---
title: "EU ePrivacy Directive vs UK PECR: source-limited cookie and marketing comparison"
canonical_url: "https://www.sorena.io/artifacts/eu/eprivacy-directive/eprivacy-vs-uk-pecr"
source_url: "https://www.sorena.io/artifacts/eu/eprivacy-directive/eprivacy-vs-uk-pecr"
author: "Sorena AI"
description: "Compare EU ePrivacy Directive rules with a source-limited UK PECR workstream for cookies, terminal equipment, direct marketing, consent, soft opt-in, and evidence."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "EU ePrivacy Directive"
  - "UK PECR"
  - "cookies"
  - "Article 5(3)"
  - "consent"
  - "soft opt-in"
  - "direct marketing"
  - "terminal equipment"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# EU ePrivacy Directive vs UK PECR: source-limited cookie and marketing comparison

Compare EU ePrivacy Directive rules with a source-limited UK PECR workstream for cookies, terminal equipment, direct marketing, consent, soft opt-in, and evidence.

*Comparison Guide* *EU*

## EU ePrivacy Directive vs UK PECR

Use this comparison to separate EU ePrivacy evidence from UK PECR follow-up where the available source set only grounds the EU side.

The grounded rows cover cookies, terminal-equipment access, direct marketing, consent quality, soft opt-in logic, and evidence limits without inventing UK-specific rules or penalties.

This page compares EU ePrivacy Directive requirements with a UK PECR workstream only where the supplied source set supports the point. The EU side is grounded in the ePrivacy Directive, Article 5(3) technical guidance, consent guidance, GDPR/ePrivacy interplay guidance, and Commission material. The UK PECR side is deliberately marked as source-limited because this grounding set does not include a PECR primary text or UK regulator PECR guidance.

## EU ePrivacy Directive vs UK PECR: grounded rows and source limits

Use the EU column for sourced ePrivacy rules. Use the PECR column as a source-gap handoff where this artifact does not contain UK primary or regulator grounding.

- **EU ePrivacy Directive**: Grounded in the supplied EU ePrivacy sources for Article 5(3), direct marketing, consent, soft opt-in logic, and GDPR/ePrivacy interplay.
- **UK PECR**: Source-limited in this artifact: no PECR primary text or UK PECR regulator guidance is present in the supplied grounding folder, so UK conclusions need separate sourcing.

