All posts
The Global Voice Call Regulation Guide for AI Agent Builders
GuideBy Dial Engineering·14 min read·June 24, 2026·0

The Global Voice Call Regulation Guide for AI Agent Builders

TCPA applies to calls to US numbers -- not calls from US numbers to international recipients. The rules for AI voice agents are more complex than SMS: live vs. automated distinctions, AI disclosure mandates, recording consent laws, and DNC registries in 20+ countries. Every major market mapped.


If you make a voice call from a US number to an Israeli recipient, does TCPA apply?

No. And understanding why is the starting point for every AI voice calling deployment that touches more than one country.

TCPA (the Telephone Consumer Protection Act) protects US consumers -- it applies to calls made TO US numbers, regardless of where the caller is located. When you call an international number from a US line, the call routes out of US carrier networks via international SS7 interconnects. TCPA enforcement does not follow the call. What does follow: the destination country's own regulations.

This is the same principle as 10DLC for SMS (US domestic only), applied to voice. The origin country may have its own rules too, but the destination country is where the actual compliance burden lands.

Voice call regulation has several layers SMS does not. Live calls versus automated calls are treated differently in almost every jurisdiction. AI voice agents are now explicitly classified as automated systems by the FCC, TRAI, and others. Recording consent laws split countries into two camps. STIR/SHAKEN authentication is US-mandatory but barely adopted globally. And DNC registries -- which you must scrub before dialing -- exist in more than 20 countries.

This guide maps all of it.


The Two-Axis Framework (Same as SMS, but with more dimensions)

The origin × destination framework applies to voice exactly as it does to SMS. Each axis has its own requirements; the compliance burden for any given call is the union of both.

Origin-side rules are enforced by the sending country's carriers or law. TCPA is an example -- but it only applies when the called number is a US number, not when you call internationally. Similarly, Canada's CRTC ADAD rules and Australia's ACMA requirements travel with calls from those origins.

Destination-side rules govern what happens once the call arrives. Some countries have hard technical enforcement (call blocking, DNC registry checks enforced by carriers). Most enforce through legal liability -- the call reaches the recipient, but the caller is liable for violations.


The Critical Voice-Only Dimension: Live vs. Automated

Unlike SMS, voice call regulations in most countries draw a sharp line between live human calls and automated calls. This distinction matters enormously for AI agents.

In most jurisdictions:

  • Live human marketing calls: allowed under consent or opt-out regimes (caller must identify themselves, respect opt-out)
  • Automated/prerecorded/AI voice calls: require prior express consent, often with no opt-out pathway
  • AI voice agents fall firmly into the automated category in every jurisdiction that has addressed them:

  • US (FCC, 2024): AI-generated voices are "artificial voices" under TCPA; prior express written consent required
  • India (TRAI, 2024): AI voice calls officially classified as "artificial voices"; subject to automated dialing rules
  • EU (AI Act Article 50, effective August 2026): AI must identify itself to the called party at the start of every call to an EU recipient
  • UK (PECR): Scripted AI agents treated as automated; conversational AI in a regulatory gray zone, but regulators trend toward treating them as automated
  • If your AI agent makes calls, assume it is classified as automated everywhere. The live-call exemptions do not apply.


    Origin-Side Requirements

    OriginFrameworkScopeKey Rule
    United StatesTCPA (FCC)Calls TO US numbers only; not internationalPrior express written consent for automated/AI calls; $500-$1,500 per violation
    CanadaCRTC ADAD Rules + CASLCalls TO Canadian numbers; consent travels with Canadian sender9AM-9:30PM weekdays, 10AM-6PM weekends; DNCL scrub required
    United KingdomPECR + OfcomAutomated calls TO UK numbers require prior consentTPS check mandatory; ICO fines up to GBP 17.5M
    EU countriesGDPR + ePrivacy DirectiveCalls to EU numbers; consent rules vary by member stateExplicit consent required for automated; AI Act disclosure from Aug 2026
    AustraliaACMA Do Not Call Register ActCalls TO Australian numbersDNC register scrub mandatory; 9AM-8PM weekdays only

    The practical implication: if your agent runs on US infrastructure and calls US numbers, TCPA is the primary constraint. If it calls internationally, TCPA is irrelevant to those calls -- but each destination country's rules take over.


