Any organisation providing voice services in the United Kingdom — or enabling others to make outbound calls to UK numbers — needs to understand the Privacy and Electronic Communications Regulations and the Telephone Preference Service. The ICO actively enforces both, and fines for non-compliance have reached into the hundreds of thousands of pounds.
What PECR covers
The Privacy and Electronic Communications Regulations 2003 sit alongside the UK GDPR and the Data Protection Act 2018. They set specific rules for organisations making electronic marketing communications — including live voice calls, automated calls, text messages, and email — and impose separate obligations on providers of public electronic communications services and networks.
For voice service providers, the most operationally significant PECR obligations fall into two categories: the marketing call rules that govern what calls can be made to UK numbers, and the network and service provider obligations that apply to the infrastructure carrying those calls.
The Telephone Preference Service
The TPS is a central register maintained under PECR that allows individuals to opt out of receiving unsolicited live marketing calls. The Corporate TPS (CTPS) provides the same function for companies and other corporate bodies. Registration with the TPS takes effect within 28 days.
The core rule is straightforward: you must not make unsolicited live marketing calls to any number registered on the TPS or CTPS, unless the subscriber has specifically consented to receive calls from you. Checking a list against the TPS more than 28 days before making calls is insufficient — you must check shortly before dialling to capture any new registrations.
The consent required to override a TPS registration must specifically name your organisation. A subscriber who has opted out of marketing calls generally cannot be contacted simply because they are an existing customer of yours, unless they have given specific consent for your calls.
Obligations on network and wholesale providers
PECR does not only apply to the organisations making the calls — it also imposes obligations on providers of public electronic communications services. Under Regulation 5, service providers must take appropriate technical and organisational measures to safeguard the security of their service. This includes obligations to inform subscribers of security risks and to cooperate with network providers on security measures.
For wholesale carriers enabling outbound calling services for resellers, the practical implication is that network-level TPS filtering — screening traffic against the register at the SIP switching layer before calls complete — is the most robust technical approach. A fail-open configuration, where calls proceed if the TPS check cannot be completed, creates significant exposure. Fail-closed filtering, where calls are blocked rather than permitted when a TPS check fails, is the appropriate standard.
ICO enforcement activity
The ICO takes an active approach to PECR enforcement. In 2024, the ICO fined two companies a combined £340,000 after they made nearly 1.43 million calls to numbers registered on the TPS. One of those companies made over 141,000 calls to numbers it had marked as "do not call" on its own internal systems — an aggravating factor that the ICO noted in its decision.
The ICO's guidance makes clear that claiming a third party was responsible for TPS screening does not relieve the caller of responsibility. Each organisation that instigates or makes marketing calls bears its own obligation to comply, regardless of what contractual arrangements exist with list providers or calling partners.
The Data (Use and Access) Act 2025
The Data (Use and Access) Act came into law in June 2025, and the ICO has indicated that some of its PECR guidance is under review as a result. Providers should monitor ICO publications for updated guidance, particularly around consent standards and enforcement priorities. The underlying TPS obligations remain in force in the interim.
What wholesale providers should ensure
If you provide SIP trunking or wholesale voice termination services to UK resellers who make outbound calls to UK numbers, your operational posture should include: network-level TPS and CTPS filtering on your switching infrastructure; contractual provisions in your reseller agreements requiring downstream compliance; and clear documentation of your filtering configuration in the event of an ICO enquiry. Infinititel's UK infrastructure operates TPS filtering at the SIP switching layer as standard.
This article is for informational purposes and does not constitute legal or regulatory advice. Requirements change over time. Consult a qualified telecommunications lawyer for advice specific to your situation.