| Dimension | EU ePrivacy Directive | UK PECR | Operational implication | Sources |
| --- | --- | --- | --- | --- |
| Scope boundary | Article 5(3) covers storing information or gaining access to information already stored in a subscriber's or user's terminal equipment; EDPB guidance frames the test around information, terminal equipment, storage, and access, and it is not limited to ordinary cookies. | Treat PECR cookie and terminal-equipment analysis as a parallel review, but do not state the UK rule from this source set. Attach UK PECR primary or regulator support before finalizing the UK conclusion. | Build one tracker inventory, then label each conclusion separately: EU Article 5(3) supported here, PECR pending UK source validation. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.<br>[EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion. |
| Covered actors | EU cookie consent exemptions are narrow: the cookie must be solely for transmitting a communication, or strictly necessary for a specific information-society service explicitly requested by the user. | Do not assume the same exemption wording, regulator interpretation, or examples for PECR from this artifact. Use the EU test as a prompt for UK validation. | For each claimed exemption, record the requested service, why the function fails without the tracker, and whether the exemption is EU-supported or PECR-unvalidated. | [WP29 Opinion 04/2012 on cookie consent exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Supports the evidence needed to defend an EU exemption analysis. |
| Trigger | Article 13 requires prior consent for electronic mail direct marketing, subject to the customer-contact rule for the sender's own similar products or services with a clear, easy, free opportunity to object at collection and in every later message. | Keep PECR marketing conclusions provisional unless the campaign record includes UK PECR support for the channel, recipient type, consent or soft opt-in basis, sender identity, and opt-out wording. | Shared campaign evidence can include source of contact, sale context, product similarity, message copy, sender identity, unsubscribe path, suppression result, and source label. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU evidence fields for direct-marketing and objection records. |
| Core obligations | EU consent evidence should show real choice, clear information, an affirmative action, ability to demonstrate consent, and withdrawal without detriment; scrolling or similar passive activity is not enough for unambiguous consent. | Use the same operational evidence categories for PECR review, but do not state PECR-specific consent guidance from this EU-only source set. | CMP and campaign logs should capture notice version, purposes, positive action, timestamp, withdrawal route, and proof that refusal or withdrawal does not penalize the user. | [EDPB Guidelines 05/2020 on consent](https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports keeping consent logs and withdrawal evidence reviewable. |
| Evidence record | EU evidence can be reused across cookie, analytics, consent, and marketing reviews only when each record says which Article 5(3), Article 13, consent, or GDPR/ePrivacy interplay point it supports. | PECR evidence can share the same inventory and logs, but the UK conclusion remains blocked until a PECR source is attached. | Use one evidence pack with two source columns: EU source attached, PECR source missing or attached. Do not let a blank PECR source column become an approval. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU source labels used in the shared evidence pack. |
| Timing and deadlines | EDPB Opinion 5/2019 explains that Articles 5(3) and 13 can apply to website operators and other businesses, and that ePrivacy-specific rules can coexist with GDPR where personal data is involved. | Do not use GDPR analysis alone to close a PECR question. Keep the PECR statutory or regulator check separate from any UK GDPR analysis. | A DPIA, lawful-basis record, or privacy notice does not supersede the cookie, terminal-equipment, or direct-marketing source check. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports separate evidence for ePrivacy-specific conclusions instead of relying only on GDPR records. |
| Enforcement | Article 5(3) covers storing information or gaining access to information already stored in a subscriber's or user's terminal equipment; EDPB guidance frames the test around information, terminal equipment, storage, and access, and it is not limited to ordinary cookies. | Treat PECR cookie and terminal-equipment analysis as a parallel review, but do not state the UK rule from this source set. Attach UK PECR primary or regulator support before finalizing the UK conclusion. | Build one tracker inventory, then label each conclusion separately: EU Article 5(3) supported here, PECR pending UK source validation. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.<br>[EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion. |
| Overlap and reuse | Article 5(3) covers storing information or gaining access to information already stored in a subscriber's or user's terminal equipment; EDPB guidance frames the test around information, terminal equipment, storage, and access, and it is not limited to ordinary cookies. | Treat PECR cookie and terminal-equipment analysis as a parallel review, but do not state the UK rule from this source set. Attach UK PECR primary or regulator support before finalizing the UK conclusion. | Build one tracker inventory, then label each conclusion separately: EU Article 5(3) supported here, PECR pending UK source validation. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.<br>[EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion. |
| Practical decision rule | Article 5(3) covers storing information or gaining access to information already stored in a subscriber's or user's terminal equipment; EDPB guidance frames the test around information, terminal equipment, storage, and access, and it is not limited to ordinary cookies. | Treat PECR cookie and terminal-equipment analysis as a parallel review, but do not state the UK rule from this source set. Attach UK PECR primary or regulator support before finalizing the UK conclusion. | Build one tracker inventory, then label each conclusion separately: EU Article 5(3) supported here, PECR pending UK source validation. | [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.<br>[EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion. |

Sources for Scope boundary - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.
  - Quote: "terminal equipment"
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports applying Article 5(3) to storage and access operations beyond conventional cookies.
  - Quote: "gaining access"

Sources for Scope boundary - operational implication:

- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion.
  - Quote: "stored information and storage"

Sources for Covered actors - EU ePrivacy Directive:

- [WP29 Opinion 04/2012 on cookie consent exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Supports the EU exemption tests for transmission-only and strictly necessary cookies.
  - Quote: "strictly necessary"

Sources for Covered actors - operational implication:

- [WP29 Opinion 04/2012 on cookie consent exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Supports the evidence needed to defend an EU exemption analysis.
  - Quote: "explicitly requested"

Sources for Trigger - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 13 direct-marketing consent and customer-contact rules.
  - Quote: "direct marketing"

Sources for Trigger - operational implication:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU evidence fields for direct-marketing and objection records.
  - Quote: "electronic mail"

Sources for Core obligations - EU ePrivacy Directive:

- [EDPB Guidelines 05/2020 on consent](https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports EU consent-quality, demonstration, and withdrawal evidence expectations.
  - Quote: "withdraw consent"

Sources for Core obligations - operational implication:

- [EDPB Guidelines 05/2020 on consent](https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports keeping consent logs and withdrawal evidence reviewable.
  - Quote: "demonstrate consent"

Sources for Evidence record - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports keeping ePrivacy-specific conclusions separately labelled.
  - Quote: "particularise and complement"

