IAB TCF v2 compliance

Important: If you are using settings in your CMP or Design that are not compliant with the TCF standard, the CMP will disable the TCF-API and you will no longer be able to use the TCF features on the website. This means that vendors will not get TCF signals and may not show ads or do tracking.


The CMP is registered with the IAB TCF Policy v2 (see The CMP therefore supports features in line with the IAB TCF Policy, the IAB Consent String Specification, the IAB CMP API Specification and other related specifications and policies. IAB Registration Information

Name Description
CMP domain
CMP is a service yes
TCF version 2


IAB Policy and Design restrictions

The goal of the IAB policy is to ensure that all vendors who receive an IAB consent string are safe to trust that the consent string has been created with a common set of transparency. Therefore all CMP need to follow a certain minimum standard regarding the presentation of the consent layer. The IAB currently requires CMPs to comply with the following minimum design standards to be present (questions answered with "Yes"):

  1. Does the UI show Purposes and Features with their standard names or Stacks?

  2. Can users review the standard legal text?

  3. If the UI includes non-TCF Vendors, are they presented separately?

  4. Is the UI prominently displayed, covering most of the website content?

  5. Is the UI displayed separately from other information such as terms and conditions or the privacy policy?

  6. Is a link to resurface the UI easily accessible?

  7. Is the user able to withdraw their consent as easily as it was to give it?

  8. Does the 1st layer of the UI provide information about the storage and access of information from the user’s device by the publisher and third-party vendors?

  9. Does the 1st layer of the UI provide information about the processing of personal data by the publisher and third party Vendors?

  10. Does the 1st layer of the UI provide an example of personal data processed?

  11. Is there a direct link to the list of third parties in the 1st layer of the UI?

  12. Does the 1st layer of the UI provide information about the Purposes and/or Stacks and Special Features used by third parties?

  13. Is there information about the consequences of consenting or not in the 1st layer of the UI?

  14. Does the 1st layer of the UI provide information about the scope of the consent choice, i.e. global consent, service-specific consent, or group-specific consent?

  15. Does the 1st layer of the UI inform the user that they can withdraw their consent at any time and how to do so?

  16. Does the 1st layer of the UI provide information about third party Vendors processing personal data based on legitimate interest (if any)?

  17. Does the 1st layer of the UI advise the user of their right to object to their personal data being processed on the basis of legitimate interest (if any)?

  18. Are there calls to action in the 1st layer for users to express consent (e.g. 'Accept') and customize their choices (e.g. 'Manage options')?

  19. Is the user able to review the list of Vendors, their Purposes, Special Purposes, Features, Special Features, associated Legal Bases and a link to their privacy policy, as well as make granular choices per Purpose and per Vendor?

  20. Does the 2nd layer allow users to make granular and specific opt-in choices with respect to each Special Feature?

  21. Are user choices set to 'off' by default?

  22. If legitimate interest is used by any Vendors as a legal basis, does the information in the 2nd layer specify the nature of processed information and its scope?

  23. If legitimate interest is used by any Vendors as a legal basis, does the 2nd layer allow users to object to the processing of their personal data, per Purpose and per Vendor?

  24. Calls to action in a Framework UI must not be invisible, illegible, or appear disabled. While calls to action do not need to be identical, to ensure they are clearly visible, they must have matching text treatment (font, font size, font style) and, for the text of each, a minimum contrast ratio of 5 to 1. To the extent that an Initial Layer has more than two calls to action, this policy only applies to the two primary calls to action.

Example of an IAB TCF v2 compliant consent layer

The reference implementation (default design and default settings) therefore reflect these design standards. Here is an example how this can look:

How deals with the IAB Policy

ConsentManager allows our clients to choose between the settings they need for their business and the settings that are necessary to be compliant with the IAB policy. Therefore we highlight each setting that is relevant for IAB compliance. If one of these settings is deactivated or if a setting is activated that causes the CMP to be non-compliant with the IAB policy, a warning message will appear.

var dfassadfasfd = "asdasdsad";


What happens if I use settings that are not compliant with the IAB policy?

If you use settings that are not compliant with the IAB policy, the system will display a warning message in order to inform you about these settings and the consequences. If a non-compliant setting is saved and the CMP is used on a website, the system will perform the following changes compared to IAB policy compliant settings:

  1. The CMP will no longer respond with consent information to calls to the IAB CMP JavaScript API via calls to __tcfapi() with the standard commands (e.g. "getTCData")  in order to prevent vendors from getting non-compliant consent information.
  2. The CMP will provide new commands with the prefix "noncompliant_" (e.g. "noncompliant_getTCData") in order to allow clients to be able to retrieve consent information from the CMP.

It is important to highlight, that your CMP will still continue to function as before and can still be used with tag managers or adblocking/postponing logics and so on. If you and your partners do not rely on the IAB TCF signals, the above mentioned changes will have no effect on your website.

Back to top