IAB Tech Lab Standards and Initiatives: A Practical Guide
Programmatic advertising is built on a dense web of interconnected processes — media buying, identity resolution, targeting, measurement, and attribution among them. The IAB and its technical arm, the IAB Tech Lab, sit at the centre of the effort to keep those processes coherent and interoperable through published standards and active working groups.
This guide covers the major IAB Tech Lab standards and initiatives that practitioners in programmatic advertising need to understand.
What Is the Interactive Advertising Bureau (IAB)?
The Interactive Advertising Bureau (IAB) is a non-profit trade organization responsible for developing technical standards, creating best practices, conducting industry research, and educating companies about the importance of online advertising.
Established in 1996, the IAB has over 600 members — publishers, technology companies, advertising agencies, and brands. There are also 42 international licensee organizations operating under the IAB Global Group umbrella.
What Is the IAB Tech Lab?
The IAB Tech Lab is the technical arm of the IAB. It works collaboratively with member organizations — publishers, technology vendors, agencies, and brands — to design, develop, and maintain technical specifications for the programmatic and digital advertising industries.
The Main IAB Tech Lab Standards and Initiatives
The IAB Tech Lab currently maintains 26 standards, initiatives, and products, organized across four focus areas:
- Brand safety and ad fraud
- Identity, data, and consumer privacy
- Ad experiences and measurement
- Programmatic effectiveness
What follows is a breakdown of the most significant ones.
Project Rearc
Project Rearc is an initiative to redesign — or more precisely, re-architect — the core programmatic advertising and digital marketing processes with a stronger focus on user privacy, while preserving the ability to deliver personalization and measurement.
The initiative emerged in direct response to the ongoing deprecation of third-party cookies in web browsers and proposed changes to mobile advertising IDs (including Apple's IDFA).
Third-party cookies and mobile IDs have long served as the foundation for cross-site and cross-app identification. That identification capability underpins audience targeting, campaign performance measurement, and conversion attribution. For publishers, it also drives revenue: knowing who a visitor is allows them to signal audience value to advertisers.
The erosion of these identifiers presents a structural challenge to programmatic advertising. Project Rearc is tasked with developing a new generation of standards and processes that preserve targeting, measurement, and attribution functionality while embedding privacy by design into those systems.
OpenMedia (including OpenRTB)
The OpenRTB protocol provides AdTech vendors with an API specification that media-buying platforms — DSPs, SSPs, and ad exchanges — can use to communicate with each other during real-time bidding (RTB) auctions.
OpenRTB originated in 2010 and has been revised multiple times since. The most recent version is OpenRTB 3.0, which sits within the broader OpenMedia framework.
OpenDirect
OpenDirect is a specification that supports automated guaranteed media buying — a process whereby advertisers purchase inventory directly from publishers through an AdTech platform, rather than through an auction. The specification improves efficiency and gives both publishers and agencies greater control over campaign management.
OpenDirect 1.0 was released in January 2015. The current version is OpenDirect 2.0.
Authorized Digital Sellers
Ads.txt
Authorized Digital Sellers (ads.txt) is a specification that allows publishers to publicly list their authorized inventory sellers — SSPs, ad exchanges, ad networks, and similar partners. The ads.txt file enables buyers to verify that the platform submitting a bid request is actually authorized to sell the publisher's inventory, which helps prevent domain spoofing and inventory arbitrage.
Advertisers can match the information in a publisher's ads.txt file against the data in a bid request. If they align, the platform is confirmed as a legitimate seller of that publisher's inventory.
App-ads.txt
Application Authorized Digital Sellers (App-ads.txt) extends the ads.txt standard to in-app and over-the-top (OTT) environments. It functions in largely the same way as ads.txt but differs in how the file is hosted, reflecting the structural differences between web and in-app distribution.
Ads.txt Aggregator
The Ads.txt Aggregator is a tool that provides advertisers and agencies with a consolidated list of ads.txt files sourced from over two million domains.
Ads.cert
Ads.cert validates the information exchanged between buyers and sellers in bid requests. It does this by cryptographically signing bid requests, which authenticates publisher inventory and enables buyers to trace the inventory's path through the supply chain — ensuring they are purchasing only from authorized sellers.
Sellers.json
Sellers.json gives media buyers visibility into all sellers and resellers involved in a given bid request. It extends the ads.txt concept by also identifying the final seller in a bid request chain.
