LAYER 3 · REPORT
IRDAI Self-Assessment
The filing artifact: a self-assessment against the 13 CCPA dark patterns plus a remediation plan with owners and timelines - generated from live scanner and provenance data.
Dark Patterns Compliance - Self-Assessment & Remediation Plan
Submitted under IRDAI direction dated 2 April 2026 · CCPA Guidelines for Prevention and Regulation of Dark Patterns, 2023
Ref: LUMEN/SA/2026-27/014
Assessment date: 20 Jun 2026
Prepared by: Lumen Compliance Workspace
1Executive summary
Compliance score
15/100
Patterns present
13/13
Open findings
21
Critical
10
A scan of 10 regulated digital surfaces (web, app, aggregator and WhatsApp) across motor and health lines identified 21 open findings spanning 13 of the 13 statutory dark patterns. The most material risks are pre-ticked add-ons (interface interference), tax-exclusive headline pricing (drip pricing) and unconsented checkout injections (basket sneaking). A remediation plan with owners and target dates is at §4. Going forward, consent for every sale is captured in a tamper-evident provenance ledger (§5) to evidence informed consent on demand.
2Scope of assessment
Motor - Quote & Add-ons · webMotor - Checkout & Payment · webHealth - Plan & Riders · appHealth - Checkout & Payment · appLife - Term Quote & Riders · appLife - Proposal & Payment · webLife - Surrender & Free-look · webAggregator - Best Plans Ranking · aggregatorRenewal Reminder Journey · whatsappCancellation & Free-look · web
3Self-assessment against the 13 dark patterns
| Code | Pattern | Present | Findings | Max severity |
|---|---|---|---|---|
| DP-01 | False Urgency | Yes | 1 | High |
| DP-02 | Basket Sneaking | Yes | 3 | Critical |
| DP-03 | Confirm Shaming | Yes | 3 | High |
| DP-04 | Forced Action | Yes | 1 | Medium |
| DP-05 | Subscription Trap | Yes | 2 | Critical |
| DP-06 | Interface Interference | Yes | 4 | Critical |
| DP-07 | Bait and Switch | Yes | 1 | High |
| DP-08 | Drip Pricing | Yes | 3 | Critical |
| DP-09 | Disguised Advertisement | Yes | 1 | High |
| DP-10 | Nagging | Yes | 1 | Medium |
| DP-11 | Trick Question | Yes | 1 | Low |
| DP-12 | SaaS Billing | Yes | 1 | Medium |
| DP-13 | Rogue Malware / Scareware | Yes | 1 | High |
4Remediation plan
F-101Interface InterferenceMotor - Quote & Add-onsCriticalOpen
Action: Default all optional covers to unchecked; require explicit per-cover opt-in.
Owner: Motor Digital - Pod A·Target: 15 Jul 2026
F-102Drip PricingMotor - Quote & Add-onsCriticalOpen
Action: Show all-inclusive payable (premium + 18% GST + selected add-ons) on the first quote card.
Owner: Motor Digital - Pod A·Target: 15 Jul 2026
F-105Basket SneakingMotor - Checkout & PaymentCriticalOpen
Action: Block any line item lacking a logged customer opt-in from entering the payable.
Owner: Motor Digital - Pod A·Target: 15 Jul 2026
F-201Interface InterferenceHealth - Plan & RidersCriticalOpen
Action: Default riders unchecked; surface each with plain-language benefit + cost.
Owner: Health Digital - Pod C·Target: 15 Jul 2026
F-202Interface InterferenceHealth - Plan & RidersCriticalOpen
Action: Promote material exclusions (waiting periods, co-pay, sub-limits) to the plan card with equal prominence.
Owner: Health Digital - Pod C·Target: 15 Jul 2026
F-204Basket SneakingHealth - Checkout & PaymentCriticalOpen
Action: Remove auto-injected items; strict opt-in with disclosed renewal terms.
Owner: Health Digital - Pod C·Target: 15 Jul 2026
F-501Interface InterferenceLife - Term Quote & RidersCriticalOpen
Action: Default all riders unchecked; show each rider's benefit, cost and waiting period before opt-in.
Owner: Life Digital - Pod L·Target: 15 Jul 2026
F-502Basket SneakingLife - Proposal & PaymentCriticalOpen
Action: Remove auto-injected cross-sell; any health cross-sell requires a separate, disclosed opt-in.
Owner: Life Digital - Pod L·Target: 15 Jul 2026
F-506Subscription TrapLife - Surrender & Free-lookCriticalOpen
Action: Enable online free-look exit and surrender request; disclose the process and surrender value at purchase.
Owner: Life Servicing·Target: 15 Jul 2026
F-401Subscription TrapCancellation & Free-lookCriticalOpen
Action: Provide one-click online cancellation + free-look exit; disclose at purchase.
Owner: Servicing·Target: 15 Jul 2026
F-103Confirm ShamingMotor - Quote & Add-onsHighRemediating
Action: Replace with neutral copy: “Continue without Zero Depreciation”.
Owner: Motor Digital - Pod A·Target: 31 Jul 2026
F-104False UrgencyMotor - Quote & Add-onsHighOpen
Action: Remove non-genuine timers/scarcity; any dated offer must reference a real tariff.
Owner: Growth - Performance·Target: 31 Jul 2026
F-203Confirm ShamingHealth - Plan & RidersHighOpen
Action: Neutral decline copy with equal visual weight to accept.
Owner: Health Digital - Pod C·Target: 31 Jul 2026
F-205Drip PricingHealth - Checkout & PaymentHighRemediating
Action: All-inclusive payable from the plan card; itemise GST and each add-on.
Owner: Health Digital - Pod C·Target: 31 Jul 2026
F-503Bait and SwitchLife - Term Quote & RidersHighOpen
Action: Headline benefit must carry the material conditions; avoid presenting conditional cover as guaranteed.
Owner: Life Product·Target: 31 Jul 2026
F-504Drip PricingLife - Proposal & PaymentHighRemediating
Action: Show all-inclusive annual & total-term payable on the quote card; itemise GST and each rider.
Owner: Life Digital - Pod L·Target: 31 Jul 2026
F-505Confirm ShamingLife - Term Quote & RidersHighOpen
Action: Neutral decline copy with equal visual weight to accept.
Owner: Life Digital - Pod L·Target: 31 Jul 2026
F-301Disguised AdvertisementAggregator - Best Plans RankingHighOpen
Action: Label paid placements; publish ranking methodology.
Owner: Aggregator Partnerships·Target: 31 Jul 2026
F-302Rogue Malware / ScarewareRenewal Reminder JourneyHighOpen
Action: Lapse/penalty statements must be factual and traceable to the actual policy record.
Owner: Retention·Target: 31 Jul 2026
F-106SaaS BillingMotor - Checkout & PaymentMediumOpen
Action: Default auto-debit off; capture a separate, explicit recurring-mandate consent.
Owner: Payments·Target: 31 Aug 2026
F-303NaggingRenewal Reminder JourneyMediumOpen
Action: Honour declines for the session; cap re-prompts.
Owner: Retention·Target: 31 Aug 2026
5Ongoing evidence of consent
For every digital sale, the consent provenance ledger captures, in a tamper-evident hash chain: the disclosures shown and when; each cover selected or declined by the customer; the exact all-inclusive price displayed; and the final consent. This produces a non-repudiable, per-policy answer to “show me exactly what this customer was shown and how consent was obtained.”
Prepared by
Compliance Workspace
Lumen · Dark-Pattern Programme
Attested by
Principal Compliance Officer
For and on behalf of the regulated entity