If you make a voice call from a US number to an Israeli recipient, does TCPA apply?
No. And understanding why is the starting point for every AI voice calling deployment that touches more than one country.
TCPA (the Telephone Consumer Protection Act) protects US consumers -- it applies to calls made TO US numbers, regardless of where the caller is located. When you call an international number from a US line, the call routes out of US carrier networks via international SS7 interconnects. TCPA enforcement does not follow the call. What does follow: the destination country's own regulations.
This is the same principle as 10DLC for SMS (US domestic only), applied to voice. The origin country may have its own rules too, but the destination country is where the actual compliance burden lands.
Voice call regulation has several layers SMS does not. Live calls versus automated calls are treated differently in almost every jurisdiction. AI voice agents are now explicitly classified as automated systems by the FCC, TRAI, and others. Recording consent laws split countries into two camps. STIR/SHAKEN authentication is US-mandatory but barely adopted globally. And DNC registries -- which you must scrub before dialing -- exist in more than 20 countries.
This guide maps all of it.
The Two-Axis Framework (Same as SMS, but with more dimensions)
The origin × destination framework applies to voice exactly as it does to SMS. Each axis has its own requirements; the compliance burden for any given call is the union of both.
Origin-side rules are enforced by the sending country's carriers or law. TCPA is an example -- but it only applies when the called number is a US number, not when you call internationally. Similarly, Canada's CRTC ADAD rules and Australia's ACMA requirements travel with calls from those origins.
Destination-side rules govern what happens once the call arrives. Some countries have hard technical enforcement (call blocking, DNC registry checks enforced by carriers). Most enforce through legal liability -- the call reaches the recipient, but the caller is liable for violations.
The Critical Voice-Only Dimension: Live vs. Automated
Unlike SMS, voice call regulations in most countries draw a sharp line between live human calls and automated calls. This distinction matters enormously for AI agents.
In most jurisdictions:
AI voice agents fall firmly into the automated category in every jurisdiction that has addressed them:
If your AI agent makes calls, assume it is classified as automated everywhere. The live-call exemptions do not apply.
Origin-Side Requirements
| Origin | Framework | Scope | Key Rule |
|---|---|---|---|
| United States | TCPA (FCC) | Calls TO US numbers only; not international | Prior express written consent for automated/AI calls; $500-$1,500 per violation |
| Canada | CRTC ADAD Rules + CASL | Calls TO Canadian numbers; consent travels with Canadian sender | 9AM-9:30PM weekdays, 10AM-6PM weekends; DNCL scrub required |
| United Kingdom | PECR + Ofcom | Automated calls TO UK numbers require prior consent | TPS check mandatory; ICO fines up to GBP 17.5M |
| EU countries | GDPR + ePrivacy Directive | Calls to EU numbers; consent rules vary by member state | Explicit consent required for automated; AI Act disclosure from Aug 2026 |
| Australia | ACMA Do Not Call Register Act | Calls TO Australian numbers | DNC register scrub mandatory; 9AM-8PM weekdays only |
The practical implication: if your agent runs on US infrastructure and calls US numbers, TCPA is the primary constraint. If it calls internationally, TCPA is irrelevant to those calls -- but each destination country's rules take over.
Destination-Side: The Three Tiers
Voice Call Regulation Tiers: Country Count vs. Traffic Weight
6% of destinations drive 65% of global A2P voice traffic -- and they all require DNC scrubbing plus hard legal enforcement
Tier 1 countries -- about 6% of global destinations -- drive roughly 65% of commercial voice call volume. If your agents call US, Indian, UK, Canadian, Australian, UAE, Singaporean, New Zealand, South Korean, or Mexican numbers, you are in Tier 1 for those calls. Mandatory DNC scrubbing and hard legal enforcement apply.
