Is our voice AI vendor or are we the responsible entity under TRAI DLT?

Both, in different roles. You are the Principal Entity (PE) — the brand whose name is on the call. The vendor is the Telemarketer (TM) — the entity making the call on your behalf. The aggregator (Plivo, Exotel, etc.) is the Aggregator. All three are registered separately on DLT, and a break in the chain collapses the compliance defence. The PE bears primary regulatory responsibility, but the vendor should provide indemnification for breaches caused by their platform.

Can an AI voice bot make a sales call to a customer on NCPR (DND)?

Only with explicit DLT-registered consent captured against that specific customer's phone number for the voice channel and promotional purpose. Without that consent, the call is non-compliant regardless of the customer's relationship history with the brand. The vendor's dialer has to scrub the call list against NCPR at dial-time, not just at campaign launch.

How does TRAI handle AI-generated dynamic conversational responses versus pre-registered templates?

The 2025 TRAI clarification permits AI-generated content within a 'templated conversation flow' if the high-level script (the call's purpose, the data fields collected, the closing language) is registered as a template. The bot can vary moment-to-moment phrasing within that envelope. The vendor should be able to show you the registered template IDs that map to each conversation flow in their platform.

What are the per-call penalty bands for DLT non-compliance in 2026?

Minor breach (template mismatch, sender ID drift): INR 1,000 per call, monthly cap around INR 5 lakh. Moderate breach (calls to NCPR without consent): INR 5,000 per call, cap around INR 25 lakh. Major breach (no PE registration, repeated DND violations): INR 10,000 per call, cap around INR 1 crore, plus aggregator de-listing risk for the vendor. Exact numbers are subject to TRAI revision; check the current notification.

How long do we have to retain voice call recordings under TRAI rules?

The current 2026 minimum is 6 months for general voice and 60 months for financial-services voice calls under RBI overlay. A 2025 TRAI draft proposes extending the general minimum to 24 months. Plan storage architecture for the higher cap and have an automatic-deletion job for the lower bound, so you can switch retention windows by policy change rather than infrastructure change.

Are global voice AI vendors compliant with TRAI DLT out of the box?

No. Global vendors typically do not handle Indian DLT because their platforms were not built for it. The PE has to build the DLT registration and routing layer on top, or use an Indian-trained vendor that has it built in. The compliance gap is the single most common reason for global-vendor disqualification in Indian enterprise RFPs.

Does TRAI's AI-content disclosure requirement apply to us already?

The draft amendment requiring explicit disclosure at the start of every AI voice call ('This call is being conducted by an AI assistant on behalf of {PE name}') is in industry consultation as of 2026 and not yet mandatory. Best practice for new deployments is to implement it now — it is a small change, it builds trust with customers, and it pre-empts the regulatory requirement when it lands.

TRAI DLT Compliance for AI Outbound Calling India 2026 — Headers, Templates, Penalties

A compliance officer at a top-five Indian NBFC put it this way during a vendor evaluation last quarter: "Your voice bot can have the best Hindi WER on the market, the lowest per-minute cost, and the fastest time-to-deploy, but if our TRAI DLT trail is not water-tight, our chief risk officer will not sign the contract and our board will not approve the rollout."

That is the underweighted reality of voice AI procurement in India in 2026. The Telecom Regulatory Authority of India's DLT (Distributed Ledger Technology) framework, first introduced for commercial SMS in 2019 and progressively extended to voice through 2023–25, now governs every outbound voice communication from any Indian entity to any Indian subscriber. It is not optional. It is not light-touch. And the per-violation penalties — INR 1,000 to INR 10,000 per non-compliant call with caps in the lakhs — accumulate fast for a platform doing 100,000+ daily voice contacts.

This post is the operational compliance playbook for AI voice calling under TRAI DLT in India in 2026, written for chief risk officers, compliance heads, telephony architects, and CTOs evaluating voice AI vendors against the Indian regulatory bar.

This is not legal advice. Final compliance determinations require sign-off from a TRAI-registered telecom counsel. Reference: TRAI Telecom Commercial Communications Customer Preference Regulations, 2018, and subsequent amendments through 2025.

