The notification arrives at 11.47pm on a Tuesday in February. Your bank balance, refreshed automatically by the app you opened seventeen times in the last fortnight, has dipped below the threshold it dipped below in November, and again in December, and again just before payday in January. The pattern is legible. So is the time of night, the location (home, alone, weekday), the slowing scroll cadence, the lengthening pause between taps. Somewhere in a system you have never seen, a model decides this is the moment. A loan offer surfaces. The interest rate is presented with the soft confidence of an algorithm that has watched, in aggregate, several hundred thousand people in similar conditions click yes.
You click yes.
Whether what just happened to you was personalisation or manipulation depends on assumptions almost no consumer protection regime in force today is well-equipped to test. It depends on what the platform knew, what it inferred, and whether the moment of your assent was the moment of your strongest deliberative capacity or its weakest. It depends on a question that until very recently regulators barely had the vocabulary to ask: when an algorithm identifies that you are anxious, lonely, or financially stretched, and uses that knowledge to influence your next decision, what exactly has happened, and who is responsible for it?
That question has now arrived at the centre of European and British regulatory attention. A peer-reviewed paper published in Frontiers in Psychology in April 2026, examining the intersection of law, neuroscience, and AI-driven design, argued that contemporary digital platforms increasingly possess the capability to infer a user's emotional and cognitive state in real time and to deploy persuasive interventions calibrated to that state of vulnerability. The Treasury Select Committee's January 2026 report on artificial intelligence in financial services concluded that British regulators were not doing enough to manage AI risks, and that a wait-and-see posture exposed consumers and markets to potentially serious harm. The Financial Conduct Authority's Mills Review, launched on 27 January 2026, opened an explicit examination of how Consumer Duty rules apply to AI-driven personalisation. In Brussels, the prohibitions in Article 5 of the EU AI Act, which include a ban on AI systems that exploit vulnerabilities arising from age, disability, or specific socio-economic situation, became enforceable on 2 February 2025, with fines of up to thirty-five million euros or seven per cent of global annual turnover. The legal apparatus is, finally, beginning to twitch.
What has been built in the interim is enormous. The market for “affective computing”, the cluster of techniques used to recognise and respond to human emotional states, is forecast by industry analysts to grow from roughly one hundred billion dollars in 2025 to more than three hundred billion by the early 2030s. The infrastructure of inference, the tooling, the data pipelines, the trained classifiers, is already deployed at consumer scale. The legal infrastructure that would constrain it is barely past the drafting table. This article is about the gap between those two infrastructures, and about who has been living in it.
A Brief History of the Nudge That Knew You
The phrase “dark pattern” was coined in July 2010 by the British user-experience designer Harry Brignull, who registered darkpatterns.org as a public catalogue of interfaces engineered to deceive. The early entries were modest by today's standards: confirmshaming buttons that made declining a newsletter feel rude, hidden subscription renewals, checkboxes pre-ticked to opt users into mailing lists. By 2019, researchers at Princeton and the University of Chicago, led by Arunesh Mathur, had crawled around eleven thousand shopping websites and catalogued some 1,818 instances of deceptive design at scale. Their taxonomy would become a template for regulators on both sides of the Atlantic.
The patterns Brignull and Mathur described were broadly static. A misleading countdown timer is a misleading countdown timer for everyone who sees it. The harm scaled with the number of users exposed, but the trick itself did not adapt to the trickee. What changed in the decade that followed is that the trick learned to adapt.
Three things happened in parallel. Cloud-scale machine learning made it cheap to train classifiers on behavioural telemetry of the kind every modern app collects by default. Mobile devices became dense enough with sensors, accelerometers, gyroscopes, microphones, cameras, that fine-grained signals of physiological and emotional state could be inferred without the user ever consciously providing them. And the advertising and growth-marketing ecosystem, having long since exhausted the easy gains from demographic targeting, turned its attention to a richer prize: the targeting of moments rather than people.
The shift is decisive. Demographic targeting asks who you are. Moment targeting asks when you are. It asks whether right now, at this exact session, this exact swipe, this exact pause, you are in a psychological state in which a particular intervention is more likely to convert. The answer to that question is the foundation of what the Frontiers in Psychology paper, authored by Cristina Elena Popa Tache and Catalin Silviu Sararu, calls the assault on cognitive autonomy: the engineering of choice architectures that no longer merely present options but actively reshape the deliberative conditions under which the user encounters them.
The Signals You Did Not Know You Were Sending
To grasp what real-time vulnerability inference looks like in practice, it helps to dispense with the science-fiction framing. No app is reading your mind. Plenty are reading your fingers, your routines, and your wallet, and the inferences that can be made from those alone are sufficient.
