Cookie consent banners have become such a universal annoyance that it's easy to assume they're all doing the same legally-required thing — the actual requirements vary meaningfully by which regulations apply to your visitors.
Genuine, specific, informed consent before non-essential cookies are set — meaning a banner that only offers "Accept" with no equally easy "Reject" option, or that sets tracking cookies before any interaction, doesn't actually meet the requirement despite having a banner present.
Other privacy laws (in various US states, Brazil, and elsewhere) have different specific requirements — some are opt-out based rather than opt-in, some have different definitions of what counts as personal data. A one-size-fits-all banner built only for GDPR compliance may not satisfy every jurisdiction your visitors come from.
Cookies categorized by purpose (necessary, functional, analytics, marketing) with granular accept/reject control per category, consent that's actually recorded and can be demonstrated if challenged, and cookies genuinely not firing until consent is given for that category — not just a banner overlay while tracking scripts run underneath regardless.
A dedicated consent management tool that handles categorization and blocking correctly is worth the cost over a custom-built banner that looks compliant but doesn't actually block anything before consent — the visual banner is the easy part; correctly blocking scripts until consent is the part that actually matters legally.