| UI or UX | UI + UX - Explicit agreement gate for terms, conditions, contracts, policies, legal disclosures, or updated service rules before access or transaction commitment | UI + UX - Specific opt-in decision for optional data use, participation, communication, sharing, or training | UI + UX - Final editable answer summary before committing a transaction | UI + UX - Multiple-choice form control | UI + UX - Consequential alert decision | UI + UX - Exact target phrase gate before severe commit | UI + UX - Eligibility and safety boundary that asks for age, age band, date of birth, verified age, or parent authorization before age-sensitive access, data collection, or content exposure |
| UI guidance | Render legal acceptance as a required agreement control that names the document, owner, version or effective date, scope, linked or embedded full terms, and consequence of accepting or declining. | Render a consent prompt as a focused opt-in decision that names the requester, purpose, data involved, optionality, benefit, consequence of declining, withdrawal route, and consent record before the user chooses. | Render a single review page immediately before commit with a clear title, grouped answer sections, readable key/value rows, per-answer or per-section Change actions, skipped optional answers when meaningful, and a primary button whose label names the committed action. | Render visible native checkboxes with labels, checked states, group legend, select-all-that-apply hint, and group validation state. | Render an alert-style modal decision with a specific title, consequence description, safe cancellation, and a destructive action label that names the object or scope. | Render a visible non-secret text field inside a destructive or high-consequence confirmation, labelled with the exact target phrase the user must type before the final action enables. | Render the age gate as a clear eligibility boundary that states why age is needed, what threshold or age band applies, which answer format is required, and what happens next. |
| UX guidance | Use legal acceptance when users must knowingly agree to terms of service, conditions of sale, workplace terms of use, contract amendments, policy acknowledgements, or other legal documents before proceeding. | Use consent prompt when the product needs the user to knowingly agree to a specific optional data-processing purpose such as marketing, research participation, AI training, personalization, partner sharing, or sensitive-data use. | Use review before submit to give users one final chance to verify and correct captured answers before a transaction is sent, paid, published, applied, or otherwise committed. | Let users choose independent options and review the selected set before submitting. | Interrupt users only when the action has a meaningful consequence that cannot be safely recovered afterward. | Use typed confirmation only when reproducing the target phrase meaningfully reduces severe wrong-object or wrong-scope mistakes, such as deleting a repository, project, account, workspace, production dataset, or root credential. | Use an age gate when the product must adapt, restrict, or verify access because of age-sensitive content, child data protection, app-store rating, regulated features, or parent authorization. |
| Good UI | A checkout step shows an unchecked I agree to the conditions of sale checkbox beside linked terms, blocks Place order until checked, and validates the missing agreement next to the checkbox. | A research signup screen asks whether the user consents to being contacted for follow-up interviews, names the research team, shows what contact data is used, offers Yes and No thanks buttons, and links to withdrawal. | A claim review page has Applicant, Contact details, Evidence, and Declaration sections; each row shows the captured answer and a Change link with hidden context such as Change email address. | Visible checkboxes with large hit areas, persistent labels, group legend, and aligned helper text. | Delete Research archive? explains that 14 notes and shared links will be permanently removed, offers Keep archive, and labels the danger action Delete archive. | Delete repository acme/payments-api? requires typing acme/payments-api, shows a mismatch until the exact path matches, and then enables Delete repository. | A video service asks for date of birth before showing mature content, explains that age is needed for content eligibility, and blocks access without previewing restricted media when the user is under the threshold. |
| Bad UI | A payment button says By continuing you agree to our terms, but the terms link is hidden below the order summary and no separate acceptance state is recorded. | A modal says By continuing you agree to personalized offers and partner sharing, with a large Continue button and a small privacy policy link. | A final page says Check your answers but shows only a paragraph and a Continue button with no answers, section headings, or change links. | Tiny custom boxes that are hard to target. | A popup says Are you sure? with OK and Cancel but does not name the project, notes, or irreversible outcome. | A dialog asks users to type YES before deleting a workspace, so the text does not verify the target object. | A modal asks Are you 18? with the Yes button preselected, no explanation, and mature content visible behind the overlay. |
