Skip to main content
Back to Guides
Compliance5 min read

Google's Certified CMP Requirement for AdSense, Ad Manager and AdMob

If you run Google ads on your site or app in the EEA, UK or Switzerland, Google requires a certified CMP integrated with the IAB TCF. Here's what that means, the enforcement dates, and the revenue cost of ignoring it.

Two Different Google Consent Rules, Often Confused

There are two separate Google consent requirements, and publishers routinely mix them up. Consent Mode v2 is an advertiser-side mechanism: it adjusts how your Google tags measure conversions based on consent signals. The certified CMP requirement is a publisher-side rule: if you monetise a site or app with Google's publisher products, you must use a consent management platform that Google has certified and that integrates with the IAB Transparency and Consent Framework. This guide is about the second one.

It applies to AdSense, Ad Manager and AdMob, and it governs whether you can serve personalized ads to users in the EEA, UK and Switzerland. Get it wrong and you don't get fined by Google, you get demoted to lower-paying ad inventory.

The Requirement in One Sentence

Publishers using AdSense, Ad Manager or AdMob are required to use a consent management platform that has been certified by Google and integrates with the IAB's Transparency and Consent Framework (TCF) when serving personalized ads to users in the EEA and UK. If you don't yet know what the TCF is, read what is the TCF and, for the publisher walkthrough, TCF for publishers.

The Enforcement Dates

These are firm, published dates, not proposals:

  • 16 January 2024: a certified CMP integrated with the TCF became required to serve personalized ads to users in the EEA and UK.
  • 31 July 2024: the same requirement was extended to users in Switzerland.

In other words, this has been live and enforced for over two years. If you're setting up a new ad-monetised property in 2026, it's a launch-day requirement, not something to bolt on later.

What "Certified" Actually Means

A certified CMP is one that Google has assessed against its certification criteria, which centre on correct TCF implementation. Certification isn't permanent: CMPs must recertify at least every twelve months, and Google sends a reminder before the deadline. Google publishes and maintains the list of certified CMPs, and the CMP must be a registered participant in the IAB TCF. From a publisher's point of view, the practical checklist is:

  • Your CMP is on Google's certified list and registered with the IAB TCF (currently version 2.2).
  • It passes the TCF consent string to Google's ad tags.
  • It stays certified, meaning it recertifies annually and keeps its TCF integration current.

What Happens If You Don't Comply

The penalty is commercial, and it's automatic. Traffic that arrives without a valid signal from a certified CMP isn't eligible for personalized ads. Instead, Google states that such traffic "may be eligible for non-personalized ads or limited ads (including programmatic limited ads) where supported." Only traffic from a certified CMP is eligible for personalized ads.

Non-personalized and limited ads typically monetise at meaningfully lower rates than personalized inventory, because they can't use audience and behavioural targeting. So the effect of skipping a certified CMP isn't that your ads stop, it's that a slice of your EEA, UK and Swiss traffic quietly earns less. For publishers, that's the whole ballgame; we go deeper on the revenue mechanics in cookie consent for publishers: protecting ad revenue.

How This Sits Alongside Consent Mode

A publisher who also runs their own Google Ads campaigns will encounter both requirements at once, and they're complementary rather than redundant. The certified CMP gathers TCF consent and makes your ad-serving eligible for personalized ads; Consent Mode governs how your measurement tags behave under that same consent. The two frameworks are compared in IAB TCF 2.2 vs Google Consent Mode v2. A certified CMP integrated with the TCF can feed both, which is why choosing a CMP that handles TCF and Consent Mode together saves you from wiring consent twice. Keeping them in one tool also means a single source of truth for what each visitor agreed to, which matters when you have to demonstrate consent during an audit or respond to a data subject request.

Why a Generic Cookie Banner Isn't Enough

A frequent and expensive misunderstanding: any consent banner that blocks cookies satisfies this rule. It doesn't. Google's requirement is specific on two counts. First, the CMP must be certified by Google, not merely present. A homegrown banner or an uncertified tool, however well it blocks trackers, doesn't make your traffic eligible for personalized Google ads. Second, the CMP must integrate with the IAB TCF and pass a valid TCF consent string, because that string is the machine-readable signal Google's ad servers read to decide personalized-ad eligibility. Collecting consent but not transmitting a TCF string leaves you in the same limited-ads bucket as collecting nothing.

This is why the choice of CMP is a monetisation decision as much as a compliance one. The banner you pick has to be on Google's certified list, speak TCF, and keep that certification current, or a portion of your EEA, UK and Swiss revenue quietly downgrades.

Action Checklist

  1. Confirm whether you serve Google ads (AdSense, Ad Manager or AdMob) to EEA, UK or Swiss users. If yes, this rule applies.
  2. Verify your CMP is on Google's certified list and registered with the IAB TCF.
  3. Check that the TCF consent string is actually being passed to Google's tags, not merely collected.
  4. Diarise your CMP's annual recertification so a lapse doesn't silently drop you to limited ads.
  5. Confirm the banner blocks personalized-ad eligibility until the user consents, and offers an equal-prominence reject path.
Google Certified CMP Requirement Explained | CookieBeam | CookieBeam