Most UK enterprises rolling out AI outbound calling in 2026 are running on a procurement assumption that no longer holds. The £500,000 ICO fine cap that capped tail risk for a decade was repealed under the Data Use and Access Act 2025. PECR penalties now sit on the same ceiling as UK GDPR — £17.5 million or 4% of global turnover — and the ICO is using its expanded powers to compel interviews and force production of technical reports from voice AI controllers and processors. The shape of the risk has changed before most boards have caught up.
The trigger event was straightforward. In September 2025 the ICO penalised two energy firms a combined £550,000 for automated calls made by voice-avatar software — pre-recorded scripts, voiced by actors, presented to recipients as live UK agents. Green Spark Energy alone instigated 9,587,050 automated calls to UK consumers in twelve months without specific consent. That is the precise pattern enterprise AI outbound is now selling into the market. The fine cap rose six weeks later. The first £10m+ penalty under the new ceiling is a question of when, not whether — and AI voice outbound is the most exposed category on the regulator's desk.
This guide sets out what every enterprise running, buying, or scoping AI outbound calling in the UK must lock down before the next call cycle. The economics still work — the AI voice outbound enterprise sales ROI is real — but only inside a compliance perimeter the regulator will accept.
This guide is shipped by the team behind Dilr Voice — enterprise voice AI live in 40+ countries with PECR-grade consent architecture built in. Or see the Dilr Voice product page for the underlying compliance stack.
Three rules govern AI outbound calling in the UK. PECR Regulation 19 (automated/recorded calls — including AI voice with pre-defined utterances), Regulation 21 (live unsolicited marketing — TPS/CTPS screening), and Regulation 22 (electronic mail and SMS follow-up). GDPR sits underneath as the lawful-basis and data-handling layer. Get any one of them wrong and the call is unlawful — regardless of how clean the rest of the stack is.
The £500k cap absorbed the risk for a generation of marketing programmes. Under the new ceiling, a £2m AI outbound programme can attract a fine of 8× the programme's annual budget, plus enforcement notices that publicly name the controller and the processor. For procurement teams who treated PECR as a marketing concern rather than an enterprise risk, the calculus has changed — and the enterprise business case for AI voice needs a compliance line that was absent from most 2024 and 2025 board papers.
The standard procurement story — "our vendor handles compliance" — does not survive contact with the ICO's processor-controller logic. The ICO will pursue both. We built Dilr Voice precisely because the enterprise compliance layer cannot be a feature toggle bolted on after launch — it has to sit underneath the dial logic itself. We've covered the parallel architecture for US programmes in our TCPA compliance guide for US outbound AI voice; the UK regime is stricter on the consent specificity dimension, looser on the disclosure dimension, and tighter on the volume of evidence the regulator expects to see.
What PECR actually prohibits — and why AI voice sits inside Regulation 19
A clean reading of PECR for AI outbound calling separates three call types. Each carries different consent, different screening, and different evidentiary requirements.
Regulation 19 — automated/recorded marketing calls
If the call plays a pre-recorded message, OR uses an automated dialling system that delivers scripted utterances without human variation, specific opt-in consent is mandatory for every recipient — consumer or business. General marketing consent is not enough. Consent for live calls is not enough. The recipient must have explicitly agreed to receive automated calls from the named caller.
This is the regulation that catches the majority of AI voice deployments. An AI voice agent that delivers pre-scripted utterances — even with dynamic name insertion, even with LLM-generated turn-taking — is highly likely to fall under Reg 19 in the ICO's analysis if a court or panel concludes the recipient could not meaningfully distinguish the interaction from a recorded message. The Green Spark Energy and Home Improvement Marketing 2025 cases were both prosecuted under Reg 19 against voice-avatar systems with synthesised speech. That is the case law forming around AI voice right now. Strong AI placement diagnostic work surfaces this category question before procurement, not after.
Regulation 21 — live unsolicited marketing calls. If a human (or an AI voice agent that the ICO accepts as functionally equivalent to a human conversation — adaptive, not scripted) makes the call, Regulation 21 applies. Calls cannot go to any number on the Telephone Preference Service (TPS) for individuals, or the Corporate Telephone Preference Service (CTPS) for businesses, unless that subscriber has specifically consented. Sole traders and certain partnerships count as individual subscribers for TPS purposes — a fact most B2B AI outbound stacks fail to encode.
Regulation 22 — electronic mail (including SMS follow-up). The follow-up email or SMS after an AI voice call is governed separately. Reg 22 requires prior consent (or the narrow soft opt-in for existing customers offered similar products). Most enterprise AI outbound programmes send post-call SMS — and most do not separately log Reg 22 consent. This is the silent breach that compounds the headline call breach.
For deeper coverage of consent architecture across all three patterns, see our consent capture in AI voice calls guide.
The procurement implication is rarely understood: the controller (the enterprise) cannot transfer Reg 19 liability to the vendor. The ICO has been explicit on this. The processor — the voice AI platform — has joint liability under the DUAA 2025 expansion, but the controller retains primary responsibility for proving lawful basis. Our AI execution office engagements consistently surface this gap as the single largest unbudgeted enterprise risk in active AI voice programmes.