Sources for Evidence record - operational implication:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU source labels used in the shared evidence pack.
  - Quote: "Article 13"

Sources for Timing and deadlines - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports separating ePrivacy-specific obligations from general data-protection obligations for electronic communications.
  - Quote: "particularise and complement"

Sources for Timing and deadlines - operational implication:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports separate evidence for ePrivacy-specific conclusions instead of relying only on GDPR records.
  - Quote: "particularise and complement"

Sources for Enforcement - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.
  - Quote: "terminal equipment"
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports applying Article 5(3) to storage and access operations beyond conventional cookies.
  - Quote: "gaining access"

Sources for Enforcement - operational implication:

- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion.
  - Quote: "stored information and storage"

Sources for Overlap and reuse - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.
  - Quote: "terminal equipment"
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports applying Article 5(3) to storage and access operations beyond conventional cookies.
  - Quote: "gaining access"

Sources for Overlap and reuse - operational implication:

- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion.
  - Quote: "stored information and storage"

Sources for Practical decision rule - EU ePrivacy Directive:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU Article 5(3) storage/access rule for terminal equipment.
  - Quote: "terminal equipment"
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports applying Article 5(3) to storage and access operations beyond conventional cookies.
  - Quote: "gaining access"

Sources for Practical decision rule - operational implication:

- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Supports the EU-side evidence categories that should be kept distinct from any later PECR conclusion.
  - Quote: "stored information and storage"

### How should teams decide what is grounded?

- Use this page to make EU ePrivacy decisions for cookies, terminal equipment, direct marketing, consent, soft opt-in, and evidence.
- Open a separate PECR source task before approving UK cookie or marketing conclusions.
- Do not cite PECR penalties, UK regulator powers, or PECR-specific guidance from this artifact.
- Reuse inventories and logs only when each item carries an EU source label and a separate PECR source label or source-gap marker.

Sources for the practical decision rule:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Primary EU source for the grounded ePrivacy conclusions on this page.
  - Quote: "privacy and electronic communications"
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Primary EU guidance for tracker and terminal-equipment scoping on this page.
  - Quote: "technical scope of Art. 5(3)"

## Use the comparison as an evidence boundary, not a UK legal summary

Start with the EU ePrivacy rule and the product fact pattern: storage or access on terminal equipment, cookies or similar technologies, direct marketing by electronic mail, consent quality, customer-contact reuse, and proof that consent can be demonstrated or withdrawn.

For UK PECR, do not copy the EU conclusion unless a UK source has been checked outside this artifact. Treat the UK column as a control handoff: it identifies the same operational evidence that a PECR review usually needs, but it does not state UK-specific penalties, regulator powers, or detailed statutory wording.

- Keep EU evidence labelled with the EU source that supports it.
- Mark PECR decisions as pending UK source validation when the only available source is EU ePrivacy material.
- Do not merge EU Member State implementation notes with UK PECR conclusions.
- Escalate before launch when cookies, analytics, marketing channels, consent screens, suppression logic, or withdrawal paths change.

Sources for this answer:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Grounds EU rules on confidentiality, terminal-equipment storage/access, traffic and location data, and unsolicited communications.
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Grounds the Article 5(3) test for information, terminal equipment, storage, and access beyond ordinary cookies.

## What EU facts can be compared with PECR follow-up?

Article 5(3) is the cookie and terminal-equipment anchor: storing information or gaining access to information already stored in a user's terminal equipment requires consent unless a narrow transmission or strictly necessary service-request exemption applies.

Article 13 is the direct-marketing anchor: automated calling systems, fax, or electronic mail for direct marketing require prior consent, while customer electronic contact details can be reused for the same person's own similar products or services only with a clear, easy, free objection opportunity at collection and in every later message.

- Classify each tracker by storage/access operation, purpose, party, duration, and whether the requested service fails without it.
- Record direct-marketing source, customer relationship, similar-product rationale, opt-out language, suppression behavior, and message-level unsubscribe test.
- Keep consent evidence that shows the user had a real choice, received clear information, gave an affirmative indication, and can withdraw without detriment.
- For PECR, use these same evidence categories as a review checklist, then attach UK-specific source support before treating the answer as final.

Sources for this answer:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports the EU direct-marketing consent rule, customer-contact exception, and Article 5(3) terminal-equipment rule.
- [WP29 Opinion 04/2012 on cookie consent exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Explains the narrow Article 5(3) exemptions for transmission-only cookies and strictly necessary cookies requested by the user.
- [EDPB Guidelines 05/2020 on consent](https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports evidence expectations for freely given, informed, affirmative, demonstrable, and withdrawable consent.

