It's already happening, but slowly, slowly. The various agencies need time to get their act together, and have started with the most egregious excesses. It seems rather unlikely at this point that consent forms that apply inappropriate pressure - explicitly called out in the GDPR as invalid - will somehow escape enforcement. I'd expect invalid cookie banners to be on the chopping block sometime fairly soon.

Additionally, the risks to advertisers and websites are quite large, which I'm not sure they fully appreciate (unless I'm misunderstanding something here?) - it's not that the consent form is illegal, after all - perfectly legal to have a confusing consent form. Rather, it's that all the personally identifying information thus collected is illegal acquired and held (and it's hard to argue the violation wasn't intentional, to boot!), and the fines for that can be quite large, and can be applied retroactively to whenever the GDPR came into force. Rules always get stretched, but specifically in this way sounds pretty unwise (unless they're cynically trying to have some subsidiary go bankrupt or otherwise encapsulate the risk).

With any luck, the GDPR norms on this front will become global norms, but it's too early to tell.

I'm pretty sure GDPR states that it must be opt-in in a non deceiving manner.

Exactly; that's the point. An opt in that is coercive is not a valid grounds for holding personal data, ergo, that data is held illegally and subject to enforcement by a data-protection authority. Doesn't matter if everyone clicked yes.

A coercive opt-in isn't so much illegal; it's simply void. Having a coercive opt-in would be fine yet weird (as I understand it) if you then proceeded to only retain and process personal information to the extent you would be permitted without the opt-in. (IANAL, and only as far as the GDPR is concerned, perhaps if it's misleading enough that violates some fraud statutes somewhere, but that's a different issue).