Skip to content

IAB Europe has published the first Transparency and Consent Framework (TCF) Compliance Report for 2024

Author
Usercentrics
Read time
5 mins
Published
Jun 17, 2025
Resources / Blog / IAB Europe has published the first Transparency and Consent Framework (TCF) Compliance Report for 2024

In April 2025 the Interactive Advertising Bureau (IAB) Europe released its first version of the Transparency and Consent Framework (TCF) Compliance Report, looking back at analysis for 2024.

We look at the data analysis and results for compliance levels, common issues, CMP adoption, cross-platform prevalence, and more. We’ll also discuss takeaways and what can be expected for 2025.

What is the TCF?

To provide a bit of overview, the Transparency & Consent Framework (TCF) was launched in 2017. It’s a standard developed by IAB Europe to help digital advertising stakeholders comply with the General Data Protection Regulation (GDPR) and ePrivacy Directive (ePD) in the European Union. 

The TCF provides a unified framework that enables website publishers, advertisers, and technology vendors to communicate end users’ consent choices for data processing purposes. 

The GDPR requires entities that collect and process individuals’ personal data to obtain explicit consent in many cases before processing begins. 

Legitimate interest can also be a viable legal basis, and when consent would not be required, though organizations must be able to justify its use in case of inquiry by data protection authorities.

The TCF uses standardized signals to enable end users to provide or deny consent for data collection, processing, and personalized advertising. This helps to ensure transparency and accountability across the EU digital advertising supply chain. 

It takes guidance from the European Data Protection Board (EDPB) and EU Member States’ Data Protection Authorities (DPA), and the latest version is the TCF v2.2.

TCF stakeholders: Publishers

This includes owners and/or operators of platforms for online content or services, which may or may not be ad-supported. Publishers’ platforms collect visitors and customers’ personal data, which is typically processed by third-party Vendors for digital advertising, audience measurement, and/or content personalization.

TCF stakeholders: Vendors

Vendors include a variety of third-party companies that contract with controllers that provide the data in order for those Vendors to perform specific processing operations. For example, ad servers, measurement providers, advertising agencies, demand-side platforms (DSPs), supply-side platforms (SSPs), etc. 

CMPs are software solutions that enable companies to meet data privacy regulation requirements on websites, apps, and connected platforms like TV. They can display cookie banners, collect and store consent preferences, block cookies and trackers until consent is obtained, populate privacy policies, and more. When using the TCF, CMPs also become responsible for consent signals between Vendors and Publishers.

TCF standardized purposes for Vendors

The TCF includes 11 standardized purposes that outline how Publishers, websites, or other sources use collected user data, with the goal of helping enable data privacy compliance.

  1. Store and/or access information on a device
  2. Use limited data to select advertising
  3. Create profiles for personalized advertising
  4. Use profiles to select personalized advertising
  5. Create profiles to personalize content
  6. Use profiles to select personalized content
  7. Measure advertising performance
  8. Measure content performance
  9. Understand audiences through statistics or combinations of data from different sources
  10. Develop and improve services
  11. Use limited data to select content

What is the IAB Europe TCF Compliance Report?

The TCF compliance report is an overview of how organizations implemented TCF v2.2 in 2024 (the last full calendar year), which platforms CMPs were registered for, which Purposes Vendors are using, auditing mechanisms, and whether implementations have been compliant with TCF requirements. 

The Compliance Report is also a mechanism by which IAB Europe can work to ensure that the stakeholders comply with TCF specifications and policies, and how much room there still is for improvement.

Who was included in the TCF Compliance Report analysis?

There were 885 Vendors and 177 CMPs registered with the TCF by the end of 2024. Over the course of that year, 125 new Vendors and 36 new CMPs (25 percent increase from 2023) were audited and certified for the TCF. 11 existing CMPs were audited and certified for different technical environments.

Which purposes are most important to Vendors?

In 2024, the most used purpose was Purpose 1, with 708 Vendors using it. The lowest adoption was of Purpose 11, with 101 Vendors using that. 

167 Vendors — 19 percent of participants — did not declare any advertising related purposes (Purposes 2, 3, 4, or 7). This indicates that some Vendors do not operate in digital advertising, but instead use the TCF for content-related purposes or measurement. 

