> I'm available to discuss this further, if that would be helpful.

That would not be helpful, because the whole business of "consent management" is to provide plausible deniability and the illusion of compliance to businesses without actually making them comply (since complying with the GDPR would incur significant cost and obsolete most of the marketing/analytics team's jobs).

I'm very sure they perfectly know what they're doing and have the budget for the best legal advice money can buy, it's just that their business is all about selling the illusion of compliance instead of actual compliance.

It's the fault of the regulators for still not cracking down on this after 8 fucking years. Detecting non-compliant consent flows is trivial with a web scraper.

> in their actual products

The products are configurable by the customer. Now you could indeed argue that the product should not offer an option to configure it in a way that would be in breach of the regulation it's supposed to help you comply with... but again see above.