| Good UX | A returning user sees updated terms with a change summary, old and new effective dates, a download route, an accept action, and a clear message that access pauses if they decline. | A user declines partner sharing and can still complete checkout; the service records no partner-sharing consent and shows how to change the choice later. | A user changes their phone number from review, lands on the phone page with the old value pre-filled, saves, and returns directly to review with other answers preserved. | Clicking the label toggles the checkbox. | Cancel, Escape, and Keep archive leave the archive unchanged and return focus to Delete archive. | A user starts deleting acme/payments-api, mistypes the repository path, sees the mismatch, and cancels before deleting the wrong repository. | A user enters a birth date, sees that they meet the age threshold for the current region, and can continue without seeing repeated checks during the same signed-in session. |
| Bad UX | A user cannot access an admin app because terms changed, but the gate shows only Access denied and no policy title, version, decline route, or help path. | A user clicks Next to finish onboarding and unknowingly opts into marketing because the consent copy was bundled into the terms paragraph. | A user selects Change address, edits one field, then has to repeat every later page before finding the review page again. | Using checkboxes for mutually exclusive choices. | Every archive, filter, and dismiss action opens the same confirmation until users click through automatically. | A user types DELETE by habit and passes the gate without checking which workspace will be removed. | A user denied by an age check can immediately retry unlimited times until they guess an adult birth year. |
| Best fit | A user must accept terms of service, conditions of sale, policy documents, service agreements, acceptable-use rules, or legal disclosures before access or transaction completion. | The product needs a user's active agreement for optional data use, marketing, research participation, personalization, partner sharing, AI training, or sensitive-data processing. | A user has provided multiple answers and should verify them before a consequential submit action. | Users can choose zero, one, or many options. | The action is destructive, irreversible, costly, security-sensitive, privacy-affecting, or externally visible. | A severe action affects repository, project, workspace, account, production, security, billing, or organization-wide scope. | Age or age band controls whether users may access content, features, commerce, community interaction, personalization, or data collection. |
| Avoid when | The choice is optional data processing, marketing, research, or AI training consent; use consent prompt. | The choice is only about non-essential cookies or device storage; use cookie banner. | The task is a single low-risk field with clear inline validation and an obvious submit action. | Only one option can be selected. | The action is routine and easily reversible. | The action is routine, reversible, local, or recoverable through undo or trash restore. | The question is whether an eligible user consents to optional data use; use consent prompt. |
| Required state | Initial unchecked required agreement state. | Pre-consent state with optional processing off and the core task still understandable. | Initial review state with grouped captured answers, relevant sections, and explicit submit action. | Unchecked option state. | Pre-action state with an explicit consequential trigger. | No-typed-gate state for actions that do not need target-text escalation. | Age prompt state with reason, threshold, and input format. |
| Accessibility burden | Use a labelled checkbox or button whose accessible name includes the document title, not just I agree. | Use a labelled region or dialog title that names the consent purpose, not a vague privacy heading. | Use headings that make the review task explicit, such as Check your answers before sending your application. | Use programmatic labels for every checkbox. | Use alertdialog semantics or platform equivalent when the decision is urgent and requires a response. | Associate the input with a label that includes or references the required phrase. | Label date, month, year, age band, parent email, verification provider, continue, cancel, correction, and appeal controls with the target threshold or action. |
| Common misuse | Relying on continued browsing, payment, account creation, or a footer link as the only acceptance signal. | Treating continued use, scrolling, closing, or inactivity as consent. | Using a review page that contains no captured answers. | Using checkboxes for mutually exclusive choices. | Asking users to confirm every routine action until they stop reading. | Requiring users to type yes, confirm, or delete instead of the target name. | Preselecting Yes, I am over 18 or styling the adult path as the obvious safe answer. |