AI Must Identify Itself on Phone Calls: Italy's Law 132/2025 and the AI Act

8 min read · AstraLoop Studio

If you're weighing an AI voice assistant to answer your business calls, there's a question no vendor is asking you, but you should be asking yourself: when the AI answers, does the caller know they're talking to a machine? Until yesterday, that was a style choice. Starting August 2026, it's a legal obligation, backed by two precise pieces of legislation: Italy's Law 132/2025 and the EU Artificial Intelligence Regulation (the AI Act, Regulation (EU) 2024/1689).

The interesting part is that almost no one in the Italian voicebot market explicitly ties their service to this rule. Vendors talk about "24/7 availability," "fewer no-shows," "automatic bookings" — but compliance stays in the corner. That gap is worth knowing about, because responsibility for staying compliant falls on you (the data controller and service operator), not just on the software.

In this article we'll cover, plainly and without legal jargon, what these rules actually require, the real deadlines, and what it concretely means to have a voice assistant that's "compliant by design." A note on scope: this is informational content, not legal advice. For a definitive read on your specific situation, talk to a professional.

Illustration of a telephone receiver with a speech bubble and a transparency label representing AI disclosure

The two laws at play: what they actually say

Let's untangle this, because two different instruments tend to get mixed up even though they converge on the same point.

The AI Act (Regulation (EU) 2024/1689)

This is the EU regulation on artificial intelligence, which entered into force in August 2024 with staggered application over time. As far as phone calls go, the key provision is the one on transparency: anyone deploying an AI system designed to interact directly with individuals must ensure those individuals are informed they are interacting with an AI system, unless this is obvious from the context. A voicebot answering the phone with a natural-sounding voice falls squarely under this rule — the average caller has no way of realizing on their own that they're talking to an AI, so they need to be told.

The transparency rules for these systems become applicable from August 2, 2026. That's the date you need to keep in mind.

Italy's Law 132/2025

This is the national law through which Italy set out its own framework on artificial intelligence, aligning with the EU regulation and introducing specific principles and delegated powers. On the point that matters here, it restates and reinforces the principle of transparency and recognizability: the use of AI systems when interacting with people must be made recognizable. In plain terms for your business: when a customer calls and an AI answers, that customer has the right to know it.

The two laws don't contradict each other — they stack. The AI Act sets the minimum EU-wide standard, and the Italian law brings it into our legal system. The practical takeaway for you is a single, simple rule: AI on the phone must identify itself.

What "identifying itself" means in practice

Here's the good news. Becoming compliant doesn't require a technical overhaul — it requires correctly designing the conversation. In practice, this means:

  • Disclosure at the start of the call. In the first few seconds, before collecting any data, the assistant states that it's an automated system. Example: "Good morning, this is the virtual assistant for Studio Rossi, I can help you book an appointment." Clear, brief, no pretending to be a person.
  • No active deception. The AI must not give a human name or pretend to be a flesh-and-blood receptionist. A natural voice is fine; faking an identity is not.
  • A path to a human operator. The caller must be able to ask to speak with a person. This ties into handing off calls to a human operator, which is a good-service requirement as much as a compliance one.
  • Proper handling of the data collected. If the call records or processes personal data (name, phone number, reason for calling), GDPR kicks in, requiring proper notice and a valid legal basis.

The core idea is "compliant by design": transparency isn't a disclaimer bolted on at the end — it's built into the flow of the conversation from the first second. Choose a voice assistant designed with that logic, and compliance follows almost on its own. Pick a generic tool that stays silent on the topic, and the risk is yours to carry.

Illustration of a timeline with a highlighted deadline and a shield representing regulatory compliance

Deadlines to note (no need to panic)

Let's walk through the relevant dates in order, separating what's already in force from what's still coming.

DateWhat kicks inImpact on your AI phone line
August 2024The AI Act enters into forceNo immediate effect: staggered rollout
2025Law 132/2025 (Italy's national framework)Transparency and recognizability principles on AI use
August 2, 2026AI Act transparency obligations become applicableAI on the phone must identify itself. This is the operational deadline

No need to panic, but no reason to delay either: if you're rolling out a voice assistant today, it makes sense for it to be compliant from day one, so you don't have to rework it in 2026. Redesigning a conversation flow later, once customers are already used to it, costs more than getting it right from the start.

Who's responsible: the software or you?

This is the part vendors tend not to highlight. Compliance is a shared responsibility, but the piece that concerns you directly can't be fully outsourced to the software.

  • The AI system provider must supply the tools that make transparency possible — configuring the disclosure, managing handoff, handling data correctly.
  • You, who use the system to answer your business's calls, decide how it's configured and are accountable for the processing of the data it collects (you're the data controller for GDPR purposes).

That's why it's not enough to buy "any voicebot." You want a partner who has already thought this through and delivers a service set up correctly from the start — disclosure at the opening, a path to a human operator, and proper data handling. If you want to understand the full flow of an AI-handled call, from answering to booking, you'll find the overview in our guide to how an AI phone assistant works.

