"Consent Manager" (The Entity) vs. "CMP" (The Tool): Clearing the Confusion
In Jan 2026, there is massive confusion in the Indian market between Consent Managers and CMPs. Learn the critical differences and what it means for your compliance strategy.
The Great Confusion of 2026
As we step into January 2026, the Indian digital ecosystem is buzzing with DPDPA compliance activities. However, a significant misunderstanding persists in boardrooms and tech teams alike: the conflation of a "Consent Manager" with a "Consent Management Platform (CMP)."
Most businesses believe their existing cookie banner software—their CMP—is the "Consent Manager" referred to in the Digital Personal Data Protection Act (DPDPA). This is a fundamental error that could lead to strategic missteps.
Definitions Matter: The Entity vs. The Tool
1. The CMP (Consent Management Platform)
A CMP is a software tool (SaaS) that you, as a Data Fiduciary, install on your website or app. Its job is to:
- Show pop-ups/banners to users.
- Collect consent for cookies and data processing.
- Store these consents in your database.
Examples include tools like OneTrust, Cookiebot, and yes, Consently's enterprise CMP solution. It is a tool you control.
2. The Consent Manager (The Entity)
Under the DPDPA, a "Consent Manager" is a specific, registered third-party intermediary. Think of them as a "Data Wallet" for citizens. They are:
- Likely licensed by the Data Protection Board (DPB).
- Interoperable entities that allow users to manage consents across multiple Data Fiduciaries from a single dashboard.
- Independent of the Data Fiduciary.
The Core Difference: Collection vs. Management
The simplest way to understand the distinction is this: A CMP helps a company collect consent, while a Consent Manager helps a user manage it centrally.
Key Insight for Data Fiduciaries
If you are a Data Fiduciary (any business determining the purpose of data processing), you do not necessarily need to become a Consent Manager. In fact, most shouldn't.
However, you must build APIs to talk to them. Your internal systems must be ready to receive signals from these registered Consent Managers. If a user revokes consent via a government-registered Consent Manager app on their phone, your backend needs to know instantly—without you ever showing a banner on your site.
Conclusion
Don't fire your CMP vendor thinking a Consent Manager will replace them. You likely need both: a CMP to handle your direct interactions and compliance UX, and API integrations to connect with the broader Consent Manager ecosystem that is emerging in India.