HubSpot Cookie Consent Banner v2 Migration: What Breaks on May 11?
Here is how most HubSpot teams will learn about this: their cookie banner stops matching their site design. Or their GA4 data goes quiet. Or worse, their compliance officer asks why cookies are firing in Germany without consent.
May 11, 2026. That is when HubSpot starts force-migrating every remaining v1 cookie consent banner to v2. Not an optional toggle. A full HTML structure overhaul. New DOM, new CSS classes, new markup that your existing custom code may not recognize.
If you have custom CSS on your HubSpot cookie consent banner, run GTM, or handle EU opt-in flows, you need to act before that date. Here is what to check, what to fix, and what the official docs leave out.
What HubSpot Is Changing, and Who Is Affected
Think of v2 as a complete rebuild, not an update. The v2 editor adds Global Privacy Control (GPC) signals, an opt-out banner type that v1 never had, per-category consent controls, and the ability to group banners by domain.
The part that matters for your dev team: the underlying HTML is entirely different. CSS selectors targeting the v1 banner may no longer work.
| Feature | v1 | v2 |
|---|---|---|
| Banner types | Notification, Opt-in | Notification, Opt-in, Opt-out |
| GPC support | No | Yes |
| Category consent | Limited | Full (per-category opt-in/out) |
| Domain grouping | No | Yes (banners per domain) |
| HTML structure | Legacy DOM | New DOM, new CSS classes |
| Customization | Custom CSS required | Built-in UI + optional CSS |
Who defaults to v1? Any HubSpot account created before November 2022 that has not manually opted in. If your account is newer, you already have v2 by default.
Quick check: Settings > Privacy & Consent > Cookies. See a "Switch manually" button? You are on v1.
One thing worth noting: this deadline has moved before. HubSpot first announced the v1 sunset in 2024, then pulled back after pushback, and restarted the clock on February 9, 2026. Any migration guide written in 2024 is working from a cancelled timeline.
Should You Opt In Now or Wait?
Short answer: if you have any custom work on your banner, do not wait. Test on your own timeline. Surprises in production are worse.
Opt in early if any of these apply:
You wrote custom CSS for the cookie banner
GTM or GA4 tracking depends on consent signals
You have EU/EEA/UK visitors and run an opt-in consent flow
External domains (WordPress, custom sites) carry the HubSpot tracking code
Waiting is fine only if all of these are true:
Zero custom CSS on the banner
No custom tracking scripts
No EU-facing traffic
Everything runs on HubSpot CMS
| Scenario | Risk | Action |
|---|---|---|
| Custom CSS + EU traffic | High | Opt in now, test this week |
| GTM/GA4, no custom CSS | Medium | Opt in, verify consent signals pass |
| No customization, HubSpot CMS only | Low | Waiting is acceptable |
The rollout is phased. Not every account flips on May 11. HubSpot migrates in batches. You cannot pick your batch.
Which Banner Type Matches Your Legal Obligations
v2 offers three banner types. Pick wrong and you have a compliance gap.
Notification tells visitors cookies are active. Cookies fire on page load. Full stop. If you have EU visitors, this is not enough. GDPR requires consent before non-essential cookies fire.
Opt-in blocks cookies until the visitor clicks Accept. This is what GDPR demands. For any site with EU/EEA/UK traffic, opt-in is the only defensible position.
Opt-out fires cookies by default but lets visitors decline. Works for CCPA in California. Does not satisfy GDPR.
| Regulation | Banner Type | Why |
|---|---|---|
| GDPR (EU/EEA/UK) | Opt-in | No cookies before consent |
| CCPA (California) | Opt-out | Visible opt-out mandatory since Jan 1, 2026 |
| No specific regulation | Notification | Legal, but the weakest position |
I see this misconfiguration regularly: Notification type deployed to a site with significant EU traffic. Cookies fire the moment the page loads. Under GDPR, that is a violation, and the fine exposure is real.
