By “developer” I mean the firm employing the developer, not the individual. A contractor company for example.

I think that just leaves everyone with an incentive to keep it quiet. A monetary reward for the reporting dev and a fine for the person authorizing the build puts incentives in the right place, IMO.

What if a poor junior engineer built a bad bridge and people died?

I was waiting for someone to make this point; It's funny how in other engineering disciplines there are clear repercussions for designing something that breaks the law, but software engineers are somehow exempt.

"The client didn't want to pay for a GFI so it's not my fault he got electrocuted ¯\_(ツ)_/¯"

We aren't except from it on countries where software engineering is a proper professional title and there is a named signed on some contract.

However a large amount of dark patterns aren't legally forbidden anyway.

Wow, I didn't know such software professional titles exist, I thought it's the same in all countries. Could you share the countries list please?

The liability is on the licensed engineer who signed off on it.

The engineer is part of a larger system though, and imo it's the fault of the system if a mistake from a single junior engineer can cause deaths.