What DLT actually requires for voice AI calling

Five non-negotiable layers, in the order they have to be in place before a single bot call goes out:

1. Principal Entity (PE) registration

The PE is the entity whose name is associated with the outbound communication. For a Q-commerce platform doing customer calls, the PE is the platform legal entity, not the voice AI vendor. PE registration is a one-time onboarding step on one of the six TRAI-approved DLT platforms (Vodafone Idea's Vilpower, Airtel, Jio, BSNL's DLT portal, Tanla, and Videocon). Cost: nominal, INR 5,500–7,500 one-time. Time: 3–7 working days. Documents: company PAN, GST certificate, board resolution authorising DLT registration, authorised signatory KYC.

2. Header (Sender ID) registration

For voice, the "header" is the displayed caller identity. Indian DLT requires every outbound voice channel to use a registered sender ID. Two patterns:

Promotional sender ID — INR prefix, used for sales/marketing outbound. Subject to TRAI scrubbing windows (no calls 9 PM–9 AM IST).
Transactional sender ID — for OTPs, payment confirmations, service updates. Not subject to the scrubbing window if the customer has an active business relationship (the PE bears the proof burden).

Voice AI bots making sales calls outside DLT-registered headers expose the PE to per-call penalties. The vendor's telephony layer has to route every outbound through a PE-registered header.

3. Template registration

Every outbound voice script template that the bot can use must be registered on the PE's DLT account. Template registration includes the script category (transactional / service / promotional), the language, and an exemplar of the script.

This is where AI voice bots create regulatory novelty. Traditional IVR bots had a finite set of pre-recorded scripts. AI voice bots generate dynamic conversational responses. The 2025 TRAI clarification permits AI-generated content within a "templated conversation flow" if the high-level conversation script (the call's purpose, the data fields collected, the closing language) is registered, even if the moment-to-moment phrasing varies. Vendors with documented compliance practice will provide the template registrations against their conversation flow library.

4. Consent collection and proof

Every transactional voice call requires either (a) an existing business relationship (customer has an active product/service with the PE) or (b) explicit opt-in consent stored against the customer's phone number on the DLT consent registry.

For promotional voice calls (sales outbound, lead nurture), explicit DLT-registered consent is mandatory. The consent has to be timestamped, channel-specific (voice consent is separate from SMS consent), and revocable. Voice AI vendors should integrate with the PE's consent management system or provide one — but the PE bears the legal burden.

5. Scrubbing and frequency caps

Before any outbound campaign goes out, the contact list must be scrubbed against:

National Customer Preference Registry (NCPR) — the DND list. Customers on NCPR cannot receive promotional voice calls without explicit DLT-registered consent.
Frequency caps — TRAI rules limit promotional calls per customer per day (currently 3) and per week (currently 8). The PE's voice AI dialer has to enforce these.
Time-of-day windows — 9 AM to 9 PM IST for promotional voice. Transactional voice is permitted 24×7 but should follow the "reasonable time" standard.

The PE / Telemarketer / Aggregator architecture

The DLT framework defines three roles:

Principal Entity (PE) — the brand/business whose name is on the call.
Telemarketer (TM) — the entity making the call on behalf of the PE. Can be the PE itself, a BPO, or a voice AI vendor.
Aggregator — the telephony aggregator (Plivo, Exotel, Knowlarity, Ozonetel, Tata Tele, Twilio-India) routing the call through the carrier network.

For voice AI deployments, the typical mapping is:

Role	Who fills it
PE	The customer (e.g. an NBFC, Q-com platform, hospital chain)
TM	The voice AI vendor (acting on behalf of the PE)
Aggregator	The telephony partner (Plivo, Exotel, etc.)

Each role has its own DLT registration. The PE-TM-Aggregator chain is checked by TRAI on audit. A break in the chain (e.g. PE delegates to TM, TM uses an unregistered aggregator) collapses the compliance defence.

