- The TPS and CTPS registers are legal requirements, not best practices. Calling a registered number without a valid exemption is a breach - and AI-driven outbound makes it easier to breach at scale.
- Most compliance failures are not intentional. They happen because phone data enters the pipeline unchecked, AI agents dial from unscreened lists, or TPS checks happen too early and are not refreshed before the call.
- The fix is structural: screen numbers against TPS/CTPS at the point closest to the call, not just at the point of import. Build the check into the workflow, not around it.
AI agents are getting very good at outbound calling. They can research a prospect, generate a talk track, dial the number, handle objections, and log the outcome - all without a human picking up the phone.
That speed is the point. It is also the risk.
Because every number an AI agent dials is subject to the same rules that apply to a human SDR. And one of the most important rules in UK outbound - one that teams consistently underestimate - is the Telephone Preference Service.
What TPS and CTPS actually require
The Telephone Preference Service (TPS) is a register of individuals who have opted out of unsolicited sales calls. The Corporate Telephone Preference Service (CTPS) is the equivalent for businesses.
The rules are straightforward. If a number is registered on the TPS or CTPS, you cannot make unsolicited direct marketing calls to it unless the individual has given you specific, prior consent to call them. “Specific” means they consented to calls from your organisation, not just that they filled in a form somewhere. “Prior” means the consent was given before you called, not that you plan to ask for it during the call.
This is not guidance. It is a legal requirement under the Privacy and Electronic Communications Regulations (PECR). The Information Commissioner’s Office (ICO) can and does fine organisations that breach it.
Why AI outbound makes this harder, not easier
A human SDR might call 40 to 60 numbers a day. An AI agent can dial hundreds. That changes the compliance exposure significantly.
Volume amplifies mistakes
If a bad number makes it into an AI agent’s call queue, it does not get a gut check. Nobody pauses and thinks “this number looks wrong” or “I think this person asked us not to call.” The agent dials it because it is on the list. At scale, a single unchecked batch can generate dozens of breaches before anyone notices.
Agents do not question their inputs
A well-trained SDR might recognise a personal mobile and hesitate, or notice that a number has been flagged before. AI agents work from the data they are given. If the list says dial, the agent dials. The quality control has to happen before the number reaches the agent - not during the call.
Speed compresses the feedback loop
When an AI agent hits a TPS-registered number, the complaint can land before the team even reviews the call logs. The time between “agent dials” and “ICO receives a complaint” can be hours. With human-led outbound, there is usually more time to catch and correct issues. With AI, the window is much smaller.
Multi-agent setups multiply the risk
Some teams run multiple AI agents in parallel, each working a different segment or territory. If TPS screening is not built into the shared data pipeline, each agent inherits the same unchecked numbers - and the same compliance risk, multiplied.
Where teams actually get caught out
Most TPS breaches are not the result of teams deliberately ignoring the rules. They happen because of gaps in the data workflow.
Phone numbers enter the pipeline unchecked
A rep downloads a list from LinkedIn, a webinar platform, or a purchased database. The list includes phone numbers. Nobody screens them against TPS before they are loaded into the dialler or handed to an AI agent. The numbers were never checked because the import process does not include a check.
TPS screening happens at import but is never refreshed
Some teams do screen numbers when they first enter the CRM. But the TPS register is updated regularly - new numbers are added all the time. A number that was clean six months ago might be registered today. If you screened it once at import and never again, you are calling based on stale compliance data.
Consent is assumed, not recorded
A prospect filled in a form on your website. Someone on the team assumes that counts as consent to call. But the form did not include a specific opt-in for phone calls from your organisation. General consent, implied consent, and “they gave us their number” are not the same as specific prior consent under PECR.
Personal mobiles get mixed in with business lines
Some data sources include personal mobile numbers alongside business direct dials. The TPS applies to individual subscribers - which includes personal mobiles even if the person is a business contact. If your list does not distinguish between personal and business lines, you are exposed.
How to build TPS compliance into an AI outbound workflow
The principle is simple: screen every number before it reaches the dialler, as close to the point of calling as practically possible.
Screen at import and again before dialling
Check numbers against the TPS and CTPS when they first enter your system. Then check again before the number is queued for an AI agent to call. The second check catches numbers that were added to the register between import and the call.
Flag rather than silently delete
When a number fails a TPS check, flag it rather than deleting the row. The contact might still be reachable by email. Or the team might have specific consent that overrides the TPS registration. Flagging preserves the record and the decision trail. Silently deleting removes both.
Record the screening result and timestamp
For every number you check, log the result and the date. This gives you an audit trail that shows you checked, when you checked, and what the result was. If a complaint reaches the ICO, the first thing they will ask for is evidence that you screened the number. “We use a tool that does it automatically” is not enough - you need a record.
Separate consent tracking from TPS status
A contact can be on the TPS and still be callable - if they gave you specific prior consent. But that consent needs to be recorded, attributable, and auditable. Keep consent status as a separate field from TPS status so your workflow can handle both signals correctly.
Do not let AI agents bypass the check
If your AI agent pulls numbers from a CRM, a list, or an enrichment tool, the TPS check must sit between the data source and the agent’s dial queue. The agent should never have access to an unscreened number. This is an architecture decision, not a training decision - you cannot solve it by telling the agent to “check TPS first.”
What about B2B calls - does TPS still apply?
Yes, with some nuance.
The TPS applies to calls made to individual subscribers. In practice, that means any direct dial or mobile number - even if the person is a business contact. If you are calling a named individual at their direct number, TPS applies.
The CTPS applies to calls made to corporate subscribers - the main switchboard or general business line.
The common mistake is assuming that because you are selling B2B, the TPS does not apply to direct dials. It does. The exemption applies to the corporate number, not to the individual’s line.
The cost of getting this wrong
ICO fines for TPS breaches can be significant, but the operational cost is often worse. Complaints damage sender and caller reputation. Prospects who receive calls they explicitly opted out of are unlikely to ever become customers. And the internal cost of investigating complaints, responding to the ICO, and remediating the process consumes ops time that could have been spent on pipeline.
For teams using AI agents, the reputational risk is amplified. “A robot called me after I registered with TPS” is a complaint that generates attention - from prospects, from the ICO, and increasingly from the press.
Wrapping up
AI-driven outbound is powerful. It lets small teams operate at a scale that would have required a full SDR floor five years ago. But that scale only works if the compliance layer scales with it.
TPS and CTPS screening is not a nice-to-have. It is a legal requirement that applies to every number you dial - human or AI. The teams that build this check into their data pipeline, rather than bolting it on as an afterthought, are the ones that scale outbound without scaling risk.
Screen at import. Screen before dialling. Log the result. Track consent separately. And never let an AI agent dial a number that has not been checked.
DataFixr includes TPS screening and phone validation as part of its cleaning workflow - so numbers are checked before they reach your CRM, your dialler, or your AI agent. Request early access ->