## Where the comparison stops

This artifact does not state PECR penalty amounts, UK enforcement powers, UK regulator guidance positions, or PECR-specific statutory wording because those facts are not present in the supplied EU ePrivacy grounding folder.

The useful output is therefore a split record: an EU ePrivacy conclusion that can be traced to the sources on this page, plus a PECR validation task that names the missing UK source, owner, and decision deadline.

- Blocked PECR facts should be labelled as source gaps, not filled from memory.
- EU Article 5(3), Article 13, consent, and GDPR/ePrivacy interplay points can be used immediately for EU scoping.
- PECR conclusions should remain provisional until a UK primary or regulator source is attached.
- Shared evidence can be reused only after each jurisdiction-specific conclusion is separately sourced.

Sources for this answer:

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Supports keeping ePrivacy-specific obligations separate because the Directive particularises and complements general data-protection rules for electronic communications.
- [European Commission ePrivacy overview](https://digital-strategy.ec.europa.eu/en/library/eprivacyeu-towards-future-proof-legal-framework-online-privacy?ref=sorena.io) - Explains the Commission view that ePrivacy protects electronic communications and device confidentiality alongside GDPR.

*Recommended next step*

*Placement: before sources*

## Use this ePrivacy and PECR comparison as a validation checklist

Sorena can turn the EU-sourced rows into owner assignments, evidence requests, and PECR source-gap follow-ups without merging unsupported jurisdiction-specific claims.

- [Open Research Copilot for ePrivacy](/solutions/research-copilot.md): Ask source-linked questions about Article 5(3), direct marketing, consent evidence, and PECR source gaps using the cited sources on this page.
- [Talk through implementation](/contact.md): Review cookie, analytics, marketing, consent, and PECR validation records before product or campaign launch.

## Primary sources

- [Directive 2002/58/EC (ePrivacy Directive)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&ref=sorena.io) - Primary EU source for the grounded ePrivacy conclusions on this page.
  - Quote: "privacy and electronic communications"
- [EDPB Guidelines 2/2023 on the technical scope of Article 5(3)](https://www.edpb.europa.eu/system/files/2023-11/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_en.pdf?ref=sorena.io) - Primary EU guidance for tracker and terminal-equipment scoping on this page.
  - Quote: "technical scope of Art. 5(3)"
- [WP29 Opinion 04/2012 on cookie consent exemption](https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf?ref=sorena.io) - Supports the evidence needed to defend an EU exemption analysis.
  - Quote: "explicitly requested"
- [EDPB Guidelines 05/2020 on consent](https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf?ref=sorena.io) - Supports keeping consent logs and withdrawal evidence reviewable.
  - Quote: "demonstrate consent"
- [European Commission ePrivacy overview](https://digital-strategy.ec.europa.eu/en/library/eprivacyeu-towards-future-proof-legal-framework-online-privacy?ref=sorena.io) - Grounds the Commission explanation that ePrivacy protects communications and device confidentiality alongside GDPR.
  - Quote: "electronic communications and the device"

