Overview
On March 13, 2026, Adobe Inc. reached a landmark $150 million settlement with the U.S. Department of Justice, ending a case filed in June 2024 that accused the software giant of hiding hefty early termination fees in fine print and making it unnecessarily difficult for customers to cancel their subscriptions. The case, jointly pursued with the Federal Trade Commission, represents one of the most significant consumer-facing enforcement actions against a major SaaS vendor in recent years — and the implications stretch well beyond Adobe’s Creative Cloud.
What Adobe Was Accused Of
The DOJ and FTC alleged that Adobe violated the Restore Online Shoppers’ Confidence Act (ROSCA) by using fine print and inconspicuous hyperlinks to hide information about its subscription plans, including an early termination fee that customers could be charged when cancelling. The agencies alleged that Adobe imposed this fee on millions of online subscribers and profited from it for years.
The product at the centre of the controversy was Adobe’s most popular pricing tier — the “Annual, Paid Monthly” subscription plan. The plan was presented as the default during sign-up, with the attractive monthly price displayed prominently — but what was not prominently displayed was the annual commitment attached to it.
Anyone who attempted to cancel was subjected to what the DOJ described as convoluted and inefficient cancellation processes filled with unnecessary steps, delays, unsolicited offers, and warnings. Phone cancellations were reportedly even more burdensome — customers had to repeat themselves to multiple representatives while facing resistance and delay.
This is the textbook definition of a dark pattern — interface and process design engineered not to serve the user, but to erode their ability to exercise a legitimate right.
The Settlement Terms
The proposed settlement requires Adobe to pay $75 million in civil penalties to the DOJ and provide an additional $75 million in free services to affected customers.
Going forward, Adobe must clearly disclose any Early Termination Fee and how it is calculated before enrolling customers. For any free trial longer than seven days, Adobe must remind customers before converting them to a paid subscription that carries a termination fee, and must provide subscribers with easy cancellation mechanisms.
Adobe denied any wrongdoing, stating it is transparent with subscription terms and has a simple cancellation process. The company said it will proactively reach out to affected customers once appropriate court filings are accepted.
Individual Accountability: The Real Headline
The FTC took action not only against Adobe as a company, but also against two of its executives — Maninder Sawhney, an Adobe vice president, and David Wadhwani, president of Adobe’s digital media business — for what they described as deceiving consumers by hiding the early termination fee and making it difficult to cancel subscriptions.
This signals a decisive regulatory shift. Naming executives personally is not incidental — it is a deliberate deterrence strategy designed to make senior leadership personally accountable for decisions that were previously treated as routine product design choices. For the cybersecurity and governance community, this is a pattern worth internalising: risk is no longer abstract at the corporate entity level. It attaches to individuals.
The Governance and Regulatory Lens
1. ROSCA as Enforcement Leverage
ROSCA, passed in 2010, requires that companies clearly disclose all material terms before charging consumers for online subscriptions and provide simple cancellation mechanisms. For over a decade it was treated as a compliance checkbox. Adobe’s case demonstrates that regulators are willing to use it aggressively against trillion-dollar-class software vendors. For SaaS companies operating globally — including those selling into India where the Digital Personal Data Protection Act is maturing — this signals that subscription design is now a regulatory surface area, not just a UX decision.
2. Subscriptions as a Protected Revenue Engine
Subscriptions accounted for 97% of Adobe’s $6.4 billion in revenue for the quarter ending February 2026 — which means every cancelled subscription represented a direct revenue leak. The enforcement case essentially argues that Adobe’s cancellation friction was not an oversight; it was an engineered mechanism protecting a core business metric. That framing — intentional design for financial gain at consumer expense — is exactly what elevates this from a compliance issue to an ethics and governance failure.
3. The $150M Penalty Is a Rounding Error
To put the $150 million figure in perspective, it represents approximately 0.6% of Adobe’s $18.5 billion in annual revenue for 2025. One publication compared it to the average worker receiving a minor traffic fine. Until penalty frameworks are calibrated as a meaningful percentage of revenue — as the EU’s GDPR model attempts — the deterrence signal for large-scale enterprise violators remains weak. $150 million is painful enough for headlines; it is not painful enough to fundamentally reprice the risk calculus of dark pattern design.
4. Market Consequences Hit Harder Than Fines
Adobe’s stock price dropped approximately 7.5% following the settlement announcement, and the company’s shares have fallen roughly 32% over the past 120 days. This is the more instructive lesson: reputational capital destruction and investor confidence erosion can impose penalties that regulators cannot. In an environment where enterprises are under increasing ESG and governance scrutiny, trust is a balance sheet item.
What Should Have Been Done Differently
From a governance architecture standpoint, Adobe’s situation is a case study in risk-by-design — where product decisions made in growth-optimisation mode accumulate regulatory and reputational debt that eventually becomes an acute liability.
The correct architecture would have been:
- Privacy and Consumer Rights by Default — Cancellation flows should be as frictionless as sign-up flows. This is not just ethical; it is increasingly a compliance baseline across jurisdictions.
- Material Disclosure at Point of Intent — Fee structures, termination penalties, and commitment durations should be surfaced at the decision point, not buried in Terms of Service hyperlinks.
- Product Governance Reviews — Cross-functional governance reviews that include legal, compliance, and consumer rights perspectives before subscription tier design is finalised would have identified ROSCA exposure years earlier.
- Executive Accountability Frameworks — When product decisions carry legal and financial risk that reaches the executive level, those decisions require board-level sign-off, not just product team approval.
Conclusion
Adobe’s $150 million settlement is not the end of a story — it is a reference point in a broader regulatory trajectory. Dark patterns, hidden fees, and engineered friction are being reframed from “aggressive but legal” business practices to actionable violations of consumer protection statutes. The naming of individual executives sends a message that should travel well beyond Adobe’s corridors: product design decisions have legal owners, and those owners can be held personally accountable.
For SaaS vendors globally, the question is no longer whether regulators will come — it is whether the governance architecture is in place to demonstrate good faith before they do.
