Google today confirmed that the transition to IAB Europe's Transparency and Consent Framework (TCF) version 2.3 has passed its mandatory deadline, and publishers who failed to complete their migration by March 1, 2026 are now facing direct revenue consequences. The announcement, published March 2, 2026 in the Google AdSense Help Center, makes clear that non-compliant ad requests will either default to limited ads or be dropped altogether.

The deadline was not a surprise. Google had signaled the March 1, 2026 cutoff for months. What is new is confirmation that enforcement is now active - and that a new error code has been introduced specifically to handle the most common compliance failure mode emerging in the post-deadline environment.

What changed on March 1, 2026

According to Google's AdSense Help Center, all publishers and consent management platforms (CMPs) were required to complete their transition to TCF v2.3 by March 1, 2026. That date has now passed. Any TC string generated on or after that date must conform to the v2.3 specification. Strings that do not will trigger either a revenue-affecting fallback or a complete drop of the ad request.

The technical distinction between v2.2 and v2.3 is specific. The core addition in v2.3 is a mandatory "Disclosed vendors" segment. This segment must be present in every TC string, properly formatted, and must include Google (listed in the IAB's Global Vendor List as vendor ID 755). Without it, Google cannot lawfully operate on the request under the framework's terms.

Google's documentation states that during the transition period running from the announcement date through end of February 2026, the company treated TCF v2.3 strings the same as v2.2 strings and did not validate the disclosed vendor segment. That window - described as a "risk-free" testing window - is now closed. Validation is now active.

The new error code: 1.4

To track post-deadline compliance failures, Google today introduced TCF error report code 1.4. This code represents a specific category of problem: the "Disclosed vendors" section required of all TCF v2.3 strings is missing, malformed, or does not include Google.

The error sits within the broader "Limited consent scenarios" category in Google's troubleshooting framework. Crucially, according to Google's documentation, all three scenarios in this category - codes 1.1, 1.2, and 1.3 alongside the new 1.4 - "always take precedence over misconfiguration errors, even if a given request has multiple errors." That means error 1.4 cannot be overridden or outranked by other errors in the same request.

The prescribed action when error 1.4 appears: confirm that the CMP setup supports the TCF v2.3 specification, and verify that Google Advertising Products (ID 755) is included in the CMP's vendor configuration.

Publishers can access TCF error reports through their product dashboards. In AdSense, the path is Brand Safety > Content > Blocking controls > Manage European regulations. In Ad Manager, the path goes through Admin > EU user consent. AdMob users navigate via Blocking controls > Manage European regulations. The report - available only if errors have been detected in the last 7 days - lists each affected domain or mobile app ID, the relevant ad unit path, the error code, an error count representing queries from the prior week, and the last detection date.

Who is affected and how

The scope of impact depends on what a publisher's CMP generates. Publishers who use Google's own consent management solution - available through the Privacy & messaging tab in Ad Manager, AdSense, and AdMob - were protected by Google's commitment to write TCF v2.3-compliant strings by the March 1 deadline. No action was required from those publishers.

Publishers using third-party CMPs, however, needed to coordinate directly with their CMP provider to confirm both the migration timeline and the technical compliance of the new strings. The documentation published by Google urged publishers to contact their CMP "immediately" to confirm plans and timelines - advice that was issued months before the deadline but remains relevant now for publishers who are discovering errors through the new error reports.

The scale of the framework's reach in European advertising is substantial. The IAB's TCF governs consent collection and signal transmission for real-time bidding across the European Economic Area, the UK, and Switzerland. Every ad request from a user in those jurisdictions is expected to carry a valid TC string when a registered CMP is present. Google's mandate that all publishers and CMPs migrate to TCF v2.3 was announced in November 2025, establishing the framework that is now enforced.

What limited ads means in practice

When an ad request fails the TCF v2.3 validation - either because the disclosed vendors segment is missing, malformed, or excludes Google - the system attempts to serve limited ads instead of dropping the request entirely. Limited ads are a distinct serving mode within AdSense, Ad Manager, and AdMob.

According to Google's Limited ads documentation, this mode "disable[s] the collection, sharing, and use of personal data for personalization of ads." The ad-serving infrastructure, including JavaScript tags and SDK code, continues operating normally. Ad creatives are still transmitted to devices. IP addresses are still used to route the ad to the device. What changes is the data processing layer above that: no behavioral targeting, no audience profiling, no cross-site data sharing for ad selection.

Programmatic demand for limited ads has been available since Google opened bidding on limited ad inventory in early 2024. When programmatic limited ads are enabled, Google uses the Shared Storage API exclusively for invalid traffic detection. The company does not require publishers to obtain consent for that specific use case, according to its documentation.

The demand landscape for limited ads inventory is narrower. Bidding from Google's demand and from Authorized Buyers is available, but the yield is generally lower than personalized inventory. Publishers who find themselves defaulting to limited ads at scale due to TCF v2.3 non-compliance should expect measurable revenue impact, particularly if the affected traffic is concentrated in high-value European markets.

Legitimate interest for Purpose 7 - "Measure ad performance" - is described as optional in the limited ads context but carries consequences. According to Google's documentation, "without it, some click tracking and measurement functionality used by Google Demand will be disabled."

The full error taxonomy publishers now face

Beyond the new error 1.4, Google's TCF troubleshooting documentation covers a taxonomy of error types that produce different system behaviors. Misconfiguration errors (category 2) cause Google to attempt to serve limited ads. These cover scenarios where the CMP status is stub, loading, or error (2.1a); where the TC string is empty despite correct GDPR parameters being present (2.1b); and various parsing failures caused by incorrect base64 encoding or data errors (2.2a through 2.2c).

