UK Ofcom Rules for AI Calls and Number Presentation in 2026

Ofcom's January 2025 CLI guidance closes the "+44 from abroad" loophole and shifts liability for unverified Calling Line Identification onto originating networks. For UK-bound AI voice agents, the question is no longer "what number do you display" but "can your originating provider justify it."

What the rule says

flowchart LR
  Phone["PSTN caller"] --> Carrier["Carrier"]
  Carrier -- "SIP INVITE" --> SBC["Session Border Controller"]
  SBC -- "SIP" --> PBX["Twilio / Asterisk"]
  PBX -- "RTP · Opus" --> Bridge["AI Voice Gateway"]
  Bridge --> AI["OpenAI Realtime"]
  AI --> Bridge
  Bridge --> PBX

UK voice marketing is governed by two regulators in tandem: Ofcom (under the Communications Act 2003) for network behavior and CLI presentation, and the Information Commissioner's Office (ICO) (under the Privacy and Electronic Communications Regulations 2003, "PECR") for marketing consent. Ofcom published an updated CLI Guidance on July 29, 2024, applicable from January 29, 2025, with a six-month implementation window for providers. The new rules require networks to block international calls that present a UK mobile number unless the originating provider can verify legitimate use. PECR Regulation 19 requires prior consent for automated marketing calls (recorded messages); Regulation 21 allows live marketing calls except to TPS-registered numbers or numbers that have asked you not to call. The ICO has fined energy firms £500,000+ for unconsented automated marketing in 2025.

What it means for AI voice agent operators

UK regulators currently treat conversational AI as a developing case. A pre-recorded marketing message clearly falls under Regulation 19 (automated, consent required). A real-time AI conversation looks more like a live agent and may fall under Regulation 21 (TPS-registered numbers off-limits, otherwise allowed unless told not to call). The ICO has not issued definitive guidance, but the prudent default in 2026 is to treat AI calls as automated for consent purposes, since the underlying technology generates audio without a live human.

For CLI: your AI agent must present a number that is either yours, a number assigned to you by your provider, or a "presentation number" you can authenticate (UK mobile from a UK provider, geographic number where you have a presence). Withholding CLI on marketing calls is prohibited by PECR. From January 2025 forward, your provider must be able to justify the CLI to Ofcom on demand; spoofed UK CLIs from international originations are now blocked at the network edge.

How CallSphere stays compliant

CallSphere routes UK calls through Twilio's UK presence with UK-issued CLIs bound to verified Customer Profiles, so CLI authenticity is provable. Healthcare AI deployments to UK clinics treat every outbound as automated for consent purposes; consent is captured in the patient onboarding flow with explicit reference to "automated voice reminders". After-Hours AI for UK customers calls only on-call staff who have signed a paging agreement, so PECR's marketing rules do not apply (it is contractual, not commercial messaging). For Sales Calling AI in the UK, we recommend TPS scrubbing on every list refresh and retaining a 24-month consent record. The 14-day trial includes UK-specific opt-out scripting in the Salon AI and Real Estate AI verticals.

Compliance checklist

1. Treat AI marketing calls as automated under PECR Regulation 19; capture explicit prior consent.
2. Scrub against the Telephone Preference Service (TPS) and Corporate TPS (CTPS) before every campaign.
3. Always present a valid, dialable CLI; never withhold for marketing.
4. Use a UK-presence CLI through a UK-licensed provider for UK-bound calls.
5. State your name and a contact address (or freephone) when asked, every time.
6. Honor "do not call this number" within 28 days under PECR; immediately is best practice.
7. Keep consent records for at least 24 months; ICO requests can go back further.
8. Disclose AI use clearly at the start of the call.
9. Comply with Ofcom's call-recording guidance: PECR-aligned consent + ICO call-recording principles.
10. Monitor Ofcom's quarterly enforcement bulletin for emerging AI guidance.
11. Add an Online Safety Act check if your AI handles user-generated content beyond the call (e.g., transcripts shared via portal).

FAQ

Is conversational AI legal in the UK? Yes, with consent and CLI compliance. Pre-recorded broadcast messages are tightly restricted; live conversational AI is in a grey zone that the ICO has not closed off but is watching.

Do I need to be on the ICO data protection register? Most controllers must be registered and pay the data protection fee. Voice AI handling personal data is no exception.

What if my AI calls are inbound only? Inbound calls do not trigger PECR Regulations 19 or 21, but UK GDPR still applies to recordings and transcripts.

Are there UK-specific TPS rules for B2B? The Corporate TPS (CTPS) covers business numbers; you must scrub against it as well as TPS for B2C.

Does Ofcom enforce against the AI vendor or the customer? Ofcom regulates communication providers (carriers); the ICO regulates data controllers (the customer using the AI). Both can be on the hook.

Sources

• Ofcom: CLI Guidance (July 2024, applicable Jan 29, 2025)
• ICO: Guide to PECR
• Ofcom: Strategic Approach to AI 2025/26

Try the 14-day trial, see pricing, or hit /contact for UK rollout help.