Worldwide regulations
COKIQ now maps the major website consent regions teams ask about: GDPR, UK GDPR, India DPDP, CCPA/CPRA, US state privacy, GPC and GPP signal readiness, Brazil LGPD, Canada PIPEDA, South Africa POPIA, Singapore PDPA, Gulf privacy laws, China PIPL, APAC, LATAM, Google Consent Mode v2, and IAB TCF roadmap.
This page is a product capability map, not legal advice or a compliance certificate. Legal wording, jurisdiction applicability, and regulator-specific decisions still need customer-side counsel review where required.
Claim discipline
The goal is to compete with bigger CMP platforms without copying claims we cannot prove. COKIQ separates product evidence, legal-review support, and external certification work.
COKIQ can scan the site, detect cookies and scripts, show banner choices, block known non-essential trackers, update Google Consent Mode v2, record consent evidence, and export reports.
COKIQ can provide the operational workflow and evidence pack, but local applicability, exact wording, threshold checks, data-transfer positions, and sector-specific requirements need customer-side counsel review.
Some items require external certification, formal audit, marketplace approval, verified self-attestation, or a separate technical standard. COKIQ labels these clearly instead of presenting future work as current compliance.
Many laws depend on user location, company location, revenue, sector, processing purpose, sensitive data, employee/customer context, and whether data is sold, shared, transferred, or profiled.
Google CMP certification, IAB TCF participation, app-store approval, SOC 2, and ISO cannot be self-declared by COKIQ. They need program review, audits, or third-party certification.
COKIQ can produce evidence and workflow checklists, but final privacy notices, DPA terms, transfer language, Arabic/local-language clauses, and regulator-facing legal conclusions need qualified review.
Pixels, tag managers, chat widgets, video embeds, affiliate scripts, and ecommerce apps change often. COKIQ supports known blocking patterns and scan evidence, then expands vendor recipes through QA.
What COKIQ provides
This is the practical coverage customers can expect from COKIQ today. The product helps teams operate consent correctly; it does not replace a lawyer or claim certifications that are not granted.
How we add coverage
COKIQ can keep adding regions, but each one must move through a source-backed product process before the website says it is available.
Coverage map
European Union / EEA
EU-facing websites usually need prior consent for non-essential cookies, granular choices, easy withdrawal, and evidence of the visitor choice.
United Kingdom
UK cookie compliance combines UK GDPR personal-data duties with PECR rules for storing or accessing information on a user device.
India
India DPDP work focuses on clear notice, consent, withdrawal, data principal rights, purpose limitation, and accountability for digital personal data.
United States
US privacy work often centers on notice, opt-out choices, sale/share disclosures, sensitive-data handling, and recurring tracker review.
United States - Virginia
Virginia CDPA programs need privacy notices, consumer rights routing, opt-out controls for targeted advertising or sale where applicable, and records for operational review.
United States - Colorado
Colorado privacy work includes consumer rights, targeted advertising and sale opt-outs, sensitive-data review, and recognition of universal opt-out signals.
United States - Utah
Utah privacy readiness focuses on clear notices, consumer rights routing, opt-out review for sale or targeted advertising, and practical tracker documentation.
United States - Connecticut
Connecticut privacy programs require notices, consumer rights handling, targeted advertising and sale opt-outs, sensitive-data review, and evidence of choices.
United States - Texas
Texas privacy readiness includes notices, consumer rights, opt-out controls, sensitive-data review, and operational evidence for qualifying businesses.
United States - newer state laws
Newer US privacy laws expand the need for notices, opt-out review, sensitive-data handling, universal opt-out signal review, and recurring tracker documentation across more state audiences.
United States - Oregon
Oregon privacy programs need notice, consumer rights routing, opt-out support, and attention to sensitive-data handling and tracker disclosures.
Brazil
Brazil LGPD applies personal-data principles to cookies and tracking where they identify or can relate to a person.
Canada
Canadian website privacy work usually requires meaningful consent, purpose clarity, safeguards, access rights, and accountable data handling.
South Africa
POPIA regulates processing of personal information and requires accountable, purpose-limited handling of personal data collected through digital channels.
Singapore
Singapore PDPA sets baseline personal-data protection duties including consent, purpose notification, protection, retention, transfer, and accountability.
United Arab Emirates
UAE privacy readiness needs clear notice, consent or lawful-basis review, data subject request routing, security controls, and transfer review for websites serving UAE users.
Saudi Arabia
Saudi PDPL readiness focuses on notice, lawful processing, consent where required, rights handling, transfer review, security, and local regulatory alignment.
Qatar / Bahrain / wider Gulf
Wider Gulf privacy work varies by jurisdiction, but websites commonly need clear notice, consent or lawful-basis review, contact-form discipline, tracker transparency, and local counsel review.
APAC broader coverage
APAC privacy rules vary by country, but website operations commonly need notice, consent or lawful-basis review, purpose clarity, retention discipline, and user-rights routing.
Australia
Australian privacy readiness focuses on transparent collection notices, cookie and tracking disclosure, direct marketing review, security, and access/correction request handling.
Thailand
Thailand PDPA website work usually needs notice, consent or lawful-basis review, withdrawal handling, rights request routing, and data-transfer review.
China
China PIPL readiness for websites needs purpose disclosure, consent or separate-consent review, rights request routing, cross-border transfer review, and local legal validation.
Hong Kong
Hong Kong PDPO website readiness focuses on collection notices, purpose clarity, data-user accountability, direct marketing review, security, and rights request handling.
Malaysia
Malaysia PDPA readiness needs notice, consent review, disclosure purpose, security safeguards, retention discipline, and review of transfer or processor arrangements.
Indonesia
Indonesia PDP readiness for websites needs clear notice, lawful processing review, consent or rights handling, security safeguards, and local regulatory review for electronic systems.
Philippines
Philippines privacy readiness focuses on transparency, legitimate purpose, proportionality, consent or lawful processing review, security, and data-subject rights routing.
Canada - Quebec
Quebec Law 25 adds privacy governance, transparency, consent, and confidentiality-by-default expectations that can affect website cookies and trackers.
Switzerland
Swiss FADP readiness includes transparent processing notices, purpose clarity, data subject rights routing, and transfer/vendor review where tracking identifies people.
Japan
Japan APPI website readiness focuses on purpose disclosure, personal-data handling transparency, third-party transfer review, and user request routing.
South Korea
South Korean privacy readiness often requires detailed notice, consent review, third-party disclosure, retention controls, and rights request handling.
New Zealand
New Zealand website privacy readiness requires clear collection notices, purpose and disclosure transparency, security, retention discipline, and access/correction request handling.
Turkey
Turkey KVKK readiness needs information notice review, explicit-consent review where required, transfer review, data security, and request handling.
Mexico
Mexico privacy readiness for websites focuses on privacy notice quality, consent or exception review, ARCO rights routing, transfer disclosure, and security controls.
Argentina
Argentina privacy readiness includes notice, data-subject rights, database/controller accountability, purpose limitation, security, and transfer review where website tracking identifies people.
Ads and publisher frameworks
Advertising and publisher ecosystems add operational requirements on top of legal duties, especially for Google tags, remarketing, conversion tracking, and EU ad serving.
Implementation discipline
COKIQ should keep the same product promise across every market: scan first, control scripts, show clear choices, keep evidence, review changes, and avoid unsupported legal-certification claims.