    Destination-Side: The Three Tiers

    Voice Call Regulation Tiers: Country Count vs. Traffic Weight

    6% of destinations drive 65% of global A2P voice traffic -- and they all require DNC scrubbing plus hard legal enforcement

    Tier 1 countries -- about 6% of global destinations -- drive roughly 65% of commercial voice call volume. If your agents call US, Indian, UK, Canadian, Australian, UAE, Singaporean, New Zealand, South Korean, or Mexican numbers, you are in Tier 1 for those calls. Mandatory DNC scrubbing and hard legal enforcement apply.


    Tier 1 -- DNC + Hard Enforcement

    These countries have mandatory Do Not Call registries that must be checked before dialing, plus significant legal or financial penalties for violations.

    CountryRegulatorDNC RegistryTime WindowKey Rules
    United StatesFCC / FTCFTC National DNC Registry8AM-9PM recipient localTCPA: prior express written consent for automated/AI calls; $500-$1,500/call; FCC confirmed AI voices are "artificial voices" (2024)
    CanadaCRTCNational DNCL (Do-Not-Call List)9AM-9:30PM weekdays; 10AM-6PM weekendsADAD rules for automated calls; CAD $10M max penalty
    United KingdomICO / OfcomTPS + CTPSFlexibleAutomated calls require prior explicit consent; live calls need TPS check; fines up to GBP 17.5M or 4% turnover (2025)
    IndiaTRAINCPR / DND (Do Not Disturb)10AM-7PM recipient localAI voices = artificial voices (TRAI 2024); must use 140/160 series numbers; disclose automation; INR 150,000 per violation
    AustraliaACMADo Not Call Register9AM-8PM weekdays; 9AM-5PM Saturday; no SundaysDNC mandatory; no AI-specific rule yet (regulatory gap); deceptive conduct = Consumer Law violation; AUD $222K/day
    SingaporePDPCPDPC Do Not Call RegistryFlexibleNo marketing calls without clear consent; accurate caller ID required; up to SGD 1M fine
    New ZealandMarketing AssociationDNC Register (dnc.com)9AM-8PM weekdays; 9AM-5PM Saturday; no SundaysAutomated calls must connect within 90 seconds; caller ID required; NZD 500K penalty
    South KoreaKCC / KISAKCC DNC RegistryFlexibleConsent required; source of contact info must be disclosed during call; one-party recording consent
    MexicoPROFECO / IFTREPEP8AM-9PMLFPDPPP consent required; REPEP scrub mandatory; PROFECO enforces
    IsraelMinistry of Communications / Consumer AuthorityDo Not Call Me registry (since Dec 2022)Business hours typicalPrior opt-in consent required; opt-out mandatory; DNC registry active and enforced

    European Union (all 27 member states)

    The ePrivacy Directive distinguishes automated calls from live calls across the EU. Key rules:

  • Automated calls (prerecorded or AI voice): Prior explicit consent required in all EU countries
  • Live human calls: Opt-out regime in some countries (France, Netherlands); opt-in required in others (Germany, Spain, Italy)
  • AI Act Article 50 (effective August 2026): AI must identify itself to the called party at the START of every call to an EU recipient. Non-compliance = GDPR-level fines (4% global turnover)
  • Country-specific variations:

    CountryFrameworkCall TypeDNC Mechanism
    GermanyGDPR + UWGAutomated: explicit consent; live: explicit consentNo formal national list; consent records required; all-party recording consent (criminal offense to violate)
    FranceGDPR + ePrivacyAutomated: explicit consent; live calls: opt-out permittedBloctel national DNC registry -- mandatory check for all marketing calls
    SpainGDPR + LOPDAll marketing calls: prior consent required (mid-2024 change)Lista Robinson -- mandatory check
    ItalyGDPR + ePrivacyAutomated: explicit consent; live: consent or prior relationshipRegistro delle Opposizioni (2023) -- mandatory check
    NetherlandsGDPR + Telecommunications ActAutomated: consent; live B2C: opt-out allowedInfofilter register; calling hours 9AM-6PM Mon-Sat

    Israel

    Israel's Ministry of Communications requires prior opt-in consent for automated voice calls. The Do Not Call Me registry (established December 2022) is administered by the Consumer Protection and Fair Trade Authority. Check it before every campaign. Time windows are informally 9AM-9PM Sunday-Thursday. Enforcement is active; administrative penalties apply. No carrier-level blocking, but legal liability is real.

