Google Additional Consent: What It Is and Why Publishers Need It

If you’re running ads on your site and using IAB TCF for consent management, there’s a gap you may not know about.

The IAB’s Global Vendor List doesn’t cover every vendor Google works with, and if those vendors can’t receive consent signals, they get shut out of your ad auctions. That’s where Google Additional Consent comes in. This post explains what it is, how it works, and how to enable it in WordPress.

Google Additional Consent is a technical specification that extends IAB Europe’s Transparency & Consent Framework (TCF) to support consent signaling for vendors on Google’s own list, the Google Ad Tech Providers (ATP) list. These are vendors certified by Google but not registered on the IAB Global Vendor List (GVL). Without Additional Consent, they can’t legally participate in ad auctions, even if the user has already given consent.

The IAB TCF does a solid job of standardizing how consent is collected and communicated to advertising vendors. But it only covers vendors that are officially registered on its Global Vendor List.

Google maintains a separate list of certified advertising partners called Google Ad Tech Providers (ATP). Many of these ATP vendors are not on the IAB GVL; they exist outside that framework entirely.

Here’s the problem: when a user gives consent on your site, the TCF string only carries that signal to IAB-registered vendors. ATP vendors outside the GVL receive nothing. As far as the system is concerned, they have no consent to act on. So they’re excluded from the ad auction.

Fewer bidders in the auction means less competition for your ad inventory, which drives down fill rates and ultimately costs you revenue. Google created the Additional Consent specification specifically to fix this.

When a user interacts with your consent banner, your Consent Management Platform (CMP) generates two strings at the same time:

1. TCF string: records the user’s consent choices for vendors on the IAB Global Vendor List
2. AC string (Additional Consent string): records consent for Google ATP vendors not on the GVL

Both strings are bundled together and transmitted with every ad request sent to Google’s platforms, including Ad Manager, AdSense, and AdMob. Each vendor reads whichever string applies to them. IAB-registered vendors read the TCF string. Google ATP vendors read the AC string.

The result: a broader pool of vendors can legally participate in your ad auctions while full GDPR compliance is maintained.

These two often get confused because they both involve Google and consent. They serve completely different purposes.

	Google Consent Mode	Google Additional Consent
Purpose	Controls how Google tags behave when consent is given or denied	Extends TCF to include ATP vendors in ad auctions
Framework	Standalone tag behavior specification	Extension of IAB TCF v2.2 / v2.3
Output	Consent signals that adjust analytics and ad tag behavior	AC string transmitted alongside the standard TCF string
Who it affects	Any site using Google Analytics or Google Ads tags	Publishers monetizing with Google Ads who use IAB TCF
Regulatory context	GDPR, DMA compliance for tag-level data collection	GDPR compliance for ATP vendor participation in auctions

The simplest way to think about it: Consent Mode governs how Google’s own tags behave on your site. Additional Consent governs which third-party vendors can show up in your ad auctions.

You may need both, depending on how your site is set up.

Not every site needs Google Additional Consent. You do if:

• You’re monetizing with Google AdSense, Ad Manager, or AdMob and serving ads to users in the EEA
• You’ve already implemented IAB TCF v2.2 or v2.3 on your site
• Your CMP doesn’t already handle the AC string automatically

If you’re not serving ads to EEA users, or if you’re not using IAB TCF at all, this likely doesn’t apply to your setup.

To use Google Additional Consent, you need a Google-certified CMP, one that’s been verified by Google as capable of generating and transmitting the AC string correctly alongside the TCF string.

The WebToffee GDPR Cookie Consent plugin is a Google-certified CMP that supports both IAB TCF v2.3 and Google Additional Consent out of the box.

Once the plugin is installed, here’s how to enable it:

• Go to Cookie Consent > Cookie banner from your WordPress dashboard.
• Choose GDPR as the Consent Law.
• Enable cookie banner checkbox.
• Select the IAB TCF 2.2 toggle button.
• Check the Support Google’s Additional Consent checkbox.
• From the Manage vendor list, choose the vendors you are showing ads from.
• Click on Update settings to save the changes.

Here’s how the banner appear on your website.

After setup, the plugin handles everything automatically. Every time a user interacts with your consent banner, both the TCF string and the AC string are generated and transmitted with your ad requests.

What is the Google Additional Consent string (AC string)?

The AC string is a separate consent record generated by your CMP alongside the standard TCF string. It captures consent specifically for Google Ad Tech Providers (ATP vendors) who are not registered on the IAB Global Vendor List. It travels with every ad request so those vendors can determine whether they have consent to participate.

What are Google Ad Tech Providers (ATP)?

Google Ad Tech Providers are advertising vendors certified by Google that operate outside the IAB’s official vendor registration. They have their own list maintained by Google, separate from the IAB Global Vendor List. Without Additional Consent, these vendors can’t legally receive consent signals or bid in your ad auctions.

Is Google Additional Consent the same as IAB TCF?

No. IAB TCF is the full consent framework that covers all registered IAB vendors. Google Additional Consent is an extension that sits on top of TCF to cover the ATP vendors that TCF doesn’t include. You need TCF in place before Additional Consent is relevant.

Do I need this if I’m outside the EU?

Not necessarily. Additional Consent was designed to address GDPR and DMA requirements in the EEA. If your audience is entirely outside the EEA and you have no obligations under those regulations, it doesn’t apply. That said, most publishers running Google Ads have at least some EEA traffic, which is enough to warrant enabling it.

What happens to ad revenue if I don’t enable it?

ATP vendors that can’t receive consent signals get excluded from your ad auctions. That shrinks the bidder pool, which reduces competition for your inventory and typically lowers fill rates and CPMs. The impact varies depending on how heavily your monetization relies on ATP vendors, but the direction is always the same: less competition, less revenue.

Google Additional Consent might sound like just another technical layer, but for publishers and advertisers, it plays a big role in balancing compliance with monetization. By extending the IAB TCF framework, it ensures that Google-certified vendors outside the IAB list can still legally participate in ad auctions. This not only keeps you on the right side of GDPR but also helps maximize competition, fill rates, and revenue opportunities.

For advertisers, it opens the door to more inventory and better campaign performance. And for publishers, it means you don’t have to choose between protecting user privacy and growing your ad revenue. With a Google-certified CMP like WebToffee GDPR Cookie Consent plugin, enabling Additional Consent is straightforward—making it easier to stay compliant and profitable at the same time.