Is it legal to use AI to call customers in the UK and EU?

Yes, using an AI voice agent to call your customers is legal in the UK and EU, provided three things are true: you have a lawful basis to contact that person, you disclose that they're speaking with an AI, and you respect opt-outs and do-not-call rules. None of that is exotic; it's the same consent-and-transparency framework that governs any marketing contact, with one AI-specific addition (the disclosure).

Where it gets nuanced is the detail: the rules differ depending on the channel (an automated voice call is treated more strictly than a live one, or than SMS/email) and the country (the UK's PECR layer sits on top of GDPR). Most confusion online comes from US-centric content that only covers TCPA and ignores the UK/EU picture entirely.

Two laws apply. GDPR governs the personal data. You need a lawful basis to process the customer's phone number and call them (typically consent, or legitimate interest for an existing-customer, transactional contact like an abandoned cart or a failed payment). The ePrivacy rules govern the electronic communication itself, and generally expect consent for marketing calls.

A useful distinction: the 'soft opt-in' that lets you message existing customers about similar products applies to electronic mail and SMS. It does not generally extend to automated voice calls. So a marketing voice campaign to cold prospects needs a stronger consent footing than an order-related call to a customer who just abandoned a cart.

This is the AI-specific piece. Article 50 of the EU AI Act requires that people be told they're interacting with an AI system, clearly and at the latest at the first interaction, applicable from 2 August 2026. For a voice agent, that means opening the call by identifying as AI. A second limb requires deployers of realistic synthetic voices to disclose the audio is AI-generated. Penalties for the transparency breaches run up to €15M or 3% of worldwide turnover.

The good news for operators: disclosure is a feature, not a tax. In conversion tests, telling the customer it's AI has no measurable impact on outcomes, what matters is sounding helpful, not human-pretending. A compliant agent simply opens with it.

Post-Brexit the UK keeps UK GDPR, plus its own electronic-marketing law: PECR (the Privacy and Electronic Communications Regulations), enforced by the ICO. The rule that matters most: automated or pre-recorded marketing calls require prior consent, for individuals and organisations alike. Consent to a live call does not cover an automated one.

Live marketing calls (including AI-conducted, non-pre-recorded conversations) are treated more leniently, generally no prior consent needed, but you must screen numbers against the TPS and CTPS do-not-call registries and honour opt-outs instantly. The ICO's 2026 direct-marketing guidance also expects explicit AI disclosure where AI is used.

This UK layer is exactly where US-built tools trip up: a product designed only around TCPA has no concept of PECR, TPS screening, or the live-vs-automated distinction. An EU/UK-native agent bakes it in.

If you also sell into the US, the headline framework is the TCPA. Two 2025 developments worth knowing: the FCC's 'one-to-one consent' rule was vacated by the 11th Circuit in January 2025 (so the older blanket-consent regime stands), while the consent-revocation rules took effect in April 2025, customers can revoke consent by any reasonable means and you must honour it within 10 business days.

The baseline is unchanged: prerecorded or AI-voice marketing calls to consumers generally require prior express written consent. Several US states (Florida, California, Texas, Maine) layer on their own AI-disclosure and calling rules. The US is a stricter, more litigious environment than the UK/EU for outbound, worth a dedicated compliance review before you dial American numbers.

Stripped to the essentials, what you actually need depends on channel × purpose:

Pulling it together, a defensible AI-calling setup in the UK/EU does six things: