The IAB Transparency & Consent Framework (TCF, current version 2.2) is a protocol-level standard for ad-tech consent. CMPs that implement TCF expose a global __tcfapi(command, version, callback) function that any script on the page can call to query the current consent state -- which categories the user agreed to, which vendors are allowed, etc. The decoded consent state is also encoded into a single cookie named euconsent-v2 (or euconsent in TCF v1).
Why TCF exists: before TCF, every ad-tech vendor had its own consent-checking convention. A page integrating 20 vendors had 20 different consent flows, half of which broke when CMPs updated. TCF gives vendors a single API to call (and a single cookie to read) regardless of which CMP the publisher chose.
Detection signals:
- The
__tcfapi(function call appears in page JavaScript. - The
euconsent-v2cookie is set (typically by the CMP after the user makes a choice). - A registered TCF CMP ID (a small integer) appears in the consent string itself.
Compliance posture: TCF v2.2 is widely accepted as a compliant mechanism for GDPR's "freely given, specific, informed, and unambiguous" consent requirement -- but it doesn't BY ITSELF guarantee compliance. The CMP still has to be configured correctly (banner shown before any non-essential cookie fires; reject-all option as prominent as accept-all; granular per-purpose toggles).
Note: TCF is European in origin. US frameworks (IAB CCPA, GPC) use different signal mechanisms; some CMPs implement multiple side-by-side.