Consider the signals available to a typical consumer financial app. Login frequency. Time of day. Geolocation, often precise to the building. Battery level. Charging state. Device orientation. Typing rhythm and the pause distribution between keystrokes. Scroll velocity and acceleration. The exact pixel coordinates of every tap. Payment history, including the merchant categories of recent transactions. Account balance and its rate of change. Notification engagement. Microphone activation, where permitted. The accelerometer signature of a phone being picked up versus a phone resting on a table.
None of these signals, individually, looks like an emotion. In aggregate, trained against a labelled dataset of millions of users, they correlate well enough with affective and cognitive states to be commercially useful. Studies in the affective computing literature have documented the use of typing dynamics alone to classify stress and fatigue with reasonable accuracy. Voice prosody, where consented, yields finer-grained inference still. The work by Sendhil Mullainathan and Eldar Shafir on the cognitive effects of scarcity, popularised in their 2013 book of the same name, established that financial pressure measurably degrades deliberative capacity, costing the equivalent of around fourteen IQ points on cognitive tests in their experimental settings. A platform that can infer financial pressure can, in principle, infer that diminished capacity, and time its interventions accordingly.
The Sky Betting and Gaming case decided in the High Court on 28 January 2025 offered a rare glimpse of the practice in concrete legal detail. The judgment, brought under data protection law, examined the operator's use of more than five hundred dynamic data points, including indicators that correlated with mental health and patterns of compulsive play, to build marketing profiles. Reports of the proceedings noted the integration of nineteen thousand data points from one location-data source and a further eighty-three from a behavioural signal provider, fed into propensity models predicting the likelihood that a given user would respond to a given prompt.
What is striking about the case is not its exceptionality but its representativeness. The data architecture it described is not unique to gambling. It is, with minor variations of vocabulary and vertical, the architecture of every major consumer app that has spent the last decade optimising for engagement and conversion. The gambling sector's particular regulatory attention does not arise because the practice there is qualitatively different. It arises because the harm is more visible.
The Loan, the Subscription, the Loneliness Dividend
The textbook examples of moment-targeted intervention sound, in summary, paranoid. Said aloud, “the app served me a loan offer because it knew my balance had just dropped” reads as folk theory. Examined as a matter of system architecture, it reads as the obvious commercial implementation of the data the system already holds.
Take buy-now-pay-later, the credit category that bloomed in the late 2010s and now sits, according to multiple regulators, at the unstable intersection of credit, payments, and behavioural design. The American Consumer Financial Protection Bureau, in its January 2026 review of the sector, pointed to a pattern in which BNPL prompts were surfaced disproportionately at the point of checkout fatigue, the moment at which a user, having walked the long path of cart-building, was least likely to abandon the transaction over a marginal additional friction. Seven state attorneys general issued requests for information to half a dozen BNPL providers, asking specifically about their use of behavioural data. The British Treasury Select Committee made the same point in a different register, observing that the regulatory perimeter has not kept pace with the modelling capabilities deployed inside it.
Consider, too, the subscription prompts that arrive at moments of social drift. Dating apps, in particular, have built upgrade flows that activate after periods of low engagement of the kind associated, plausibly, with rejection or loneliness. Whether re-engagement is the right word for charging a user a higher monthly fee at the moment they feel least loved is a matter of editorial choice. Or consider dynamic pricing: airline and ride-hailing apps that adjust prices upward when behaviour indicates urgency, repeated searches for the same route, late-evening sessions, low battery levels, the kind of signals that suggest someone who needs to get somewhere now and will not shop around.
None of these practices are illegal in any jurisdiction in unambiguous, settled terms. Most are arguably already prohibited under one or another existing regime, the EU AI Act, the Digital Services Act, the Unfair Commercial Practices Directive, the GDPR, the FCA's Consumer Duty, the Federal Trade Commission's general unfairness authority, but the prohibition is mediated through frameworks built for older harms, and enforcement has been thin.
The Frontiers Paper, and What It Does Not Say
The April 2026 paper in Frontiers in Psychology, “Law, neuroscience, and authenticity by design: protecting users' minds in the digital sphere”, by Popa Tache and Sararu, is not, on its own terms, a blockbuster. It does not present novel empirical findings. It does not name and shame particular companies. What it does is something arguably more important: it argues that the existing European regulatory toolkit, the GDPR's references to dark patterns in the context of consent, the Digital Services Act's prohibition of dark patterns under Article 25, the AI Act's prohibition of vulnerability exploitation under Article 5, and the Unfair Commercial Practices Directive's general standard of misleading and aggressive practices, is, taken together, a fragmented and definitionally underdetermined patchwork. There is, the authors note, no single legal definition of psychological manipulation across the European regulatory landscape. The result is a regime that knows manipulation when it sees it, but only sometimes, and only after considerable litigation.
