, small electronics and home essentials.
In October, Zepto raised $450 million at a reported valuation of $7 billion. The company has said order volumes continue to rise and that operational burn is reducing quarter on quarter, although granular financials have not been disclosed publicly.
Quick commerce relies on fast ordering cycles where users make decisions quickly and often. In this environment, elements like fee visibility, opt-in prompts or pre-selected subscriptions can meaningfully shape behaviour because users have limited time to review terms. This dynamic makes the sector particularly relevant to enforcement under the dark pattern rules.
Why This Matters:
Zepto’s fine signals a shift from voluntary compliance claims toward enforcement based on observed platform behaviour. It raises questions about whether self-audits are sufficient, whether regulators will now expect clearer evidence of compliance, and how standards may evolve as more digital platforms approach public listings.
This order may also shape how the CCPA evaluates pricing transparency, consent and interface design in future cases. For Zepto, the enforcement now overlaps with its IPO timeline, making compliance not only a legal requirement but a governance marker that regulators, investors and users will be watching.
Also read:
Support our journalism:
For You
Source link