Registered CMPs

While TCF has 177 registered CMPs, 41 percent of these are private to specific Publishers. And only 5% of the CMP’s support both web, mobile and CTV – leaving a limited option to select for companies that work in multiple contexts. 

  • 66.7% web only
  • 17.2% web and mobile (apps)
  • 8.6% mobile only (apps)
  • 4.8% web, mobile, and CTV
  • 2.2% CTV only 
  • 0.5% mobile and CTV

What data privacy issues did the TCF Compliance Report find?

IAB Europe is the managing organization for the TCF, so is responsible for imposing noncompliance penalties under the TCF Terms and Conditions.

There were approximately 80 audits of CMPs, which revealed a number of gaps. As a result IAB Europe carried out 40 enforcement procedures for CMPs following reports of noncompliance from end users or TCF participants or proactive live monitoring of the CMPs’ installations.

When noncompliance is found with a CMP live installation, there are two potential procedures.

Procedure 1: More serious infringement when the CMP is found to be tampering with TC Strings. If four instances are found within a 12-month period the CMP will be permanently suspended from the TCF.

Procedure 2: When the CMP is found in breach of TCF Policies. If four instances are found within a 12-month period the CMP will be temporarily suspended from the TCF for at least two weeks.

No CMPs were suspended in 2024, and enforcement issues were resolved. The most frequent compliance failures were:

50% failure: Policy Check 9 — Not clearly informing users how to withdraw consent

42% failure: Policy Check 31 — Users unable to easily resurface the CMP UI

42% failure: Policy Check 32 — Withdrawal of consent harder than giving consent

20% failure: Technical Check 7 — Not using the current or penultimate version of the Global Vendor List

For more detail on the identified issues and key findings of these checks, please refer to Section 3.3 of the full Compliance Report. The Usercentrics CMPs comply with all of these checks.

There were 269 enforcement procedures against Vendors following monitoring or noncompliance reports, and 23 of them faced temporary suspensions until issues were resolved. 

Two of the most common issues were incorrect Device Storage URLs (168 cases and 17 temporary suspensions) and incorrect Privacy Policy URLs (84 cases and six temporary suspensions.)

TCF adoption and compliance in 2025

IAB Europe is continuously increasing their efforts to ensure that the TCF is being used compliantly. This is already having a positive impact, as TCF adoption has increased over the last few years. 

There’s been significant growth in adoption in Apps and CTV, as well as with ecommerce businesses adopting the TCF standard to support Retail Media initiatives. 

Enforcement against Vendors has ramped up in the first half of 2025, with 175 Vendor enforcement procedures by April. 

There has been investment in a new auditing tool for apps to align with web procedures, and to remove the manual checks that have been required to date.

Additionally, there is a push for more automation of enforcement processes, and Publishers have been encouraged to use noncompliance reporting tools to flag issues more quickly.

Year over year, TCF registration and adoption has been displaying a healthy growth rate, and enforcement has enabled rapid and sustainable correction of issues to ensure Vendors and CMPs are implementing the TCF compliantly. 

Google already requires implementation of a certified CMP to serve ads in the EU — and Usercentrics CMPs were among the first to achieve certification — and it’s likely that further privacy-led policies will follow as data privacy regulations expand and evolve.
It makes competitive and growth-centric sense for CMPs to be TCF-registered and compliant, and for companies to use these tools as part of their Privacy-Led Marketing strategy to meet the requirements of regulations and tech partners’ policies, and to build trust with audiences.

Frequently asked questions

Article
Jun 9, 2025
Most GDPR enforcement actions don’t make headlines, but smaller fines and penalties are far more common than billion-Euro judgements. This lack of publicity can lead smaller organizations to think that GDPR compliance doesn’t need to be a priority. We look at why taking that risk isn’t worth it.
Read more
Article
May 27, 2025
The cookieless future is becoming the cookieless present. Digital marketing and advertising require new solutions, like access to first-party data, consent management, and integrated tools to meet updated requirements from Google and other platforms.
Read more
Article
May 16, 2025
Server-side tagging and tracking are methods in which tracking tags, like those for analytics and ads, are processed on a server rather than in the user’s browser. Here’s what you need to know.
Read more