TC string issues (category 3) address invalid CMP IDs. If a CMP was valid when a TC string was generated but was subsequently removed from the IAB's registry, the publisher must re-obtain consent using a currently valid CMP.

Consent re-obtainment scenarios (category 4) arise when the TC string was generated against a version of the Global Vendor List in which Google was not yet listed. The fix requires re-collecting consent against a current GVL version.

Global scope and out-of-band scope errors (category 5) cover TC strings that allow out-of-band consent (5.1) or use globally-scoped rather than service-specific strings (5.2). Both cause Google to attempt limited ads serving. Publishers encountering these must instruct their CMP to update the configuration.

Outdated TCF version errors (category 6) now apply to any string still running on TCF v1.0 or v1.1. The fix is a full migration to TCF v2.3. Similarly, CMP certification failures (category 9) result in non-personalized ad serving rather than personalized ads.

Additional Consent string errors (category 8) are treated differently: Google will consider the AC string invalid and will not count any vendors beyond those already covered in the TC string. These errors do not themselves trigger limited ads but narrow the set of vendors eligible to receive bid requests.

The broader TCF context

The TCF has been through persistent legal and regulatory turbulence in Europe. In May 2025, the Belgian Market Court ruled that IAB Europe acts as a joint controller only for TC String processing within the TCF itself, not for subsequent OpenRTB processing, narrowing the scope of IAB Europe's legal responsibility relative to the Belgian Data Protection Authority's original 2022 ruling. A further January 2026 ruling by the Belgian Market Court annulled the DPA's validation of IAB Europe's action plan, ordering regulators to reassess with a more limited scope.

The technical specifications for TCF v2.3 were first opened for public comment by IAB Tech Lab in April 2025, with the core purpose of resolving vendor disclosure ambiguity - precisely the issue that error code 1.4 now enforces. Version 2.3's mandatory disclosed vendor segment was designed to remove uncertainty about whether a given vendor was properly surfaced to users at the point of consent collection.

IAB Tech Lab simultaneously opened a device disclosure specification for public comment in November 2025, with a compliance deadline of February 28, 2026 for vendors to update their Device Storage Duration & Access Disclosure JSON files - aligned with the TCF v2.3 transition deadline.

The v2.3 framework rollout also connects to Google's broader European consent signal changes. In May 2025, Google removed account-level control for non-personalized ads from AdSense's Privacy & messaging settings, directing publishers toward the TCF as the primary mechanism for communicating user consent decisions in the EEA, UK, and Switzerland. And in October 2025, AdSense added support for Global Privacy Protocol National v2 strings for US state-level compliance, illustrating how the consent infrastructure is now bifurcated: TCF for European users, GPP for US state privacy laws.

What publishers and CMPs need to do now

For publishers operating third-party CMPs, the immediate step is checking the TCF error report in their relevant dashboard. A report that shows error 1.4 indicates the CMP is not writing compliant TCF v2.3 strings. The resolution requires CMP action - specifically, ensuring the vendor configuration includes Google (ID 755) in the disclosed vendors segment and that the segment itself is correctly formatted per the v2.3 specification.

For CMPs, the urgency has not diminished with the March 1 deadline passing. Publishers whose traffic is defaulting to limited ads will be actively seeking explanations and solutions. CMPs that have not yet completed their v2.3 migration must treat that work as the highest priority.

According to Google's documentation, TC strings generated before March 1, 2026 under TCF v2.1 or v2.2 will continue to be accepted. The enforcement applies specifically to strings generated on or after March 1, 2026. This means that cached or stored consent strings from before the deadline retain validity - but any new consent interaction after that date must produce a v2.3-compliant string.

The revenue stakes are direct. An ad request defaulted to limited ads earns less than a personalized ad request. A dropped ad request earns nothing. For publishers running high volumes of European traffic through ad networks using real-time bidding, the aggregate impact of widespread TCF v2.3 non-compliance could be material.

Timeline

Summary

Who: Google AdSense, Google Ad Manager, Google AdMob, all publishers running ad inventory in the EEA, UK, and Switzerland, and all Consent Management Platforms (CMPs) registered under IAB Europe's Transparency and Consent Framework.

What: Google confirmed on March 2, 2026 that the mandatory transition to TCF v2.3 passed its deadline of March 1, 2026. Publishers and CMPs that did not complete migration now face ad requests being defaulted to limited ads - which carry lower monetization - or dropped entirely. Google simultaneously introduced TCF error report code 1.4 to flag requests where the TCF v2.3-mandated "Disclosed vendors" segment is absent, malformed, or does not include Google (vendor ID 755).

When: The mandatory deadline was March 1, 2026. The post-deadline enforcement confirmation and introduction of error code 1.4 were published March 2, 2026. TC strings generated before March 1, 2026 under v2.1 or v2.2 remain valid; strings generated on or after March 1, 2026 must conform to v2.3.

Where: The requirement applies to ad requests from users in the European Economic Area, the United Kingdom, and Switzerland - the jurisdictions covered by the IAB Europe TCF framework and relevant GDPR-derived data protection obligations.

Why: TCF v2.3 introduces a mandatory "Disclosed vendors" segment to address vendor disclosure ambiguity identified in earlier versions of the framework. The segment requires that all vendors operating on a given ad request were surfaced to users at the point of consent collection. Without this verification mechanism, regulators and courts - including those in Belgium that have scrutinized the TCF extensively since 2022 - cannot confirm that consent was meaningfully informed. Google's enforcement of this requirement through error code 1.4 and limited ads fallback reflects both IAB policy and the company's own legal obligations as a vendor registered in the framework.

Share this article
The link has been copied!