Tier 1 -- DNC + Hard Enforcement
These countries have mandatory Do Not Call registries that must be checked before dialing, plus significant legal or financial penalties for violations.
| Country | Regulator | DNC Registry | Time Window | Key Rules |
|---|---|---|---|---|
| United States | FCC / FTC | FTC National DNC Registry | 8AM-9PM recipient local | TCPA: prior express written consent for automated/AI calls; $500-$1,500/call; FCC confirmed AI voices are "artificial voices" (2024) |
| Canada | CRTC | National DNCL (Do-Not-Call List) | 9AM-9:30PM weekdays; 10AM-6PM weekends | ADAD rules for automated calls; CAD $10M max penalty |
| United Kingdom | ICO / Ofcom | TPS + CTPS | Flexible | Automated calls require prior explicit consent; live calls need TPS check; fines up to GBP 17.5M or 4% turnover (2025) |
| India | TRAI | NCPR / DND (Do Not Disturb) | 10AM-7PM recipient local | AI voices = artificial voices (TRAI 2024); must use 140/160 series numbers; disclose automation; INR 150,000 per violation |
| Australia | ACMA | Do Not Call Register | 9AM-8PM weekdays; 9AM-5PM Saturday; no Sundays | DNC mandatory; no AI-specific rule yet (regulatory gap); deceptive conduct = Consumer Law violation; AUD $222K/day |
| Singapore | PDPC | PDPC Do Not Call Registry | Flexible | No marketing calls without clear consent; accurate caller ID required; up to SGD 1M fine |
| New Zealand | Marketing Association | DNC Register (dnc.com) | 9AM-8PM weekdays; 9AM-5PM Saturday; no Sundays | Automated calls must connect within 90 seconds; caller ID required; NZD 500K penalty |
| South Korea | KCC / KISA | KCC DNC Registry | Flexible | Consent required; source of contact info must be disclosed during call; one-party recording consent |
| Mexico | PROFECO / IFT | REPEP | 8AM-9PM | LFPDPPP consent required; REPEP scrub mandatory; PROFECO enforces |
| Israel | Ministry of Communications / Consumer Authority | Do Not Call Me registry (since Dec 2022) | Business hours typical | Prior opt-in consent required; opt-out mandatory; DNC registry active and enforced |
Tier 2 -- Consent / Legal Compliance (traffic reaches recipient, liability applies)
European Union (all 27 member states)
The ePrivacy Directive distinguishes automated calls from live calls across the EU. Key rules:
Country-specific variations:
| Country | Framework | Call Type | DNC Mechanism |
|---|---|---|---|
| Germany | GDPR + UWG | Automated: explicit consent; live: explicit consent | No formal national list; consent records required; all-party recording consent (criminal offense to violate) |
| France | GDPR + ePrivacy | Automated: explicit consent; live calls: opt-out permitted | Bloctel national DNC registry -- mandatory check for all marketing calls |
| Spain | GDPR + LOPD | All marketing calls: prior consent required (mid-2024 change) | Lista Robinson -- mandatory check |
| Italy | GDPR + ePrivacy | Automated: explicit consent; live: consent or prior relationship | Registro delle Opposizioni (2023) -- mandatory check |
| Netherlands | GDPR + Telecommunications Act | Automated: consent; live B2C: opt-out allowed | Infofilter register; calling hours 9AM-6PM Mon-Sat |
Israel
Israel's Ministry of Communications requires prior opt-in consent for automated voice calls. The Do Not Call Me registry (established December 2022) is administered by the Consumer Protection and Fair Trade Authority. Check it before every campaign. Time windows are informally 9AM-9PM Sunday-Thursday. Enforcement is active; administrative penalties apply. No carrier-level blocking, but legal liability is real.
Japan
The Act on Specified Commercial Transactions requires disclosing the caller's name, company, purpose, and goods/services at the START of any marketing call -- before soliciting. Calls are prohibited if the recipient has expressed unwillingness. No formal national DNC list; compliance is through documentation and caller identification. Content filtering applies. Consent documentation for data processing under APPI (amended April 2025) required.
South Korea
PIPA consent required. Telemarketers must disclose the source of contact information during the call (since September 2016). KCC DNC registry exists and must be checked. Calls to KCC-registered numbers without consent carry significant penalties. One-party recording consent applies (caller can record).
Brazil
LGPD (Lei Geral de Proteção de Dados) requires a lawful basis for calling. No formal national DNC registry. ANATEL rule (November 2025) requires companies making more than 500 calls per month to validate call origin before transmission. Opt-out mechanism mandatory. State-level consumer protection agencies actively enforce; class action exposure possible.
South Africa
POPIA Guidance Note (April 2025) clarified that voice calls are "electronic communications" requiring explicit consent -- and consent must be a positive action (not silence, not pre-ticked boxes). Recording of the consent on the call is recommended. A national Opt-Out Registry is launching in the 2025/26 financial year; once live, scrubbing will be mandatory.
