Google Consent Mode v2 Requirements (2026): Complete Guide for Websites, Agencies and Marketers

Google Consent Mode v2 has become one of the most important consent topics for websites that rely on Google Ads, Google Analytics 4, Google Tag Manager, remarketing, conversion tracking, or advertising measurement.

But it is also one of the most misunderstood.

Many businesses ask:

• Is Google Consent Mode v2 mandatory?
• Is it a legal requirement?
• Do I need a CMP?
• What happens if I do not implement it?
• Does Consent Mode v2 make my website GDPR compliant?
• What are ad_user_data and ad_personalization?
• Is a cookie banner enough?

This guide answers those questions in practical terms.

It explains what Google Consent Mode v2 is, what changed from the previous version, which signals you need to understand, how it relates to GDPR and ePrivacy, what a CMP should do, and how businesses can avoid common implementation mistakes.

Disclaimer: This article is for general information only and is not legal advice. Consent requirements depend on your specific website, tracking technologies, jurisdictions, and data processing activities. Always verify current Google requirements and consult qualified legal counsel where appropriate.

Quick Answer

What Is Google Consent Mode v2?

Google Consent Mode is a mechanism that allows Google tags to adjust how they behave based on user consent.

Instead of treating every visitor the same way, Google tags receive consent signals that indicate whether the user has granted or denied specific types of consent.

When consent is granted, Google tags can function normally for the relevant purpose.

When consent is denied, Google says consent-aware tags and SDKs adjust their behavior. For example, if storage consent is denied, Google tags do not store cookies or device identifiers for that purpose and may send cookieless pings or signals instead.

Consent Mode v2 is the updated version of Consent Mode. It expanded the consent model by adding two advertising-related signals:

• ad_user_data
• ad_personalization

These were added alongside the existing Consent Mode signals such as:

• ad_storage
• analytics_storage

This makes Consent Mode v2 more important for businesses that use Google advertising features, remarketing, audience building, and conversion measurement.

The Four Main Consent Mode v2 Signals

Consent Mode v2 is easier to understand if you separate the four main signals by purpose.

1. ad_storage

ad_storage controls whether Google advertising-related storage can be used.

In practical terms, this relates to whether advertising cookies or similar identifiers can be stored or accessed for Google advertising purposes.

Typical use cases include:

• Google Ads conversion tracking
• Advertising cookies
• Ad click identifiers
• Remarketing-related storage
• Advertising measurement

If a user denies advertising storage, Google tags should not use advertising cookies or identifiers for that purpose.

2. analytics_storage

analytics_storage controls whether analytics-related storage can be used.

This is particularly relevant for Google Analytics 4 and similar measurement use cases.

Typical use cases include:

• Analytics cookies
• Site usage measurement
• Session analytics
• Behavioral measurement for analytics purposes

If a user denies analytics storage, consent-aware tags should avoid analytics cookies or similar identifiers for that purpose.

3. ad_user_data

ad_user_data is one of the important additions in Consent Mode v2.

It relates to whether user data may be sent to Google for advertising purposes.

This is especially relevant for:

• Google Ads
• Enhanced conversions
• Audience-related advertising use cases
• Advertising measurement involving user data

This signal helps communicate whether the user has consented to advertising-related user data being sent to Google.

4. ad_personalization

ad_personalization is the other major Consent Mode v2 addition.

It relates to whether user data may be used for ad personalization.

Typical use cases include:

• Remarketing
• Personalized ads
• Audience personalization
• Similar advertising personalization use cases

If a user does not consent to ad personalization, Google advertising systems should not use that user data for personalized advertising.

Consent Mode v2 vs Consent Mode v1

Consent Mode v1 mainly focused on storage-related consent signals such as advertising storage and analytics storage.

Consent Mode v2 expanded the model by adding two advertising-specific signals:

• ad_user_data
• ad_personalization

That change matters because modern advertising compliance is not only about whether a cookie is stored.

