
On February 19, 2026, ACCC Chair Gina Cass-Gottlieb stood before a CEDA audience in Sydney and announced the regulator's enforcement priorities for the year ahead. At the top of the list: manipulative and false practices in digital markets, including dark patterns, subscription traps and algorithmic manipulation of consumer choice.
She was, in significant part, describing practices where AI is now doing the work.
Five weeks later, on March 28, 2026, the Treasury Laws Amendment (Doubling Penalties for ACCC Enforcement) Act took effect. Maximum corporate penalties for competition and consumer law breaches doubled from $50 million to $100 million per contravention. The ACCC's stated position is that it will seek the highest penalties appropriate in cases it brings to court.
Any organisation using AI in a customer-facing context is now operating in a materially different risk environment than 12 months ago. The ACCC has named its enforcement targets. The penalties have doubled. And a Bill before Parliament proposes a new general prohibition on unfair trading practices with AI-enabled dark patterns explicitly in scope. Most AI governance programmes have not registered any of this.
What the ACCC Is Actually Looking For
Dark patterns are design choices that steer consumers toward decisions they might not otherwise make: hiding cancellation options behind multiple steps, defaulting users into premium tiers, pre-selecting add-ons in checkout flows, making opt-outs difficult while making opt-ins automatic.
What makes AI relevant is that these techniques are no longer static design choices made by a UX team and reviewed once. Personalisation engines, recommendation systems, dynamic pricing tools, chatbots and conversational AI can all be deployed in ways that systematically nudge consumer behaviour at scale. Because AI can adapt its approach for each individual user, the influence can be both more effective and harder to detect than traditional dark patterns.
The ACCC is not unaware of this. Its enforcement framework explicitly describes AI-enabled dark patterns as within scope. The regulator has also flagged "AI-washing," making misleading claims about AI capabilities or the nature of AI products, as a distinct enforcement concern.
The ACCC is already running an action against Microsoft over the alleged concealment of cheaper Microsoft 365 plans from 2.7 million Australian subscribers when Copilot AI was bundled into subscriptions. The allegation is that the Copilot bundling obscured a lower-cost option and affected consumer choice without transparency. Under the existing Australian Consumer Law, that is a misleading or deceptive conduct claim. Under the doubled penalty regime, the financial exposure is material.
That pattern: using AI in a way that influences consumer choices without making the full picture clear, is exactly what the ACCC has said it is prioritising.
The Misleading and Deceptive Conduct Dimension
Under the Australian Consumer Law, misleading or deceptive conduct does not require intent. It requires that the conduct is, or is likely to be, misleading or deceptive. That is an objective test applied to the effect on consumers, not the purpose behind the design.
An AI recommendation engine that consistently surfaces higher-margin products without disclosing the basis for its recommendations can satisfy that test regardless of what the engineering team intended when they built it. A pricing algorithm that presents inflated reference prices against discounted prices, where the reference price is generated or manipulated by AI, satisfies the test in the same way. A chatbot that provides selectively favourable information about a product while omitting material limitations is doing what a human salesperson doing the same thing would be doing: misleading the consumer.
The part many governance teams miss is that the Australian Consumer Law applies to the deploying organisation regardless of which vendor supplied the AI. If the AI tool your organisation procured is doing these things in your customer environment, your organisation is accountable for the conduct.
The Unfair Trading Practices Bill 2026
On April 1, 2026, the Competition and Consumer Amendment (Unfair Trading Practices) Bill 2026 was introduced to the House of Representatives. It proposes a new general prohibition on unfair trading practices under the Australian Consumer Law, alongside specific prohibitions on unfair subscription practices and drip pricing.
The government has explicitly stated that AI-enabled dark patterns and algorithmic manipulation of consumer choice are within scope of the general prohibition. The test the Bill proposes is whether conduct unreasonably manipulates or distorts the environment in which the consumer makes, or is likely to make, a decision.
Proposed commencement is July 1, 2027, subject to the Bill passing. That is not a distant horizon for most organisations. If you are building, procuring or operating AI systems that touch consumer-facing decisions today, those systems are the infrastructure that will need to comply by July 2027. The time to identify and address design choices that could be characterised as unfair manipulation is before they are entrenched in customer journeys.
The proposed penalty structure sits alongside the doubled penalties already in effect: the greater of $50 million, three times the benefit obtained or 30% of adjusted annual turnover during the breach period.
What AI Deployments Are in Scope
Not every AI system creates consumer law risk. But the perimeter is wider than most governance programmes have mapped.
Recommendation engines. If your AI recommends products, content or services in a way that is influenced by margin, commercial relationships or behavioural targeting without disclosure, that is within the ACCC's current enforcement focus. The test is not whether AI was involved. It is whether consumers were steered toward decisions that served the organisation's interests over their own, without transparency.
Dynamic pricing. If your AI adjusts prices based on signals that include urgency cues, browsing behaviour or predicted willingness to pay, and the resulting price is not presented transparently, you are in territory the ACCC has previously found problematic in non-AI contexts. AI makes the practice more scalable. It does not make it more lawful.