## Related Topic Guides

- [Are cookie walls allowed under the EU ePrivacy Directive?](/artifacts/eu/eprivacy-directive/faq/cookie-walls.md): FAQ answer on cookie walls under the EU ePrivacy Directive, covering freely given consent, refusal and withdrawal paths, banner evidence, and national-law caveats.
- [Do Analytics Cookies Require Consent under the EU ePrivacy Directive?](/artifacts/eu/eprivacy-directive/faq/analytics-cookies.md): FAQ answer on analytics cookies under Article 5(3) ePrivacy, limited analytics exemptions, configuration evidence, consent logs, and national-law caveats.
- [ePrivacy cookie consent vs DSA ads obligations: source-limited comparison](/artifacts/eu/eprivacy-directive/eprivacy-vs-dsa-ads.md): Compare ePrivacy cookie and tracking-consent duties with DSA ads workstreams without merging consent, transparency, and evidence obligations.
- [ePrivacy Directive vs GDPR: cookies, communications, consent, and evidence](/artifacts/eu/eprivacy-directive/eprivacy-directive-vs-gdpr.md): Compare the EU ePrivacy Directive and GDPR across subject matter, lex specialis overlap, terminal equipment, communications confidentiality, marketing, consent, enforcement, and evidence.
- [EU cookie banner requirements under the ePrivacy Directive](/artifacts/eu/eprivacy-directive/eu-cookie-banner-requirements.md): EU ePrivacy cookie banner requirements for non-exempt cookies and trackers: prior consent, reject choices, no pre-ticked boxes, withdrawal, analytics limits, cookie walls, and evidence logs.
- [EU ePrivacy analytics cookies: consent, exemption, and evidence guide](/artifacts/eu/eprivacy-directive/analytics-cookies.md): source-linked guide to analytics cookies under EU ePrivacy: Article 5(3) scope, when consent is usually needed, limited analytics exemptions, consent records, and evidence gaps.
- [EU ePrivacy Applicability Test for Cookies, SDKs, Pixels, Communications, and Marketing](/artifacts/eu/eprivacy-directive/applicability-test.md): A concrete EU ePrivacy Directive applicability test for electronic communications services, terminal-equipment storage or access, cookies, SDKs, pixels, local storage, direct marketing, GDPR overlap, and evidence.
- [EU ePrivacy Article 5(3) terminal equipment test](/artifacts/eu/eprivacy-directive/article-5-3-terminal-equipment-test.md): A source-linked Article 5(3) test for cookies, pixels, local identifiers, device APIs, strictly necessary exceptions, and consent evidence.
- [EU ePrivacy Confidentiality of Communications: Article 5 controls](/artifacts/eu/eprivacy-directive/confidentiality-of-communications.md): Article 5 confidentiality guide for EU ePrivacy communications, traffic data, metadata, terminal-equipment access, consent limits, and GDPR interplay.
- [EU ePrivacy consent-log evidence workflow for cookies and trackers](/artifacts/eu/eprivacy-directive/consent-log-evidence-workflow.md): Build an ePrivacy consent-log workflow that records cookie and tracker decisions, banner versions, consent signals, withdrawals, vendor evidence, and audit-ready outputs.
- [EU ePrivacy cookie banner UX test cases](/artifacts/eu/eprivacy-directive/banner-ux-test-cases.md): source-linked cookie banner UX tests for Article 5(3) ePrivacy consent: reject all, pre-ticked boxes, withdrawal, cookie walls, analytics toggles, and consent evidence.
- [EU ePrivacy Cookie Scope Classifier Workflow](/artifacts/eu/eprivacy-directive/cookie-scope-classifier-workflow.md): Classify cookies, pixels, SDKs, local storage, device identifiers, and analytics tracers under Article 5(3) ePrivacy rules, with consent and exemption evidence outputs.
- [EU ePrivacy direct-marketing consent checklist](/artifacts/eu/eprivacy-directive/direct-marketing-consent-checklist.md): Checklist for ePrivacy Directive direct-marketing messages: consent, soft opt-in, sender identity, opt-out handling, proof records, suppression, and national-law caveats.
- [EU ePrivacy Directive compliance calendar for cookies, consent, and marketing](/artifacts/eu/eprivacy-directive/deadlines-and-compliance-calendar.md): source-linked ePrivacy calendar covering Directive milestones, Article 5(3) cookie reviews, consent evidence, direct marketing checks, and national-law follow-up.
- [EU ePrivacy Directive Compliance Checklist](/artifacts/eu/eprivacy-directive/checklist.md): A concrete ePrivacy checklist for terminal equipment access, cookie consent, exemptions, banner UX, direct marketing, confidentiality, GDPR interplay, and evidence records.
- [EU ePrivacy Directive Compliance Guide for Cookies, Marketing, and Communications](/artifacts/eu/eprivacy-directive/compliance.md): Practical ePrivacy Directive compliance checks for terminal equipment, communications confidentiality, cookie consent, exemptions, direct marketing, evidence, and national-law caveats.
