What it is: The Interactive Advertising Bureau’s Transparency and Consent Framework, version 2.3. The ad-industry standard for passing structured consent to hundreds of advertising vendors through a standardized TC String.

When it became mandatory: February 28, 2026. Any TC string generated on or after that date without the v2.3 mandatory disclosedVendors segment is invalid.

What v2.3 changed from v2.2: The disclosedVendors segment, which was optional in v2.2, is now mandatory. This solves a long-standing problem where vendors could not reliably tell whether they had been disclosed to the user in the CMP interface. The UI requirements themselves did not change , only the technical TC string format. Visitors do not need to re-consent.

Who needs it: - Publishers running display advertising, header bidding, or programmatic ads - Anyone monetizing through Google Ad Manager, AdSense, or AdMob in the EEA, UK, or Switzerland - Sites using SSPs, DSPs, or any IAB-registered vendors

Who can probably skip TCF altogether: Most small businesses, SaaS sites, ecommerce stores, and content sites that only use Google Analytics + maybe one ad network. For you, Google Consent Mode v2 alone is usually enough , TCF is overkill unless you sell ad inventory.

Consequence of non-compliance: Google has confirmed it stopped accepting v2.2 strings on February 28, 2026. Sites still sending v2.2 strings now have their ad requests defaulted to “Limited Ads” , non-personalized inventory that typically pays 30–50% less. IAB Europe also publishes a non-compliance list shared with national data protection authorities.

ConsentBit support: Fully compliant with TCF v2.3, including the mandatory disclosedVendors segment, since the framework’s enforcement date. See Section 7.4 for setup.

‍