Is AI Cold Calling Legal in the EU? Country-by-Country (2026)
TL;DR
AI cold calling is legal in some EU countries and tightly restricted in others - there is no single EU-wide yes or no. Whether an AI voice agent may cold-call depends on three things: the country (member states set their own telemarketing rules under the ePrivacy framework), who you call (business-to-business is broadly more permissive than calling consumers), and the AI-specific transparency duty in the EU AI Act, which requires that a person be told they are speaking with an AI. Business-to-business AI outbound is generally workable in the more permissive markets - Lithuania is among the greenest - while consumer cold calling is restricted or prohibited across most of the bloc. This hub maps each major country and links the detailed guide for each. Nothing here is legal advice - it is a sourced starting map; confirm your specific case with counsel.
AI cold calling is the use of an autonomous AI voice agent to make unsolicited outbound marketing or sales calls to people or businesses that have not previously asked to be contacted - and whether it is legal in the EU depends entirely on the country, on whether the recipient is a business or a consumer, and on the EU AI Act's requirement that the caller disclose it is an AI. There is no blanket EU-wide answer, which is exactly why this hub exists.
Two separate bodies of law apply at once. The first governs the outreach itself - the GDPR and the ePrivacy rules that each member state has implemented into national telemarketing law, which decide when you may call at all. The second governs the AI doing the calling - the EU AI Act, whose transparency obligation says a person must be informed they are interacting with an AI system. A campaign can satisfy one layer and still fail the other.
Below we explain the two layers, then give a country-by-country matrix - Austria, France, Germany, Spain, Italy, the Netherlands, the United Kingdom, plus Lithuania - each linking to a detailed regulator-sourced guide. We finish with the transparency duty and a practical "how to stay legal" checklist. This is general information, not legal advice.
Is AI Cold Calling Legal in the EU?
The short answer is: sometimes - it depends on the country, on B2B versus consumer, and on AI disclosure. There is no EU-wide blanket permission and no EU-wide blanket ban.
The consistent pattern across member states is this: consumer (B2C) cold calling is restricted or prohibited in most of them, either through opt-in consent requirements or mandatory opt-out registers; business (B2B) cold calling is broadly more permissible, often defensible on a legitimate-interest basis, but still varies by country. The AI layer then sits on top of all of it: even a perfectly lawful B2B call may breach the EU AI Act if the AI does not identify itself.
One neutral guardrail before we go further. Whether an AI voice agent counts as an "automated calling system" under national ePrivacy law - a classification that, in several countries, triggers a stricter prior-consent requirement - is a genuinely open and country-specific question. Treat any "fully compliant" or "zero-risk" claim about AI cold calling with suspicion.
What Two Layers of EU Law Govern an AI Cold Call?
Layer 1 - GDPR + ePrivacy (the outreach)
The GDPR requires a lawful basis to process the personal data you call. For B2B, that is typically legitimate interest with a balancing test and an honored opt-out; for consumers, it is usually consent (GDPR, Regulation (EU) 2016/679).
The ePrivacy Directive (2002/58/EC) then lets each member state choose an opt-in or opt-out regime for live marketing calls to individuals, and generally requires prior consent for automated calling systems. This is why the rules differ so sharply by country - each implemented ePrivacy into its own national law (ePrivacy Directive 2002/58/EC).
Layer 2 - EU AI Act (the AI)
Regulation (EU) 2024/1689 adds a second, AI-specific duty. Its Article 50 transparency obligation requires that providers and deployers ensure natural persons are informed they are interacting with an AI system, unless it is obvious from the context. An AI voice agent making calls falls squarely within this (EU AI Act, Regulation (EU) 2024/1689).
The practical read: even where the call is lawful under Layer 1, the AI must still disclose that it is an AI to satisfy Layer 2. Our EU AI Act voice-agent compliance checklist covers the AI-Act obligations in depth.
Country-by-Country: Where Is B2B AI Outbound Permitted?