    Japan

    The Act on Specified Commercial Transactions requires disclosing the caller's name, company, purpose, and goods/services at the START of any marketing call -- before soliciting. Calls are prohibited if the recipient has expressed unwillingness. No formal national DNC list; compliance is through documentation and caller identification. Content filtering applies. Consent documentation for data processing under APPI (amended April 2025) required.

    South Korea

    PIPA consent required. Telemarketers must disclose the source of contact information during the call (since September 2016). KCC DNC registry exists and must be checked. Calls to KCC-registered numbers without consent carry significant penalties. One-party recording consent applies (caller can record).

    Brazil

    LGPD (Lei Geral de Proteção de Dados) requires a lawful basis for calling. No formal national DNC registry. ANATEL rule (November 2025) requires companies making more than 500 calls per month to validate call origin before transmission. Opt-out mechanism mandatory. State-level consumer protection agencies actively enforce; class action exposure possible.

    South Africa

    POPIA Guidance Note (April 2025) clarified that voice calls are "electronic communications" requiring explicit consent -- and consent must be a positive action (not silence, not pre-ticked boxes). Recording of the consent on the call is recommended. A national Opt-Out Registry is launching in the 2025/26 financial year; once live, scrubbing will be mandatory.

    Asia-Pacific (Tier 2)

    CountryFrameworkKey Rules
    PhilippinesData Privacy ActExplicit consent required; NTC oversees carriers; per-carrier DND opt-in available (Globe, Smart, DITO)
    MalaysiaPDPA Section 43Right to prevent processing for direct marketing; MCMC blocking scam calls; no formal DNC registry
    ThailandNBTC + PDPAPrior consent required; calling hours 9AM-6PM; accurate caller ID mandatory; no formal DNC list
    IndonesiaKominfo / UU PDPConsent-based; local operator registration required for commercial calling; no formal DNC list
    VietnamMICDND list enforced by carriers; calling hours 7AM-11PM; VND 3-20M penalties
    TurkeyKVKK + BTKSeparate explicit consent for promotional calls; calling hours 8AM-9PM; international links blocked from abroad

    Americas (outside US/Canada)

    CountryFrameworkKey Rules
    ArgentinaLPDPExplicit consent required; no formal DNC registry; DNPDP enforces
    ColombiaSIC + Habeas DataOpt-in required; calling hours restrictions; active SIC enforcement
    ChileConsumer Law + Ley 21.000Consent required; time windows apply

    Tier 3 -- General Privacy Law Only

    Most remaining destinations have no sector-specific voice call regulation. General consumer protection and data protection law applies. Traffic reaches recipients without technical blocking. Consent is good practice. This covers most of Sub-Saharan Africa (outside South Africa and Nigeria), Pacific islands, Central Asian countries, most of the Balkans, Central America, and the Caribbean. For these destinations, a standard consent workflow and opt-out mechanism is sufficient.


    AI Disclosure: Which Countries Require It

    This is the layer unique to voice that does not exist for SMS. Multiple jurisdictions now explicitly require that AI voice agents identify themselves as AI at the start of every call.

    JurisdictionRuleEffectivePenalty
    United StatesFCC Declaratory Ruling (2024): AI voices are "artificial voices" under TCPA; caller must disclose AI use2024 (active)$500-$1,500/call
    European UnionEU AI Act Article 50: AI must identify itself to called party at start of every call to EU recipientAugust 2026GDPR fines (4% global turnover)
    IndiaTRAI (2024): AI voice calls classified as artificial voices; disclosure at call start required2024 (active)INR 150,000/violation
    AustraliaACMA Consumer Law: claiming to be a human when you are not is misleading conductExisting (via consumer law)AUD $222K/day
    UKOfcom/ICO: scripted AI treated as prerecorded; conversational AI in gray zone but disclosure is safestOngoing guidanceGBP 17.5M max

    Practical rule: disclose AI at the start of every outbound call, regardless of destination. Countries without an explicit AI disclosure rule still have general anti-deception consumer protection laws that cover false representation. Saying "Hi, I'm calling from Acme -- this call uses AI" costs nothing and protects you everywhere.


