[notjustanymike]

Consent for non-essential cookies, like analytics, is required. You must also provide a clear link to your cookie usage policy, and a simple way to opt-out. This notification is not necessary if you only use functional cookies; for example, using a cookie to only show an on-boarding tutorial once is acceptable.

Organizations, and typically lawyers, skew conservative and lazy. A little cookie-consent cottage industry popped up to handle GDPR, so instead of worrying about the regulations most companies pay the small monthly service charge for a third party to handle consent. The consent companies built the most compatible solution, a banner, with the most conservative options as default to prevent any legal quandary.

Most public facing sites do have analytics (usually LOTS of analytics) and ads, so the banner is mandatory for them. If you understand the regulations, and don't violate them, then consent is not necessary.