ePrivacyFree Resource

EU ePrivacy Directive Compliance Hub

Scope cookies and terminal equipment access under Article 5(3), communications confidentiality and traffic or location data use cases, and direct marketing workflows under Article 13. Use the decision flow to turn product facts into a defensible consent model and evidence pack.

The current legal baseline is still Directive 2002/58/EC, as amended by Directive 2009/136/EC and interpreted through national laws, GDPR consent standards, and recent EDPB enforcement positions. Treat the proposed ePrivacy Regulation only as reform context unless and until it is adopted.

Start with the checklist
Publication details
Editorial metadata for this artifact
Author
Sorena AI
Published
Feb 21, 2026
Updated
Feb 21, 2026
What you can decide faster
Terminal equipment access
When cookies/SDKs need consent vs exemptions.
Cookie banner UX
What "valid consent" looks like in practice (and common failure modes).
Direct marketing rules
Consent, soft opt-in, and opt-out evidence you must retain.
By Sorena AIUpdated Mar 2026No signup required
Quick scan
ePrivacy
Cookies / SDKs
Map storage/access to consent or exemptions (Article 5(3)).
Banner UX
Implement choice, granularity, and withdrawal with evidence.
Marketing
Operationalize consent, soft opt-in, and suppression lists (Article 13).
Use the decision flow to pick a defensible consent model, then standardize implementation with checklists and templates.
2002
Directive
2009
Cookie update
2020
Consent guide
2023
Banner report
Scope checks
Consent model
Audit evidence
ePrivacy Timeline

Key milestones for ePrivacy

Track the current legal baseline, 2002 directive, 2009 cookie amendment, GDPR-era consent guidance, and 2023 enforcement learnings, then align your banner and marketing program cadence.

Loading timeline...
ePrivacy Decision Flow

Which ePrivacy rules apply to your product and marketing

Use the decision flow to scope cookies and device access, communications confidentiality, and direct marketing, then translate outcomes into banner design, consent evidence, and operational controls.

Loading decision map...

Topic guides

Deep dive pages for implementation planning, controls, reporting, and evidence.

1
Confidentiality of Communications (ePrivacy Directive) | Traffic Data, Location Data, Content, and the OTT Gap
A practical guide to communications confidentiality under the current ePrivacy Directive, Directive 2002/58/EC: how to classify content, traffic data.
Read Guide
2
Cookies & Consent (ePrivacy Directive Article 5(3)) | Exemptions Test, Analytics, CMP Implementation
An advanced guide to cookie consent under the ePrivacy Directive (Directive 2002/58/EC): how Article 5(3) applies to cookies/SDKs/local storage.
Read Guide
3
Direct Marketing Consent Checklist (ePrivacy Article 13) | Proof, Opt-Out, Suppression Lists
A practical direct marketing consent checklist for ePrivacy (Directive 2002/58/EC, Article 13): consent capture fields, wording/version control.
Read Guide
4
Direct Marketing Rules (ePrivacy Directive Article 13) | Consent, Soft Opt-In, Opt-Out, Suppression Lists
A practical guide to ePrivacy direct marketing rules (Directive 2002/58/EC, Article 13): when prior consent is needed.
Read Guide
5
ePrivacy Applicability Test (Directive 2002/58/EC) | Cookies Article 5(3), Marketing Article 13, Metadata
A practical EU ePrivacy applicability test: decide whether your product triggers terminal equipment access rules (cookies/SDKs/local storage/fingerprinting.
Read Guide
6
ePrivacy Checklist (Directive 2002/58/EC) | Cookie Banner, Consent Logs, Exemptions, Marketing Evidence
An audit-ready ePrivacy checklist: build a tracker inventory and Article 5(3) decision table (consent vs exemptions).
Read Guide
7
ePrivacy Compliance Program | Cookies, Consent UX, Evidence, Marketing Controls (Directive 2002/58/EC)
A practical ePrivacy implementation playbook: governance, tracker inventory and Article 5(3) decision table, cookie banner and CMP design.
Read Guide
8
ePrivacy Deadlines and Compliance Calendar | Directive Baseline, Banner Audits, Marketing Audits
A practical ePrivacy calendar built around the current directive baseline and recurring controls: the 2002 directive, the 2009 cookie amendment.
Read Guide
9
ePrivacy Directive Enforcement (Cookies + Marketing) | How Regulators Assess Cookie Banners, Consent, and Evidence
An advanced guide to ePrivacy Directive enforcement: who enforces national ePrivacy laws, what regulators look for in cookie banners and consent UX.
Read Guide
10
ePrivacy Directive Penalties and Fines | What "Effective, Proportionate, Dissuassive" Means + Risk Reduction Controls
Understand penalties and fine exposure under national laws implementing the ePrivacy Directive (Directive 2002/58/EC).
Read Guide
11
ePrivacy Directive Requirements (2002/58/EC) | Article 5(3) Cookies, Article 13 Marketing, Metadata + Evidence Map
A practical ePrivacy Directive requirements breakdown: terminal equipment access and cookie consent/exemptions (Article 5(3)).
Read Guide
12
ePrivacy Directive vs GDPR | Which Law Applies to Cookies, Tracking, Communications Metadata, and Marketing?
A practical, source-grounded split between the ePrivacy Directive and GDPR: ePrivacy for placement/reading on devices and communications confidentiality.
Read Guide
13
ePrivacy FAQ (Directive 2002/58/EC) | Cookies, Consent Exemptions, Cookie Walls, Marketing, Enforcement
High-signal ePrivacy answers: when cookies/SDKs need consent (Article 5(3)), what counts as strictly necessary (WP29 WP194).
Read Guide
14
ePrivacy vs GDPR (Cookie Stack Blueprint) | Align Consent UX, Tag Firing, Processing Purposes, and Evidence
A combined ePrivacy + GDPR implementation blueprint for cookies, tracking, and marketing.
Read Guide
15
EU Cookie Banner Requirements | ePrivacy Directive + GDPR Consent (EDPB) | UX Patterns + Test Cases
A practical cookie banner and CMP requirements guide: acceptance/reject parity, granularity, clear purposes, vendor transparency, no pre-ticked boxes.
Read Guide
Next step

Turn EU ePrivacy Directive Compliance Hub into a cited research workflow

EU ePrivacy Directive Compliance Hub should be the shared entry point for your team. Route execution into Research Copilot for live work and into SSOT when the artifact needs deeper research, evidence governance, or supporting analysis.

What this unlocks
  • Start from EU ePrivacy Directive Compliance Hub and route the work by entity, product, team, or control owner.
  • Use Research Copilot to answer scope, timing, and interpretation questions with cited outputs.
  • Use SSOT to keep documents, evidence, and control records in one governed system.
  • Move from artifact reading to accountable execution without rebuilding the guidance in separate files.
Recommended route
Open Research Copilot
Answer scope, timing, and interpretation questions with cited outputs for EU ePrivacy Directive Compliance Hub.
Supporting route
Open SSOT
Keep documents, evidence, and control records in one governed system from the same artifact.
Talk to Sorena
Talk through EU ePrivacy Directive Compliance Hub
Review your current process, evidence model, and next steps for EU ePrivacy Directive Compliance Hub.
Discuss your setup
EU ePrivacy Directive artifact preview
Share it internally
Download the artifact exports to align legal, product, engineering, and commercial teams.