Asia-Pacific (Tier 2)
| Country | Framework | Key Rules |
|---|---|---|
| Philippines | Data Privacy Act | Explicit consent required; NTC oversees carriers; per-carrier DND opt-in available (Globe, Smart, DITO) |
| Malaysia | PDPA Section 43 | Right to prevent processing for direct marketing; MCMC blocking scam calls; no formal DNC registry |
| Thailand | NBTC + PDPA | Prior consent required; calling hours 9AM-6PM; accurate caller ID mandatory; no formal DNC list |
| Indonesia | Kominfo / UU PDP | Consent-based; local operator registration required for commercial calling; no formal DNC list |
| Vietnam | MIC | DND list enforced by carriers; calling hours 7AM-11PM; VND 3-20M penalties |
| Turkey | KVKK + BTK | Separate explicit consent for promotional calls; calling hours 8AM-9PM; international links blocked from abroad |
Americas (outside US/Canada)
| Country | Framework | Key Rules |
|---|---|---|
| Argentina | LPDP | Explicit consent required; no formal DNC registry; DNPDP enforces |
| Colombia | SIC + Habeas Data | Opt-in required; calling hours restrictions; active SIC enforcement |
| Chile | Consumer Law + Ley 21.000 | Consent required; time windows apply |
Tier 3 -- General Privacy Law Only
Most remaining destinations have no sector-specific voice call regulation. General consumer protection and data protection law applies. Traffic reaches recipients without technical blocking. Consent is good practice. This covers most of Sub-Saharan Africa (outside South Africa and Nigeria), Pacific islands, Central Asian countries, most of the Balkans, Central America, and the Caribbean. For these destinations, a standard consent workflow and opt-out mechanism is sufficient.
AI Disclosure: Which Countries Require It
This is the layer unique to voice that does not exist for SMS. Multiple jurisdictions now explicitly require that AI voice agents identify themselves as AI at the start of every call.
| Jurisdiction | Rule | Effective | Penalty |
|---|---|---|---|
| United States | FCC Declaratory Ruling (2024): AI voices are "artificial voices" under TCPA; caller must disclose AI use | 2024 (active) | $500-$1,500/call |
| European Union | EU AI Act Article 50: AI must identify itself to called party at start of every call to EU recipient | August 2026 | GDPR fines (4% global turnover) |
| India | TRAI (2024): AI voice calls classified as artificial voices; disclosure at call start required | 2024 (active) | INR 150,000/violation |
| Australia | ACMA Consumer Law: claiming to be a human when you are not is misleading conduct | Existing (via consumer law) | AUD $222K/day |
| UK | Ofcom/ICO: scripted AI treated as prerecorded; conversational AI in gray zone but disclosure is safest | Ongoing guidance | GBP 17.5M max |
Practical rule: disclose AI at the start of every outbound call, regardless of destination. Countries without an explicit AI disclosure rule still have general anti-deception consumer protection laws that cover false representation. Saying "Hi, I'm calling from Acme -- this call uses AI" costs nothing and protects you everywhere.
Recording Consent Laws by Country
AI voice agents typically log or transcribe calls for quality, training, or compliance. Recording consent rules determine whether you can do that without notifying the called party.
One-party consent (caller can record without notifying the other party):
United States (federal + most states), United Kingdom, Canada, India, Australia, Sweden, most EU countries, South Korea, New Zealand, Brazil, Japan
All-party consent (must notify all parties before recording; criminal offense in some jurisdictions if violated):
| Jurisdiction | Notes |
|---|---|
| California, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, Washington (US states) | State law overrides federal one-party consent; disclose recording at start of call |
| Germany | Criminal offense to record without all-party consent (Section 201 Criminal Code) |
| France | Criminal offense (Article 226-1 Penal Code) |
| Spain, Austria | All-party consent required |
| UAE | All-party consent required |
| Philippines | All-party consent required |
Practical rule: announce recording at the start of every call ("This call may be recorded"). This satisfies all-party consent jurisdictions and costs nothing in one-party jurisdictions. AI agents should have this in their opening line globally.
