A field guide to the rules, the fines, and the gotchas. Cold calling is legal in every market here — including the ones people informally describe as bans. The catch is that almost every jurisdiction now layers a data-protection regime on top of a telemarketing law, and the two rarely agree.
If you cannot answer these clearly, the campaign carries unnecessary legal risk regardless of where you are calling. These are the questions a regulator effectively asks when a complaint lands on their desk.
An untracked, undocumented call is the most expensive kind. Once a regulator asks for evidence, the existence of compliance processes matters as much as the contents of any single call.
Three regulatory shifts between mid-2025 and early-2027 are large enough to rebuild operations around. Watch France, the EU AI Act, and the next TCPA rule.
Pick a region. Click any jurisdiction for the snapshot table, the practical traps, and the headline penalty exposure. Posture colour tracks the operating difficulty for an outbound team.
Headline numbers travel quickly, but the comparison is rarely apples to apples. Bars below indicate headline statutory ceiling, converted to USD at May 2026 reference rates. Filter to compare like with like.
Two patterns matter more than the headline numbers. Jurisdictions with per-call statutory damages and a private right of action (US, increasingly Brazil) generate the largest aggregate exposure. Jurisdictions that use percentage-of-turnover caps (UK after 2025, EU under GDPR, China under PIPL) generate the largest single-incident risk for big businesses.
Most of the meaningful penalty exposure across these regions is driven by absence of documentation, not by intent to break rules. Tick items off as you build — your browser remembers your progress.
The questions outbound teams actually ask their counsel — and what the answers look like in 2026.