It is also about whether user data is sent to Google and whether it can be used for personalized advertising.

In practice, Consent Mode v2 is more closely aligned with the way advertisers and marketers need to communicate user choices across Google’s advertising ecosystem.

Is Google Consent Mode v2 a Legal Requirement?

No.

Google Consent Mode v2 is not a law.

It is a Google framework and product requirement for many Google advertising and measurement use cases.

This distinction is important.

The law may require you to obtain consent before storing or accessing information on a user’s device, or before processing personal data for certain purposes. Google Consent Mode is the technical mechanism that communicates those choices to Google tags and services.

In other words:

• GDPR and ePrivacy-style rules may require consent.
• Google Consent Mode v2 communicates consent states to Google.
• Consent Mode v2 does not replace legal compliance.
• Consent Mode v2 does not make a website compliant by itself.

A website can have Consent Mode implemented incorrectly. A website can also have a consent banner that does not properly block scripts before consent.

The legal and technical layers must work together.

Who Needs Google Consent Mode v2?

You should evaluate Consent Mode v2 if your website, app, or digital property uses Google services that rely on advertising or analytics consent.

It is particularly relevant if you use:

• Google Ads
• Google Analytics 4
• Google Tag Manager
• Google Tag
• Floodlight
• Campaign Manager
• Enhanced conversions
• Remarketing
• Conversion tracking
• Personalized advertising
• Audience creation
• Ad measurement

It is especially important when you have users in:

• European Economic Area
• United Kingdom
• Switzerland

Google’s EU User Consent Policy applies to end users in the EEA, UK, and Switzerland for relevant Google products. It requires valid consent for cookies or other local storage where legally required, and for collection, sharing, and use of personal data for ads personalization.

Is Consent Mode v2 Mandatory?

The safest answer is:

Consent Mode v2 is required for many Google advertising and measurement use cases involving EEA, UK, and Switzerland users if you want to maintain access to certain Google Ads and measurement functionality.

It is not mandatory in the sense that a government law says every website must implement Google Consent Mode.

It is mandatory in the practical sense that Google requires appropriate consent signaling for certain products and use cases.

If your website uses Google Ads, remarketing, conversion tracking, or personalized advertising with users in covered regions, you should treat Consent Mode v2 as a core implementation requirement.

What Happens If You Do Not Implement Consent Mode v2?

The exact impact depends on your setup.

Possible consequences may include:

• Reduced advertising measurement
• Limited remarketing functionality
• Reduced audience personalization
• Loss of certain conversion measurement capabilities
• Consent signal warnings in Google tools
• Less effective campaign optimization
• More limited conversion modeling

Avoid oversimplifying this.

It does not necessarily mean that all Google Ads stop working overnight. But it can affect how Google products process advertising and measurement data, especially for users in regions covered by Google’s EU User Consent Policy.

For marketing teams, the practical impact is usually measurement quality and advertising functionality.

Does Consent Mode v2 Require a CMP?

Technically, a developer can implement Consent Mode without a commercial CMP by building a custom consent interface and sending the correct consent signals.

However, for most businesses, a CMP is the practical approach.

A proper CMP helps with:

• Collecting consent through a clear user interface
• Blocking non-essential scripts before consent
• Storing consent records
• Managing consent categories
• Updating consent states when users change choices
• Sending consent signals to Google tags
• Supporting region-specific consent behavior
• Maintaining auditability

Consent Mode is only useful if the underlying consent choices are collected and applied correctly.

That is why many organizations use a CMP rather than custom-building everything from scratch.

Important Distinction: Google-Certified CMP vs Standard CMP

Not every website needs the same type of CMP.

Google has specific consent management requirements for certain publisher products, including Google AdSense, Google Ad Manager, and AdMob, when serving ads to users in the EEA and UK.

For those publisher use cases, Google requires partners to use a Google-certified CMP integrated with the IAB Transparency and Consent Framework when serving personalized ads in those regions.