STIR/SHAKEN: Where It Is (and Is Not) Enforced
STIR/SHAKEN is a cryptographic call authentication framework that verifies calls originated from the claimed number. It is the voice equivalent of DMARC for email -- and like DMARC, adoption is highly uneven.
| Status | Countries |
|---|---|
| Mandatory | United States (all providers, September 2025) |
| Partial adoption | Canada (major carriers implementing; not federally mandated), France (VoIP calls with fixed national numbers, from October 2024) |
| Rejected / Not adopted | United Kingdom (Ofcom rejected STIR/SHAKEN in February 2024; alternative frameworks under study), most of EU, India, Australia, Japan, South Korea, China, Singapore |
The gap this creates: A US-to-US call carries STIR/SHAKEN attestation. A US-to-UK call strips that attestation when it crosses non-IP interconnection points. This means international calls from US numbers often arrive at the destination without authenticated caller ID -- and some destination countries (Belgium, Czech Republic, Ireland, Malta, Sweden since 2024) now block international calls that present a domestic caller ID without verification.
Practical implication for AI calling internationally:
Common Route Combinations for AI Agents
| Origin to Destination | What Applies |
|---|---|
| US to US | TCPA consent (prior express written) + FTC DNC scrub + STIR/SHAKEN + AI disclosure (FCC) + state TCPA variants (FL, CA, WA etc.) |
| US to Israel | No TCPA + Israeli DNC (Do Not Call Me registry) + opt-in consent + no Tier-1 technical blocker |
| US to India | No TCPA + TRAI DND scrub (mandatory) + AI disclosure + 10AM-7PM window + 140/160 series required |
| US to UK | No TCPA + TPS/CTPS scrub (mandatory) + PECR consent for automated + ICO fines up to GBP 17.5M |
| US to Germany | No TCPA + explicit consent + all-party recording consent (criminal if violated) + no formal DNC list |
| US to France | No TCPA + Bloctel DNC check + automated calls need consent; live calls opt-out permitted |
| US to EU (general) | No TCPA + GDPR consent + EU AI Act disclosure from Aug 2026 |
| US to Australia | No TCPA + ACMA DNC scrub (mandatory) + 9AM-8PM window + no Sundays |
| US to Canada | No TCPA + CRTC DNCL scrub (mandatory) + ADAD rules + time windows |
| US to UAE | No TCPA + TDRA campaign approval required + DNCR scrub + 9AM-6PM only + no international caller ID |
| US to Singapore | No TCPA + PDPC DNC registry + clear consent required |
| US to Brazil | No TCPA + LGPD lawful basis + ANATEL call origin validation (>500 calls/month) |
| US to South Korea | No TCPA + KCC DNC scrub + consent + disclose source of contact data + numeric caller ID |
| US to Mexico | No TCPA + REPEP scrub (mandatory) + LFPDPPP consent + 8AM-9PM |
| US to Japan | No TCPA + disclose name/company/purpose at call start + consent for data use + no URLs |
| US to South Africa | No TCPA + POPIA positive-action consent + recording disclosure + DNC registry (launching FY 2025/26) |
2025-2026 Enforcement Changes
| Date | Change | Market |
|---|---|---|
| 2024 | FCC confirmed AI voices are "artificial voices" under TCPA | United States |
| 2024 | TRAI classified AI voice as automated; DND compliance mandatory | India |
| June 2025 | ICO enforcement teeth: fines up to GBP 17.5M or 4% turnover | United Kingdom |
| September 2025 | STIR/SHAKEN mandatory for all US voice providers | United States |
| November 2025 | ANATEL call origin validation rule (>500 calls/month) | Brazil |
| December 2022 | Do Not Call Me registry operational | Israel |
| April 2025 | POPIA Guidance Note: voice calls = electronic communication, positive-action consent | South Africa |
| 2024-2025 | TDRA campaign approval requirement for marketing calls | UAE |
| 2024 | Belgium, Czech Republic, Ireland, Malta, Sweden block international calls with domestic caller IDs | Europe |
| August 2026 | EU AI Act Article 50: AI must identify itself on all calls to EU recipients | European Union |
| 2025/26 FY | National Opt-Out Registry launches | South Africa |
Practical Compliance Checklist
Before your AI agent makes its first call to any destination:
The DNC scrubs that cause the hard legal exposure -- TCPA (US), TRAI DND (India), ACMA (Australia), TPS (UK), DNCL (Canada) -- are the ones to automate before your first call, not after the first fine.