Task-first regulation map
Scan the obligation first. Open the legal detail only when needed.
EU consumer law has moved past disclosure. Four regulations — right of withdrawal, legal guarantee, right to repair, age verification — now place active obligations on ecommerce interfaces. Each one lands in a different ecosystem state. Each one is currently met at the lowest possible interface weight. This series maps the gap between legal obligation and interaction design, using the user-ecosystem framework.
Applying the user-ecosystem framework — Youngblood and Chesluk, Rethinking Users (BIS Publishers, 2020) · NN/g, 2025.
Let people cancel from the order page The 14-day withdrawal right now needs an active account-area function, not a footer policy. What changed Withdrawal must be executable online through a clearly labelled function. Where in the journey Post-purchase account or order view, then the withdrawal flow. Required UI Clear withdrawal button, live deadline, and purchase-like effort. Failure risk Footer-only policy links make the right hard to exercise and fail the symmetry test.
Legal detail
The right to undo a purchase
⚖ Dir. 2011/83/EU · amended 2023/2673 · in force 19 June 2026
The consumer has 14 days to cancel any online purchase without giving a reason. The amended directive now requires an active withdrawal function, not just a policy link, in the post-purchase interface. Most interfaces do not provide it.
Journey details
01
Browse
Acquisition mode — legal node absent
- The intentional browser Scanning options, building preference
- The aspirational self Projecting desire onto the product
- The market participant Responding to price, promotion, scarcity
- The rights-holder Withdrawal right exists absent
Why it matters
No legal archetypes are active here, and this is appropriate. The ecosystem is correctly configured for browsing. The absence of the legal node at this stage reveals where and how it eventually surfaces.
Design implication
Nothing to redesign at this stage. The gap is downstream.
02
Product page
High intent — disclosed but not received
- The evaluating agent Processing product info, reviews, fit
- The committed self Investment building toward purchase
- The conversion target Responding to interface optimised for sale
- The informed consumer 14-day right in footer link or small print
- The deadline-holder 14-day window not yet relevant absent
Why it matters
The legal archetype is present but weightless. The cognitive archetype is directed at the product. Disclosure is occurring; comprehension is not.
Design implication
The right is disclosed at the moment of highest purchase intent, the state least receptive to legal information.
03
Checkout
Completion mode — disclosure met, function absent
- The overloaded agent Managing payment, address, delivery
- The completion-seeker Strong drive to finish the transaction
- The converting customer Interface minimises friction toward payment
- The acknowledged rights-holder Right referenced; disclosure legally met
- The future returner 14-day window does not yet exist absent
Why it matters
Disclosure is met. The cognitive archetype is at maximum load. The legal information lands in a hostile ecosystem state and is processed by no active archetype.
Design implication
Disclosure does not equal function. Checkout satisfies the information requirement. The withdrawal function belongs in the post-purchase ecosystem.
04
Post-purchase
Where the law places its obligation
- The evaluating owner Assessing product against expectation
- The uncertain or disappointed self Post-purchase dissonance; desire to correct
- The deadline-holder 14-day clock running; deadline not shown
- The active rights-holder Withdrawal function required here, absent in most interfaces absent
Why it matters
The ecosystem has completely changed. The clock is running. The consumer is evaluating a product they own. The withdrawal function the directive requires to be here is absent.
Design implication
Dir. 2023/2673 is explicit: the withdrawal function must be in the account area or on relevant pages, not a footer link. The temporal archetype must also be activated: the consumer needs to see not just that they can withdraw, but when that right expires.
05
Withdrawal
The symmetry test
- The problem-solver under pressure Navigating an unfamiliar flow under deadline
- The frustrated consumer Friction is experienced as injustice here
- The deadline-holder Urgency is high; hours or days remaining
- The rights-exerciser Attempting to exercise a right the interface resists
- The asymmetric interface Withdrawal harder than purchase by design absent
Why it matters
The ecosystem is now the inverse of purchase. The law requires withdrawal to be as easy as purchase. The footer link fails this test on every dimension.
Design implication
The symmetry principle: if purchase took two clicks and a primary button, withdrawal must take the same. The interface structurally opposed to this is not merely poor UX. It is non-compliant.
What fails today and what must change
In ecosystem terms the withdrawal button is an active artifact, a designed object that performs the consumer’s right. Its absence from the order view is not a UX omission. It is the ecosystem refusing to activate a node the law requires to be present.
Current interface
The node is present, but its weight is near zero. A footer link signals administrative content. The user who wants to withdraw must know to look there, navigate past unrelated links, and work through a policy page. The symmetry test is not met.
Required interface
The active artifact is doing its work. The withdrawal function is contextual, in the order view, with a live deadline. The button carries the same action register as the purchase button. Symmetry of effort.