This is not the same as saying every website using Google Analytics or Google Ads must use a Google-certified CMP.

The right requirement depends on your Google products and business model.

Before selecting a CMP, determine whether you are:

1. A standard website using Google Analytics and Google Ads.
2. An advertiser using conversion tracking and remarketing.
3. A publisher using AdSense, Ad Manager, or AdMob.
4. A publisher serving personalized ads in the EEA or UK.
5. A business using IAB TCF vendors or programmatic advertising.

If you fall into the publisher category covered by Google’s certified CMP requirements, verify your CMP against Google’s official certified CMP list before relying on it.

Basic Consent Mode vs Advanced Consent Mode

Google documentation commonly distinguishes between basic and advanced Consent Mode implementations.

The key difference is when Google tags load and whether pings are sent before consent.

Basic Consent Mode

In a basic implementation, Google tags are generally blocked until the user interacts with the consent banner.

If the user grants consent, the relevant tags can load or update.

If the user denies consent, the tags remain restricted for the relevant purposes.

Basic Consent Mode is often easier to understand and may be preferred by organizations taking a stricter prior-consent approach.

Advanced Consent Mode

In an advanced implementation, Google tags may load before consent, but they are configured with default denied consent states.

When consent is denied, tags adjust behavior and may send cookieless pings. When consent is granted, tags update accordingly.

Advanced implementations can support more modeling and measurement functionality, but they require careful legal and technical review.

Organizations should not assume that advanced mode is appropriate in every jurisdiction or setup.

The correct approach depends on your legal basis, consent model, regulator expectations, and risk tolerance.

Consent Mode v2 and GDPR

GDPR governs the processing of personal data.

If your website collects or processes personal data through analytics, advertising, tracking, or profiling, GDPR may apply.

Consent Mode v2 does not create a GDPR legal basis by itself.

Instead, it communicates consent states to Google.

You still need to consider:

• Transparency
• Legal basis
• Purpose limitation
• Data minimization
• Controller/processor roles
• International transfers
• Data retention
• Data subject rights
• Vendor disclosures

For advertising personalization and similar tracking-heavy use cases, consent is often the relevant legal basis in the EU/EEA context.

However, the exact legal assessment depends on the technology and processing involved.

Consent Mode v2 and ePrivacy / Cookie Rules

For cookies and similar technologies, GDPR is only part of the picture.

EU and UK cookie consent rules are heavily influenced by the ePrivacy Directive and national implementations, and by UK PECR in the United Kingdom.

These rules generally require consent before storing or accessing information on a user’s device unless the technology is strictly necessary.

That means a website should not treat Consent Mode as a replacement for prior consent.

If analytics or advertising tags store or access cookies or similar identifiers, you need to evaluate whether consent is required before those technologies run.

A CMP should help ensure that non-essential scripts do not run before the required consent is obtained.

Consent Mode v2 Does Not Block Scripts by Itself

This is one of the most important misconceptions.

Consent Mode communicates consent states to Google.

It does not automatically block every third-party script on your website.

If your site loads non-Google trackers, pixels, widgets, session replay tools, advertising scripts, or social plugins before consent, Consent Mode will not automatically fix that.

A proper consent setup needs both:

1. Consent signaling to Google.
2. Script blocking or tag control for non-essential technologies.

This is where a CMP becomes important.

What a CMP Should Do for Consent Mode v2

A CMP used for Consent Mode v2 should ideally support the full consent workflow.

At minimum, evaluate whether it can:

• Show a clear consent banner.
• Let users accept, reject, or customize choices.
• Apply consent by category.
• Block non-essential scripts before consent.
• Store proof of consent.
• Update consent choices when users change preferences.
• Send Consent Mode v2 signals to Google.
• Support ad_storage, analytics_storage, ad_user_data, and ad_personalization.
• Support geo-aware rules for different regions.
• Provide auditability.
• Work with Google Tag Manager or your implementation method.