Subscription and cancellation flows. If AI is involved in personalising subscription upgrade prompts, adjusting retention offers based on predicted churn likelihood or making cancellation harder for certain user segments, those practices match the ACCC's stated enforcement priorities directly. The asymmetry between easy opt-in and difficult opt-out is the pattern the ACCC named.
Chatbots and conversational AI. If your AI provides information about products, services, terms or policies that is inaccurate or that selectively omits unfavourable information, that is misleading or deceptive conduct in the same way that equivalent human conduct would be. The conversational format does not change the legal character of the exchange.
What Good Governance Looks Like in This Environment
Organisations do not need to remove AI from customer-facing processes. They need to govern it consistently with consumer protection obligations that have always applied to those interactions.
Map your consumer-facing AI deployments. For each AI system that touches customer interactions, add consumer law risk as a classification dimension in your governance register. Not just privacy risk and operational risk, but the specific question: does this system, or could it, influence consumer decisions in ways that lack transparency or that could be characterised as manipulative?
Build transparency into AI-driven interactions. Where AI influences recommendations, pricing or decisions about what consumers see, disclosure should be the default. For financial services and health, consumer law overlaps with sector-specific regulation, making transparency obligations doubly important.
Review subscription and cancellation flows. If AI has been used to personalise or optimise these flows, review whether the optimisation has made decisions easier or harder for consumers. The ACCC's framing of subscription traps focuses on the asymmetry: easy to enter, difficult to leave.
Audit AI-generated consumer communications. Any AI-generated content that makes claims about products, services, terms or prices needs to be verified against what the organisation is actually offering. The accuracy obligations under consumer law apply to AI-generated communications in the same way they apply to human-authored ones.
Review vendor AI capabilities for consumer risk. The Australian Consumer Law accountability attaches to the deploying organisation, not the vendor. If your procured AI platform has recommendation, personalisation or pricing features, understanding what those features are doing in your customer environment is your governance responsibility.
What This Means for Your Organisation
Most AI governance programmes were designed around internal risk: protecting the organisation from the consequences of AI doing something wrong to its own systems, processes or data. Consumer protection law adds an external accountability dimension: protecting the people your AI interacts with from the consequences of it operating in ways that disadvantage them.
The ACCC has named this as a priority. The penalties have doubled. The Unfair Trading Practices Bill adds a further layer of obligation heading into 2027. For organisations with AI in any customer-facing context, the window for proactively reviewing those deployments against consumer law obligations is shorter than most assume.
What this requires is not a separate consumer law compliance programme. It is extending existing AI governance infrastructure to include consumer law risk as a classification dimension alongside privacy, operational and regulatory risk. The use-case register already exists. The question is whether it is capturing the right risk categories for every deployment.
Key Takeaways
- ACCC's 2026-27 enforcement priorities explicitly include dark patterns and AI-enabled consumer manipulation, with the doubled penalty ceiling of $100 million per contravention applying from March 28, 2026
- Misleading or deceptive conduct under Australian Consumer Law does not require intent: an AI system likely to mislead consumers satisfies the test regardless of design purpose
- Unfair Trading Practices Bill 2026 (introduced April 2026) proposes a general prohibition on unfair trading practices with AI-enabled dark patterns explicitly in scope; proposed commencement July 2027
- ACCC is already pursuing Microsoft over alleged Copilot AI bundling that concealed cheaper options from 2.7 million Australian subscribers
- Consumer-facing AI in pricing, recommendations, subscriptions and chatbots all carry consumer law risk that most AI governance programmes have not classified
How Trusenta Can Help
Risk Management extends risk classification to include consumer law exposure as a dimension of each AI deployment, making it possible to identify which customer-facing AI systems carry ACCC risk and track treatment plans as the legislative environment develops.
Compliance Management tracks obligations across multiple frameworks in a single platform, including Australian Consumer Law and the ACCC's stated enforcement priorities, so your team has a consolidated view of consumer protection obligations alongside privacy, data and operational risk requirements.
AI Governance Maturity Uplift helps organisations that have foundational AI governance in place extend it to cover consumer-facing AI risk, including systematic review of recommendation engines, pricing algorithms and customer interaction systems against consumer protection law requirements.
The Obligation Has Always Been There
Consumer protection law has always applied to what organisations do in customer-facing interactions. What has changed is that AI can now conduct those interactions at scale, in personalised ways, faster than any compliance team can manually review.
The ACCC's enforcement priorities, the penalty doubling and the Unfair Trading Practices Bill together signal that the regulatory environment is catching up with that capability. The governance response is not to restrict AI in customer interactions but to govern it with the same rigour that consumer protection law has always required of human interactions.
That means mapping the deployments, classifying the risks, building in transparency and reviewing what the AI is actually doing in consumer interactions against what the law requires. None of that is a novel governance challenge. It is applying established consumer law principles to a new actor that operates at scale.
