It would be a good idea to fine a site based on their fake delay and/or how many cookie options they present (if it's one of those that give a switch for every "cookie vendor" they have for example)

This isn't a GDPR fine, it's EU ePrivacy Directive. That's why the French regulator felt it could fine Google directly rather than refer the matter to the Irish regulator - it says the GDPR's one-stop shop rule doesn't apply to this infringement.

What's the difference between those two? What are the requirements for ePrivacy directive for sites?

ePrivacy predates GDPR and applies specific (and stricter) rules to a few things, including against intrusion to internet-connected devices (the ePrivacy Directive's so-called cookie rule also affects malware, telemetry, software updates, etc).

It's long overdue an update but its intended replacement, the ePrivacy Regulation, is taking a while to be agreed by EU legislators. In the meantime we're stuck with out of date legislation that's applied and enforced without the benefit of the GDPR's "one stop shop" enforcement coordination rules - neither of these things is ideal!