Concentio is designed around this type of workflow, with automated scanning, script blocking before consent, consent proof, geo-aware policies, and Google Consent Mode support.

Google Consent Mode v2 Implementation Flow

A practical Consent Mode v2 implementation usually follows this flow:

1. A visitor lands on the website.
2. The default consent state is set.
3. The CMP displays a consent banner where required.
4. Non-essential scripts are blocked or controlled before consent.
5. The visitor accepts, rejects, or customizes consent.
6. The CMP stores the consent choice.
7. Consent Mode signals are updated.
8. Google tags adjust behavior based on those signals.
9. The user can later change or withdraw consent.

The key is consistency.

The banner, script blocking, consent storage, and Google signals must align.

Default Consent States

Google documentation explains that implementers need to set a default consent state and update it based on user interaction.

For many EU/UK implementations, default denied is commonly used for non-essential advertising and analytics signals until the user grants consent.

A simplified example:

gtag('consent', 'default', {
  'ad_storage': 'denied',
  'analytics_storage': 'denied',
  'ad_user_data': 'denied',
  'ad_personalization': 'denied'
});

After the user grants consent, the consent state can be updated:

gtag('consent', 'update', {
  'ad_storage': 'granted',
  'analytics_storage': 'granted',
  'ad_user_data': 'granted',
  'ad_personalization': 'granted'
});

This is only a simplified example.

Actual implementation depends on your CMP, tag setup, Google Tag Manager configuration, regional logic, and consent categories.

Consent Mode v2 for Google Ads

Google Ads is one of the main reasons businesses implement Consent Mode v2.

Consent Mode affects how Google advertising tags behave for:

• Conversion tracking
• Enhanced conversions
• Remarketing
• Audience creation
• Ad personalization
• Measurement

For advertisers targeting or measuring users in the EEA, UK, or Switzerland, Consent Mode v2 should be treated as a core part of the Google Ads setup.

If consent signals are missing or incorrect, advertising measurement and personalization may be limited.

Consent Mode v2 for Google Analytics 4

GA4 users should also understand Consent Mode v2.

For analytics use cases, analytics_storage is especially relevant.

However, many GA4 implementations are connected with Google Ads, audiences, remarketing, or advertising features.

That means the advertising signals may also matter:

• ad_storage
• ad_user_data
• ad_personalization

Do not assume GA4 is only an analytics issue.

If GA4 is linked to Google Ads or used for audiences, consent configuration becomes more important.

Consent Mode v2 for Google Tag Manager

Google Tag Manager is commonly used to implement Consent Mode.

A good GTM implementation should ensure:

• Consent defaults are set before tags fire.
• Tags respect consent categories.
• Non-essential tags do not fire before consent where prior consent is required.
• Google Consent Mode signals are updated after user choice.
• Consent settings are tested in Preview Mode and Tag Assistant.

The most common GTM mistake is firing tags before the CMP has initialized consent defaults.

Consent defaults should be available early enough to control tag behavior.

Consent Mode v2 for Shopify

Shopify stores often use:

• Google Ads
• GA4
• Meta Pixel
• TikTok Pixel
• Klaviyo
• Affiliate scripts
• Review widgets
• Checkout and payment tools

Consent Mode v2 is relevant if the store uses Google advertising or analytics tools.

But Consent Mode only handles Google signals.

A Shopify store also needs to manage other non-essential trackers and marketing scripts.

A CMP should help identify and control:

• Analytics tools
• Advertising pixels
• Retargeting tags
• Embedded widgets
• Third-party marketing services

Consent Mode v2 for WordPress

WordPress websites often accumulate trackers through plugins, themes, embeds, analytics tools, and marketing integrations.

Common sources include:

• GA4 plugins
• Google Ads conversion tracking
• Tag Manager plugins
• Embedded YouTube videos
• Forms
• Chat widgets
• Heatmaps
• Social sharing tools

For WordPress, the implementation challenge is often not only Consent Mode itself.

