Compliance

PECR Compliance for AI Cold Calling: The Complete Guide

AI cold calling is legal in the UK—but only if you follow the rules. Here's exactly what you need to know to avoid £500,000 fines.

January 2026 15 min read

What Is PECR and Why Should You Care?

PECR (Privacy and Electronic Communications Regulations 2003) governs electronic marketing in the UK—including phone calls, emails, and texts. If you're making sales calls, AI or otherwise, PECR applies to you.

The ICO (Information Commissioner's Office) enforces PECR with fines up to £500,000. In 2024 alone, they issued over £2 million in fines for cold calling violations. Getting this wrong isn't just expensive—it can destroy your business reputation overnight.

The Three Types of Marketing Calls Under PECR

1. Live Calls (Human or AI-Assisted)

A call where a real conversation happens, even if AI is involved in parts of it.

  • B2B: Generally allowed without consent, but must screen against CTPS
  • B2C: Allowed without consent, but must screen against TPS
  • Must: Identify caller, state purpose, offer opt-out

2. Automated Calls (Pre-Recorded Messages)

Calls that play a recording with no live interaction.

  • B2B and B2C: Require prior consent (opt-in)
  • Very restricted—most robocall-style marketing is illegal without consent

3. AI Voice Agents (The Grey Area)

AI that holds real conversations—not pre-recorded, but not human either.

  • ICO hasn't issued specific guidance yet
  • Current interpretation: If AI can converse dynamically and hand off to humans, treated more like "live" calls
  • Best practice: Treat as live calls + implement human handoff capability

TPS and CTPS: The Do-Not-Call Registers

TPS (Telephone Preference Service)

The TPS is a register of individuals who don't want unsolicited sales calls.

  • Over 5 million UK numbers registered
  • You must screen against TPS before calling consumers
  • Updated monthly—your data must be current
  • Calling a TPS number = PECR violation

CTPS (Corporate TPS)

The business equivalent—companies that don't want unsolicited B2B calls.

  • Must screen B2B lists against CTPS
  • Different register from TPS—check both if calling mobile numbers

How to Screen

  1. 1. Subscribe to TPS/CTPS checking service (from £150/year)
  2. 2. Upload your call list
  3. 3. Receive cleaned list with TPS/CTPS numbers removed
  4. 4. Screen monthly—numbers are added constantly

The Consent Question: When Do You Need It?

When You DON'T Need Consent

  • ✓ Live B2B calls to numbers NOT on CTPS
  • ✓ Live B2C calls to numbers NOT on TPS
  • ✓ Calls to existing customers about similar products (soft opt-in)
  • ✓ AI-assisted calls with human handoff capability (current interpretation)

When You DO Need Consent

  • ✗ Fully automated/pre-recorded marketing calls
  • ✗ Calls to TPS/CTPS registered numbers
  • ✗ Marketing texts and emails (separate PECR rules)

What Counts as Valid Consent?

  • Freely given (not bundled with T&Cs)
  • Specific (they know what they're consenting to)
  • Informed (clear explanation of how data will be used)
  • Unambiguous (positive action, not pre-ticked boxes)
  • Recorded (you can prove they consented)

PECR Compliance Checklist for AI Cold Calling

Before You Call

  • ☐ Screen all numbers against TPS (consumer)
  • ☐ Screen all numbers against CTPS (business)
  • ☐ Verify your data source is GDPR compliant
  • ☐ Document your lawful basis for calling
  • ☐ Check numbers haven't previously opted out
  • ☐ Validate number format and remove invalid numbers

During the Call

  • ☐ Identify your company name clearly
  • ☐ State the purpose of the call
  • ☐ Provide contact details if requested
  • ☐ Offer opt-out option
  • ☐ Respect "not interested" immediately
  • ☐ Have human handoff capability
  • ☐ Don't call before 8am or after 9pm

After the Call

  • ☐ Record call outcome
  • ☐ Log any opt-out requests immediately
  • ☐ Add opt-outs to suppression list
  • ☐ Update CRM with call data
  • ☐ Store call recordings securely (if applicable)

Ongoing

  • ☐ Re-screen lists against TPS/CTPS monthly
  • ☐ Maintain suppression list in perpetuity
  • ☐ Keep audit trail for 6+ years
  • ☐ Train team on compliance requirements
  • ☐ Review ICO guidance updates

Common PECR Violations (And How to Avoid Them)

1. Calling TPS Numbers

Fine: Up to £500,000

Solution: Screen every list against TPS before calling. Re-screen monthly. Use automated TPS checking in your dialler.

2. Not Identifying Yourself

Fine: Up to £500,000

Solution: Your AI must state company name within first 10 seconds. "Hi, this is [Name] calling from [Company]..."

3. Ignoring Opt-Out Requests

Fine: Up to £500,000

Solution: Implement instant suppression. When someone says "don't call again," they're added to your do-not-call list immediately and permanently.

4. Calling Outside Reasonable Hours

Fine: Reputational damage + potential complaint

Solution: Restrict calling to 8am-9pm. Consider industry norms—some B2B sectors expect 9am-6pm only.

5. Using Purchased Lists Without Due Diligence

Fine: Up to £500,000

Solution: Verify your data supplier's compliance. Ask: Where did they get consent? How recent is the data? Is it TPS screened?

What Happens If You Get Caught?

ICO Enforcement Process

  1. 1. Complaint: Someone reports your call to the ICO
  2. 2. Investigation: ICO requests your call records and compliance documentation
  3. 3. Assessment: ICO determines if PECR was breached
  4. 4. Enforcement: Warning, enforcement notice, or monetary penalty

Penalties

  • Monetary Penalty Notice: Up to £500,000
  • Enforcement Notice: Legally binding order to stop
  • Prosecution: For serious/repeated offences
  • Naming and shaming: ICO publishes enforcement actions

How AI Sales Voice Keeps You Compliant

We built compliance into the core of our platform:

Automatic TPS/CTPS Screening

Every number is checked against TPS and CTPS before the AI dials. Non-compliant numbers are automatically blocked.

Instant Opt-Out Memory

When someone says "don't call me again," they're added to your suppression list immediately. Across all campaigns. Forever.

Bulletproof Audit Trail

Every call is logged with timestamp, outcome, and recording (if enabled). If the ICO comes knocking, you have everything you need.

Compliant Scripts

Our script builder ensures your AI identifies your company, states the purpose, and offers opt-out—automatically.

Time Restrictions

Built-in calling windows prevent calls outside 8am-9pm. Set custom hours for your industry.

Human Handoff

Transfer to a live agent at any point—supporting the "live call" interpretation of PECR.

PECR vs GDPR: What's the Difference?

Aspect PECR GDPR
Governs Electronic communications (calls, emails, texts) Personal data processing
Applies to Marketing communications All personal data handling
Consent basis Specific rules per channel One of six lawful bases
Max fine £500,000 £17.5M or 4% of turnover
Enforcer ICO ICO

Key point: You need to comply with BOTH. PECR governs whether you can call; GDPR governs how you handle the data from those calls.

Stay Compliant While Scaling Outreach

AI Sales Voice has TPS/CTPS screening, audit trails, and opt-out management built in. Make thousands of calls without compliance risk.

Start Your Compliant AI Campaign