TDRA-Compliant AI Voice Agents in the UAE: Compliance by Design

What does 'TDRA-compliant AI voice agent' actually mean?

The phrase gets used loosely. In practice, it means one thing: the compliance obligations imposed by Cabinet Resolution 56 of 2024 and its penalty schedule under Cabinet Resolution 57 of 2024 — both effective 27 August 2024 — are enforced at the platform level, not bolted on after the fact. You can read a full breakdown of the underlying law in our TDRA telemarketing law guide.

The distinction matters. A bolt-on approach relies on operators remembering to check the Do-Not-Call Registry, to schedule campaigns inside permitted hours, and to configure their dialler with the right caller IDs. Human processes break. Compliance-by-design means the system cannot dial a number that hasn't been screened, cannot place a call outside the permitted window, and cannot use a number that isn't registered to the client's commercial licence — regardless of what an operator attempts to configure.

We configure every MAJ Leads deployment this way. The controls described below are platform defaults, not optional features a client can toggle off.

The seven controls a compliant AI caller must enforce

Based on the requirements of Cabinet Resolutions 56 and 57 of 2024, a fully compliant outbound AI calling deployment must enforce the following:

1. DNCR screening before every dial. The Do-Not-Call Registry must be checked against the target number before each outbound attempt — not just at campaign launch. Contact lists age; numbers get registered between scrubs. A compliant system re-screens at dial time.
2. Calling window: 09:00–18:00 only. Outbound telemarketing calls are prohibited outside this window. The dialler must enforce this as a hard gate — not a scheduling suggestion — accounting for the recipient's UAE timezone.
3. Licence-registered +971 numbers. The calling numbers must be registered to the business's UAE commercial licence. Using unregistered or foreign numbers for UAE telemarketing is a breach of the regime.
4. Prior TDRA approval. Outbound telemarketing activity requires approval from TDRA before campaigns go live. This is an administrative prerequisite, not a technical control, but any compliant deployment process must include it.
5. Call recording + consumer notification. All calls must be recorded and consumers must be notified that the call is being recorded. The notification typically happens at the call start, before any substantive exchange.
6. Frequency caps: 1 call per day, 2 per week. The same number cannot be dialled more than once in a 24-hour period or twice in a calendar week. The system must track call history per number and enforce these caps automatically.
7. Company name + purpose disclosure at call start. The agent must identify the company and state the purpose of the call at the outset. This is a transparency obligation that applies regardless of whether the caller is human or AI.

How MAJ Leads builds compliance in by default

In our deployments, the seven controls above are not a checklist a client completes during onboarding — they are architectural constraints the platform enforces on every call. Here is how each maps to what we actually configure:

DNCR scrub on every outbound. Before any dial attempt, the target number is checked against the current DNCR. Numbers that appear on the registry are suppressed automatically and flagged in the campaign log.

Automatic time-gating. The dialler is hard-gated to the 09:00–18:00 window. Calls scheduled outside this window queue until the window opens — they do not fail silently or attempt anyway.

Caller IDs under the client's licence. We provision +971 numbers and register them to the client's UAE commercial licence as part of the standard 14-day setup process (5–7 days on the rush track). The numbers are the client's, held under their regulatory standing.

Recording with consumer notification. Every outbound call is recorded. The AI agent delivers the recording-notification disclosure at call start — before any pitch or conversation — as part of the standard call script.

Frequency cap enforcement. Call history is tracked per number at the platform level. The dialler will not attempt a number that has already been called once in the current day or twice in the current week.

Lead delivery to CRM in under 30 seconds. Every completed call — outcome, recording reference, transcript summary, collected data — is pushed via Make.com to the client's CRM (Dynamics 365, Zoho, HubSpot, Salesforce, Bitrix24, Pipedrive, Google Sheets, or others) within 30 seconds of the call ending. The compliance log travels with the lead record.

Inbound vs outbound: why your AI receptionist is lower-risk

Not all AI voice agent deployments carry the same regulatory weight. The TDRA telemarketing regime applies to outbound commercial calling — your business initiating contact with consumers. Inbound calls, where the consumer calls you, are exempt from this framework.

This means an AI receptionist handling missed calls, appointment bookings, or after-hours enquiries operates entirely outside the telemarketing compliance regime. The seven controls above are not legally required for an inbound-only deployment. We still build them into outbound re-engagement flows — for example, where a receptionist collects a callback request and the system follows up — because that outbound leg is a telemarketing act.

What to ask any AI calling vendor in the UAE

If you are evaluating AI voice agent vendors for UAE deployment — whether that's a managed service like MAJ Leads or an infrastructure platform you configure yourself — these are the questions that will expose whether compliance is genuinely built in or assumed to be your problem:

• Do you scrub the DNCR before every individual dial, or only at campaign launch?
• Are the calling numbers registered under my commercial licence, or yours?
• Do you hard-enforce the 09:00–18:00 calling window, or is it a scheduling setting I configure?
• Where are call recordings stored, and for how long are they retained under UAE law?
• Do you handle the TDRA approval workflow, or is that my responsibility before go-live?
• Which CRMs do you integrate with, and how quickly do lead records arrive after a call ends?
• How do you enforce frequency caps — per number, per campaign, and how is the history tracked?

On global infrastructure platforms such as Vapi, Retell, Bland, or Synthflow, the answer to most of these questions is that compliance is the customer's responsibility. These platforms provide the AI telephony stack; TDRA approval, DNCR screening, Arabic localisation, and UAE number provisioning are left for the operator to implement. That is a legitimate model — it gives maximum flexibility. It also means that if you are operating in the UAE, you are building the compliance layer yourself.

MAJ Leads is a managed deployment service. We build and operate the compliance layer as part of the engagement. That is the difference between infrastructure and a managed service, not a claim about any other vendor's product.