EU AI Act: the compliance checklist for an AI that answers the phone
June 2026 · 6 min read
The European regulation on artificial intelligence is entering its most concrete phase. On 2 August 2026, several obligations become fully applicable, including one that directly concerns any voice agent: telling the caller they are speaking to an AI. For a professional handing their phone over to an automated assistant, the question isn’t theoretical. This article turns the text into a checklist: what to verify, point by point, to stay compliant — with the official references for each requirement.
What we’re talking about, and by when
Regulation (EU) 2024/1689, known as the “EU AI Act,” is the European framework governing artificial intelligence systems. It came into force in 2024, but its obligations apply in stages. The date to remember for a voice agent is 2 August 2026: it’s the general date of application set by Article 113, from which most of the rules become binding.
The text reasons by level of risk. An assistant that answers the phone isn’t a “high-risk” system within the meaning of the regulation, but it falls into a specific category: systems that interact directly with people. As such, it is subject to transparency obligations, set out in Article 50. That’s where the checklist begins.
1. Announce the AI at the start of the call
This is the central obligation. Article 50(1) provides that an AI system designed to interact with people must inform them that they are dealing with an AI, unless it’s obvious to a reasonably well-informed person. On the phone, it’s never obvious: the caller must therefore be clearly informed.
In practice, the agent must state it from the very first sentence, in an understandable way, before the conversation gets under way. This isn’t a notice to bury in terms and conditions: it’s spoken information, immediate, given at the moment of contact.
2. Clear information, not a trap
Transparency isn’t limited to saying the word “AI.” The information must be clear and fair: the aim isn’t to imitate a human in order to deceive, nor to drown the notice in an overly fast delivery. The regulation specifically targets situations where a person could be misled about the nature of who they’re speaking to.
In practice, this means a simple, audible wording, and behaviour consistent with the announcement. The agent can be warm and efficient while being honest about what it is. Transparency is a requirement, not a commercial handicap.
3. Articulating it with the GDPR
Announcing “you’re speaking to an AI” doesn’t replace the obligations arising from the GDPR, it adds to them. If the call is recorded or personal data is processed, informing the person about the processing is still required, in line with the framework set out by the CNIL: purpose, legal basis, retention period, rights.
You therefore have to think of the two layers together: the “AI” information falls under the AI regulation, the “data” information falls under the GDPR. A well-designed agent handles both at the start of the call, without conflating them.
4. Data hosting and location
A voice agent produces data — transcripts, any recordings, contact details — that must be hosted and processed under compliant conditions. Choosing infrastructure located within the European Union greatly simplifies GDPR compliance and avoids the complex mechanisms for transfers outside the EU.
It’s one of the most useful questions to put to a provider: where does the data live, who can access it, and how long is it kept. A clear answer on this point is a good sign of seriousness.
5. Know the penalties, to gauge the stakes
The regulation provides penalties to match its ambitions. For breaches of the applicable obligations, fines can reach 15 million euros or 3% of total worldwide annual turnover, whichever is higher. The regulation provides for reduced caps for SMEs and start-ups, but the stakes remain serious.
For a professional, the message is simple: the transparency of a voice agent isn’t a nice-to-have detail, it’s a legal requirement that comes at a price if ignored. It’s better to choose, from the outset, a tool built to comply with it.
What Tinos already ticks off
Tinos is a voice agent designed with these obligations as a starting point, not as an afterthought. It announces itself as an AI from the first sentence, handles the caller’s information at the start of the call, hosts data within the European Union and applies controlled retention periods. Compliance with the European regulation and the GDPR is part of the product, not a box ticked after the fact.
The aim is to let you stop missing calls while keeping your mind at ease about the legal framework — including the 2 August 2026 deadline, already built into the way the agent introduces itself.