In May 2026, Google announced that Google tag and Google Tag Manager will merge. This change in functionality may also affect the data protection assessment of your setup.
To date, at least two scripts, gtag.js and gtm.js, are used as standard when working with Google tag and Google Tag Manager (GTM). In the future, however, GTM will also take over the functions of Google tag. It will then no longer serve merely as a vehicle for further processing activities but will itself be able to transmit analytics and marketing information directly to Google.
If GTM is used exclusively to load tools that do not require consent and can be classified as ‘strictly necessary’ under Article 5(3) of the ePrivacy Regulation, no consent is required for GTM either. The situation is different if GTM is used to load tools that require consent, such as marketing scripts. In this case, the GTM script may only be retrieved from the end device after consent has been obtained.
What should be considered following the merger of Google tag and GTM?
a) If you use Google tags, consent is required for the GTM script. This means that your Consent Management Platform must control the loading of gtm.js. You can no longer load your CMP via GTM. Consent has to be obtained before gtm.js is loaded.
b) If you want to continue using GTM exclusively for scripts that do not require consent, be sure to disable all Google tag functions that require consent.
The good news is that existing implementations will not be automatically changed for the time being, although Google already recommends an upgrade, which is easy to perform. If you’d like to switch over now, we’d be happy to assist you with the correct implementation regarding any potential consent requirements.