Skip to main content
The EU Digital Markets Act (DMA) imposes stricter consent requirements on top of GDPR. Katla automatically enables DMA compliance when the regulation is set to 'gdpr' — no additional configuration needed.

What DMA requires

The DMA adds two key requirements beyond standard GDPR:
  1. Equal prominence — The “Reject All” button must be as visually prominent as “Accept All”. Users should not be nudged toward accepting.
  2. Re-consent throttling — After a user rejects consent, you cannot re-ask for at least 1 year. Showing the consent banner again before that period constitutes a “dark pattern.”

Equal-prominence buttons

When GDPR mode is active, the “Reject All” button is styled with equal visual weight to “Accept All”:
  • Same size, padding, and font weight
  • Uses a neutral background (foreground color) instead of being a secondary/outline button
  • Neither button is visually dominant over the other
This satisfies the DMA requirement that rejection must be “as easy as” acceptance. When a visitor rejects consent:
  1. The rejection timestamp is stored in the _katla_consent cookie
  2. On subsequent visits within 1 year, only the settings button (gear icon) appears
  3. The full consent banner is not shown again until the 1-year period expires
  4. Visitors can still change their preferences via the settings button at any time
This prevents the “consent fatigue” pattern where users are repeatedly asked to accept cookies after rejecting them.