By Sagar Shankaran, Founder of CallSphere
How IMDA's National Numbering Plan Issue 2 (Feb 2026), the SSIR Likely-SCAM labelling, the postpaid SIM cap of 10, and PDPA on voice biometrics shape AI voice agents in Singapore.
Key takeaways
Singapore runs one of the most disciplined telecom regimes in Asia. IMDA's National Numbering Plan Issue 2 dropped in February 2026, the SSIR Likely-SCAM labelling has cut SMS scams by 70%, postpaid SIMs are capped at 10 per person from 28 February 2026, and PDPA on voice biometrics is strictly enforced. AI voice agents must operate inside a tight box.
IMDA (Infocomm Media Development Authority) administers numbering under the Telecommunications Act and the National Numbering Plan. Singapore uses 8-digit numbers with prefix 6 (fixed-line), 8/9 (mobile), 1800 (toll-free), and 3 (level-3 IP/VoIP). The National Numbering Plan Issue 2, published February 2026, refreshes the framework with updates on M2M ranges, 800 numbers, and short codes.
Twilio offers Singapore DIDs in the 6, 3, and 8 ranges plus 1800 toll-free. The Singapore media edge gives sub-10 ms RTT to local users — among the lowest globally. PSTN-IP migration is complete; SingTel, StarHub, M1, and Simba interconnect via SIP. CLI rules require allocated, callable numbers; spoofed CLIs are blocked at the originating carrier under the Anti-Scam Filter.
Three regimes apply. First, IMDA numbering and SSIR (SMS Sender ID Registry): any alphanumeric Sender ID for SMS must be registered; non-registered SMS is labelled "Likely-SCAM" since 31 January 2023, with cases dropping 70% over the following three months. Postpaid SIMs are capped at 10 per person from 28 February 2026; over 1.1 million subscribers have activated international-call blocking. Second, the Do Not Call (DNC) Registry under the PDPA: marketing calls and SMS must scrub against the DNC daily; specific opt-outs are honoured immediately. Third, the PDPA itself: consent, purpose, notification, and access; voice and voice-biometrics are personal data with stricter consent for biometrics.
For AI voice specifically, IMDA's 2024-2025 advisory and the Cyber Security Agency's 2026 Anti-Scam Guide expect AI disclosure at the start of any commercial interaction. The Personal Data Protection Commission (PDPC) treats undisclosed AI voice as a deceptive practice and a PDPA Section 13 (notification) violation. Maximum financial penalties under PDPA are SGD 1 million or 10% of annual turnover (whichever is higher).
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
CallSphere runs Twilio across all six verticals (Healthcare AI, Real Estate AI, Sales Calling AI, Salon AI, IT Helpdesk AI, After-Hours AI), with 37 agents, 90+ tools, 115+ DB tables, HIPAA + SOC 2, and pricing at $149 / $499 / $1499 with a 14-day trial and a 22% lifetime affiliate. Singapore tenants get Twilio SG DIDs in the 6 (fixed) or 3 (IP) range, plus 1800 toll-free for inbound (Salon, After-Hours, Healthcare). SMS Sender ID is registered with SSIR under the tenant's UEN; the Likely-SCAM label is mathematically impossible because we always send from a registered ID. The AI agent opens with "this is an automated call from [brand], you are speaking to an AI" — PDPA Section 13 transparency. DNC scrub runs daily, with category-level honour. PDPA consent is captured with timestamp, IP, purpose, base, and stored for at least 3 years; recordings encrypted with retention bounds.
flowchart LR
A[Twilio SG subaccount + Singapore edge] --> B[Provision 6/3 DID + 1800]
B --> C[Register SMS Sender ID in SSIR]
C --> D[DNC daily scrub]
D --> E[AI + identity disclosure first sentence]
E --> F[PDPA consent log + recording retention]
What is SSIR? SMS Sender ID Registry. From 31 January 2023, non-registered alphanumeric Sender IDs are labelled "Likely-SCAM" by the network. Registration is mandatory if you want a clean send.
Is AI voice marketing legal in Singapore? Yes, with PDPA consent, DNC scrub, AI disclosure at call start, and identity transparency.
What changed in February 2026? IMDA published the National Numbering Plan Issue 2, and the postpaid-SIM cap of 10 per person took effect on 28 February 2026.