The four common DLT mistakes voice AI vendors make

From our last 24 months of NBFC and BFSI procurement conversations:

Using a generic vendor-side sender ID for calls that should originate from the PE's registered ID. The customer's caller display shows the vendor brand, not the PE brand. Regulatory exposure: per-call penalty + customer-trust damage.
No template binding for AI-generated responses. The vendor's bot generates conversational responses that don't map back to any registered template. On TRAI audit, the bot's recorded calls cannot be tied to a template ID. Regulatory exposure: bulk penalty + license-renewal risk for the aggregator.
Scrubbing only at campaign start, not at call dial-time. Customers can update their NCPR preferences mid-campaign. A campaign scrubbed Monday morning and dialled Friday afternoon may contact customers who opted out on Wednesday. Regulatory exposure: per-call penalty.
Missing the consent timestamp. TRAI requires the consent capture to include the channel (voice / SMS / app), the purpose (transactional / promotional / category), and a timestamp. Vendors that capture only "opt-in: yes" without the timestamped purpose are non-compliant. Regulatory exposure: full consent invalidation across the campaign.

TRAI penalty exposure: order-of-magnitude numbers

Per-call penalty bands (2026 numbers, subject to TRAI revision):

Minor breach (template mismatch, sender ID drift): INR 1,000 per call, cap INR 5 lakh per month.
Moderate breach (calls to NCPR-listed numbers without consent): INR 5,000 per call, cap INR 25 lakh per month.
Major breach (no PE registration, repeated DND violations): INR 10,000 per call, cap INR 1 crore per month, plus aggregator de-listing risk.

For a platform doing 100,000 outbound voice contacts per day at even 0.5% non-compliance rate, that is 500 violations daily. At the minor band that is INR 5 lakh daily, INR 1.5 crore monthly. The math forces compliance investment.

The voice AI vendor DLT-readiness checklist for buyers

When evaluating a voice AI vendor for an Indian deployment, ask for written evidence of:

PE-to-TM-to-Aggregator registration chain is documented and auditable
Conversation flow templates are registered on at least one TRAI DLT platform with screenshot evidence
Inbound dial-time scrubbing against NCPR is built into the dialer, not a separate batch process
Per-customer per-day and per-week frequency caps are configurable
Promotional vs transactional call categorisation is enforced at template level
Consent capture flow includes channel, purpose, and timestamp
Time-of-day enforcement (9 AM – 9 PM for promotional, 24×7 for transactional) is automatic
Call recordings are retained for the minimum statutory period (currently 6 months) and provided to PE on demand
DPDP 2023 overlay is in place — DLT compliance does not exempt the PE from DPDP consent obligations

Where TRAI is heading 2026–27

Three regulatory shifts to watch:

AI-content disclosure requirement. A 2026 draft amendment requires explicit disclosure at the start of every AI voice call ("This call is being conducted by an AI assistant on behalf of {PE name}"). Vendors that don't have this built in will scramble when this becomes mandatory.
Recording retention extension. The current 6-month minimum is under review to extend to 24 months for promotional voice calls and 60 months for financial-services voice calls. Storage cost implications for high-volume deployments are material — plan for the higher cap.
Cross-border data residency. TRAI's 2025 draft on telecom data localisation, if finalised, requires that voice call recordings and metadata for India-originated voice traffic stay on Indian servers. Vendors using US/EU cloud regions will need an India-region migration plan.

How to structure your voice AI procurement around DLT

The cleanest pattern, observed across the BFSI and NBFC deployments we have shipped:

Run the legal/compliance vendor screen before the technical screen. A voice AI vendor that cannot answer the checklist above in writing is out, regardless of language quality or pricing.
Require a 30-day pilot in shadow mode where the vendor's DLT trail is audited by the PE's compliance team before any customer call goes out.
Bake DLT-violation indemnification into the master services agreement. The vendor takes financial responsibility for compliance breaches caused by its platform.
Schedule quarterly DLT trail audits for the life of the contract. TRAI's audit frequency is variable; the PE's internal cadence should be predictable.

Indian voice AI is not a US/EU voice AI market with India-specific add-ons. The regulatory layer is foundational, and compliance gaps are not retrofittable without a rebuild. The vendor's TRAI DLT story should be on the table by the first meeting.

Talk to us if you are evaluating voice AI for an Indian deployment that has to pass a CRO, CCO or audit committee — caller.digital has shipped DLT-compliant voice agents for NBFCs, insurance carriers, lenders, and Q-commerce platforms operating under the 2026 TRAI bar.