Comparison — what call type triggers what.
| Call recipient | PECR regulation | Consent required | TPS/CTPS screen | ICO risk level |
|---|---|---|---|---|
| Consumer (B2C) | Reg 19 — automated | Specific opt-in for automated calls from named caller | Yes — TPS | Critical |
| Sole trader / certain partnerships | Reg 19 + Reg 21 | Specific opt-in (automated) or TPS exemption (live) | Yes — TPS (treated as individuals) | Critical |
| Limited company / LLP | Reg 19 (automated) or Reg 21 (live) | Specific opt-in for Reg 19; CTPS check for Reg 21 | Yes — CTPS | High |
| Existing customer — soft opt-in | Reg 19 still requires explicit | Soft opt-in does NOT extend to automated calls | Yes | Critical (often misread) |
The fourth row is the trap most enterprises fall into. The "soft opt-in" exemption that exists for direct marketing under Reg 22 (and partly under Reg 21) does not extend to automated calls under Reg 19. Customer marketing consent is irrelevant. Specific automated-call consent is mandatory. We have audited multiple AI outbound programmes that assumed customer-base lists were a safe seed audience — they are not.
Decision tree — is this AI outbound call legal under PECR?
What the tree makes explicit: there is no path to a lawful AI outbound call without specific automated-call consent, full stop, unless the call is a genuinely adaptive live conversation to a non-TPS-registered limited company subscriber. Most enterprise AI voice deployments do not meet that bar — they sit in the Reg 19 column, and they need the consent log to prove it. For programmes split across inbound and outbound AI voice agents, the inbound side is largely PECR-free; the outbound side carries the entire compliance load.
The five compliance controls every UK AI outbound programme must encode
The good news: the controls are tractable. The bad news: they must sit in the platform layer, not the operations layer, because the ICO will ask the processor for technical evidence of how each was enforced. Our DILR.AI services team builds these as a standing pre-pilot deliverable.
Control 1 — Consent provenance per number, per channel, per recall
Every dialled number must trace to: the consent capture surface (web form, voice utterance, paper), the timestamp, the wording shown to the data subject, the specific channels consented to (automated voice / live voice / SMS / email), and the named caller the consent named. "We bought a list" is not consent. "They consented to marketing" is not consent for automated calls. ICO enforcement notices in 2025 named both deficiencies as primary breach grounds.
Control 2 — Real-time TPS/CTPS suppression at the dialler. Suppression cannot run as a nightly batch job. It must run at the moment of dial. Lists drift; the TPS register changes daily. A clean list at 09:00 is not a clean list at 17:00. The platform must call the live register, log the check, and refuse the dial if the check fails. This is a hard line — and one of the procurement gates we publish in our voice AI hallucination procurement guide. Programmes that lack this control should not be in production.
Control 3 — Caller identity disclosure within the first 15 seconds. Reg 21 and Reg 19 both require the recipient to receive the caller's name and a means to opt out. The Green Spark and Home Improvement enforcement notices placed substantial weight on misleading caller-identity framing — the AI voice presented itself as a local UK agent when it was a recorded message. AI voice agents must disclose, by default and audibly, that they are automated, who they are calling on behalf of, and how to opt out. This requirement intersects with EU AI Act Article 50 disclosure for any agent also dialling EU subscribers.
Control 4 — GDPR lawful basis recorded against the called dataset. PECR sits on top of GDPR. Even where PECR consent is satisfied, the controller must record an Article 6 lawful basis for processing the personal data (the phone number, the call recording, the post-call transcript) and an Article 9 basis if any special-category data is captured during the call. Most AI outbound deployments default to "consent" — which is brittle. Legitimate interests, properly balanced and documented, is often the stronger position for the underlying processing once the PECR-specific consent layer is settled. The AI voice biometric data security guide covers the Article 9 dimension where voice characteristics themselves become processed data.
Control 5 — Auditable, queryable call log retained for the regulator. The ICO's new powers under DUAA 2025 include the ability to compel production of technical reports. A platform that cannot produce, within seven days, a queryable export of: dialled number, consent source, TPS screen result, agent script version, recipient outcome, and recording link — for any date range the regulator names — will be assumed to be operating without lawful basis. The evidentiary burden is now on the controller. Pilot deployments that rely on vendor dashboards rather than direct controller access to the log fail this test by design — which is why platforms like the Dilr Voice console expose the raw consent and call-log layer directly to the controller's compliance team rather than mediating it through a vendor portal.
The same five-control architecture sits under enterprise AI voice agents at scale — PECR adds the specificity, GDPR adds the audit trail, and the new £17.5m cap adds the urgency. If your current programme cannot demonstrate all five against any single dialled number from the last 90 days, the operating model needs a rebuild — and a conversation with the team about how to sequence it.
Want to see this in production? Try Dilr Voice with PECR consent architecture built in, book an AI placement diagnostic, read how DATS structures compliance engagements, or see our approach to regulated deployment.
Some of the most common implementation failures we surface in audit are not the call itself but the upstream data plumbing — list hygiene, consent decay, channel-specific consent recording. Our data residency for enterprise voice AI guide covers the parallel data-location dimension that often sits in the same gap. And for FCA-regulated firms, the FCA AI governance 2026 obligations overlay on top of PECR creates a second compliance ledger that procurement teams routinely underestimate.
The DUAA 2025 expansion specifically empowers the ICO to demand technical reports from controllers. Translation: a request from the regulator no longer needs to wait for voluntary cooperation. If the platform cannot produce the evidence inside the request window, the controller is assumed non-compliant. That is a procurement standard, not a back-office one — and it belongs in the contract with the voice AI vendor before the first call dials.
For a deeper authority view, the ICO guidance on direct marketing and the underlying Privacy and Electronic Communications Regulations 2003 statute are the primary references.
Make your AI outbound programme PECR-defensible.
30-min scoping call · No deck · Confidential. We'll tell you whether your current consent architecture survives the new £17.5m cap — and what to rebuild first.
Written by the Dilr.ai engineering team — practitioners who ship enterprise AI in production. Follow us on LinkedIn for shipping notes, or subscribe via the RSS feed.