Renew or Risk It? McAfee Penalised by CCPA for Fear-Driven Subscription Tactics [Read Notification]

The Central Consumer Protection Authority (CCPA) has imposed a penalty of ₹1 lakh on cybersecuritysoftware provider McAfee Software India Private Limited after finding that the company used fear-driven subscription renewal tactics alongside multiple prohibited dark patterns, essentially impairing consumers’ ability to make free and informed choices.

The proceedings arose from a representation submitted by advocate Krishna Nigam, alleging that while McAfee informed users to renew their subscription to the antivirus did not contain neutral options such as “Cancel” or “Skip”, and only presented users with only two choices - “Accept Risk” or to “Renew Now”.

Following a preliminary inquiry, the Authority issued a show-cause notice to McAfee in December 2025. In response, the company informed the Authority that it had modified the interface by introducing a neutral “Skip” option, removing the earlier wording. However, the CCPA noted that the corrective measures were undertaken only after regulatory scrutiny had commenced.

The matter was subsequently referred to the Director General (Investigation), who concluded that McAfee’s use of the phrase “Accept Risk” amounted to “Confirm Shaming” by emotionally pressuring consumers into renewing subscriptions. The investigation further found that the absence of a neutral opt-out mechanism constituted “Forced Action”, while the overall interface design steered users towards renewal through manipulative presentation of choices.

During the scheduled hearing, McAfee’s advocates contended that the phrase “Accept Risk” merely described the consequence of expiry of cybersecurity protection and did not create artificial fear or false urgency. It further argued that users could dismiss the prompt through an “X” button and that no consumer complaints had been received regarding the interface.

The CCPA Bench of Chief Commissioner Nidhi Khare and Commissioner Anupam Mishra observed that there was no material on record or guarantee from McAfee that failure to renew their subscription service would necessarily result in compromise of the consumer’s device or exposure to cyber threats

It was further observed that the ‘opt-out’ mechanism had been displayed much less prominently than the “Accept Risk” or to “Renew Now”.

McAfee’s contentions were accordingly rejected, observing that the expressions in the renewal message distorted the consumer’s perception regarding the necessity and effectiveness of the service and induced consumers.

The CCPA held that McAfee’s interface constituted “Confirm Shaming”, “Interface Interference”, “Trick Question” and “Forced Action” under the Guidelines for Prevention and Regulation of Dark Patterns, 2023.

Violations relating to misleading advertisements, unfair trade practices and the Consumer Protection (E-Commerce) Rules, 2020 were noted.

Noting that more than 3.55 lakh subscription renewals were recorded during the relevant period, the Authority directed McAfee to discontinue such practices, ensure compliance with consumer protection laws and pay a penalty of ₹1 lakh.

Support our journalism by subscribing to Taxscan premium. Follow us on Telegram for quick updates