Required UI pattern
The withdrawal button is a legal actor. When absent, the right cannot be exercised. When present with a deadline counter, it performs the law’s symmetry requirement on behalf of the consumer, making the safe action the natural one.
The trader shall ensure that the consumer can exercise the right of withdrawal by means of a clearly labelled withdrawal function placed in the consumer’s account area or on any other relevant page.
Separate the legal guarantee from the warranty The mandatory 2-year guarantee must not be blurred with a voluntary commercial warranty. What changed ECGT requires clear information on the statutory guarantee and how it differs from any commercial guarantee. Where in the journey Product page, checkout confirmation, and breakdown or support journey. Required UI Two distinct labels: mandatory seller guarantee first, voluntary warranty second. Failure risk Warranty badge dominance can misdirect consumers to paid support or manufacturer paths.
Legal detail
Two rights, one confusion
⚖ Dir. 2019/771 · ECGT Dir. 2024/825 · in force 27 Sept 2026
Every product sold in the EU carries a mandatory 2-year legal guarantee. Most interfaces promote the commercial warranty instead, a voluntary manufacturer’s offer. The ECGT directive now requires these to be clearly distinguished. They are not currently.
Journey details
01
Browse
Acquisition mode — guarantee invisible
- The intentional browser Building product preference, comparing options
- The aspirational self Desire-led engagement with products
- The market participant Responding to pricing and brand signals
- The guarantee-holder 2-year legal guarantee exists absent
Why it matters
No legal archetypes are active at browsing. The legal guarantee exists in law, but has no presence in the browsing ecosystem. The commercial warranty, by contrast, is often promoted actively through badge design and product imagery.
Design implication
The asymmetry begins here: the mandatory right is invisible, the voluntary offer is prominent.
02
Product page
Where the law requires clear distinction
- The evaluating agent Reading specs, reviews, warranty claims
- The confidence-seeker Warranty information increases purchase confidence
- The promoted warranty Commercial offer, prominently placed
- The legal guarantee Mandatory 2-year right, absent or buried absent
- The breakdown-holder Guarantee becomes relevant only when product fails absent
Why it matters
The ECGT directive requires both to be present and distinct on the product page. Currently the commercial warranty dominates because it is a marketing asset. The legal guarantee, which is stronger and mandatory, is either absent or indistinguishable from the commercial offer.
Design implication
ECGT 2024/825 creates two separate legal objects: the statutory guarantee label, mandatory and seller-owned, and the commercial durability guarantee label, voluntary and manufacturer-owned. Most product pages currently show one undifferentiated badge.
03
Checkout
Purchase confirmed — two clocks now running
- The completing agent Finishing the transaction; bandwidth minimal
- The dual-clock holder Legal guarantee and commercial warranty both activated at purchase
- The guarantee-holder Legal guarantee begins; consumer is often unaware
- The warranty-holder Commercial warranty confirmed; consumer may notice this one
Why it matters
Two legally distinct timers start at the moment of purchase. The consumer is aware of neither. The checkout confirmation page typically shows order summary and delivery estimate, not the start of their consumer rights.
Design implication
A confirmation message that says your 2-year guarantee starts today would activate the temporal archetype at the correct moment. Most interfaces do not do this.
04
Breakdown
The ecosystem the law was written for
- The problem-solver Trying to get a defective product repaired or replaced
- The frustrated owner Stress, urgency, and sense of loss
- The deadline-holder Is the product still within two years? The consumer often does not know
- The rights-exerciser Legal guarantee entitles free repair or replacement
- The commercial warranty path Interface redirects to paid support or upsell absent
Why it matters
The legal archetype is now maximally relevant. The consumer has a right to free repair or replacement. If the guarantee was never clearly communicated, the interface directs them toward paid support, an upsell, or manufacturer channels that obscure the mandatory right.
Design implication
The ecosystem at breakdown is the one the law was designed for. But the information the consumer needs was disclosed at a completely different ecosystem state, high purchase intent, and was not retained. The active artifact that could bridge these states is a guarantee card or account record surfaced at the moment of breakdown.
What fails today and what must change
The guarantee label is an active artifact. Currently it amplifies the commercial warranty and renders the legal guarantee invisible. Under ECGT 2024/825 it must do the opposite: make the mandatory right legible and the voluntary offer secondary.
Current interface
The commercial warranty dominates the interface. The legal guarantee, the stronger and mandatory right, is absent or indistinguishable. When the product fails, the consumer does not know which protection applies or how to invoke it.
Required interface
Two distinct labels, two distinct rights. The mandatory legal guarantee is primary. The commercial warranty is secondary and clearly voluntary. Both can link to a claim process, but the consumer can tell immediately which right is theirs by default.
Required UI pattern
The guarantee label on a product page is a legal actor. When it says 2-year warranty without distinguishing legal from commercial, it performs the seller’s interest, not the consumer’s right. The ECGT directive requires it to perform both, separately, clearly, and in that order.
