Is AI Voice Calling Legal for Loan Collections in India? What RBI, TRAI and DLT Rules Actually Say
By Oli AI · 2026-07-19 · 8 min
AI voice calling is legal for loan collections in India, as long as it follows the RBI's recovery conduct rules, TRAI's TCCCPR and DLT registration, and the DPDP Act. Here's exactly what each of the three rulebooks requires.
Short answer: yes, AI voice calling is legal for loan collections in India. An automated voice agent is not a separate legal category. It is treated as a collection call, which means it has to follow the same two rulebooks any human collection call follows: the RBI's Fair Practices Code and recovery conduct rules, which govern how you may contact and treat a borrower, and TRAI's TCCCPR 2018 with DLT registration, which governs how you may originate the call.
On top of both sits the DPDP Act 2023, which governs the borrower data you process. Get all three right and an AI agent is fully compliant. Get any one wrong and you carry the same liability you would for a human agent doing the same thing. This guide breaks down what each regulator requires, where AI voice specifically fits, and a checklist you can hand to your compliance team.
3 rulebooks every AI collection call in India must satisfy: RBI conduct rules, TRAI TCCCPR with DLT registration, and the DPDP Act 2023.
Who this applies to
If you are a bank, an NBFC, a fintech lending service provider (LSP), or a vendor placing collection or reminder calls on their behalf, this applies to you.
A critical point that trips up new entrants: under the RBI's outsourcing framework, when you outsource collections to a voice AI vendor, the lender remains fully responsible for the conduct of that agent. The regulator does not accept a 'the vendor's bot did it' defence. The compliance burden is shared, and the contract between lender and voice AI provider has to reflect that.
Rulebook one: RBI conduct rules
The RBI governs how borrowers may be contacted and treated during recovery. The key requirements, drawn from the Fair Practices Code and the recovery agent circulars (originally 2007-2008, reinforced by the 2022 circular on outsourcing of recovery functions), apply identically to an AI agent.
8 AM – 7 PM the only permitted recovery calling window, and it applies to automated dialling, retries, and callbacks too.
- Calling hours — Borrowers may not be contacted before 8:00 AM or after 7:00 PM for recovery of overdue loans. An automated dialler has to respect this window, including for retries and callbacks.
- No harassment or intimidation — No threatening, abusive, or misleading language. An AI agent must be scripted and guardrailed so it cannot be provoked into any of this, and so it never misrepresents the consequences of non-payment.
- No third-party disclosure — The agent may not discuss the debt with family, employers, colleagues, or neighbours. It may only speak to the borrower or guarantor.
- Lender liability — Any misconduct by the agent, whether human or automated, is treated as the lender's misconduct. The RBI Ombudsman can award borrower compensation for proven harassment.
- Certification of human agents — Where human recovery agents are involved in the chain, they now require IIBF certification. This does not apply to the software itself, but it matters for the hybrid workflows most lenders actually run.
Why this matters for AI
For AI specifically, your prompts, guardrails, and outcome handling are not just product decisions. They are compliance controls. Calling-hour logic, retry caps, and abuse-resistant scripting are the difference between a compliant deployment and lender liability.
Rulebook two: TRAI TCCCPR 2018 and DLT
The RBI decides how you may talk to a borrower. TRAI decides whether you are even allowed to originate the call. Commercial voice communication in India runs through the Telecom Commercial Communications Customer Preference Regulations (TCCCPR) 2018 and its blockchain-based DLT framework. Before a single call goes out, you need:
- Entity registration on a DLT platform — Register your business as a Principal Entity on an approved DLT platform (Jio TrueConnect, Vodafone Idea's VILPOWER, BSNL, Airtel, and others).
- Header and Voice CLI registration — Your sender identity and the calling line identity (CLI) used for outbound calls must be registered on the platform.
