Back to Foan

This is a guide, not legal advice. It's accurate as of 2026, written by Foan, designed to help you make sensible default decisions. For a specific campaign you're unsure about, talk to a lawyer in the relevant jurisdiction.

The short version: automated voice calls (Foan literally is one) are the most heavily regulated marketing channel in every developed market. The rules look different in each country but the spirit is the same — you must have explicit prior consent to dial someone with a robot, even if it sounds like a person.

United Kingdom

Primary law: Privacy and Electronic Communications Regulations 2003 (PECR) + UK GDPR. Regulator: Information Commissioner's Office (ICO).

Three rules to memorise:

  1. Automated voice calls (PECR Reg 19) — you need prior explicit consent for the use of an automated voice. "I subscribed to your newsletter" doesn't count. Even existing-customer soft opt-in is less permissive for automated calls than for live calls.
  2. Live marketing calls (PECR Reg 21) — you can call any number that hasn't registered with the Telephone Preference Service (TPS). Calling a TPS number = ICO investigation. £500k+ fines have been issued.
  3. Existing-customer relationship — relaxed rules apply when you're calling a customer about something closely related to what they already bought from you. Customer Care, post-purchase feedback, renewals, payment reminders — generally fine. Marketing brand-new products to them — needs separate consent.

B2B note: corporate numbers can register with the Corporate TPS (CTPS). Same rules apply.

Practical rules for Foan in the UK:

  • ✅ Inbound receptionist (the customer called you).
  • ✅ Customer Care to existing customers, on topics related to what they bought.
  • ⚠️ Sales follow-up to opted-in leads — make sure the opt-in mentioned phone calls.
  • ❌ Cold-calling a list you bought without explicit per-contact consent. Don't.

Ireland

Primary law: ePrivacy Regulations 2011 (SI 336/2011) + GDPR. Regulator: Data Protection Commission (DPC).

Effectively the same as the UK. Specifically:

  1. Automated voice marketing (Reg 13) — prior explicit consent required.
  2. Live marketing calls — allowed unless the number is registered with the National Directory Database (NDD) opt-out, or is a Do-Not-Call flagged number.
  3. Existing customer relationship — same carve-out, scoped to similar products.

DPC issues GDPR fines that can reach 4% of global turnover. They've been active.

European Union (general)

Primary law: ePrivacy Directive 2002/58/EC, transposed into national law in each member state. Plus: GDPR for personal data.

The Directive sets the floor — automated voice calls require prior explicit consent. Member states can add further restrictions. Examples:

  • Germany — has the strictest interpretation. Even live calls to consumers without prior express consent are usually illegal (UWG §7).
  • France — requires registration with the Bloctel opt-out registry; automated calls heavily restricted.
  • Spain — DNC registry (Lista Robinson); automated voice calls require explicit consent.
  • NetherlandsBel-me-niet Register opt-out.

Rule of thumb in the EU: if the campaign isn't an existing-customer one, get a real lawyer to look at it before you launch.

United States

Primary law: Telephone Consumer Protection Act (TCPA) + state laws on top. Regulator: Federal Communications Commission (FCC) + Federal Trade Commission (FTC) + state AGs.

The TCPA is the law of the land. Key points:

  1. Prerecorded / artificial voice calls to mobile numbers — require prior express written consent.
  2. Prerecorded / artificial voice calls to landlines for marketing — require prior express written consent.
  3. National Do-Not-Call Registry (DNC) — calling a DNC-listed number for marketing is a violation.
  4. Calling hours — 8am to 9pm in the called party's local time.
  5. Identification — automated marketing calls must identify the caller and provide a callback number on the call.

State extras (a partial list):

  • California — privacy law (CCPA/CPRA) plus its own DNC.
  • Florida — "mini-TCPA" with stricter consent requirements + private right of action.
  • Washington, Oklahoma, Texas — similar mini-TCPAs.

The TCPA is famously plaintiff-friendly. Statutory damages run $500–$1,500 per call. Class actions have settled in the hundreds of millions.

Practical rules for Foan in the US:

  • ✅ Inbound — the customer dialled you.
  • ✅ Customer Care to existing customers — typically falls under prior business relationship exemptions, but get explicit consent if you can.
  • ⚠️ Sales follow-up — written consent required, especially for mobile.
  • ❌ Cold lists. Just don't, in the US.

Other markets (quick view)

Country Automated voice Live marketing DNC equivalent
Canada Explicit consent (CRTC + CASL) DNC registration National DNCL
Australia Explicit consent (Spam Act) DNC registration Do Not Call Register
Singapore Explicit consent (PDPA + DNC) Strict — opt-in only DNC Registry
Brazil Explicit consent (LGPD + Resolution 632) Strict Não Me Perturbe
Japan Restrictive (APPI) Permitted with care Industry self-regulation

How Foan keeps you on the right side

  1. Cold-calling templates require an attestation in the campaign wizard. You confirm the list is opt-in and DNC-scrubbed before launch.
  2. Frequency cap + opt-out enforcement are workspace-wide and apply across every campaign you run — once a contact says "stop", Foan never calls them again, even from a different agent.
  3. Calling-hours window defaults to 9am–6pm in the contact's timezone. Configurable, but never out of legal hours by default.
  4. Daily call cap prevents dial spikes that look like robocalling to carriers.
  5. Caller ID is the workspace's number, never spoofed.
  6. The agent always identifies as AI on request. It will never lie about being a human.

Compliance is a sales advantage

Cold-calling has gotten a bad name because the people who do it badly do it really, really badly. Done right — opt-in lists, polite agents, easy opt-out — automated voice is one of the highest-converting channels there is.

If your competitor is cutting compliance corners, they're one ICO complaint away from a £500k fine. You being the careful one is a moat, not a tax.

When in doubt

Ask:

  1. Did this person give us a phone number specifically expecting we might call them?
  2. Did they give that consent in writing or via an obvious tick-box (not a buried checkbox)?
  3. Are they on any opt-out registry?
  4. Is what we're calling about closely related to whatever they signed up for?

If the answer to all four is yes, you're almost certainly fine. If any is no, talk to a lawyer or change the campaign.

See also

  • What we won't do — campaigns Foan refuses to run regardless of consent.
  • Cold-calling — the campaign type these rules constrain.
  • Frequency capping — how the workspace-wide opt-out + cooldown layer works.
  • Customer Care — typically the legal route for keeping in touch with existing customers.

Last updated 7 May 2026