It is discovering which plugins and scripts are setting cookies before consent.

Automated scanning and script blocking can be particularly valuable for WordPress websites.

Consent Mode v2 for Agencies

Agencies need a repeatable process.

A single implementation is manageable.

Fifty client websites are different.

Agencies should standardize:

• Consent category mapping
• Banner configuration
• GTM templates
• Script blocking rules
• Consent Mode signal testing
• Documentation
• Client handover
• Monitoring after deployment

For agencies, a CMP with unlimited domains and consistent configuration patterns can reduce operational overhead.

This is one of the areas where Concentio’s unlimited-domain model may be particularly useful.

Common Consent Mode v2 Mistakes

Mistake 1: Treating Consent Mode as a Cookie Banner

Consent Mode is not the banner.

It is the signal layer that communicates consent states to Google.

You still need a proper consent interface and script control.

Mistake 2: Loading Tags Before Consent Defaults Are Set

If Google tags load before the default consent state is configured, the implementation may not behave as intended.

Consent defaults should be set early.

Mistake 3: Sending granted Before the User Has Consented

Do not send granted consent states unless the user has actually made the relevant choice.

Incorrect granted signals can create legal and technical risk.

Mistake 4: Assuming Consent Mode Makes the Website Compliant

Consent Mode supports consent-aware tag behavior.

It does not replace GDPR, ePrivacy, PECR, transparency, vendor management, or legal review.

Mistake 5: Ignoring Non-Google Trackers

Consent Mode does not automatically control Meta Pixel, LinkedIn Insight Tag, TikTok Pixel, Hotjar, Microsoft Clarity, or other third-party technologies.

A CMP should control all non-essential tracking, not only Google tags.

Mistake 6: Not Testing Rejection Scenarios

Many websites test only the “Accept all” path.

You should also test:

• Reject all
• Analytics only
• Marketing only
• Withdraw consent
• Returning visitor behavior
• Region-specific behavior

Mistake 7: Confusing Consent Categories

Your banner categories should map logically to Consent Mode signals.

For example:

• Analytics category → analytics_storage
• Marketing category → ad_storage, ad_user_data, ad_personalization

The exact mapping should match your disclosures and implementation.

Consent Mode v2 Checklist

How Concentio Helps With Consent Mode v2

Concentio is designed to help websites manage consent in a practical way.

For Consent Mode v2 use cases, Concentio can support the workflow through:

• Automated website scanning
• Cookie, vendor, script, and embed detection
• Script blocking before consent
• Configurable consent banner
• Consent proof and audit records
• Geo-aware consent policies
• Google Consent Mode support
• Unlimited domains
• Session-based pricing
• All features included on every plan

For agencies and multi-site businesses, unlimited domains can make Consent Mode rollout simpler across multiple websites.

Concentio should not be described as a legal guarantee.

It is a tool that helps implement and document consent workflows.

FAQ: Google Consent Mode v2 Requirements

Final Verdict

Google Consent Mode v2 is now a critical part of modern consent management for websites using Google advertising and analytics tools.

But it should be understood correctly.

Consent Mode v2 is not a law. It is not a cookie banner. It does not automatically block every tracker. It does not make a website compliant by itself.

It is a technical framework that helps Google tags adjust behavior based on user consent.

To implement it properly, most businesses need a consent setup that can:

• Collect valid consent
• Block non-essential scripts before consent
• Store consent proof
• Send Consent Mode v2 signals
• Respect user choices across analytics and advertising tools
• Support regional consent requirements

For agencies, ecommerce stores, SaaS companies, and growing websites, a CMP can make this significantly easier.

Concentio is built for businesses that want a practical CMP with automated scanning, script blocking, consent proof, geo-aware policies, Google Consent Mode support, unlimited domains, and all features included.

If you are preparing your website for Google Consent Mode v2 in 2026, start by auditing your tags, mapping your consent categories, verifying your Google requirements, and choosing a CMP setup that can support both compliance and measurement.