Since January 1, 2026, revised CCPA regulations (Section 7025(c)(6)) require businesses to visibly confirm when they have processed a consumer's opt-out preference signal for the sale or sharing of personal information. The v2 opt-out type handles this out of the box.
How to Opt In: Step-by-Step
You can switch to the v2 editor right now. The process takes about 15 minutes:
Go to Settings > Privacy & Consent > Cookies
Click "Switch manually" at the top
Review the migration summary, check domain assignments
Assign each policy to its domain. Add external domains if you have them
Pick your banner type (Notification, Opt-in, or Opt-out)
Set language, button text, and cookie categories in the new editor
Hit Publish. Immediately open an incognito window and test from an EU IP
External domain? HubSpot verifies it by looking for the tracking code. If verification stalls, check that the snippet is actually loading.
Once live, add a Cookie Settings button to your footer. Visitors need a way to reopen the banner and change their preferences.
What Breaks: CSS and Custom Scripts
This is where HubSpot's own docs get thin. The v2 banner ships with completely new HTML. Your old CSS selectors? Gone.
The audit is simple. Search your codebase for #hs-eu-cookie-confirmation. That is the primary v1 banner container ID. Any CSS or JS targeting it or related v1 IDs (#hs-eu-cookie-confirmation-inner, #hs-eu-opt-in-buttons) may break after migration.
The fix is manual. Opt into v2, open DevTools, inspect the new banner markup, and rewrite your selectors. HubSpot says to lean on the built-in customization UI instead of custom CSS where you can. I think that is good advice. Less custom code means less breakage on the next migration.
Same story for JavaScript. Any script touching the v1 banner DOM will fail silently or throw errors. Walk through every script that references the cookie banner.
Watch for CMP conflicts. Running CookieYes, Cookiebot, or another consent platform alongside HubSpot? HubSpot's cookie scanner will fail if it detects another banner on the page. Running both is technically possible with custom development to bridge consent signals, but HubSpot does not support this configuration out of the box.
Before you publish, run through this:
Incognito window (clears cached consent state)
EU IP test (VPN or browserstack)
Mobile test (your mobile CSS might hide the banner separately)
Browser console open (catch JS errors early)
Confirm the banner actually shows and the buttons work
Google Consent Mode v2: The Tracking Angle
Google made Consent Mode v2 mandatory for EEA/UK traffic in March 2024. Skip it and your remarketing audiences dry up, conversion modeling accuracy degrades, and Google Ads reporting loses precision.
HubSpot's v2 banner talks to GCM v2. But how well depends on your setup.
If you run HubSpot CMS with HubSpot's native GA4 or GTM integrations (configured through the HubSpot UI, not via code snippet): consent signals pass through automatically. Your opt-in banner tells Google whether the visitor said yes or no. GA4's advanced consent mode can even model conversions for visitors who decline. That part works well. Note: if you added GA4 or GTM via a code snippet on HubSpot CMS, you still need manual configuration.
If your site is on WordPress or custom hosting: HubSpot's banner cannot block scripts you manually placed on the page. You installed GA4 via a code snippet? GTM via a custom embed? Then you need to wire up basic consent mode in GTM yourself. HubSpot does not do this for you.
Here is the detail that trips people up: GTM only supports basic consent mode. GA4's direct integration supports advanced consent mode. Advanced is what gives you modeled conversions. If you need that, the HubSpot native GA4 integration is the right path.
One more gotcha for UK traffic. Use "GB" as the region code in your consent configuration, not "UK." The ISO 3166-1 standard uses "GB" for the United Kingdom, but some consent mode implementations (including a documented bug in Google Site Kit) have used the incorrect "UK" code, which causes region-specific consent defaults to fail and consent signals to fire prematurely. As of this writing, HubSpot's own documentation examples still show "UK" in the region array.
