We got a call from a recruitment agency in Wellington. 15 staff, 300 outbound calls a week. They wanted an AI voice agent to screen candidates — confirm availability, check visa status, schedule interviews.
"Can we just start calling people?" they asked.
No. Not in New Zealand. Not in Australia. Not without building compliance into every layer of your agent.
Their previous provider had shipped a voice agent with zero compliance architecture. No AI disclosure. No DNC handling. No call-time restrictions.
The agency had been running it for 6 weeks before they called us. That's 6 weeks of calls that could trigger complaints to the Privacy Commissioner.
We rebuilt the agent from scratch. Compliance-first. Every call now opens with disclosure, respects calling hours, handles opt-outs instantly, and logs every interaction. Zero complaints in 8 months.
New Zealand: What Your Agent Must Do
The Privacy Act 2020
Every AI voice agent operating in New Zealand must comply with the Privacy Act 2020. The key principles that affect your deployment:
Information Privacy Principle 3 — Collection. You must tell your caller why you're collecting their information. Your agent's opening disclosure isn't optional. It's law.
Information Privacy Principle 6 — Access. Your caller can ask what data you hold on them. Your agent needs a path to handle this — either answering directly or transferring to your team.
Breaches can result in penalties up to 10,000 per complaint through the Human Rights Review Tribunal. But the real cost is reputational. A Privacy Commissioner investigation makes the news.
Calling Hours
No specific statute restricts calling hours in NZ the way Australia's Telemarketing and Research Industry Standard does. But industry best practice — and what your callers expect — is calls between 8am and 8pm local time. Your agent should enforce this automatically.
Do Not Call
New Zealand doesn't have a government DNC register like Australia's. But if your caller says "don't call me again," you're legally required to honour that under the Privacy Act. Your agent must:
Australia: The Dual Compliance Challenge
Australia is stricter. Two laws govern your AI voice agent deployments:
Privacy Act 1988
The Australian Privacy Principles (APPs) require you to tell your caller who you are, why you're calling, and what you'll do with their data. Serious breaches carry fines up to 2.5 million AUD for organisations.
Do Not Call Register Act 2006
Australia maintains a government-run DNC register. Before your agent dials a number, you must check it against the register. Calling a registered number can cost you up to 1.11 million AUD per contravention.
Telemarketing Industry Standard
The ACMA's standard restricts your calling hours:
Your agent must know your caller's timezone and enforce these windows automatically. A call at 8:01pm is a compliance breach. No exceptions.
Compliance isn't a feature. It's the foundation.
The Compliance Architecture We Build
At Waboom AI, compliance isn't bolted on after launch. It's built into your agent's conversation flow from day one.
Layer 1: Opening Disclosure
Your agent's first words must include:
We hardcode this into a static node. No LLM improvisation. No variation. The same disclosure every time.
Your compliance team signs off once, and it never changes.
Layer 2: Call-Time Enforcement
Your campaign system checks the clock before dialling. If it's outside your permitted window, the call doesn't happen. We build this at the infrastructure level — not the agent level — so no prompt engineering error can override it.
Layer 3: DNC and Opt-Out Handling
When your caller says "take me off your list," your global node catches it from anywhere in the conversation. The agent:
This fires in under 2 seconds. No delay. No pushback. No "let me transfer you to someone who can help."
Layer 4: Data Handling and Retention
Retell AI offers zero-retention deployment options. Your call recordings and transcripts can be configured so no data persists on Retell's servers after processing.
For NZ and Australian deployments, we recommend:
What Your Agent Must Say (And When)
Here are the compliance responses we build into every NZ/AU agent. These fire on keyword triggers via conversation flow conditions — not LLM generation.
"Is this a real person?"
"No, I'm an AI assistant calling on behalf of [Company]. I can help you with [purpose], or I can transfer you to a team member. What would you prefer?"
"Are you recording this?"
"This call is recorded for quality purposes. If you'd prefer not to be recorded, I can end the call now. Would you like to continue?"
"Take me off your list."
"Done. I've removed your number from our calling list. You won't receive calls from us again. Is there anything else before I go?"
"Where did you get my number?"
"Your contact details were provided through [source]. If you'd like more detail on our data practices, I can have our team email you our privacy policy."
Testing Your Compliance
Before launching any NZ/AU voice agent, we run a dedicated compliance test suite using batch simulation:
3-5 compliance scenarios per agent. Every one must pass before your first live call. See our compliance guide for the full framework.
Compliance-first voice agents for NZ and Australia.
Frequently Asked Questions
Does New Zealand have a Do Not Call register?
No. Unlike Australia, New Zealand doesn't maintain a government DNC register. But the Privacy Act 2020 requires you to honour opt-out requests immediately.
If your caller says "don't call me again," you must remove them and log the request. Failure to comply triggers Privacy Commissioner complaints. Penalties reach 10,000 per complaint.
What are the calling hour restrictions in Australia?
The ACMA's Telemarketing Industry Standard limits your calls to weekdays 9am-8pm, Saturdays 9am-5pm, and no calls on Sundays or public holidays. All times are in your callee's local timezone.
Your system must enforce these automatically — a single call at 8:01pm is a compliance breach.
Do AI voice agents need to disclose they're not human?
Yes. In both New Zealand and Australia, transparency is a core requirement. Your agent must identify itself as AI at the start of every call and state the business name and purpose.
We hardcode this disclosure into a static conversation node so it never varies and never gets skipped.
How do you handle data privacy for voice agent recordings?
Retell AI supports zero-retention deployment, PII redaction, and configurable data retention. For NZ/AU compliance, we enable PII redaction on all stored transcripts and configure retention to match your Privacy Act obligations.
We use webhooks to stream data to your own compliant storage. Your callers' data stays under your control.
Leonardo Garcia-Curtis
Founder & CEO at Waboom AI. Building voice AI agents that convert.
Ready to Build Your AI Voice Agent?
Let's discuss how Waboom AI can help automate your customer conversations.
Book a Free Demo
