Topic · TOOLS

Google certified CMP requirement

When Google requires a certified Consent Mode-compatible CMP for serving ads.

Since January 16, 2024, Google requires a Google-certified Consent Management Platform (CMP) on any site that serves Google Ads, AdSense, AdMob, or Measurement Partner ads to users in the EEA, UK, or Switzerland. Without one, monetization is paused.

Who this affects

Publishers running Google Ad Manager, AdSense, or DV360 to EEA/UK/CH traffic. Advertisers using Performance Max, Demand Gen, or display campaigns targeting these regions. Apps using AdMob or the Google Mobile Ads SDK.

Not affected: sites running only Google Analytics 4 (CMv2 compliant via any reasonable consent layer), CCPA-only US traffic, or markets outside EEA/UK/CH.

What “certified” means

Google publishes a list of CMPs that have implemented the IAB TCF v2.2 framework correctly + emit Consent Mode v2 signals correctly. You can check the current list via Google’s Authorized CMPs docs.

Common certified options: Cookiebot, OneTrust, Sourcepoint, Usercentrics, Iubenda, TrustArc, Quantcast Choice, Didomi, ConsentManager, Klaro, Sirdata. Self-built CMPs are not certified — even if technically compliant — because Google requires the IAB-registered CMP ID for tag-side validation.

Implementation requirements

IAB TCF v2.2 string must be set on the page before any Google ad tag fires.
Consent Mode v2 signals (ad_storage, ad_user_data, ad_personalization, analytics_storage) must be set in default mode before the first Google tag.
Reject button on the first layer with equal visual weight (otherwise the IAB TCF string is invalid under EDPB guidance).
Granular vendor list (the CMP shows specific vendors, not just categories) for sites with multiple ad partners.

What goes wrong

The IAB TCF string is empty or “default-deny” because the CMP loads asynchronously after the Google tag. Fix by deferring the Google tag until cmpFinish or a window event the CMP exposes.

Server-side GTM forwards events but doesn’t pass the consent signals correctly. Map the consent state explicitly in the server container.

Mobile app SDK doesn’t include the IAB TCF string. The Google Mobile Ads SDK supports it via the User Messaging Platform (UMP) SDK — install both.

Vendors

The certified-CMP requirement adds a recurring cost (typically €50-500/mo for SaaS CMPs) on top of the CMP work itself. Free tiers exist (Klaro for self-hosted, Cookiebot Free for low traffic) but they have site-size limits.