The matrix below is a high-level orientation - each country links to a detailed, regulator-sourced guide underneath. B2C means calling consumers; B2B means calling businesses. This is general information, not legal advice.
| Country | Consumer (B2C) cold calls | B2B cold calls | Regulator / register |
|---|---|---|---|
| Lithuania | Consent generally required | Broadly permitted (legitimate interest, opt-out honored) | VDAI - State Data Protection Inspectorate |
| France | Restricted - Bloctel opt-out + banned time windows | Permitted with care (legitimate interest) | CNIL + Bloctel |
| Germany | Prohibited without prior express consent (opt-in) | Needs presumed/implied consent (UWG §7) | Bundesnetzagentur + Robinson-Liste |
| Spain | Generally prohibited unless consent/legitimate interest | Legitimate interest possible | AEPD + Lista Robinson |
| Italy | Restricted - RPO opt-out register (landline + mobile) | Restricted | Garante + RPO |
| Netherlands | Opt-in only - consent required (Telecommunicatiewet) | More room, still governed | Autoriteit Persoonsgegevens (AP) |
| United Kingdom | Allowed unless on TPS / objected; automated calls need consent | Allowed unless on CTPS | ICO + PECR (TPS/CTPS) |
| Austria | Prohibited without prior consent (§107 TKG) | Restricted - consent-based | DSB / RTR |
For the detailed, regulator-sourced guide for each country, follow the full write-up:
- France - CNIL, Bloctel & cold-calling compliance
- Germany - Robinson-Liste, UWG & cold-calling rules
- Spain - AEPD & LOPDGDD compliance
- Italy - Garante & GDPR compliance
- Netherlands - AP compliance guide
- United Kingdom - GDPR & ICO compliance guide
- Austria - GDPR, DSG & B2B cold-calling rules
- Lithuania - no standalone EN compliance post yet; see the regulator (VDAI) and the EU AI Act checklist.
The throughline is straightforward: B2B is the workable lane in most of these markets, consumer cold calling is heavily restricted, and the strictest consumer regimes are Germany, the Netherlands and Austria (prior-consent / opt-in), while France, Spain and Italy run mandatory opt-out registers you must scrub against. If you are building an outbound programme, the AI appointment-setting hub is where the B2B, legitimate-interest offering lives.
What Does the EU AI Act Require of an AI Voice Caller?
Article 50 of the EU AI Act sets a transparency duty: a person must be informed they are interacting with an AI system unless it is obvious. For a voice call, "obvious" cannot be assumed - a natural-sounding AI voice is precisely the case the rule targets - so disclosure should be explicit.
The practical implication is simple: the AI should identify itself as an AI early in the call. This is separate from, and additional to, whatever telemarketing consent the country requires. The Act phases its obligations in over 2025 to 2027, and the transparency duties for AI that interacts with people are among the earlier-applying provisions (Regulation (EU) 2024/1689). For the full obligation set, see our EU AI Act voice-agent compliance checklist.
Which EU Countries Are the Most Permissive for B2B AI Outbound?
Lithuania is among the greenest markets for B2B AI outbound. Business-to-business marketing calls are broadly defensible on a legitimate-interest basis with an honored opt-out, and the country has the practical infrastructure - local telephony and a SIM registration regime - to run campaigns lawfully. The regulator is the State Data Protection Inspectorate, VDAI (VDAI).
Beyond Lithuania, the more permissive B2B-outbound markets in the EU/EEA cluster around Latvia, Sweden, Luxembourg and Croatia (broadly workable), with Finland, Estonia, Bulgaria, Slovenia, Portugal, Ireland and France more conditional or amber. The restrictive end for net-new cold outbound is Germany, the Netherlands, Austria, Spain and Italy, where consumer opt-in or strong opt-out registers dominate and B2B carries more friction.
One honest framing: "permissive" still means B2B-only, legitimate-interest, opt-out-honored, and AI-disclosed. It does not mean unrestricted.
How Do You Stay on the Right Side of the Line?
There is a narrow, defensible path through all of this. It is not a compliance guarantee - see the guardrail at the end - but it is the register serious operators work in.
Call businesses, not consumers
B2B is the workable lane in most of the EU. Consumer cold calling is where the prohibitions and opt-in requirements bite hardest, so a B2B-only target list removes the largest category of risk before you dial anyone.