Can I send marketing SMS from a 10-digit number? Yes, if the number is registered to the sending entity and the campaign respects DNC. Alphanumeric Sender IDs require SSIR registration.
Start a 14-day trial on a Singapore number, see pricing at $149/$499/$1499, or contact us for IMDA / Twilio SG setup help.
AI Voice in Singapore 2026: IMDA, Numbering Plan Issue 2, and Anti-Scam Filters sounds like a single decision, but in production it splits into eval design, prompt cost, and observability. The deeper you push toward live traffic, the more those three pull against each other — better evals catch silent failures, prompt cost limits how often you can re-run them, and weak observability hides which retries are actually saving conversations versus burning latency budget.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
The big fork is managed (OpenAI Realtime, ElevenLabs Conversational AI) versus self-hosted on GPUs you operate. Managed wins on cold-start, model freshness, and zero-ops; self-hosted wins on unit economics past a certain conversation volume and on data residency for regulated verticals. CallSphere runs hybrid: Realtime for live calls, self-hosted Whisper + a hosted LLM for async, both routed through a Go gateway that enforces per-tenant rate limits.
Latency budgets are non-negotiable on voice. End-to-end target is sub-800ms ASR-to-first-token and sub-1.4s first-audio-out; anything beyond that and turn-taking feels stilted. GPU residency in the same region as your TURN servers matters more than choosing a slightly bigger model.
Observability is the unglamorous backbone — every conversation produces logs, traces, sentiment scoring, and cost attribution piped to a per-tenant dashboard. HIPAA + SOC 2 aligned isolation keeps healthcare traffic separated from salon traffic at the storage layer, not just the API.
What's the right way to scope the proof-of-concept? CallSphere runs 37 production agents and 90+ function tools across 115+ database tables in 6 verticals, so most workflows you'd want already have a template. For a topic like "AI Voice in Singapore 2026: IMDA, Numbering Plan Issue 2, and Anti-Scam Filters", that means you're not starting from scratch — you're configuring an agent template that's already been hardened across thousands of conversations.
How do you handle compliance and data isolation? Day one is integration mapping (scheduler, CRM, messaging) and prompt tuning against your top 20 real call transcripts. Day two through five is shadow-mode running, where the agent transcribes and recommends but a human still answers, so you can compare side-by-side. Go-live is the moment your eval pass-rate clears your internal bar.
When does it make sense to switch from a managed model to a self-hosted one? The honest answer: it scales until your tool catalog gets stale. The agent is only as good as the integrations it can actually call, so the operational discipline is keeping schemas, webhooks, and fallback paths green. The platform handles the rest — observability, retries, multi-region routing — without your team owning the GPU layer.
Want to see how this maps to your stack? Book a live walkthrough at calendly.com/sagar-callsphere/new-meeting, or try the vertical-specific demo at healthcare.callsphere.tech. 14-day trial, no credit card, pilot live in 3–5 business days.
Written by
Sagar Shankaran· Founder, CallSphere
Sagar Shankaran is the founder of CallSphere, where he builds production AI voice and chat agents deployed across healthcare, hospitality, real estate, and home services. He writes about agentic AI, LLM engineering, and shipping voice agents that handle real calls in production.
See how AI voice agents work for your industry. Live demo available -- no signup required.
Using GPT-Realtime-2 for healthcare voice agents. BAA scope, PHI handling, retention, logging, and why a managed platform usually wins this build.
AI Control Tower is the governance layer for ServiceNow's Project Arc — policy, monitoring, and audit logs for autonomous agents. Here is how it works.
CAISI announced new agreements with Google DeepMind, Microsoft, and xAI in May 2026. What gets tested, what changes for enterprise AI buyers, what to watch.
The 2024 NPRM proposes mandatory penetration tests every 12 months and vulnerability scans every 6 months. Here is how an AI voice agent should be tested in 2026.
xAI's Aurora image model got a Grok 4 era refresh — here's where it stands vs Imagen 4, DALL-E 5, and Stable Diffusion 4. Practical context for teams in Singapore, Singapore.
Six-domain AI vendor diligence: financial, security, privacy, operational, legal, ethics. Plus 30+ specific questions, SOC 2 / ISO 27001 baselines, and review cadence.
© 2026 CallSphere LLC. All rights reserved.