Consent Mode v2 itself is not a law. However, if you use Google products such as Google Ads or Google Analytics and have users in the European Economic Area (EEA) or the UK, Google requires that you collect valid consent and pass consent signals. Without Consent Mode v2 (or an equivalent implementation), you may lose measurement and ad personalization in those regions.
Key Points
EEA/UK requirement
Google requires consent for ads personalization and measurement under its EU User Consent Policy
Standardized approach
Consent Mode v2 provides the standardized way to pass consent states to Google tags (including ad_user_data and ad_personalization)
Certified CMP for some products
For certain ad products (e.g., AdSense, Ad Manager, AdMob), Google requires use of a Google-certified CMP for EEA/UK traffic
Outside EEA/UK
Using Consent Mode is recommended but not strictly required by Google policy
Learn More
Google's EU User Consent Policy Explained
Google's EU User Consent Policy is a contractual requirement, not a law. It states that all advertisers and publishers using Google's products to target users in the European Economic Area (EEA) or the United Kingdom must obtain valid, informed consent before using personal data for personalized advertising or measurement — and must signal that consent to Google via Consent Mode.
Who does it apply to? The policy applies to every business using:
- Google Ads (Search, Display, Shopping, YouTube, Discovery)
- Display & Video 360 (DV360) for EEA/UK inventory buying
- Google Analytics 4 with EEA or UK traffic
- Google's publisher monetization products: AdSense, Ad Manager, and AdMob
What happens if you don't comply? Non-compliance has practical consequences before any formal enforcement action:
- Conversion data from non-consenting users is permanently lost (no modeling without Advanced Mode)
- Smart Bidding strategies degrade due to reduced conversion signal volume
- Remarketing audience lists shrink as declined users cannot be added
- In-account warnings appear in Google Ads for EEA/UK advertisers without Consent Mode
- For publisher products, failure to use a certified CMP can result in ad serving restrictions
Timeline: Google has enforced the EU User Consent Policy since 2021. Consent Mode v2 — which introduced two additional consent signals (ad_user_data and ad_personalization) — became the required implementation method from March 2024. Advertisers still using Consent Mode v1 after that date are considered non-compliant.
Which Google Products Require Consent Mode v2?
The requirement varies slightly depending on which Google product you are using. Here is a breakdown by product category:
Google Ads (Search, Display, Shopping, YouTube)
Consent Mode v2 is required for all EEA/UK targeting. Both Basic Mode and Advanced Mode satisfy the policy requirement, but Advanced Mode is strongly recommended because it enables Google's conversion modeling for non-consenting users — partially recovering the data you would otherwise lose entirely. Without Advanced Mode, every declined user is a complete data gap for your campaigns.
Google Analytics 4
Consent Mode is not strictly mandated by Google's policy for GA4 alone, but without it, GA4 data quality degrades significantly for EEA/UK traffic. You will see data gaps, reduced session counts, and no behavioral modeling. For any business relying on GA4 for meaningful measurement of EEA users, Consent Mode is effectively mandatory.
DV360 (Display & Video 360)
Consent Mode v2 is required for buying EEA/UK inventory through DV360. The same Basic/Advanced Mode options apply, with Advanced Mode providing modeling benefits.
Google AdSense, Ad Manager, and AdMob
These publisher monetization products have an additional requirement beyond Consent Mode v2: you must use a CMP that is officially certified by Google and registered in the IAB Europe Transparency & Consent Framework (TCF). CookieBeam is not IAB TCF-certified and does not implement the TCF. If you monetize with AdSense, Ad Manager, or AdMob for EEA/UK audiences, CookieBeam alone does not satisfy this specific publisher-side requirement — you would need a TCF-certified CMP for those products.
Consent Mode v2 Requirements by Google Product
| Product | Consent Mode v2 Required | Certified CMP Required | Applies To | |
|---|---|---|---|---|
| Google Ads | Google Ads | Yes | No | EEA/UK advertisers |
| Google Analytics 4 | Google Analytics 4 | Recommended | No | EEA/UK traffic |
| DV360 | DV360 | Yes | No | EEA/UK buyers |
| Google AdSense | Google AdSense | Yes | Yes (Google-certified CMP) | EEA/UK publishers |
| Google Ad Manager | Google Ad Manager | Yes | Yes (Google-certified CMP) | EEA/UK publishers |
| Google AdMob | Google AdMob | Yes | Yes (Google-certified CMP) | EEA/UK app developers |
What Happens If You Don't Implement Consent Mode v2?