The authors' proposed remedy, what they call authenticity by design, is in essence an extension of the privacy-by-design and security-by-design principles pushed into law over the last decade. It would require platforms to demonstrate, at the point of deployment, that their interfaces and recommendation systems do not interfere with the user's capacity for autonomous deliberation. The proof obligation would shift from the consumer to the operator. The standard of proof would not be the legal fiction of the reasonable consumer, who in case law is unfailingly attentive, sceptical, and possessed of perfect time, but a more honest model of the actual person at the actual moment of the actual choice. Whether such a principle is workable is contestable. Whether the alternative is workable is no longer in serious doubt.
The Children Exception, and What It Implies
The Law Society Gazette, reporting in April 2026 on the legislative pipeline in Westminster and Brussels, noted that new frameworks were under active development specifically to restrict algorithmic systems targeting children and young adults, on the explicit basis of their developmental susceptibility. This continues a pattern visible across multiple jurisdictions. California has banned addictive algorithmic recommendations targeting minors. New York has enacted similar restrictions. Connecticut and Arkansas have followed. At the federal level in the United States, the Kids Off Social Media Act would prohibit social media companies from algorithmically recommending content to users under seventeen. Brazil's Digital Statute of the Child and Adolescent, which took effect in March 2026, prohibits the use of minors' data for targeted advertising. The Online Safety Act in the United Kingdom imposes design and safety obligations on services likely to be accessed by children.
The age-gating impulse is reasonable, and the developmental evidence supporting it, the still-maturing prefrontal cortex, the documented susceptibility of adolescents to social-feedback loops, the elevated risk profile of compulsive behavioural disorders in late teens and early twenties, is empirically robust. But the impulse contains, lurking inside it, a strong implied claim. To say that children warrant protection from algorithmic targeting because of their developmental susceptibility is to say, by structural necessity, that adults do not warrant such protection because they are not so susceptible. The reasoning depends on a sharp ontological line: a child can be exploited by a recommendation system; an adult cannot.
This is, on the evidence, untrue. The signals that mark adolescent susceptibility, peer-influence sensitivity, novelty seeking, attentional capture, scarcity-induced cognitive degradation, are not absent in adults. They are continuously present, modulated by context, by stress, by sleep, by financial pressure, by grief, by loneliness. The Mullainathan and Shafir research demonstrates that adults under financial scarcity perform measurably worse on tests of deliberative capacity than the same adults under conditions of plenty. The literature on emotional decision-making under fatigue, on late-night screen use, on the impulse-control implications of prolonged social isolation, is voluminous and consistent. The line between developmental susceptibility and contextual susceptibility is a difference of degree, not of kind.
A regulatory framework that grants bespoke algorithmic protection to a sixteen-year-old but assumes that the same person at thirty-five, in the small hours of a hard week, is fully capable of self-defence against a system trained on the choices of millions, has not solved the problem. It has merely chosen which population to protect.
What Marketing Has Always Done, and Why That Defence Fails
Any honest discussion of the line between personalisation and exploitation must steelman the strongest counter-argument, which is that all marketing has always sought psychological resonance. The cigarette ad on the billboard, the fragrance commercial in the cinema, the loyalty card at the supermarket: each is, in its way, an attempt to influence behaviour through the strategic deployment of psychological cues. To prohibit “vulnerability targeting” is, on this view, to prohibit advertising itself.
The argument is not without force. But three differences distinguish algorithmic moment-targeting from the historical practice it superficially resembles.
The first is asymmetry of capability. A 1960s ad agency knew, in aggregate, that anxious consumers responded to certain colours and copy. It did not know which of the people walking past a particular billboard at a particular moment was anxious. The aggregate insight was applied uniformly, and the uniformity placed a ceiling on the harm any individual case could absorb. A modern personalisation system applies its insight selectively, to the individuals most likely, by the system's own modelling, to be in the susceptible state. The harm is concentrated rather than distributed.
The second is foreseeability. The historical advertiser making decisions on aggregate effects could plausibly claim that any given individual consumer was responsible for their own response. The modern operator deploying a system explicitly trained to identify the moment of maximum susceptibility cannot, with a straight face, claim that the harm to the susceptible individual was unforeseeable. The system was designed to find them. Foreseeability is the hinge on which most theories of liability turn.
