Belgian E-Communications Act

Act of 13 June 2005 on Electronic Communications, Article 129

Flag of BE
BelgiumOpt-inNational
ePrivacy Directive
Back to Regulations Guide

Key Facts

Effective Date
June 13, 2005
Enacted
June 13, 2005
Enforcing Authority
Belgian DPA (GBA/APD — Gegevensbeschermingsautoriteit / Autorité de protection des données)
Consent Model
Opt-in
Applies To
Any entity storing or accessing information on terminal equipment of users in Belgium

Overview

Belgium has one of the strictest and most actively enforced cookie consent regimes in the EU. The Belgian DPA (GBA/APD) became the sole authority for cookie supervision in 2021 and has taken a strong stance against dark patterns and manipulative consent interfaces.

What This Means for Your Website

  • Cookie walls are explicitly prohibited — you cannot block content behind a cookie consent requirement
  • A "Reject all" button must appear on the first layer of your cookie banner with equal prominence to "Accept all"
  • Dark patterns in cookie banners are actively enforced against
  • Prior informed consent is required before placing any non-essential cookies
  • The GBA/APD has imposed fines of EUR 50,000 on major media companies for non-compliant cookie practices

Key Requirements

Belgium's Act of 13 June 2005 transposes the ePrivacy Directive through Article 129. Since the December 2021 amendment, the GBA/APD is the sole competent authority for cookie supervision. Penalties range from EUR 500 to EUR 50,000 under the e-communications law, with GDPR fines also applicable. The DPA actively investigates cookie compliance through both proactive audits and complaint-based enforcement.

How ConsentStack Handles This

ConsentStack automatically shows Belgian visitors a consent banner with equally prominent accept and reject options, fully compliant with Belgium's strict requirements. Cookie walls are never used, and all non-essential cookies are blocked until explicit consent is given.

Penalties

EUR 500 to EUR 50,000 under e-communications law. GDPR penalties also apply (up to EUR 20 million / 4% global turnover)

Maximum Fine
EUR50,000 per violation

Key Requirements

  • Prior informed consent before placing non-essential cookies
  • Cookie walls are prohibited
  • Reject all must appear on first layer with equal prominence to Accept all
  • Dark patterns in cookie banners are unlawful
  • Consent must meet GDPR standards

Notable Provisions

  • GBA/APD is sole cookie enforcement authority since 2021
  • EUR 50,000 fine imposed on major media company for non-compliant cookies
  • Cookie walls explicitly prohibited

Other ePrivacy Directive Related Regulations

Loi Informatique et LibertésFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.
SI 336/2011Ireland
Ireland implements the ePrivacy Directive through SI 336/2011. The DPC is the lead supervisory authority for major tech companies headquartered in Ireland including Meta, Google, Apple, and Microsoft. Uniquely, cookie consent is limited to 6 months and must then be refreshed.
Dutch Telecom ActNetherlands
The Netherlands implements the ePrivacy Directive through Article 11.7a of the Telecommunications Act. The AP launched a major enforcement sweep in April 2025, warning 50 organizations for misleading cookie banners or placing tracking cookies without consent. Cookie walls are not permitted.
LSSISpain
Spain implements the ePrivacy Directive through Article 22 of the LSSI. Cookie violations are classified as slight offenses with EUR 30,000 fines per URL, but multiple URLs multiply penalties. AEPD allows consent-exempt analytics under privacy-friendly configurations, similar to CNIL.
Italian Privacy CodeItaly
Italy implements the ePrivacy Directive through Article 122 of the Privacy Code with detailed Garante cookie guidelines effective January 2022. Only technically necessary cookies may load by default. Scrolling is not valid consent, and closing a banner with "X" closes it without granting consent.
Danish Cookie OrderDenmark
Denmark implements the ePrivacy Directive through the Cookie Order (Cookiebekendtgørelsen), administered by the Danish Business Authority. Cookie consent is a declared 2026 enforcement priority for Datatilsynet, which will examine whether Danish websites give users a genuine choice.
LEKSweden
Sweden implements the ePrivacy Directive through Chapter 9 Section 28 of LEK. In April 2025, IMY issued a landmark reprimand against Aller Media for dark patterns in cookie banners. Less than 25% of Swedish users accept cookies, reflecting strong privacy awareness.
Norwegian E-Com ActNorway
Norway's January 2025 amendment to Ekomloven marked a major shift from tolerating passive consent to strict opt-in. Pre-ticked boxes and browser settings are now explicitly invalid. Accept and reject options must have equal prominence. Datatilsynet sanctioned 6 websites for tracking pixel violations.
Portuguese ePrivacy LawPortugal
Portugal implements the ePrivacy Directive through Law 41/2004, with a distinctive tiered penalty structure distinguishing between large companies, SMEs, and natural persons. The CNPD issued 90 fines totaling EUR 559,950 in 2023, demonstrating active enforcement.
Polish Telecommunications LawPoland
Poland implements the ePrivacy Directive through Articles 173-174 of the Telecommunications Law. While Article 173(2) technically permits consent via browser settings, PUODO recommends active consent. Since 2019, Article 174 requires cookie consent to meet full GDPR standards.
Finnish ISCFinland
Finland implements the ePrivacy Directive through Section 205 of the Information Society Code with notably strict interpretations. Browser settings are explicitly insufficient for consent, and legitimate interest is not a valid legal basis for cookies — stricter than many EU countries.

