You've just installed the Axeptio banner on your site — and you're thinking your site should now be 100% compliant with regulations, right?
Not quite. A CMP is an essential piece of the puzzle, but not the only one.
What Axeptio does
Axeptio collects and manages your visitors' consent. Concretely, that means:
Display the consent banner to your visitors
Record their choices (accept, refuse, customize)
Store these consents securely in a registry
Transmit the consent status to your tools (Google Tag Manager, API, etc.)
This is a fundamental role. Without valid consent collection, nothing else works.
What Axeptio does not do
Axeptio is not a magic shield that makes your site compliant simply by installing it. GDPR compliance is a system — and Axeptio is only one piece of it, however solid.
What remains your responsibility:
Effective blocking of trackers. Axeptio transmits the consent status, but it's up to you to ensure that no third-party cookie or script fires before the visitor has given their consent. Axeptio and cookie blocking: who does what?
The accuracy of your declarations. The purposes you describe in your banner must match what your services actually do. If you declare a cookie as "analytical" that actually serves advertising targeting, the problem is not technical — it's in your declaration.
Data retention periods. GDPR requires you to define and comply with retention periods for collected data. Axeptio does not set these for you.
Your privacy policy. It must be up to date, accessible, and consistent with what you actually collect.
Can Axeptio provide a compliance certificate?
We do not issue official compliance certificates — and not for lack of willingness.
A compliance certificate from us would have no legal value. We can certify that our tool works correctly. We cannot certify that you have configured it correctly, nor that the rest of your system (tag blocking, declarations, privacy policy) is in order — because these elements depend entirely on you.
It's a bit like a lock manufacturer: they can guarantee that their lock works, not that your apartment is secure.
What about CMPs that block cookies at source?
Some CMPs offer to automatically block cookies before consent. It's appealing on paper — but this approach often creates a false impression of compliance rather than real compliance.
Why? Because consent is not limited to cookies. GDPR covers all mechanisms for collecting personal data: fingerprinting, server-side tracking, invisible pixels. Cookie blocking does not affect these vectors.
Furthermore, these systems rely on blacklists of known scripts — easily circumvented as soon as a tracker changes name or domain. The result: a green checkmark on the tool side, and data continuing to leak on the reality side.
Axeptio made the opposite choice: transmit the consent status and leave you in control of blocking, because only you know your site's architecture. This is a choice of responsibility, not a shortcoming. Read our position in detail.
How to verify that everything is in order
What we can do instead is help you verify that the technical part is working correctly.
Our Shake tool analyzes your site and tells you whether trackers fire only after consent is collected — not before. This is the most concrete verification possible to ensure that Axeptio integration produces the intended effect.
If the scan finds non-compliance issues, our interpretation guide is there to help you understand and correct them.