The consequences of not implementing Consent Mode v2 build over time and affect multiple areas of your Google marketing stack:
- Conversion data gaps: Every user who declines consent produces zero conversion data. Without Advanced Mode's conversion modeling, these gaps are permanent — you simply cannot see what those users did on your site after clicking an ad. As EEA consent decline rates typically run between 20% and 40%, this is a significant portion of your audience becoming invisible.
- Smart Bidding degradation: Target CPA and Target ROAS bid strategies require a sufficient volume of conversion signals to function accurately. Data gaps from non-consenting users directly reduce the quality of those signals, causing bids to be miscalibrated and campaign performance to suffer.
- Audience list restrictions: Users who declined consent cannot be added to Google Ads remarketing lists. Over time, your retargeting pools shrink as new visitors opt out but cannot be captured for future campaigns.
- Google Ads account warnings: Google has begun displaying in-account notifications to advertisers serving EEA/UK campaigns without Consent Mode signals. These warnings appear in the notifications panel and may escalate to policy enforcement.
- Indirect regulatory risk: While Consent Mode itself is not a GDPR requirement, running Google Ads in the EEA without Consent Mode almost certainly means you are also failing to meet GDPR consent requirements for the underlying data processing. This is a separate and greater legal risk than the Google policy issue.
AdSense and Ad Manager Publishers: Certified CMP Required
If you monetize your website with Google AdSense or use Google Ad Manager to serve programmatic ads to EEA/UK users, Google requires you to use a CMP that is officially certified by Google and registered in the IAB Europe Transparency & Consent Framework (TCF). CookieBeam is not IAB-certified and does not implement the TCF. For AdSense and Ad Manager publishers, CookieBeam alone does not satisfy this specific requirement — you would need to use a TCF-certified CMP such as Quantcast Choice, OneTrust, or Usercentrics to supply the publisher-side consent signal. CookieBeam remains a fully valid option for visitor-facing consent collection on non-publisher websites running Google Ads and Analytics.
Outside the EEA/UK: Is Consent Mode Still Needed?
Google's EU User Consent Policy is technically scoped to the EEA and UK. Outside those regions, Consent Mode is not enforced by Google's policy. However, there are four strong practical reasons to implement it globally rather than region-specifically:
- Simpler implementation: A single global Consent Mode configuration is significantly easier to maintain than region-specific code that activates consent signals only for EEA/UK visitors. Region detection logic introduces additional points of failure and complexity.
- CCPA parallel: US visitors — particularly California residents — have their own privacy rights under CCPA. While Consent Mode does not directly address CCPA requirements, a global consent management framework makes it far easier to layer CCPA opt-out mechanisms alongside your GDPR consent flows.
- Future-proofing: Privacy legislation is expanding globally at pace. Brazil's LGPD, India's Digital Personal Data Protection Act, and Canada's Bill C-27 are all moving toward consent frameworks similar to GDPR. Implementing Consent Mode globally positions your site ahead of these emerging requirements rather than requiring reactive changes later.
- Data consistency: Even for non-EEA traffic, a consistent global consent signal means your Google Ads and Analytics data quality is uniform across all geographies. This simplifies reporting, attribution modelling, and campaign analysis.
CookieBeam supports region-aware default states — you can configure denied defaults specifically for EEA/UK visitors while allowing granted defaults for other regions, or apply denied defaults globally. Either approach is straightforward to configure without custom code.
What CookieBeam Automates for Consent Mode v2
CookieBeam handles the full Consent Mode v2 signal lifecycle automatically: it sets the correct default consent state on page load (before any Google tags fire), maps user consent choices to the four required signals (ad_storage, analytics_storage, ad_user_data, ad_personalization), and fires the consent update call immediately when the user interacts with the banner. It re-signals consent on every returning visit so Google's tags always have the current state, and handles consent withdrawal correctly if a user changes their preferences. CookieBeam also provides region-aware default states, so EEA/UK visitors automatically receive denied defaults even if you have granted defaults configured for other regions. No custom JavaScript is required — CookieBeam generates the correct implementation for your specific GTM or direct tag configuration.
