Most enterprises buying AI voice diallers in 2026 treat Do Not Call (DNC) compliance as a feature checkbox. It is not. It is infrastructure. The companies the Information Commissioner's Office and the Federal Communications Commission have fined over the past eighteen months did not lack a DNC policy — they lacked a DNC architecture that ran on every call, every campaign, every list refresh.
In March 2026 the ICO fined a Birmingham-based pendant alarm company £100,000 for making 260,000 unsolicited marketing calls to numbers on the Telephone Preference Service register. Earlier the same regulator fined Green Spark Energy £250,000 for 9.5 million calls. PECR fines in the UK are about to climb from a £500,000 cap to £17.5 million or 4% of global turnover — GDPR-grade. In the US, every call placed without scrubbing the Federal DNC and per-seller consent now carries a $500–$1,500 statutory damages exposure under the TCPA's revised AI ruling.
This is not a problem AI voice vendors can solve at the script layer. It is solved — or not — at the architecture layer.
This guide is shipped by the team behind Dilr Voice — enterprise voice AI live in 40+ countries with DNC, TPS and FCC disclosure logic built into the dialler runtime. Or see DATS, our 5-stage AI consulting system.
DNC compliance fails procurement gates when it lives in a script. It passes when it lives in the dialler runtime, the audit log, and the consent gate — three systems, one architecture.
- UK PECR fines move to £17.5m / 4% global turnover; FCC one-to-one consent live January 27, 2026
- TPS scrub frequency under 24 hours is the new procurement floor — daily was acceptable until 2024
- Every AI voice call must produce an immutable, per-call DNC-decision artefact to survive ICO or FCC review
- Vendors that treat DNC as a "rule pack" rather than a runtime gate will fail FCA Consumer Duty and EU AI Act audits
The interesting pattern in the enforcement record is what the regulators did not fine. They did not fine companies for bad calls. They fined them for bad systems. Green Spark Energy did not lose £250,000 because of nine million wrong-number incidents — it lost it because the architecture allowed nine million calls to bypass the TPS register in the first place. Enterprises evaluating AI voice diallers should read every enforcement notice the same way: the question is not "did the AI mis-script?" but "did the architecture make the wrong call possible?" That is a procurement-stage question, not a deployment-stage one. The same logic underpins our AI placement diagnostic — a fixed-fee assessment used before any deployment commitment.
Why DNC fails as a "feature"
The standard AI voice dialler procurement deck lists DNC compliance as a tick-box: "TPS scrubbing — yes." This is how the £100,000 fines happen. A tick-box does not survive the four failure modes enforcement actually catches.
Failure mode 1 — stale lists
The Birmingham pendant alarm case turned on one fact: the company's CRM-loaded numbers were scrubbed weekly, not per-call. In the interval between the scrub and the dial, 260,000 calls landed on TPS-registered numbers because individuals had registered between the two events. Daily scrubbing — the old "best practice" — is no longer a defence. The ICO's evidentiary standard now expects sub-24-hour refresh, with most enforcement actions citing scrubs older than 28 days as aggravating. See our companion guide on AI outbound calling under GDPR and PECR for the broader UK regime.
Failure mode 2 — consent provenance gaps
The FCC's one-to-one consent rule, live from January 27, 2026, eliminated the "lead generator loophole" where a single consent form covered multiple sellers. Every AI voice call placed under the new regime must trace to a per-seller, time-stamped, channel-specific consent record. Enterprises whose AI voice diallers depend on uploaded CSVs from third-party lead vendors cannot prove provenance — and per-call $500 statutory damages stack fast. Our TCPA compliance guide for outbound AI voice covers the consent architecture in depth.
Failure mode 3 — internal DNC silos
Most enterprises run three DNC lists in parallel: the regulator register (TPS or Federal DNC), customer service opt-outs, and sales-channel opt-outs. The three rarely sync. A customer who tells the contact centre "don't call me" on Monday gets dialled by an outbound AI agent on Wednesday because the sales CRM never received the flag. This is not a regulator failure — it is the most-cited enforcement pattern in 2025–2026 ICO action records. Internal DNC must be a single source of truth, queried at call time, not at list-upload time. The same single-source architecture sits at the centre of enterprise voice AI vendor evaluation and the broader enterprise AI voice agent architecture.
