IAB TCF 2.2 and GA4: What the Integration Actually Does

How TCF 2.2 Signals Reach GA4

The IAB TCF framework works by encoding user consent choices into a TC string, a compact, standardised representation of which purposes the user has consented to, which vendors are permitted, and whether legitimate interest was invoked.

This TC string is stored as a cookie (euconsent-v2) and is also available programmatically through the __tcfapi JavaScript interface.

Google's Consent Mode integration reads the TCF TC string via this API to determine whether a user has consented to analytics storage (TCF Purpose 1: store or access information on a device) and to ads storage and personalized advertising purposes.

If the TC string grants these purposes to Google (Vendor ID 755), GA4 sets analytics_storage to granted and proceeds with full measurement.

If they are not granted, GA4 falls back to cookieless measurement and conversion modeling.

The critical audit point is verifying that your CMP is correctly passing the TC string to Google tags and that the mapping from TCF purposes to Consent Mode parameters is configured correctly.

TCF 2.2 vs 2.0: What Changed and Why It Matters

TCF 2.2 introduced stricter consent signalling expectations and needs to line up with Google's current Consent Mode mapping for ad_user_data and ad_personalization.

If your CMP is still configured around an older TCF setup, verify that the purposes and vendor choices still map cleanly to the current Google consent signals.

Properties that relied on older assumptions about legitimate interest should recheck both the legal basis and the user facing consent flow.

The exact compliance impact depends on your vendor list, categories, and CMP configuration, so the audit should focus on whether the current consent string produces the right Google tag behavior.

For GA4 audit purposes, confirming that your CMP is certified for the current TCF requirements, and that Google's vendor entry in your CMP is updated to the current specification, is a sensible compliance check.

Validating the TCF-GA4 Integration in Practice

Validating the integration requires testing three scenarios: a user who accepts all purposes, a user who rejects all purposes, and a user who selects specific purposes.

For each scenario, check the GA4 network requests immediately after consent is given or withheld. After full acceptance, you should see full GA4 event payloads with cookies set.

After full rejection, you should see only cookieless pings with the consent state showing denied values.

For partial consent, the most complex scenario, the GA4 behaviour should map correctly to the specific purposes granted.

You can also use the browser console to call __tcfapi( 'getTCData', 2, callback) directly to inspect the current TC string and confirm which purposes and vendors are registered as consented.

If GA4 is firing with full cookies despite analytics consent being denied in the TC string, the CMP-to-Consent Mode integration has a gap that needs to be fixed as a priority compliance issue.