When a one-time purchase and a recurring subscription are combined in the same checkout step without visual or semantic separation, the consumer cannot clearly identify which portion of their agreement is recurring. FTC Negative Option Rule (2025) requires that recurring charge consent be obtained independently of any one-time purchase consent. The FTC Dark Patterns Report (2022) specifically flags pre-checked subscription add-ons in one-time checkout flows as a deceptive enrollment pattern. EU Consumer Rights Directive 2011/83/EU Article 22 prohibits pre-ticked boxes for additional charges of any kind.
Medium because the bundling creates ambiguity about the scope of recurring charge consent without necessarily preventing the user from cancelling, but it directly violates FTC negative option consent-separation requirements.
Visually and semantically separate one-time and recurring line items in any mixed checkout flow, and add a distinct consent element for the recurring portion. In the checkout summary component:
<section className="one-time-items">
<h3>One-time purchase</h3>
<div className="line-item"><span>Plugin License</span><span>$49.00</span></div>
</section>
<hr />
<section className="recurring-items">
<h3>Recurring subscription</h3>
<div className="line-item"><span>Pro Plan</span><span>$29.00/month</span></div>
<p className="text-sm mt-1">Renews automatically each month until cancelled.</p>
<label className="flex items-start gap-2 mt-2">
<input type="checkbox" required />
<span className="text-sm">I agree to the recurring $29/month charge</span>
</label>
</section>
Never pre-check the subscription add-on. If using Stripe Checkout with mixed mode: 'payment' and subscription items, surface the itemized breakdown before the hosted session redirects.
ID: subscription-compliance.enrollment.separate-subscription-consent
Severity: medium
What to look for: Check whether the application offers both one-time purchases and subscription purchases. If it does, examine whether the subscription agreement is clearly distinguished from one-time purchase confirmation. Look for checkout flows that bundle a subscription with other products — the recurring billing consent must be visually and semantically separate from the one-time charge acknowledgment. Check for upgrade flows where a user purchasing a one-time feature is offered a subscription upsell in the same checkout step without a clear distinction between what is one-time and what is recurring. Look for Stripe Checkout sessions that include both mode: 'payment' line items and subscription items — this requires explicit labeling in the UI. Also check for dark patterns where a subscription is added to a one-time order via a pre-checked "add subscription" element. Count all instances found and enumerate each.
Pass criteria: Subscription consent is clearly separate from any one-time purchase consent. If both are presented in the same UI, they are visually distinct with separate confirmation elements. The recurring nature of the subscription is not combined with or obscured by one-time purchase flows. At least 1 implementation must be confirmed.
Fail criteria: Subscription enrollment is bundled into a one-time checkout flow without distinct visual separation or separate acknowledgment. A subscription is added to a one-time purchase via a pre-checked checkbox or without separate explicit consent. The checkout confirmation page conflates one-time and recurring charges in a single total without itemization. Do NOT pass if the subscription enrollment is bundled with account creation — the consumer must separately agree to the recurring charge.
Skip (N/A) when: The application offers only subscriptions with no one-time purchase options at all, OR only one-time purchases with no subscription options at all. This check is specifically about the interface between two payment types in the same checkout flow. If no mixing is architecturally possible (pure subscription product), skip. Prefer skip over pass when the application clearly has no mixed checkout; pass should only be used when both payment types coexist and are correctly separated.
Cross-reference: The cancellation-accessible check in Cancellation verifies the consumer can undo the enrollment this consent initiates.
Detail on fail: Example: "Checkout page combines one-time setup fee and monthly subscription in a single 'Total due today' without itemizing what is recurring vs. one-time." or "Upgrade modal includes a pre-checked 'Also add Pro subscription ($29/month)' alongside a one-time plugin purchase.".
Remediation: Separate one-time and recurring charges visually and require separate acknowledgment:
// If showing both one-time and subscription items in checkout:
<div className="checkout-summary">
<section className="one-time-items">
<h3>One-time purchase</h3>
<div className="line-item">
<span>Plugin License</span>
<span>$49.00</span>
</div>
</section>
{/* Clear visual separator */}
<hr />
<section className="recurring-items">
<h3>Recurring subscription</h3>
<div className="line-item">
<span>Pro Plan</span>
<span>$29.00/month</span>
</div>
<p className="recurring-notice">
The subscription portion renews automatically each month until cancelled.
</p>
{/* Separate consent for the subscription */}
<label>
<input type="checkbox" required />
I agree to the recurring $29/month charge
</label>
</section>
</div>