How to Check If Your Site Has Consent Mode v2 Active
Check GTM Preview Mode
Open Google Tag Manager and click Preview. Load your website in the preview session. In the Tag Assistant panel on the left, look for a 'Consent initialization' trigger or consent-related events. If Consent Mode is active, you will see a consent state panel showing the current values of all four consent signals. The signals should default to denied on page load for EEA users and update to the appropriate granted or denied values after the user interacts with the consent banner.
Use the Consent Debug Parameter
Add ?gcm_debug=1 to any URL on your site and open the browser console (F12 on Windows/Linux, or Cmd+Option+J on Mac). Google's Consent Mode debug output will appear in the console, showing the current state of all consent signals in real time. You should see signals defaulting to denied on page load for EEA users, then updating to the correct values immediately after you interact with the CookieBeam consent banner. If no consent output appears in the console, Consent Mode is either not installed or has a timing issue.
Check GA4 Admin
In Google Analytics 4, go to Admin, then Data Collection and Modification, then Data Collection. Scroll down to the Consent Mode section. GA4 will display whether Consent Mode is detected as active and show aggregated consent rates for your traffic broken down by signal type. If Consent Mode is shown as 'Not detected', your implementation is either missing entirely or has a timing issue — for example, the Google tag is firing before the consent default state is set. Allow 24–48 hours after a new implementation for GA4 to update this status display.
Review Google Ads Account Notifications
In Google Ads, check your account notifications (the bell icon in the top navigation) and the Policy Center under Tools & Settings. Google has been issuing in-account warnings to EEA/UK advertisers who have not implemented Consent Mode v2. If you see a notification referencing consent signals or the EU User Consent Policy, it confirms that Consent Mode signals are either missing or not being detected correctly for your EEA/UK campaigns. Once a valid Consent Mode implementation is detected, these warnings should resolve within a few days.
Frequently Asked Questions
Is Consent Mode v2 a legal requirement under GDPR?
No — Consent Mode v2 is a contractual requirement imposed by Google, not a legal requirement under GDPR or any other EU law. GDPR requires you to obtain valid, informed consent before setting non-essential cookies or processing personal data for advertising purposes; it does not specify how you signal that consent to your tag management system. Consent Mode is the practical mechanism Google provides for meeting GDPR requirements while continuing to use Google Ads and Analytics. Without it, your campaigns will have significant data gaps for EEA/UK traffic that directly hurt performance and measurement accuracy, even if your legal consent collection is technically compliant.
What's the difference between Consent Mode v2 and a Google-certified CMP?
Consent Mode v2 is a technical signaling framework — a set of API calls that communicate the user's consent state to Google's tags before they fire. A Google-certified CMP (Consent Management Platform) is a vendor that has been officially certified by Google and registered in the IAB Europe Transparency & Consent Framework. Most Google products — including Google Ads, Analytics, and DV360 — only require valid Consent Mode v2 signals. Any tool that sends those signals correctly qualifies, including CookieBeam. The certified CMP requirement is specific to Google's publisher monetization products: AdSense, Ad Manager, and AdMob, which require the full IAB TCF consent string in addition to Consent Mode signals.
Does implementing Consent Mode v2 replace my privacy policy obligations?
No. Consent Mode v2 is a technical integration with Google's tag ecosystem — it manages how consent signals are communicated to Google's products after the user has made a choice. It does not replace any of your broader GDPR accountability obligations: providing a transparent and accessible privacy policy, maintaining auditable consent logs, processing data subject access requests (DSARs), signing Data Processing Agreements with third-party vendors, conducting Data Protection Impact Assessments where required, or appointing a Data Protection Officer if applicable. Consent Mode is one technical component of a broader compliance approach — not a substitute for it.
How do I know if Google has detected my Consent Mode v2 signals?
There are three reliable ways to verify detection: (1) In GA4, go to Admin → Data Collection and Modification → Data Collection — the Consent Mode section will show 'Active' or 'Not detected'. (2) In Google Ads, account notifications will stop showing consent-related warnings once signals are being received and validated correctly. (3) Add ?gcm_debug=1 to a URL on your site and open the browser console — if you see consent signal output, Google's tag library is receiving your signals in real time. Allow 24–48 hours after initial implementation for GA4's Consent Mode status panel to update, as it reflects aggregated data rather than live signal detection.