The OpenRTB SupplyChain Object is embedded within sellers.json and provides a complete record of every direct seller and intermediary reseller involved in a bid request. Each party in that chain is represented as a node, allowing buyers to audit the supply path, assess whether those entities are suitable partners, and understand how many hands a bid passed through before reaching the publisher.
Buyers.json
Buyers.json gives sellers the ability to identify who is buying their inventory. It mirrors the sellers.json specification but is designed for use by the sell side, and it complements ads.txt, sellers.json, the OpenRTB DemandChain, and the SupplyChain Object.
Ad fraudsters exploit the complexity of the programmatic ecosystem to conduct malvertising campaigns across multiple publishers, typically migrating between DSPs once their activity is detected. This makes it difficult for publishers and SSPs to recognize and block bad actors who surface through a new DSP. Buyers.json addresses this by creating a public declaration of buyer identity, which helps identify and block problematic buyers — including those that disregard brand safety criteria — and reduces the overall exposure of the ecosystem to fraud.
Data Label
The Data Transparency Label is a standardized labelling system for AdTech vendors to communicate the quality and characteristics of the data they sell. Labels provide advertisers with information about data origins, collection methods, whether the data has been manipulated, and other relevant attributes. The system gives marketers, agencies, and publishers a structured summary of data segments and establishes a common taxonomy across the industry.
IAB Tech Lab Data Label
Transparency and Consent Framework (TCF)
The IAB Transparency and Consent Framework (TCF), governed by IAB Tech Lab and developed in collaboration with publishers, advertisers, and other industry participants, was designed to help those parties comply with the transparency and user-consent requirements of the GDPR.
The TCF standardizes the process for obtaining consent to collect and use personal data — including advertising identifiers, device identifiers, and other tracking technologies.
CCPA and Other Privacy Frameworks
The California Consumer Privacy Act (CCPA) gives California consumers greater transparency into how companies collect and use their personal information. It emerged in response to shifting consumer expectations around online privacy.
The CONSENT Act (Customer Online Notification for Shopping Edge-provider Network Transgressions) is a related federal regulation that applies nationwide across the United States. It requires companies to obtain explicit consent before using, sharing, or selling user data. Both the CCPA and CONSENT Act are oriented toward protecting online privacy in the U.S.
The IAB Tech Lab is working on a framework to help publishers and AdTech companies operationalize CCPA compliance.
SupplyChain Object
The SupplyChain Object gives buyers the ability to identify every party involved in the selling and reselling of a given inventory unit. Each participating entity in a transaction is represented as a node within the object.
Buyers can cross-reference those nodes against data from sellers.json and ads.txt files to gather detailed information about each seller in the chain. This provides a granular view of the supply path and supports more informed purchasing decisions.
Video Ad Serving Standards
VAST
Video Ad Serving Template (VAST) is an XML schema developed by the IAB that enables in-stream video ads to be served from video ad servers and played in video players across publisher websites and on a wide range of devices — desktop, mobile, tablet, and beyond.
Before VAST, serving a video ad required the ad server's protocol to be individually compatible with each publisher's video player. If it wasn't, the ad-serving platform would need to produce a custom response for each player. VAST solved this interoperability problem by providing a universal format that both ad servers and video players can support, removing the need for bespoke integrations.
VPAID
Video Player Ad Interface Definition (VPAID) enabled video ad units and video players to interact with one another, allowing advertisers to serve rich, interactive video ads and collect engagement data. Though VPAID was often embedded within VAST, it could also function independently.
VPAID has been deprecated and replaced by SIMID and Open Measurement.
SIMID
Secure Interactive Media Interface Definition (SIMID) supports interactive capabilities in video and audio ads displayed on mobile and OTT devices, while also improving transparency and security. It takes over the interactivity functionality that VPAID previously handled.
When combined with OMID (Open Measurement Interface Definition) and VAST, SIMID provides broader interactivity options and tighter integration with ad verification vendors.
Open Measurement (OM)
The IAB Tech Lab's Open Measurement (OM) specification facilitates open-source, third-party viewability and verification measurement for ads served in mobile app environments. It is positioned to replace the measurement and verification capabilities that VPAID previously provided.
The IAB Open Measurement SDK (OM SDK) supplies code and libraries that allow companies to access viewability and verification data without depending on additional SDKs from third-party vendors.
MRAID
Mobile Rich Media Ad Interface Definition (MRAID) is the standard API for displaying rich media ads on mobile devices. It consists of a set of commands built to work with HTML5 and JavaScript, enabling functions such as ad expansion, resizing, and access to certain device capabilities.
