Yes, you must get user consent before serving cookies if you’re subject to the EU General Data Protection Regulation (GDPR), EU Cookie Law, or UK GDPR. Cookies are considered personal data under the GDPR.
Some laws, like the California Consumer Privacy Act (CCPA), do not require consent for cookie use, but have other requirements around collecting and processing user data.