Troubleshooting: Banner Not Showing After Migration
HubSpot Community threads from early 2026 already report v2-related banner issues. No one has published proper solutions yet. Here is what we have seen.
The tracking script loads, but no banner appears. window._hsq is present in the console. The banner just never renders. First thing to check: your theme CSS. Look for display: none or visibility: hidden rules on banner elements. Second: z-index. A sticky nav with a high z-index can bury the banner. Third: test in a clean browser profile. Adblockers eat cookie banners for breakfast.
You publish changes, but nothing updates. CDN cache. Clear it right after publishing. In our experience, HubSpot banner changes can take several minutes to propagate, so give it a beat before panicking.
External domain banner missing entirely. Open the Network tab. Look for hs-analytics.js. If it is not there, the tracking code is not installed. If it is there, check that the domain is verified in Settings > Privacy & Consent. One catch: if example.com redirects to www.example.com, add the subdomain to HubSpot, not the root.
What Happens If You Do Nothing
HubSpot migrates your account in the phased rollout. Based on how the v2 migration works (policies are assigned to domains during the switch), your existing policies should carry over. However, HubSpot has not explicitly documented consent record handling during automatic migration. If consent data continuity is critical for your compliance posture, confirm with HubSpot support before relying on this.
But your banner might look broken. And your GTM consent signals might go silent. And you will be fixing both under pressure instead of on your own schedule.
The migration is happening. The only variable is whether you find the problems first.
My Take
I have helped several HubSpot customers through platform migrations where the risk was not the change itself but the discovery lag. Two days of a broken cookie banner on a site with significant EU traffic can create real exposure.
The compliance angle matters just as much. Notification-type banners on EU-facing sites were already on borrowed time. Cookies loading before consent is not a gray area under GDPR. v2 gives you the controls to do it correctly. The May 11 migration is the push to actually use them.
My recommendation: opt in this week. Test from an EU IP. Search your CSS for #hs-eu-cookie-confirmation. Verify your GA4/GTM consent wiring. That is a two-hour project, not a two-week one.
Three Actions Before May 11
Check your version. Settings > Privacy & Consent > Cookies. "Switch manually" means v1.
Opt in and test. Any customization at all? Do it now. Test CSS, tracking, consent flows.
Match banner type to legal obligations. Opt-in for GDPR. Opt-out for CCPA. Notification covers neither.
Need help auditing your HubSpot portal before the migration? Talk to Concret.io about a HubSpot compliance review.
Further Reading
Official Documentation:
Automatic migration from Cookie Consent Banner v1 to v2 - HubSpot Developers, Feb 2026
Set up cookie tracking settings and consent banners - HubSpot Knowledge Base, Feb 2026
Implement Google Consent Mode - HubSpot Developers
Community Discussions:
HubSpot Community GDPR Forum - Active threads on cookie banner issues (search for "v2" or "cookie banner not showing")
Google Site Kit Issue #8444: Consent Mode region code bug - Documents the GB vs UK ISO code issue
Frequently Asked Questions
-
Your banner switches to HubSpot's default v2 styling. Custom CSS targeting v1 selectors gets ignored. The banner will look off-brand until you update the selectors, but it will still function.
-
Based on the migration process (policies are assigned to domains during the switch), existing consent data should carry over. HubSpot has not explicitly documented this for automatic migration. If consent continuity is critical for your compliance, confirm with HubSpot support before the deadline.
-
Not easily. HubSpot's cookie scanner will fail if it detects another banner on the page. Running both is technically possible with custom development to bridge consent signals, but HubSpot does not support this configuration natively. Note that HubSpot does offer an official Cookiebot integrationfor teams that prefer Cookiebot as their primary CMP.
-
It gives you the right tools: opt-in blocking, category consent, GPC support. But compliance is about your entire data processing chain, not just the banner. Your legal team should sign off on the full setup.
Related Reading
Let’s Talk
Drop us a note, we’re happy to take the conversation forward 👇🏻