Traders shall provide consumers with clear information on the statutory guarantee of conformity and on the distinction between the statutory guarantee and any commercial guarantee offered.
Show repair choices before and after purchase The product page becomes a lifecycle surface with repairability, parts, and repair access. What changed Right to Repair requires repair and spare-parts information, reasonable pricing, and no technical blocking. Where in the journey Product page, ownership area, support flow, and repair decision. Required UI Repairability score, parts availability, price cues, and repair pathway. Failure risk Sales-only product pages hide lifecycle costs and steer replacement over repair.
Legal detail
The product page after purchase
⚖ Dir. 2024/1799 · member states apply from 31 July 2026
The product page has always been a sales endpoint. The Right to Repair makes it the entry point to a legally mandated post-purchase infrastructure: repairability scores, spare parts availability, and repair pricing. None of these currently exist as active interface nodes.
Journey details
01
Browse
Acquisition mode — repairability invisible
- The intentional browser Evaluating products on price, brand, and features
- The aspirational self Desire-led engagement
- The market participant Responding to commercial signals
- The repair-rights holder Right to repair and spare parts access absent
Why it matters
The repairability of a product is not a visible attribute in the browsing ecosystem. The consumer has no interface node to evaluate it against. The commercial ecosystem is optimised for replacement, not repair.
Design implication
The ecosystem at browsing reflects the commercial incentive: sell new products. The Right to Repair introduces a counter-incentive that currently has no interface home.
02
Product page
The product page must now carry lifecycle information
- The evaluating agent Reading specs, comparing models
- The conversion target Interface optimised toward purchase completion
- The repairability-aware buyer Repairability score required on product page, absent in most interfaces absent
- The long-term owner Spare parts availability over product lifetime is not shown absent
Why it matters
Dir. 2024/1799 requires repairability information on the product page. Currently the product page is a pure sales surface. Repairability scores, spare parts availability, and repair cost indicators have no visual language, no established placement, and no interface precedent.
Design implication
This is the most structurally disruptive regulation in the series. It requires the product page to carry information that is actively against the commercial interest: the long-term cost of ownership, at the moment of purchase.
03
Ownership
The post-purchase ecosystem — repair need building
- The maintaining owner Caring for product, noticing wear or faults
- The invested owner Attachment to product; preference for repair over replacement
- The replacement-nudged consumer Interface surfaces new products; repair path is not offered
- The repair-rights holder Right to spare parts and repair information, no interface home absent
Why it matters
The consumer is in ownership mode. A fault develops. The current ecosystem offers no repair pathway. The interface was not designed to support post-purchase repair decisions. The path of least resistance is replacement.
Design implication
The Right to Repair creates an obligation during the ownership phase that has no current interface expression. The consumer’s repair rights are invisible to the ecosystem.
04
Repair decision
A choice the interface must now support
- The repair-or-replace decision-maker Weighing repair cost against replacement cost
- The cost-conscious owner Financial and environmental consideration
- The guarantee-extender Repair under guarantee extends legal protection by one year
- The rights-exerciser Spare parts must be available at reasonable price; repair cannot be blocked
- The independent repairer Third-party repairers now have legal access, not yet integrated into ecommerce flows absent
Why it matters
The directive creates a new decision point the interface must support. The repair-or-replace choice is currently invisible. The commercial incentive is replacement. The legal obligation is to make repair the accessible option.
Design implication
A product repaired under warranty gains an additional year of legal guarantee. This changes the repair calculus, but only if the consumer knows it exists. The interface that surfaces this information at the repair decision moment is performing the directive’s intent.
What fails today and what must change
The repairability score is a legally mandated active artifact. Currently it does not exist as an interface node. When it does, it changes the nature of the product page, from a sales-only surface to a lifecycle interface that must support both acquisition and long-term ownership.
Current interface
The product page is a sales endpoint. No repairability information, no spare parts access, and no repair pathway. The ecosystem is optimised for purchase. The Right to Repair has no active artifact here.
Required interface
The product page now carries lifecycle information. Repairability score, spare parts availability, and repair pathway are visible at point of purchase. The consumer can evaluate the long-term cost of ownership before buying.
Required UI pattern
The repairability score is a legal actor before purchase and after. It changes the product decision at point of sale, and it anchors the repair infrastructure that must remain accessible for the product’s lifetime. The commercial incentive is replacement. The legal obligation is repair.
Manufacturers shall provide information concerning spare parts and repair on their website, make them available at a reasonable price, and shall not use hardware or software techniques that impede repair.