Other Europe Regulations

GDPREuropean Union + EEA
The GDPR sets the global standard for data protection, requiring explicit opt-in consent before processing personal data of EU/EEA residents. For websites, non-essential cookies must be blocked until visitors actively consent. Pre-ticked boxes and implied consent are invalid.
PECRUnited Kingdom
PECR is the UK's cookie-specific law, requiring consent before storing or accessing cookies. The DUAA 2025 significantly increased penalties from GBP 500,000 to GBP 17.5 million and introduced analytics exceptions on an opt-out basis. Only strictly necessary cookies are exempt.
ePrivacy DirectiveEuropean Union + EEA
Article 5(3) of the ePrivacy Directive is the primary EU legal basis requiring cookie consent. It mandates prior informed consent before storing or accessing any information on a user's device, with narrow exceptions only for transmission necessity and explicitly requested services.
UK GDPRUnited Kingdom
The UK GDPR is the retained EU GDPR post-Brexit, with consent standards identical to the EU version. The UK adequacy decision was renewed December 2025, valid until December 2031. Combined with PECR, it forms the legal framework for cookie consent in the UK.
Loi Informatique et LibertésFrance
France has the most actively enforced cookie regime in Europe. CNIL issued 259 corrective decisions in 2025, with cookie-specific fines totaling EUR 486.8 million including EUR 325M against Google. A Refuse all button or Continue without accepting must appear on the first layer.
TDDDGGermany
Germany implements the ePrivacy Directive through Section 25 of TDDDG (renamed from TTDSG in May 2024). A Consent Management Ordinance (EinwV) became effective April 2025, establishing a voluntary framework for recognized consent management services. Cookie banners must not obscure website content.

Frequently Asked Questions

Are cookie walls allowed in Belgium?

No. Belgium explicitly prohibits cookie walls. You cannot block website content behind a cookie consent requirement. ConsentStack never uses cookie walls.

Does Belgium require a reject all button?

Yes. Belgium requires a Reject all option on the first layer of cookie banners with equal prominence to Accept all. Dark patterns that make rejection harder are unlawful.

What are the cookie penalties in Belgium?

Fines range from EUR 500 to EUR 50,000 under the e-communications law. GDPR penalties of up to EUR 20 million or 4% of global turnover can also apply.

Who enforces cookie compliance in Belgium?

Since 2021, the Belgian DPA (GBA/APD) is the sole authority for cookie supervision, replacing the previous shared jurisdiction model.

Stay compliant with Belgian E-Communications Act

ConsentStack helps you implement Opt-in consent for Belgium automatically.

Get started