Migration to TCF 2.3

The IAB Europe Transparency and Consent Framework (TCF) 2.3 introduces changes that impact how CMPs (Consent Management Platforms) handle TC Strings — particularly with the addition of a new disclosedVendors segment.

This article explains how Didomi’s CMP and SDK handle these updates, including requirements during the transition period and the creation and validation of TC Strings.

• Overview
• Rolling Out TCF 2.3
• Check TCF 2.3 migration

Overview

The migration to IAB TCF 2.3 addresses a long-standing issue involving vendors that declare only special purposes. Previously, the legitimate interest (LI) purpose bit in the tcString was used to indicate that such a vendor was disclosed to the end-user. However, this approach caused inconsistency and ambiguity.

With IAB TCF 2.3, the inconsistency and ambiguity has been resolved by introducing the Disclosed Vendors segment as a mandatory part of the tcString.

Didomi’s SDK ensures that all vendors surfaced to the user are also included in the Disclosed Vendors segment when it is present in a TC String.

This guarantees alignment between what is shown in the user interface and what is recorded in the consent signal.

Vendors with Special Purposes Only

For vendors registered only for Special Purposes, the Didomi SDK continues to:

• Set the Legitimate Interest (LI) bit to 1

• Include these vendors in the CMP disclosure

This behavior remains unchanged from previous TCF versions and is still required under TCF 2.3.

User Interface and Resurfacing

You are not required to resurface the consent UI as part of this update.

Existing user choices remain valid, provided the TC String complies with the handling rules above.

Side-by-side comparison of TCF v2.2 vs v2.3

Rolling Out TCF 2.3

You can begin adopting TCF 2.3 ahead of the IAB’s official deadline. Depending on whether you are updating an existing notice or creating a new one, the rollout process differs slightly.

Rolling out TCF 2.3 on existing notices (before 28 February 2026)

You can switch an existing notice to TCF 2.3 at any time before the deadline directly from the Didomi Console:

1. Open the Didomi Console

2. Select the notice you want to update

3. Navigate to Customization → Integrations → IAB TCF

4. Select TCF 2.3

5. Publish your notice

Before publishing, make sure that all third-party vendors used on your website support TCF 2.3. If a vendor has not yet migrated, they may not be able to interpret the updated TC String correctly.

Newly created notices

Any created notice the Didomi console on or after November 26th, 2025 will have TCF 2.3 enabled by default.

After 28 February 2026

After the IAB’s enforcement date, Didomi will globally enforce TCF 2.3 on all notices.

This means all existing TCF notices will automatically switch to TCF 2.3, regardless of previous configuration.

Check TCF 2.3 migration

Once a consent notice is migrated to TCF 2.3, your organization can check that the migration was successfully by confirming the TC String contains the Disclosed Vendor segment and that the IAB vendors disclosed in your consent notice are set to true.

To start, your organization will need to retrieve the TC String for an end-user. Review the table below for the methods to retrieve the TC String:

With the value of the TC String copied, navigate to the IAB TC String Decoder and input the copied value in the provided field.

Expand the Vendors Disclosed accordion and ensure that the IAB vendors (identified by ID) that was disclosed to end-users via the consent notice are represented in the segment and set to true.