    AI voice agents typically log or transcribe calls for quality, training, or compliance. Recording consent rules determine whether you can do that without notifying the called party.

    One-party consent (caller can record without notifying the other party):

    United States (federal + most states), United Kingdom, Canada, India, Australia, Sweden, most EU countries, South Korea, New Zealand, Brazil, Japan

    All-party consent (must notify all parties before recording; criminal offense in some jurisdictions if violated):

    JurisdictionNotes
    California, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, Washington (US states)State law overrides federal one-party consent; disclose recording at start of call
    GermanyCriminal offense to record without all-party consent (Section 201 Criminal Code)
    FranceCriminal offense (Article 226-1 Penal Code)
    Spain, AustriaAll-party consent required
    UAEAll-party consent required
    PhilippinesAll-party consent required

    Practical rule: announce recording at the start of every call ("This call may be recorded"). This satisfies all-party consent jurisdictions and costs nothing in one-party jurisdictions. AI agents should have this in their opening line globally.


    STIR/SHAKEN: Where It Is (and Is Not) Enforced

    STIR/SHAKEN is a cryptographic call authentication framework that verifies calls originated from the claimed number. It is the voice equivalent of DMARC for email -- and like DMARC, adoption is highly uneven.

    StatusCountries
    MandatoryUnited States (all providers, September 2025)
    Partial adoptionCanada (major carriers implementing; not federally mandated), France (VoIP calls with fixed national numbers, from October 2024)
    Rejected / Not adoptedUnited Kingdom (Ofcom rejected STIR/SHAKEN in February 2024; alternative frameworks under study), most of EU, India, Australia, Japan, South Korea, China, Singapore

    The gap this creates: A US-to-US call carries STIR/SHAKEN attestation. A US-to-UK call strips that attestation when it crosses non-IP interconnection points. This means international calls from US numbers often arrive at the destination without authenticated caller ID -- and some destination countries (Belgium, Czech Republic, Ireland, Malta, Sweden since 2024) now block international calls that present a domestic caller ID without verification.

    Practical implication for AI calling internationally:

  • Never present a fake or spoofed local caller ID for the destination country -- it will be blocked
  • Use your actual originating number (international format, e.g., +1 for US) or a locally-registered number in the destination country
  • CNAM (Caller Name Display) works for US domestic calls; it is not supported in most international destinations

  • Common Route Combinations for AI Agents

    Origin to DestinationWhat Applies
    US to USTCPA consent (prior express written) + FTC DNC scrub + STIR/SHAKEN + AI disclosure (FCC) + state TCPA variants (FL, CA, WA etc.)
    US to IsraelNo TCPA + Israeli DNC (Do Not Call Me registry) + opt-in consent + no Tier-1 technical blocker
    US to IndiaNo TCPA + TRAI DND scrub (mandatory) + AI disclosure + 10AM-7PM window + 140/160 series required
    US to UKNo TCPA + TPS/CTPS scrub (mandatory) + PECR consent for automated + ICO fines up to GBP 17.5M
    US to GermanyNo TCPA + explicit consent + all-party recording consent (criminal if violated) + no formal DNC list
    US to FranceNo TCPA + Bloctel DNC check + automated calls need consent; live calls opt-out permitted
    US to EU (general)No TCPA + GDPR consent + EU AI Act disclosure from Aug 2026
    US to AustraliaNo TCPA + ACMA DNC scrub (mandatory) + 9AM-8PM window + no Sundays
    US to CanadaNo TCPA + CRTC DNCL scrub (mandatory) + ADAD rules + time windows
    US to UAENo TCPA + TDRA campaign approval required + DNCR scrub + 9AM-6PM only + no international caller ID
    US to SingaporeNo TCPA + PDPC DNC registry + clear consent required
    US to BrazilNo TCPA + LGPD lawful basis + ANATEL call origin validation (>500 calls/month)
    US to South KoreaNo TCPA + KCC DNC scrub + consent + disclose source of contact data + numeric caller ID
    US to MexicoNo TCPA + REPEP scrub (mandatory) + LFPDPPP consent + 8AM-9PM
    US to JapanNo TCPA + disclose name/company/purpose at call start + consent for data use + no URLs
    US to South AfricaNo TCPA + POPIA positive-action consent + recording disclosure + DNC registry (launching FY 2025/26)