- Consent handling — TRAI distinguishes explicit consent, collected directly and recorded in the consent registrar, from inferred consent, which arises from an existing customer relationship. A recent amendment clarified that inferred consent is valid only for the duration of the contractual relationship and is revoked automatically when it ends. Collection calls to an active borrower typically rely on the existing lending relationship, but this is exactly the boundary to get legal sign-off on.
- Intent pre-declaration for voice — Unlike SMS, you cannot pre-register a fixed content template for every voice call, because natural conversation is not a fixed script. TRAI's framework instead lets senders pre-declare the intent and purpose of the voice communication, and provisions for autodialers and robocalls require senders to notify the Originating Access Provider of their intent to use such means.
- DND and NCPR scrubbing — You must honour Do Not Disturb and National Customer Preference Register settings. Note there is no public REST API for DND scrubbing. In practice it is handled through your RTM or CPaaS partner's DLT integration, not by querying a government endpoint yourself.
Get this layer wrong and nothing else matters
Miss the DLT layer and your calls get filtered, blocked, or your headers suspended, regardless of how compliant your borrower conduct is.
The third layer: DPDP Act 2023
Every collection call processes personal data: the phone number, the loan details, and the call recording itself. The Digital Personal Data Protection Act 2023 adds requirements that sit alongside the RBI's digital lending data rules:
- Process data only for the purpose it was collected for
- Minimise what you collect
- Store the data within India
- Notify breaches to the Data Protection Board
- Honour the borrower's right to erasure
A board-level concern
Penalties for serious non-compliance run high, so data handling in your voice pipeline is a board-level concern, not an engineering afterthought.
Where AI voice needs extra care
Two things are specific to automated agents and worth deciding deliberately:
- Disclosure that the caller is an AI — RBI's transparency expectations under the Fair Practices Code and digital lending guidelines, combined with fast-emerging global norms, point strongly toward telling the borrower they are speaking to an automated agent. Treat clear AI self-identification at the start of the call as a best practice, and get your own counsel's read on whether your specific use case makes it mandatory.
- Records and auditability — Keep call recordings, timestamps, consent status, and outcome logs. If a borrower complains, your defence is your audit trail, and automated agents make this easier than human teams, so use that advantage.
Compliance checklist
Before you place a single AI collection call in India, confirm:
- DLT entity, header, and Voice CLI registration are live.
- Consent basis for each borrower is documented and current.
- The dialler enforces the 8:00 AM–7:00 PM window on all calls and retries.
- Agent scripting blocks harassment, threats, and third-party disclosure by design.
- DND and NCPR scrubbing runs through your telephony or CPaaS partner.
- Data is stored in India, minimised, and covered by a DPDP-compliant consent and privacy policy.
- AI self-identification is built into the opening of the call.
- Call recordings and outcome logs are retained and auditable.
- Your vendor contract makes the compliance split explicit, given the lender carries final liability.
This article is general information, not legal advice. Indian telecom and lending regulations change frequently, and the RBI and TRAI both issued updates in the current cycle. Verify current requirements with qualified counsel before deploying.
Frequently Asked Questions
Is it legal to use an AI voice bot for loan recovery in India?
Yes. There is no rule banning automated voice agents for collections. They must follow the same RBI conduct rules, TRAI DLT requirements, and DPDP data rules that apply to any collection call.
What are the RBI calling hours for collection calls?
Recovery contact is not permitted before 8:00 AM or after 7:00 PM. This applies to automated calls, retries, and callbacks.
Do I need DLT registration to run outbound AI voice calls?
Yes. You need to register your entity, headers, and Voice CLIs on an approved DLT platform, and honour DND and NCPR preferences, before originating commercial voice calls.
Who is liable if the AI agent harasses a borrower?
The lender. Under the RBI's outsourcing rules, misconduct by an outsourced agent, whether human or automated, is treated as the lender's misconduct.
Does the borrower have to be told they are talking to a bot?
Disclosure is a strong best practice and increasingly expected under transparency norms. Whether it is strictly mandatory for your use case is a question for your legal counsel.