Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Ant Design (antd) is the popular open source React UI component library originally created by Ant Group. When bundled directly with your application via npm it does not set cookies or send any data, so it raises no specific GDPR or ePrivacy concern. The picture changes when fonts, icons or scripts are loaded from a public CDN (alicdn.com, jsdelivr, unpkg), because the visitor's IP address is exposed to the CDN.
Ant Design (antd) is one of the most widely used React UI component libraries, created by Ant Group and now maintained by an active open source community. It ships hundreds of accessible components (forms, tables, modals, charts) plus dedicated mobile (antd-mobile) and admin dashboard (Ant Design Pro) variants. Many European SaaS, fintech and admin tools rely on antd as their front end design system.
Ant Design itself does not set any cookie, write to local storage or open a network connection. It is a passive UI library that runs in the visitor''s browser. Privacy implications only emerge when the bundle is delivered from a public CDN, in which case the CDN sees the IP address, the user agent and the requested resource.
Article 5(3) ePrivacy is not engaged by a self bundled antd, because no information is read or written on the visitor''s device. When the library is loaded via alicdn.com (Alibaba Cloud, China) or another non EU CDN, the IP address transfer falls under Chapter V GDPR and requires either an adequacy decision (none for China), Standard Contractual Clauses or self hosting.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The recommended approach for European compliance is to install antd from npm and bundle it with your application via Webpack, Vite or similar tooling. Static assets (fonts, icons) are served from your own domain, no third party request is made and no consent is required.
If you load antd from a CDN, prefer European or globally distributed providers (Cloudflare, Fastly, jsdelivr) over China specific ones, document the transfer in your records of processing and mention the CDN in the privacy policy. Avoid using @ant-design/icons via alicdn unless you have signed Standard Contractual Clauses with the CDN operator.
Bundle antd locally, set a strict Content Security Policy that prevents fallbacks to remote CDNs, and audit your build to confirm no external request is fired. If you really need a CDN, document the legal basis (legitimate interest in delivering the page) and disclose the transfer to visitors.
Websites using Ant Design must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is normally not needed for a self bundled UI library. It can be relevant when antd is part of a larger application that processes sensitive personal data, or when fonts and icons are loaded from a CDN located outside the EU.
Sample consent text
This site uses Ant Design, a React UI library, bundled directly with our application. No third party cookie is set by the library itself. If components or fonts are loaded from a public CDN, your IP address may be sent to the CDN provider, which is necessary to deliver the page.
Third-party domains contacted
ant.designgw.alipayobjects.comcdn.jsdelivr.netunpkg.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No cookies | first_party | n/a | Ant Design does not set any cookie. Cookie related impacts only come from CDN providers (Cloudflare __cf_bm, alicdn) when antd is loaded externally. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. The library itself does not set any cookie or write to local storage. It is a passive React component library that runs entirely in the browser.
No, when antd is bundled with your application via npm, no consent is required. Consent considerations only arise when antd is loaded from a public CDN that may receive the visitor's IP address.
For self bundled antd, no legal basis is needed because no personal data is processed. For CDN delivered antd, legitimate interests under Article 6(1)(f) GDPR can support the technical loading.
Only if you load antd from a non EU CDN. The official alicdn.com is operated by Alibaba Cloud in China; jsdelivr and unpkg use mostly US infrastructure with Cloudflare edges. Self bundling avoids the question entirely.
No, a DPIA is not required for the library itself. It can be appropriate for the parent application if it processes special categories of data or large scale profiling.
Install antd via npm, bundle it with Webpack or Vite, serve fonts and icons from your own domain, and set a strict Content Security Policy preventing third party CDN fallbacks.
Other React UI libraries with EU friendly hosting include Material UI (npm bundled), Chakra UI (npm), Mantine (npm) or Radix UI primitives, all of which can be self bundled.
Only if you load it from a third party CDN. If antd is self bundled, no specific mention is required because no third party processing takes place.