Streamlined cookie rules on the EU agenda – what could change

View as Markdown
1 min read • Simon • GDPR • 23 September 2025
  1. What relaxations are being discussed under the eprivacy directive?
  2. Background and current legal position under the eprivacy directive
  3. What do changed EU cookie rules mean for businesses?

A lawyer assisting with cookies can help businesses prepare for potential changes as the European Commission considers simplifying today’s rules. The Commission has indicated it intends to relax certain requirements in the ePrivacy directive, including allowing pre-set choices in the browser (instead of visitors having to engage with cookie consent banners on every site). For now, consent remains required for all cookies that are not strictly necessary for the website’s functionality. Any organisation using cookies or similar technologies should therefore monitor developments to maintain GDPR cookie compliance. A timely website cookie audit can be an effective way to prepare, and a tailored cookie consent service can reduce future rework.

What relaxations are being discussed under the eprivacy directive?

The Commission has floated several ways to simplify the EU cookie rules. Among the ideas is enabling users to set general preferences in the browser so they do not need to accept cookies each time they visit a site. Proposals have also highlighted expanding exemptions for technically necessary cookies, or for less privacy-intrusive, non essential cookies that do not affect users’ private lives to the same extent.

Proposals discussed include:

  • General browser preferences: A setting that applies across sites instead of an individual consent banner, potentially reducing friction and improving gdpr cookie compliance.
  • Expanded exemptions: A broader scope for what qualifies as technically necessary cookies or otherwise less intrusive with respect to privacy under the eu cookie rules.

It is important to note these proposals are not yet adopted. The European Commission plans to present an omnibus proposal in December 2025, which may include these relaxations (the eu commission omnibus proposal). Organisations such as NOYB are critical, while many companies view the direction as positive for lowering costs and complexity. At the same time, there have been widespread breaches of current rules—often without consequence—because supervisory authorities have lacked sufficient resources or tools to intervene. This raises the question of whether the rules themselves are the problem, or rather the lack of effective cookie law enforcement.

Background and current legal position under the eprivacy directive

The ePrivacy directive underpins the current EU cookie framework. It requires consent for cookies that are not strictly necessary for a site to function, which has led to extensive use of cookie consent banners—frequently perceived as burdensome for both users and site owners. The most recent attempt to replace the directive with an ePrivacy regulation failed in February this year, when the EU institutions could not reach a compromise. The new streamlining initiative follows that outcome and aims both to reduce bureaucracy and to provide greater clarity for website operators and users. At the same time, many stakeholders—including supervisory authorities—have noted that numerous companies have knowingly ignored cookie consent requirements with limited risk of intervention, suggesting that supervision must be part of the overall solution. A structured website cookie audit and gdpr cookie audit remain pragmatic steps pending any reform of the eu cookie rules.

What do changed EU cookie rules mean for businesses?

If relaxations are introduced, businesses may need to prepare by taking the following steps:

  • Review how you use cookies and whether they can be categorised as strictly necessary cookies, technically necessary cookies or less privacy-intrusive non essential cookies.
  • Update your policies and consent mechanisms to be ready for potential general browser settings, and assess whether your current cookie consent service can accommodate such changes.
  • Revisit documentation and processes for managing consent, including cookie consent documentation and audit trails aligned with cookie consent requirements.

For the time being, consent is still required for all cookies that are not strictly necessary. We recommend tracking developments closely and adjusting procedures incrementally. At Morling Consulting, we provide advisory and implementation support for consent management, cookie policies and reviews of your compliance with GDPR and the ePrivacy directive—delivered as a practical cookie consent service and supported by a thorough website cookie audit where appropriate.

AML compliance officer reviewing customer due diligence, risk assessment and monitoring alerts, with compliance checklist and legal shield icon.

22 January 2026

Role and responsibilities of the AML specialist – a compliance perspective
Read more
Illustration of a legal professional at a desk with a digital interface showing structured regulatory compliance, internal controls, and AML processes for financial institutions.

21 January 2026

Exemptions for financial activities, prior notification and internal controls under the AMLR
Read more
Lawyer consulting a client at a desk, discussing legal advice and compliance documents, with contract approval icons on screen.

20 January 2026

When to ask a lawyer for faster answers at lower cost
Read more