The third is consent. The 1960s consumer who saw the billboard had, at minimum, a conscious awareness that they were the target of advertising. The modern app user, in most cases, has no awareness that the prompt they are seeing is the output of a model that has classified them as currently lonely, currently financially stretched, currently fatigued. The consent obtained at sign-up, buried in the privacy policy, is a fiction. It is consent in the same sense that signing the terms of service is reading them.
The defence that all marketing is manipulation collapses into the observation that this kind of manipulation is the kind we did not consent to, did not see coming, and could not have refused individually even if we had.
Who Is Responsible, and What Would an Enforceable Duty Look Like?
The accountability question is the hardest, and the easiest to ignore. The architecture of moment-targeted personalisation is distributed across multiple parties: the platform operator that holds the user relationship, the model developer that supplies the inference engine, the advertiser that pays for the placement, the data broker whose feeds enrich the targeting, the regulator that defines the perimeter of acceptable practice. Each can, with a degree of plausibility, point at the next.
The European response has chosen to spread the duty broadly. The AI Act's Article 5 places its prohibition on the placing on the market, putting into service, or use of AI systems that exploit vulnerabilities, which catches both providers and deployers. The Digital Services Act's Article 25 places its dark-patterns prohibition on online platform operators directly. The GDPR's Article 22, on automated decision-making, places its restrictions on data controllers, which in most cases means the platform. Each instrument catches a different actor in the chain, and the cumulative coverage is broader than any single one.
The British response, by contrast, has so far leant on principles rather than specific rules. The Financial Conduct Authority's Consumer Duty, in force since 2023, requires firms to deliver good outcomes for retail customers, with explicit attention to vulnerability. The Mills Review, launched in January 2026, is an attempt to test whether the principle, applied to AI-driven personalisation, produces the right answers. The principle-based approach is more flexible and arguably more durable, but it depends on regulators with the resources and analytical capacity to enforce it against systems whose inner workings are opaque even to their operators.
The United States, predictably, has produced the most fragmented response. The Federal Trade Commission has moved against dark patterns under its general unfairness authority, with results that vary with the political composition of the Commission. State attorneys general have stepped in where federal action has lagged. Sectoral regulators have moved within their domains.
What an enforceable duty would actually require is something like the following. Operators who deploy personalisation systems would be required to demonstrate, before deployment and on an ongoing basis, that their systems do not selectively target users in inferred states of diminished deliberative capacity. The standard of care would be objective: not whether the operator believed the targeting was legitimate, but whether a reasonable independent assessor, looking at design, training data, and deployment context, would conclude that the system was likely to produce harm to a foreseeably susceptible class of users. The burden of proof would sit with the operator. Audit rights would sit with the regulator. Affected individuals would have a private right of action.
That is a heavy lift. It is also, in essentials, the architecture that the EU AI Act has already attempted, the Digital Services Act has already partially imposed, and the FCA's Mills Review is now openly contemplating. The question is no longer whether the duty exists in principle. It is whether it can be made to bite in practice.
The Quiet Acknowledgement Inside the Industry
For all the rhetoric of the personalisation industry, the people who actually build these systems are not, in private, especially confused about what they are doing. The internal product literature of major platforms is full of euphemisms whose meaning is unmistakable once read with a critical eye: “moments of intent”, “high-conversion windows”, “users with elevated propensity”, “behavioural triggers”. The terms describe the same phenomenon that consumer-protection lawyers describe as vulnerability targeting. They differ only in connotation.
This matters because the legal question of intent, foreseeability, and knowledge does not require regulators to prove that the operator believed itself to be exploiting vulnerable users. It requires only that the operator could reasonably have known, on the basis of the system's design, that the system was likely to do so. The product documentation does that work for the regulators. The systems are designed, explicitly and demonstrably, to find moments of maximum behavioural susceptibility. The defence that the operator did not know is unavailable.
The industry's preferred response, to argue that the inferred susceptibility is in the user's interest, that the loan offered at the moment of financial stress is helpful, that the subscription prompted at the moment of loneliness is a service, requires accepting a model of paternalism so thoroughgoing that it undoes the consent framework on which the rest of digital commerce depends. If the platform knows what is good for the user better than the user does, then the user's choice is no longer the locus of legitimacy, and the entire architecture of consent-based digital regulation collapses. The industry cannot have it both ways.
The Defensible Case for Personalisation
It would be analytically lazy to pretend there is no defensible case for behavioural personalisation. There is. A loan offered at a moment of legitimate need, on terms more favourable than the user could have obtained by walking into a branch, is a consumer good. A subscription prompt timed to a moment when the user actually does want the service is a convenience. The alternative, uniform messaging, has its own pathologies: it is wasteful, it is generic, it is, in many cases, less useful to the recipient.