Verify age without turning checkout into surveillance Age checks need a coherent, privacy-preserving gate despite fragmented EU and national rules. What changed Age assurance is moving toward privacy-preserving, interoperable proof rather than broad identity collection. Where in the journey Cart, checkout, verification step, with earlier restriction cues. Required UI Minimal-data age proof, clear reason, early warning, and a fallback that avoids over-collection. Failure risk Document upload harvests data; date-of-birth fields are weak; both create legal and abandonment risk.
Legal detail
The fragmented gate
⚖ DSA 2022/2065 · EU Digital Identity Wallet · national law variations
Age-restricted products online are governed by a patchwork of national laws, platform rules, and product-category regulations. There is no single EU standard. The result is a fragmented legal node that arrives at the moment of highest purchase intent and currently resolves into either a privacy violation or a dark pattern.
Journey details
01
Browse
Pre-restriction — ecosystem unaware
- The intentional browser Scanning products, building intent
- The aspirational self Desire-led engagement
- The market participant Responding to commercial signals
- The age-restricted buyer Product category triggers verification requirement absent
Why it matters
The consumer is browsing without awareness that an age restriction will interrupt the journey. The legal node does not yet exist in the ecosystem. It will arrive at the worst possible moment.
Design implication
The design question begins here: when should the restriction become visible? Surfacing it early reduces checkout friction, but also introduces a gate before the consumer has committed.
02
Cart / Checkout
The legal node arrives at maximum purchase intent
- The completing agent Focused entirely on transaction completion
- The completion-seeker Friction is acutely felt; abandonment risk high
- The converting customer Interface optimised to reach payment confirmation
- The age-verifier Verification required, but method is undefined by any single EU standard
- The privacy-holder Consumer wary of data collection during verification absent
Why it matters
The legal node arrives at the moment of highest purchase intent. Cognitive archetype: completion-focused. Emotional archetype: friction-averse. Any method that introduces steps, requests documents, or requires account creation will generate abandonment. The commercial and legal archetypes are in direct opposition.
Design implication
No single EU standard governs this moment. National laws vary by product category. The interface must resolve a legally fragmented requirement with a coherent user experience.
03
Verification
The verification method determines everything
- The interrupted agent Task switched from purchase to identity; cognitive cost is high
- The surveilled self Verification often reads as data collection, not protection
- The friction interface Document upload, date of birth entry, account creation, all increase abandonment
- The identity-holder Must prove age; method varies wildly by platform and market
- The autonomic user EU Digital Identity Wallet: age confirmed without data shared, not yet available everywhere absent
Why it matters
The verification method is the design. A document upload harvests data and introduces maximum friction. A date-of-birth field is bypassable and legally inadequate. The EU Digital Identity Wallet offers a third path: cryptographic age confirmation with no data transfer. But this infrastructure is not yet uniformly available.
Design implication
The autonomic user archetype is active here. When the Digital Identity Wallet verifies age automatically, the consumer and the verification system become indistinguishable, a single node within the ecosystem.
04
Purchase confirmed
Verification resolved — ecosystem resumes
- The completing agent Transaction resumes; verification step complete
- The relieved consumer Friction resolved; purchase intent recovers
- The converted customer Purchase complete, if abandonment did not occur
- The verified buyer Age confirmed; legal obligation met for this transaction
Why it matters
If verification was smooth and privacy-preserving, the ecosystem recovers. If it required document upload or account creation, a significant share of consumers abandoned at the previous stage and never reach here.
Design implication
The design outcome is measured at this stage. The method that minimises the distance between the legal requirement and purchase completion, in effort, time, and privacy cost, is the ecosystem-aware solution.
What fails today and what must change
The age verification mechanism is an active artifact with two possible natures. Currently it is either a data-harvesting gate or a bypassable checkbox. The EU Digital Identity Wallet proposes a third state: a privacy-preserving signal that confirms age without revealing it.
Current interface
The current dominant pattern is either document upload or a date-of-birth field. The first harvests personal data and introduces maximum friction. The second is trivially bypassable and legally inadequate. Both fail on privacy, friction, or legal certainty.
Required interface
EU Digital Identity Wallet: confirm age, share nothing. A cryptographic proof that the consumer is over 18, without revealing date of birth, name, or other personal data. Low friction, low privacy cost, and high legal certainty.
Required UI pattern
Youngblood and Chesluk’s concept of the autonomic user, where technology and user become a single whole, is most visible here. When the EU Digital Identity Wallet verifies age automatically and privately, the user does not perform verification. The ecosystem performs it.
The EU age verification initiative aims to allow EU users to prove they are old enough to access age-restricted content without sharing any other personal information, privacy-preserving and interoperable with EU Digital Identity Wallets.
From observation to method
This piece shows how legal pressure surfaces as distributed ecosystem strain. Signal-Driven Discovery turns that kind of pressure into a method for deciding what deserves interpretation, probing, and action.
-
Working Framework
A method page for reading weak signals, testing interpretation, and turning research into decisions.