    2025-2026 Enforcement Changes

    DateChangeMarket
    2024FCC confirmed AI voices are "artificial voices" under TCPAUnited States
    2024TRAI classified AI voice as automated; DND compliance mandatoryIndia
    June 2025ICO enforcement teeth: fines up to GBP 17.5M or 4% turnoverUnited Kingdom
    September 2025STIR/SHAKEN mandatory for all US voice providersUnited States
    November 2025ANATEL call origin validation rule (>500 calls/month)Brazil
    December 2022Do Not Call Me registry operationalIsrael
    April 2025POPIA Guidance Note: voice calls = electronic communication, positive-action consentSouth Africa
    2024-2025TDRA campaign approval requirement for marketing callsUAE
    2024Belgium, Czech Republic, Ireland, Malta, Sweden block international calls with domestic caller IDsEurope
    August 2026EU AI Act Article 50: AI must identify itself on all calls to EU recipientsEuropean Union
    2025/26 FYNational Opt-Out Registry launchesSouth Africa

    Practical Compliance Checklist

    Before your AI agent makes its first call to any destination:

  • Calling a US number? TCPA prior express written consent required. FTC DNC registry scrubbed. AI disclosure in opening line. Check state TCPA variants (California, Florida, Washington have stricter rules).
  • Calling an Indian number? TRAI DND/NCPR registry scrubbed. Use 140/160 series numbers. Disclose automation at call start. Respect 10AM-7PM IST window.
  • Calling a UK number? TPS and CTPS checked. PECR consent for automated calls. ICO can fine GBP 17.5M. Disclose AI if using scripted/automated voice.
  • Calling an Australian number? ACMA DNC register scrubbed. No calls before 9AM or after 8PM weekdays, 9AM-5PM Saturday, no Sundays. DNC scrub weekly minimum.
  • Calling a Canadian number? CRTC DNCL scrubbed. Respect ADAD time windows. CAD $10M maximum penalty.
  • Calling any EU number? GDPR consent documented. Country-specific DNC registries checked (Bloctel for France, Lista Robinson for Spain, Registro delle Opposizioni for Italy). From August 2026: AI identifies itself at call start.
  • Calling an Israeli number? Do Not Call Me registry checked. Opt-in consent obtained. Business hours only.
  • Calling a UAE number? TDRA approval required before campaign. DNCR scrubbed. Only 9AM-6PM. Local registered number required.
  • Calling a Singapore number? PDPC DNC registry checked. Clear prior consent obtained.
  • Calling a New Zealand number? DNC.com register checked. 9AM-8PM weekdays, 9AM-5PM Saturday, no Sundays. 90-second connect rule for automated systems.
  • Calling a Mexican number? REPEP scrubbed. LFPDPPP consent documented. 8AM-9PM only.
  • Calling a South Korean number? KCC DNC checked. Source of contact info disclosed during call. Numeric caller IDs only.
  • Recording any call? Announce recording at call start (covers all-party consent jurisdictions). Confirm this is in your agent's opening line globally.
  • Using AI voice? Disclose AI at call start. This is legally required in US and India today, mandatory in EU from August 2026, and best practice everywhere.
  • All other destinations? Obtain consent, honor opt-out requests, stay within business hours. General privacy law applies.
  • The DNC scrubs that cause the hard legal exposure -- TCPA (US), TRAI DND (India), ACMA (Australia), TPS (UK), DNCL (Canada) -- are the ones to automate before your first call, not after the first fine.

    Did you enjoy this post?

    0 claps