The question is therefore not whether personalisation is permissible. It is what kinds of personalisation are permissible, on what terms, with what disclosures, and under what regulatory oversight. The line is not “no personalisation”. It is something more like: personalisation that operates against the user, by exploiting inferred conditions of diminished capacity, is prohibited; personalisation that operates with the user, by tailoring offers to genuine, deliberatively endorsed preferences, is permitted, provided the user is aware of the basis on which it occurs and retains meaningful control over it. This line is not easy to draw, and it is not easy to police. These are hard questions, not unanswerable ones.
The Consumer Position, Such as It Is
The individual consumer's position in all of this is, candidly, weak. The data profiles that enable moment-targeting are generated and traded largely without meaningful consent or awareness. The technical means by which a user might detect that they have been classified as susceptible, even after the fact, do not exist for most platforms. The remedy of withdrawing consent is, in practice, the remedy of withdrawing from the service, which for many digital products means withdrawing from a meaningful share of contemporary commercial and social life.
This is the deepest reason that the regulatory turn matters. The harms of moment-targeted personalisation are not the kind that can be remedied by user education, by privacy literacy campaigns, by better-designed cookie banners. The asymmetry of capability is too steep. A user reading their bank app's privacy policy at 11.47pm on a Tuesday in February, having just received a loan offer that their balance trajectory predicted, is not in a position to evaluate the system that just classified them. Even a user with a doctorate in machine learning is not in that position, because the model is proprietary, the inferences are not disclosed, and the timing of the intervention has already done its work.
The remedy, if there is one, is structural. It lies in the prohibition or constraint of certain classes of system design, regardless of any individual user's consent. It lies in the imposition of duties on operators that are independent of user choice. It lies in the creation of regulatory institutions with the technical capacity to look inside the systems they are policing. The frameworks exist; the operationalisation does not yet.
Where the Line Is Drawn, and Who Draws It
The line between personalisation and exploitation is not a single bright line but a cluster of distinctions. It tracks the asymmetry of capability between operator and user. It tracks the foreseeability of harm to a defined class of susceptible users. It tracks the quality of consent, particularly the question of whether consent was obtained under conditions that allowed for genuine deliberation. It tracks the operator's design intent, as revealed in product documentation, training objectives, and deployment patterns. And it tracks the existence and adequacy of remedy.
Who draws the line is the political question that sits underneath the technical one. The European answer, in 2026, is that the line is drawn by legislators in concert with regulators, with private rights of action as a backstop. The British answer is that the line is drawn by regulators applying principles, with the courts available for hard cases. The American answer remains a patchwork.
What unites the serious analyses is a rejection of the proposition that the line should be drawn by the operators themselves, in private, through self-regulation. The argument that private actors are best placed to identify and constrain the harms of the systems they have built and from which they profit has, by 2026, exhausted its credibility. It survived for as long as it did partly because the harms were inchoate, the technology was novel, and the regulatory apparatus was unprepared. None of those conditions still applies.
The Vulnerable Moment, Reframed
The notification that arrives at 11.47pm on a Tuesday in February is, on one reading, a perfectly legal commercial communication, governed by terms of service the user agreed to at sign-up, generated by systems whose inner workings are unremarkable in the industry. On another reading, it is the deployment of an algorithmically inferred state of vulnerability against the deliberative capacity of the very user whose welfare the system's operator is supposed, under multiple existing regulatory frameworks, to consider. Both readings cannot be correct. The work of regulators, courts, academics, and, occasionally, journalists is the work of choosing between them. The choice is overdue.
The deeper proposition is that the architecture of inference and intervention now in mainstream deployment is qualitatively different from the marketing techniques it grew out of. It is more individuated, more reactive, more capable, and operates on signals the user does not know they are sending. Whether the law treats that difference as a difference of degree, to be addressed with marginal updates to existing frameworks, or a difference of kind, to be addressed with structural prohibitions on certain classes of system design, is the regulatory question of the next several years.
One thing is clear. The line between personalisation and exploitation is not a property of the user. It is a property of the system, the operator, and the regulator. To insist that the line runs through the user's own capacity for self-defence is to ratify a regime in which the entire weight of the asymmetry falls on the party least equipped to bear it. The architecture of moment-targeting is structural. It will not be solved by individual vigilance.
The model still knows when you are at your weakest. Whether it is permitted to act on that knowledge is, at last, being answered. Whether the answer arrives in time is the test by which the next phase of digital regulation will be judged.
