Pubvendors.json – Everything You Need to Know!

Updated on: January 3, 2024
IAB Tech Lab and IAB Europe released 'pubvendors.json' and updated the GDPR Consent Framework for publishers. Let's learn what is pubvendors.json and how it's going to help publishers. 

Soon after announcing the first version of ‘GDPR Consent Framework’ to help publishers and Adtech Vendors to comply with the upcoming GDPR law, IAB Tech Lab and IAB Europe recently launched new supporting tech specifications – Pubvendors.json for Publishers and Mobile In-app Framework for app developers.

What is Pubvendors.json?

The pubvendors.json is an add-on to the initially released GDPR Consent Framework. It is intended to help publishers to handle and manage the Vendors more effectively.


  • It provides guidelines for publishers to index the vendors (third-parties) they’ve partnered with and their respective data rights/policies.
  • It allows vendors to check the consent status of the publisher and also, confirm the consent status of a string (DaisyBit) outputted by the Consent Management Platform (CMP).
  • It places a standard way for publishers to whitelist vendors.
  • Most importantly, it enables publishers to limit features and purposes on a per-vendor basis. For instance, the publisher can set a purpose and limit features for a specific vendor, as promised by the last framework update.

“The feedback from publishers since we launched the public consultation on the first version of the specs for the Transparency and Consent Framework included a couple of strong messages,” noted Townsend Feehan, CEO, IAB Europe.  “First, publishers wanted even more control with respect to data processing purposes, notably to be able to authorize different partners to leverage different purposes. Second, they wanted more control over which legal bases their partners could adduce.  The pubvendors.json solution is a rapid response to accommodate these requirements.”

Also read: What is DaisyBit? And, why it’s an integral part of programmatic Advertising?

What is Mobile In-App Framework?

It’s the GDPR Consent Framework designed for App developers. Similar to publishers, mobile app developers can embrace the framework to comply with the law. In this announcement, IAB released the technical specifications such as CMP endpoints, App developers’ storage, API Specs, and others.  

“The continued dominance of apps in mobile environments made supporting tech specs on that front particularly vital, and we’re pleased that our working group moved quickly to close that gap.”

 – Dennis Buchheim, Senior Vice President, and General Manager, IAB Tech Lab

Are they finalized yet?

Yes. As per the custom, the specifications have been kept open for feedback and comments from the publishers, developers, and vendors for a month. But now it is completely up and running in the market. 

What’s Next?

You should start implementing CMPs and pubvendors.json if your website(s) has a considerable chunk of EU visitors. However, we advise you to go with IAB-registered CMPs as they are reliable and verified by the consortium.

Furthermore, no one knows the right way to do it. In fact, certain publishers have implemented CMPs in the wrong manner. Some are completely running a no-ad site for EU users while some are experimenting with paywalls.

What’s happening in the market:

Two publishers have publicly endorsed the arrival of GDPR Consent Framework: Axel Springer and Schibsted. Furthermore, Axel Springer advises publishers to employ the framework to prevent Google from gaining more dominance.

However, Google’s CMP ‘Funding Choices’ isn’t ready yet and still lives in beta. Besides, it is limiting the publishers from partnering with more than 12 adtech vendors.

Mid-sized publishers who lack the resource to build their own CMPs are still struggling to settle on a solution. Consent Management Platforms available on the market (other than ‘Funding Choices’) are even more perplexing and they aren’t able to answer all the questions (Like how you’re gonna transfer consent from DFP to adtech vendors, as DFP isn’t in the framework).

Recently, Google said it plans to join IAB’s GDPR Consent Framework.

News and Tips for Publishers

Get the inside scoop on publishing and programmatic with our 5-minute newsletter.