GDPR and phone calls: the part everyone forgets

Transparency about the AI is only half the story. The other half is how you handle data during the call, and here GDPR applies just as it would to any other personal data you collect. In plain terms, a small business owner needs three things:

  1. Know what you're recording. If the call is recorded or transcribed, that's personal data. You must inform the caller.
  2. Have a legal basis. Handling a booking is generally tied to performing a service the customer requested; other purposes (marketing, for instance) need a different basis.
  3. Keep data only as long as needed. You don't keep recordings "forever" — set a retention period consistent with the purpose.

The relevant authority in Italy is the Garante per la protezione dei dati personali (Italy's data protection authority), which has an established position on handling voice data and call recordings. Again: this is informational, and doesn't replace advice from whoever handles your privacy compliance.

Want to know if your AI phone line will be compliant by the August 2, 2026 deadline? Request an assessment: we'll review your setup together and how to configure a voice assistant that's compliant by design.

Why compliance is also a business advantage

There's a shift in perspective worth making here. AI disclosure gets framed as a constraint, but for your business it's also a trust-builder. A customer who knows from the start they're talking to a virtual assistant, and who can switch to a human operator whenever they want, feels respected. The irritation comes from discovering they were "tricked" by a voice pretending to be human.

What's more, a service set up correctly on the regulatory side is almost always set up well operationally too: a clear disclosure, proper handling of requests the AI can't resolve, and a smooth handoff to a human. Those are the same ingredients that separate a good voice assistant from a frustrating IVR. If you're comparing the two technologies, the difference between "routing" and "resolving" calls is explained in our article on voice AI versus traditional IVR.

And then there's a point that's often overlooked: the real-world audience of local businesses — older customers, regional accents, people unfamiliar with automated systems. A clear disclosure and an always-available handoff resolve most of these objections. We go into this in detail in our piece on voice AI, dialects, and older customers.

How to move forward, concretely

If you had to boil this down to an operational checklist for your business, it would be this:

  • Check that the assistant identifies itself in the first few seconds of the call.
  • Make sure it never simulates a human identity.
  • Confirm there's always an escape route to a human operator.
  • Define what you record, on what legal basis, and for how long.
  • Put together an up-to-date privacy notice that mentions the use of AI.
  • Choose a provider that treats compliance as part of the service, not an optional extra.

For the broader picture, including tax implications and incentives tied to adopting AI in your business, see our guide on the AI Act 2026 obligations for small businesses. If you'd rather start from the basics — what a phone AI assistant actually is and does, before even getting to the law — the place to start is our complete guide to AI phone assistants, covering definitions, how it works, pricing, and industry use cases.

In summary

From August 2, 2026, a voice assistant answering the phone must tell the caller it's an AI. The EU's AI Act (Regulation (EU) 2024/1689) mandates it, and Italy's Law 132/2025 reinforces it domestically. This isn't a technical hurdle — it's a matter of designing the service correctly, which also happens to improve the perceived quality of the experience. The risk isn't the software itself, it's reaching the deadline with a phone line that's poorly set up. Whoever starts today with a service that's "compliant by design" removes the problem at the root and, as a bonus, gives their customers a more honest experience.

Frequently asked questions

Since when is it mandatory to disclose that an AI is answering the phone?

The AI Act's (Regulation (EU) 2024/1689) transparency obligations become applicable from August 2, 2026. From that date, a voice assistant interacting with people must make it recognizable that it's an artificial intelligence system. Italy's Law 132/2025 reinforces the same transparency principle within our legal system.

What exactly does Law 132/2025 say about AI on the phone?

Law 132/2025 is Italy's national framework on artificial intelligence, and it restates the principles of transparency and recognizability: the use of AI systems when interacting with people must be made recognizable. In practice, when a customer calls and an AI answers, they have the right to know it.

Who's responsible if the AI doesn't identify itself: me or the software provider?

It's a shared responsibility, but the part that concerns your business can't be fully delegated. The provider must offer tools that make transparency possible; you, who use the system to answer your customers' calls, decide how it's configured and are the data controller for the data collected under GDPR. That's why choosing a service set up correctly from the start matters.

How do I make my voice assistant compliant?

In short: make sure it identifies itself in the first few seconds of the call, doesn't simulate a human identity, always offers a handoff to a human operator, and handles collected data properly (privacy notice, legal basis, retention periods). It's a matter of conversation design, not a simple disclaimer tacked on at the end.

Is a natural-sounding AI voice banned under the new rules?

No. A natural voice is allowed. What's not permitted is deception about identity — letting the caller believe they're talking to a real person. The AI can have a fluid, human-sounding voice, but it must disclose that it's an automated system.

Is it allowed to record calls handled by the AI?

Yes, but GDPR applies just as it would to any personal data. You must inform the caller that the conversation may be recorded or transcribed, have an adequate legal basis, and keep the data only as long as necessary for the purpose. The relevant authority in Italy is the Garante per la protezione dei dati personali.

Thinking about a voice assistant for your business and want to start off compliant? Talk to us: we'll help you choose and configure a service that meets both the AI Act and Law 132/2025.