- [EU ePrivacy Directive Cookies and Consent: Article 5(3), exemptions, and banner evidence](/artifacts/eu/eprivacy-directive/cookies-and-consent.md): Cookie consent guide for the EU ePrivacy Directive: Article 5(3) scope, strictly necessary and transmission exemptions, consent UX, withdrawal, logs, analytics caveats, and GDPR interplay.
- [EU ePrivacy Directive direct marketing rules for electronic mail](/artifacts/eu/eprivacy-directive/direct-marketing-rules.md): source-linked guide to Article 13 ePrivacy Directive rules for electronic mail marketing, prior consent, customer soft opt-in, opt-out handling, sender identity, and Member State caveats.
- [EU ePrivacy Directive Enforcement and Fines](/artifacts/eu/eprivacy-directive/enforcement-and-fines.md): Source-grounded guide to ePrivacy Directive enforcement, national penalties, competent authorities, GDPR interplay, cookie-banner risk, and evidence limits.
- [EU ePrivacy Directive FAQ: cookies, consent, marketing, GDPR interplay](/artifacts/eu/eprivacy-directive/faq.md): Answers to recurring EU ePrivacy Directive questions on Article 5(3), terminal-equipment access, cookie consent, exemptions, analytics, direct marketing, GDPR interplay, national enforcement, and evidence.
- [EU ePrivacy Directive Member State Cookie Rules](/artifacts/eu/eprivacy-directive/member-state-cookie-rules.md): How to evidence EU ePrivacy cookie compliance when Article 5(3) is implemented through Member State law and national authority practice.
- [EU ePrivacy Directive Metadata and Location Data Guide](/artifacts/eu/eprivacy-directive/metadata-and-location-data.md): source-linked guide to EU ePrivacy Directive rules for traffic data, location data, anonymisation, consent, value-added services, Article 5(3) overlap, and national-law limits.
- [EU ePrivacy Directive penalties and fines: national enforcement caveats](/artifacts/eu/eprivacy-directive/penalties-and-fines.md): source-linked guide to ePrivacy Directive penalty exposure, national transposition caveats, cookie enforcement evidence, consent defects, and GDPR overlap limits.
- [EU ePrivacy Directive Requirements: cookies, communications and marketing](/artifacts/eu/eprivacy-directive/requirements.md): source-linked map of EU ePrivacy Directive requirements for communications confidentiality, terminal-equipment access, consent, traffic and location data, and direct marketing.
- [EU ePrivacy Directive vs GDPR: cookies, communications, marketing, and evidence](/artifacts/eu/eprivacy-directive/eprivacy-vs-gdpr.md): Compare the EU ePrivacy Directive and GDPR by trigger, consent standard, lex specialis overlap, enforcement caveats, and evidence outputs for cookies, device access, communications, and marketing.
- [EU ePrivacy soft opt-in FAQ for email marketing](/artifacts/eu/eprivacy-directive/faq/soft-opt-in.md): When Article 13(2) soft opt-in can support EU customer email marketing, including existing-customer, similar-offer, opt-out, sender-identity, suppression-list, and national-law checks.
- [EU ePrivacy soft opt-in marketing checklist](/artifacts/eu/eprivacy-directive/soft-opt-in-marketing.md): source-linked checklist for using the EU ePrivacy Directive soft opt-in exception for customer email marketing, opt-outs, sender identity, suppression records, and national-law caveats.
- [EU ePrivacy soft opt-in marketing review workflow](/artifacts/eu/eprivacy-directive/soft-opt-in-marketing-review-workflow.md): Review whether an EU electronic-mail marketing send can rely on the ePrivacy soft opt-in, with checks for customer relationship evidence, similar products, opt-out, sender identity, suppression records, and national-law caveats.
- [EU ePrivacy Strictly Necessary Cookie Exemptions](/artifacts/eu/eprivacy-directive/strictly-necessary-exemptions.md): source-linked guide to the Article 5(3) ePrivacy exemptions for transmission cookies, requested-service cookies, analytics caveats, evidence, and national-law checks.
- [Is a reject-all button required for EU ePrivacy cookie consent?](/artifacts/eu/eprivacy-directive/faq/reject-all-button.md): Standalone FAQ answer on EU ePrivacy reject-all and refuse options for cookie banners, including equal prominence, deceptive UX, consent evidence, withdrawal, and national-law caveats.
- [Strictly Necessary Cookies under the EU ePrivacy Directive](/artifacts/eu/eprivacy-directive/faq/strictly-necessary-cookies.md): FAQ answer on when EU ePrivacy Article 5(3) allows cookies without consent, with grounded examples, analytics caveats, evidence records, and national-law cautions.
- [What should CMP consent logs retain under the EU ePrivacy Directive?](/artifacts/eu/eprivacy-directive/faq/cmp-consent-logs.md): FAQ answer on CMP consent logs for EU ePrivacy cookie consent: retained fields, consent validity signals, banner versioning, refusal and withdrawal events, proof limits, and national-law caveats.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/eprivacy-directive/eprivacy-vs-uk-pecr