The five-layer DNC architecture
The diallers that pass FCA Consumer Duty audits and survive ICO investigation share five architectural layers — none of which are "scripts." This is the model we use inside Dilr Voice for every outbound deployment, and the framework our AI operating model consulting engagements deploy in regulated buyers.
| Layer | Purpose | Enforcement risk if missing | Refresh frequency |
|---|---|---|---|
| Scrub layer | TPS, Federal DNC, state DNCs, sectoral DNCs (CTPS, BTPS) | £100k–£17.5m UK; $500–$1,500/call US | Sub-24 hours |
| Consent gate | Per-seller, time-stamped, channel-specific consent record | TCPA one-to-one rule violation; PECR Reg 22 breach | Per-call query |
| Internal opt-out store | Single source of truth across CS, sales, marketing | Most-cited ICO aggravator 2025–2026 | Real-time write, per-call read |
| Calling-window logic | UK 8am–9pm; US 8am–9pm local; FCA vulnerability flags | Aggravating factor in ICO penalties | Per-call timezone resolution |
| Audit log | Immutable per-call DNC-decision artefact | EU AI Act Article 50 + ICO evidentiary standard | Per-call write, 7-year retention |
What separates a procurement-grade dialler from a checkbox dialler is whether these five layers run per call — not per campaign, not per list upload. The Birmingham case turned on a 7-day gap between scrub and dial. The Green Spark Energy case turned on the absence of an internal opt-out store. Every enforcement notice in the past eighteen months pivots on one or more of these layers being absent or running on the wrong cadence.
The contrarian point is this: AI voice diallers are actually better at DNC compliance than human call centres — but only when the runtime is architected for it. A human agent can ignore a flag. An AI agent, properly built, cannot place a call the system has not pre-authorised. The infrastructure either permits the call or it does not. There is no "the agent forgot" defence. Regulators have noticed: ICO commentary in 2026 increasingly cites system architecture as either mitigating or aggravating, which means well-built AI voice systems can actually reduce enforcement risk versus the legacy human dialler stack. For the broader regulatory backdrop, see our work on FCA AI governance for voice AI and the ICO AI Code of Practice obligations from May 2026.
What buyers should actually demand
The procurement question is not "do you support DNC?" Every vendor will say yes. The question is "show me the per-call DNC-decision log from your last 1,000 production calls, including the timestamp of the TPS/DNC check and the consent record ID." Vendors with proper architecture produce this in minutes. Vendors with a feature checkbox cannot produce it at all. Bake this artefact into your RFP. If you'd like a worked template, book a call and we'll walk through what the ICO actually asks for in evidence requests.
Three further demands separate operators from amateurs. First, ask for the sub-24-hour scrub timestamp on every call placed. Second, ask for the consent provenance chain back to the originating capture event — channel, timestamp, exact disclosure text. Third, ask for the system architecture diagram that shows where the internal opt-out store sits and what writes to it. If any of the three are missing, you do not have DNC infrastructure — you have a DNC feature. That is the difference between a £180,000 DATS execution office engagement that survives audit and a £750,000 outbound programme that collects fines. The pattern repeats in adjacent regulated verticals — see how the same architectural discipline shapes AI voice for fintech collections and KYC, where FCA Consumer Duty stacks on top of the DNC regime.
Want to see this in production? Try Dilr Voice live (free, $20 credits), book an AI placement diagnostic, see our DATS methodology, or read about our approach to placing AI inside regulated outbound systems.
Build DNC into the runtime — before the regulator reads your logs.
30-min scoping call. No deck. Confidential. We'll tell you whether your AI voice dialler's DNC architecture would survive an ICO or FCC evidence request — and where the gaps are.
Written by the Dilr.ai engineering team — practitioners who ship enterprise AI voice in regulated UK and US deployments. Follow us on LinkedIn for shipping notes, or subscribe via the RSS feed.