AI Voice Assistants: What German Companies Need to Know

Voice assistants are limited-risk AI under the EU AI Act. They’re not subject to the strictest requirements, but transparency obligations apply—and they’re not trivial.

The Core Requirement: Disclosure

When someone interacts with a voice assistant, they must know they’re talking to AI. This seems obvious when using Alexa or Google Assistant, but it’s less clear in customer service contexts where voice AI may seamlessly handle calls.

The disclosure must happen before or at the start of the interaction. “Hi, you’re speaking with our AI assistant”—something clear and upfront.

Synthetic Voice Requirements

AI-generated speech has additional transparency obligations. If your system synthesizes voice that could be mistaken for a human, you must disclose that it’s AI-generated. This applies to deep fake audio, voice cloning, and realistic text-to-speech in contexts where human voice is expected.

Customer Service Voice AI

Voice AI handling customer calls needs clear disclosure. When AI handles the full conversation, disclosure at the start is required. When AI handles initial routing before transferring to humans, the AI portion still needs disclosure.

Recording and analyzing calls raises GDPR issues on top of AI Act requirements. Voice data is personal data—possibly biometric data if used for identification.

Works Council Considerations

Voice AI that monitors employee calls requires works council approval under §87 BetrVG. Even quality assurance applications need Betriebsrat involvement if they track or evaluate employee interactions.

How Compound Law Helps

• Transparency implementation for voice AI
• GDPR compliance for voice data processing
• Works council coordination for employee-touching systems
• Ongoing monitoring as requirements evolve

Frequently Asked Questions

Do we need disclosure for IVR systems? Simple menu-based IVR typically doesn’t need AI disclosure. Conversational AI that simulates human interaction does.

What about voice authentication? Voice biometrics for authentication is high-risk under the AI Act, not just limited-risk, and requires comprehensive compliance.

Is recording calls for AI training allowed? GDPR requires legal basis—typically consent. The AI Act adds transparency requirements about AI processing.