The registration form is currently using Google reCAPTCHA from recaptcha.net which sets a cookie without asking for prior consent to the user.

Even though this cookie is used solely to limit bot access to an authentication mechanism, which seems to be part of exceptions to consent requirement according to CNIL's 2020 article; However a more recent 2023 ruling by the same CNIL doesn't bring the same interpretation. (Most likely because reCAPTCHA is a third-party service?)

Two solutions are possible, either add an informative dialog to the registration page or replace reCAPTCHA with a less intrusive solution. Concerns have been raised about using captcha in the past so it would be a good time for removing it if we can provide another solution at least as efficient to prevent (a decent rate of) spam bot registration.