The problem is probably that it’s a European-style law, being read by U.S. lawyers. Those lawyers interpret every word strictly and worry about what the most negative interpretation might mean, and assign risk accordingly. European lawyers know that the spirit and guidelines are what matter, and say “as long as you can plausibly show that you made a good-faith effort to comply with the stated intention of the law, you’re fine.”
See, I'd be with you with this interpretation, were it not for the fact that a solid >70% of consent screens I've seen blatantly violate the GDPR in a number of ways, so if this process is what happened, legal done fucked up.
Not "subtly getting a minor detail wrong", but "doing something that is explicitly mentioned as not allowed" levels of wrong.
1. Is there risk?
2. Does adding a consent screen reduce or remove risk?
3. Is the risk reduction from 2 less than the cost?
Congrats, now every website in the world gets a cookie consent screen even if not technically required.