By Sagar Shankaran, Founder of CallSphere
Ofcom's January 2025 CLI guidance, the new international scam-call blocking, the PECR live-vs-automated distinction, and what UK-bound AI voice agents must do to stay legal.
Key takeaways
Ofcom's January 2025 CLI guidance closes the "+44 from abroad" loophole and shifts liability for unverified Calling Line Identification onto originating networks. For UK-bound AI voice agents, the question is no longer "what number do you display" but "can your originating provider justify it."
flowchart LR
Phone["PSTN caller"] --> Carrier["Carrier"]
Carrier -- "SIP INVITE" --> SBC["Session Border Controller"]
SBC -- "SIP" --> PBX["Twilio / Asterisk"]
PBX -- "RTP · Opus" --> Bridge["AI Voice Gateway"]
Bridge --> AI["OpenAI Realtime"]
AI --> Bridge
Bridge --> PBXUK voice marketing is governed by two regulators in tandem: Ofcom (under the Communications Act 2003) for network behavior and CLI presentation, and the Information Commissioner's Office (ICO) (under the Privacy and Electronic Communications Regulations 2003, "PECR") for marketing consent. Ofcom published an updated CLI Guidance on July 29, 2024, applicable from January 29, 2025, with a six-month implementation window for providers. The new rules require networks to block international calls that present a UK mobile number unless the originating provider can verify legitimate use. PECR Regulation 19 requires prior consent for automated marketing calls (recorded messages); Regulation 21 allows live marketing calls except to TPS-registered numbers or numbers that have asked you not to call. The ICO has fined energy firms £500,000+ for unconsented automated marketing in 2025.
UK regulators currently treat conversational AI as a developing case. A pre-recorded marketing message clearly falls under Regulation 19 (automated, consent required). A real-time AI conversation looks more like a live agent and may fall under Regulation 21 (TPS-registered numbers off-limits, otherwise allowed unless told not to call). The ICO has not issued definitive guidance, but the prudent default in 2026 is to treat AI calls as automated for consent purposes, since the underlying technology generates audio without a live human.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
For CLI: your AI agent must present a number that is either yours, a number assigned to you by your provider, or a "presentation number" you can authenticate (UK mobile from a UK provider, geographic number where you have a presence). Withholding CLI on marketing calls is prohibited by PECR. From January 2025 forward, your provider must be able to justify the CLI to Ofcom on demand; spoofed UK CLIs from international originations are now blocked at the network edge.
CallSphere routes UK calls through Twilio's UK presence with UK-issued CLIs bound to verified Customer Profiles, so CLI authenticity is provable. Healthcare AI deployments to UK clinics treat every outbound as automated for consent purposes; consent is captured in the patient onboarding flow with explicit reference to "automated voice reminders". After-Hours AI for UK customers calls only on-call staff who have signed a paging agreement, so PECR's marketing rules do not apply (it is contractual, not commercial messaging). For Sales Calling AI in the UK, we recommend TPS scrubbing on every list refresh and retaining a 24-month consent record. The 14-day trial includes UK-specific opt-out scripting in the Salon AI and Real Estate AI verticals.
Is conversational AI legal in the UK? Yes, with consent and CLI compliance. Pre-recorded broadcast messages are tightly restricted; live conversational AI is in a grey zone that the ICO has not closed off but is watching.
Do I need to be on the ICO data protection register? Most controllers must be registered and pay the data protection fee. Voice AI handling personal data is no exception.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
What if my AI calls are inbound only? Inbound calls do not trigger PECR Regulations 19 or 21, but UK GDPR still applies to recordings and transcripts.
Are there UK-specific TPS rules for B2B? The Corporate TPS (CTPS) covers business numbers; you must scrub against it as well as TPS for B2C.
Does Ofcom enforce against the AI vendor or the customer? Ofcom regulates communication providers (carriers); the ICO regulates data controllers (the customer using the AI). Both can be on the hook.
Try the 14-day trial, see pricing, or hit /contact for UK rollout help.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
Using GPT-Realtime-2 for healthcare voice agents. BAA scope, PHI handling, retention, logging, and why a managed platform usually wins this build.
AI Control Tower is the governance layer for ServiceNow's Project Arc — policy, monitoring, and audit logs for autonomous agents. Here is how it works.
CAISI announced new agreements with Google DeepMind, Microsoft, and xAI in May 2026. What gets tested, what changes for enterprise AI buyers, what to watch.
The 2024 NPRM proposes mandatory penetration tests every 12 months and vulnerability scans every 6 months. Here is how an AI voice agent should be tested in 2026.
AgentStack scaffolds CrewAI, LangGraph, and AutoGen projects with a single CLI. The trade-offs of meta-tooling versus framework-native templates for serious teams.
Six-domain AI vendor diligence: financial, security, privacy, operational, legal, ethics. Plus 30+ specific questions, SOC 2 / ISO 27001 baselines, and review cadence.
© 2026 CallSphere LLC. All rights reserved.