WordPress personal website: Do I Need a Google-Certified CMP?

Short answer: probably not.

The requirement is real, but it applies to a narrow group of sites. Most business websites are not in that group.

Here is how to tell in about thirty seconds.

The 30-second test

Answer one question: do you earn money by showing ads on your own site through AdSense, Ad Manager, or AdMob?

Your answerDo you need a certified CMP?
No, I just run a normal business siteNo
No, but I buy Google Ads to drive trafficNo
Yes, I monetize with AdSense / Ad Manager / AdMobYes, if you serve personalized ads in the EEA, UK, or Switzerland

If you answered no, you can stop reading here. A normal cookie consent banner is enough.

What the rule actually says

Google requires partners using its publisher products to use a CMP that Google has certified and that integrates with the IAB TCF.

The publisher products are AdSense, Ad Manager, and AdMob. The rule kicks in when serving personalized ads to users in the EEA and UK (since 16 January 2024) and Switzerland (since 31 July 2024).

If those requirements are not met, you are not eligible to serve personalized ads.

The distinction everyone gets wrong

There is a difference between being an advertiser and being a publisher.

  • Advertiser: you pay Google to show your ads on other people’s sites. This is the vast majority of businesses. No certified CMP required.
  • Publisher: other people pay to have ads shown on your site. This is where the rule applies.

Most SME sites are advertisers. Blogs, news sites, and comparison sites with ad slots are publishers.

What certification is and is not

Certification is a Google commercial requirement, not a legal one.

Google-certified CMP
Required by GDPR?No
Required by the ePrivacy Directive?No
Required by Finnish law?No
Required by Google to serve personalized ads via AdSense / Ad Manager / AdMob in the EEA, UK, CH?Yes

It is also worth knowing what the certification checks. Google assesses CMPs against its own criteria focused on TCF compliance. Google does not check CMPs for full compliance with the TCF or with applicable privacy laws.

So a certified CMP is not automatically a legally compliant CMP. It is a CMP that speaks the ad-tech protocol correctly.

What you actually need instead

If you are not a publisher, your consent setup needs to do the boring things properly:

  • Block analytics and marketing scripts before consent
  • Offer a genuine reject option, as easy as accept
  • Send Google Consent Mode v2 signals so GA4 and Ads measurement still works
  • Let users withdraw consent later
  • Maintain an accurate, up-to-date cookie policy

That list is what regulators look at. None of it requires certification.

Where Kansleri Cookie Consent fits

Kansleri Cookie Consent is not a Google-certified CMP and does not claim to be.

It does implement Consent Mode v2 with default and update signals, GTM dataLayer push, Site Kit integration, and the WP Consent API. For a normal WordPress business site running GA4, Google Ads, and a Meta Pixel, that is the relevant part.

If you monetize with AdSense or Ad Manager in the EEA, you need a certified CMP, and Kansleri Cookie Consent is not the right tool for you. Cookiebot is one option, and Google’s own Privacy & messaging European regulations message is another.

I would rather tell you that up front than sell you something that costs you your ad revenue.

Summary

If you areUse
A normal business siteAny solid consent plugin with Consent Mode v2
An advertiser buying Google AdsSame as above
A publisher on AdSense / Ad Manager / AdMob in the EEA, UK, CHA Google-certified CMP, no way around it

Requirements and certified CMP lists change. Verify current details in Google’s own help documentation before making a decision.