Because mobile devices run on varied operating systems and are built using different underlying languages, MRAID removes the need to develop separate rich media ad implementations for each device type. It gives advertisers a single integration path for serving rich media ads across all mobile devices and applications.
There are reports that SafeFrames and MRAID may be merged into a single unified API.
New Ad Portfolio
In July 2017, the IAB released the completed IAB Standard Ad Unit Portfolio — the most significant update to ad formats since 2002 and a replacement for the older Universal Ad Package (UAP).
The Ad Unit Portfolio introduced new ad units that allow each creative to adjust to a variety of screen sizes and resolutions. Importantly, ad sizes are now defined based on aspect ratio rather than fixed pixel dimensions, and the portfolio incorporates the LEAN Principles.
SafeFrames
IAB SafeFrames is an advertising standard that combines the benefits of iframe and JavaScript tags while mitigating many of their shortcomings. SafeFrame ad slots are implemented in JavaScript with an API that loads ads within iframes, but allows those ads to interact with the API — for example, to expand content or track viewability — while simultaneously protecting the publisher's page from unauthorized modifications and preventing the collection of visitors' sensitive information.
The most recent major update, SafeFrame 2.0, was implemented in 2014 and incorporated improvements across browser technology, support for header bidding, compatibility with current ad formats, page security enhancements, and user privacy preferences.
CTV/OTT Guidelines
The growth of CTV and OTT advertising is opening new opportunities for both advertisers and publishers, but it also brings technical challenges that don't map neatly onto the web or in-app mobile environments.
The IAB Tech Lab's OTT Technical Working Group and Digital Video Working Group have produced Guidelines for Identifier for Advertising on OTT Platforms and have updated VAST to support programmatic advertising in CTV and OTT contexts.
App Store Identifiers
In mobile, the two dominant app stores each use their own identifier format: Google Android uses bundle IDs, and Apple iOS uses app IDs. These distinguish whether an app originates from an Android or iOS device.
In OTT, there are multiple app stores rather than two. The OTT Technical Working Group recommends that each OTT app store adopt a unique ID to provide consistency and avoid ambiguity across the ecosystem.
User Agent Strings
User agent strings contain information about the device type, make, model, operating system, and the application in use. This data feeds ad targeting, measurement, and attribution workflows.
In the CTV environment, however, some of this information is either missing or inconsistently defined. The OTT Technical Working Group has proposed a common structure that device manufacturers can adopt to ensure the correct information is included and formatted consistently.
Audience Taxonomy
The IAB Audience Taxonomy provides the industry with a standardized classification of terms for audience segment names, making it easier to manage and compare data across different providers.
Blockchain Education
Blockchain is a decentralized ledger comprising data records maintained by participants who contribute storage or processing resources. A peer-to-peer network synchronizes individual copies of the ledger and incorporates new validated records as additional blocks of data.
The IAB Tech Lab has established a working group to research and test potential applications of blockchain technologies, distributed ledgers, and cryptography within programmatic advertising.
CATS
The IAB Tech Lab's Common Ad Transport Standard (CATS) regulates communication between any two parties in the advertising technology ecosystem during non-RTB transactions. CATS is built on industry standards to support interoperability and to bridge the gap between a system that requests an ad or ad component and the system that fulfils that request.
In many respects, CATS is analogous to OpenRTB 3.0, with the key difference being the absence of a bidding component.
Podcast Measurement Technical Guidelines
The IAB Podcast Measurement Technical Guidelines establish a common measurement language for podcast content and podcast ads, including technical guidance on request filtering. The guidelines were developed by the Podcast Technical Group to reduce measurement discrepancies between podcast publishers and technology vendors.
Spiders and Bots
The IAB Spiders and Bots list allows companies to remove automated traffic — including search engine crawlers, monitoring tools, and other non-human traffic — from their analytics and advertising reports. The list also helps companies reduce discrepancy rates between parties and satisfy the General Invalid Traffic requirements set out in the Media Rating Council's Invalid Traffic Detection and Filtration Guidelines.
Taken together, these standards and initiatives represent the scaffolding that holds programmatic advertising together. Understanding them — even at a high level — is essential for anyone building on, buying from, or regulating within the digital advertising ecosystem. As privacy pressures continue to reshape identity and data practices, the IAB Tech Lab's output will only become more central to how the industry operates.