Have a lawful basis and honor opt-out
For B2B, document a legitimate-interest assessment and stop calling anyone who objects - immediately and permanently. The lawful basis is only as good as the opt-out handling behind it.
Scrub the national registers
Check Bloctel (France), Robinson-Liste (Germany), Lista Robinson (Spain), the RPO (Italy) and TPS/CTPS (UK) before you dial. Registers vary by country and this step is not optional in the markets that run them.
Disclose that the caller is an AI
Satisfy the EU AI Act Article 50 transparency duty explicitly, early in the call. This is a separate obligation from the telemarketing consent rules and applies even where the underlying call is lawful.
Mind the "automated calling system" trap
Several countries require prior consent for automated or pre-recorded calling systems. Whether an interactive AI voice agent falls inside that definition is unsettled and country-specific - get local advice before running at scale rather than assuming either answer.
Keep records and respect data-subject rights
Recording, retention and access rights under GDPR apply to every call. Maintain the records that prove your lawful basis, your opt-out handling and your disclosures, so you can answer a regulator if asked.
And the honest guardrail: we do not claim any AI cold-calling setup is "fully compliant" or "zero-risk." The lawful path is narrow, country-specific and evolving. This hub is a sourced map, not legal advice - confirm your specific campaign with qualified counsel. If you want to talk it through, book a consultation or try the voice demo.
Frequently Asked Questions
Frequently Asked Questions
There is no single EU-wide answer. It depends on the country, on whether you are calling a business or a consumer, and on the EU AI Act's requirement that the AI disclose itself. Business-to-business AI outbound is broadly workable in the more permissive markets (Lithuania is among the greenest); consumer cold calling is restricted or prohibited across most member states. This is general information, not legal advice.
Two layers. The GDPR and the ePrivacy rules (implemented into each country's national telemarketing law) govern whether you may make the call and on what basis. The EU AI Act (Regulation 2024/1689) separately requires that a person be told they are interacting with an AI system. A call can be lawful under one layer and breach the other.
Generally yes. Across most EU markets, business-to-business calls can often be justified on a legitimate-interest basis with an honored opt-out, while consumer cold calling requires prior consent (opt-in) or mandatory scrubbing against national do-not-call registers such as Bloctel, Robinson-Liste, Lista Robinson, RPO or TPS/CTPS.
Yes. Article 50 of the EU AI Act requires that natural persons be informed they are interacting with an AI system unless it is obvious from the context. For a natural-sounding AI voice call, disclosure should be explicit and early. This is separate from the telemarketing consent rules.
Lithuania is among the greenest, with Latvia, Sweden, Luxembourg and Croatia broadly workable and Finland, Estonia, Bulgaria, Slovenia, Portugal, Ireland and France more conditional. Germany, the Netherlands, Austria, Spain and Italy are the more restrictive markets for net-new cold outbound. "Permissive" still means B2B-only, legitimate-interest, opt-out-honored and AI-disclosed.
No, and be wary of anyone who does. The lawful path is narrow, country-specific and still evolving - including the unsettled question of whether an interactive AI voice agent counts as an "automated calling system" requiring prior consent in some countries. This hub is a sourced map, not legal advice; confirm your specific case with qualified counsel.
Founder & CEO, AInora
Building AI digital administrators that replace front-desk overhead for service businesses across Europe. Previously built voice AI systems for dental clinics, hotels, and restaurants.
View all articlesReady to try AI for your business?
Hear how AInora sounds handling a real business call. Try the live voice demo or book a consultation.
Related Articles
EU AI Act Voice-Agent Compliance Checklist
The AI-Act obligations for voice agents in depth - including the Article 50 disclosure duty.
AI Voice Agents in France: CNIL, Bloctel & Cold Calling Compliance
A worked amber-market example with the French opt-out register and time-window rules.
AI Voice Agents in Germany: Robinson-Liste, UWG & Cold Calling Rules
A worked restrictive-market example with Germany's prior-consent requirement.
What Is an AI SDR?
The outbound service this legality map governs, explained end to end.