On January 15, 2026, Meta switched off general-purpose AI chatbots on the WhatsApp Business Platform API. The policy was announced in October 2025 and applies to every existing account that hadn't migrated by the deadline. The reason Meta cites is message-volume strain — WhatsApp Business API is built for businesses serving their own customers, not for chatbot platforms running open-ended assistants over its infrastructure. With three billion-plus WhatsApp users reachable through the channel, the policy reshapes how AI vendors can deploy on WhatsApp, full stop.
If you run a Kommo CRM with WhatsApp automation, here is the short version: structured business bots stay allowed. ChatGPT-style assistants do not. Most production sales bots are already on the right side of the line and don't need to do anything; some need restructuring before enforcement starts in earnest. Below is a 7-step setup of a compliant bot, a 6-row audit you can run on an existing one, and an honest read on what's likely to bend versus break.
What exactly is Meta banning on WhatsApp Business API?
The policy update sits in WhatsApp's Business Solution Terms. The relevant clause forbids using the API to operate or distribute AI providers themselves — meaning bots whose primary purpose is "talk to an AI" rather than "help a customer with a defined business task." Meta's framing on the engineering side is that general-purpose assistants pump message volume that strains the infrastructure WhatsApp Business API is sized for. The customer-facing framing is that the API exists for businesses to serve their own customers, not for AI platforms to ride on top.
Two anchor dates matter:
- October 15, 2025 — the rule went live for new WABA accounts. Anyone provisioning a new business number after that date had to comply from day one.
- January 15, 2026 — the deadline for existing accounts to migrate. After this date, Meta progressively enforces the policy on accounts that didn't move.
Public examples of what's out: ChatGPT-on-WhatsApp deployments, Perplexity-on-WhatsApp, any bot whose value proposition is "ask me anything." What's in: sales qualification bots, order tracking and shipment notifications, appointment booking, FAQ answerers tied to your product or service, lead routing, support triage. The line isn't "no AI" — it's "AI in service of a defined business workflow."
There's one regional exception. On January 13, 2026, the Brazilian Supreme Court suspended the policy regionally (TechCrunch), citing anti-competition concerns; EU and Italian regulators have opened antitrust probes that may produce similar carve-outs. The safer design is to comply everywhere — relying on the legal challenges succeeding in every market is not a strategy.
Is your existing Kommo bot compliant? A one-page audit.
Run your current Salesbot configuration past this table. If every behaviour your bot does is in the "Yes" column, you're done — open the new tab, close it, get coffee. If any of the "No" rows match your bot's behaviour, that branch needs restructuring before enforcement bites.
| Bot behaviour | Compliant? | Why |
|---|---|---|
| Answers FAQs about your product or service | Yes | Specific business task |
| Books appointments or qualifies leads | Yes | Structured workflow |
| Sends order or shipping updates | Yes | Notification use case |
| Routes to a human after qualification | Yes | Standard sales support |
| Answers any question the user asks (open chat) | No | General-purpose AI |
| Answers product questions AND general-life questions | No | Open scope |
To run the audit on your own Kommo workspace, open the Salesbot editor and inspect each branch. Every branch should end in either a tagged outcome (lead qualified, deal advanced to a specific stage, support ticket logged) or a clean human handoff. If you find a branch that loops back to "ask the LLM whatever the user said," that's the branch to restructure.
One adjacent risk worth flagging: if your bot runs on an unofficial WhatsApp scraper instead of the official Business API, you have a second compliance problem entirely. Scraper accounts get banned in 2-8 weeks on average regardless of what's on top — the AI policy is a separate axis from the ban-by-Meta risk that hits scraper users.
The seven-step setup of a compliant Kommo AI bot
Order matters. Steps 1-2 are decisions you make before touching the Salesbot editor; steps 3-5 are the build itself; steps 6-7 are the audit-readiness work that pays off the first time Meta asks for proof.
1. Connect WhatsApp Business via a verified BSP
Pick a Business Solution Provider from Meta's verified BSP directory. Kommo has sunset its direct WABA integration — you can no longer connect WhatsApp Business API natively from the Kommo settings page. Use a partner-managed BSP — one of Kommo's recommended partners. (AnyLinga's WhatsApp transport runs on a partner-managed BSP too, if that's a useful reference point.) Avoid unofficial scrapers; they fail the BSP-verification check and create the second compliance problem from the previous section.
2. Define a single business purpose
Decide what the bot exists for: sales qualification OR support triage OR booking — not three things in one. This is both a compliance argument (a bot with one purpose is unambiguously "structured") and a UX argument (clarity converts). If you genuinely need three workflows, build three bots and trigger them off different Kommo entry points.
3. Design a structured conversation tree
5-7 turns maximum. Every branch ends in one of two things: a tagged outcome (lead qualified, deal advanced, ticket created) or a clean human handoff. No "ask the LLM" terminal nodes. Draw the tree before you build it — pen-and-paper or a Miro board. A common compliant shape: greeting → intent question → structured qualification (3-4 questions, each multiple-choice or short-answer) → either auto-advance to a deal stage or escalate to a human.
4. Wire the bot to a Kommo pipeline stage
The bot triggers when a lead lands in a specific stage (e.g., "New inbound — WhatsApp"). When the conversation tree resolves, the bot moves the lead to a defined next stage (e.g., "Qualified," "Needs human," "Junk"). A bot that runs without a destination stage is a red flag in an audit; the policy assumes business bots have business outcomes.
5. Add the human-handoff trigger
Automatic escalation on three signals: (a) three or more consecutive "I don't understand" detections, (b) any sensitive keyword from a tight allowlist (refund, complaint, lawyer, fraud, the names of your competitors), (c) an explicit user request ("talk to a human," "operator," "real person"). The handoff is a Kommo task assigned to the responsible manager — not "the bot keeps trying."
6. Enable conversation logging
Keep every conversation for at least 90 days. Kommo's native conversation history covers this for most setups; if you also use an external BSP dashboard, mirror the logs there. The reason isn't paranoia — Meta has stated enforcement will be progressive, starting with warnings before bans, and a warning generally requires you to demonstrate compliance. You demonstrate compliance with logs.
7. Run a 14-day compliance dry-run
Before flipping the switch on real customer traffic, send 50-100 test conversations through the bot from real phone numbers (not your BSP's testing tool — Meta sometimes treats those differently). Spot-check the logs for off-script behaviour: did the bot ever answer a question outside its purpose? Did any branch fail to terminate? Two weeks is the minimum to surface the long-tail edge cases. Don't skip this.
Why the new Meta policy doesn't affect AnyLinga at all
When we started AnyLinga in 2023, the question customers were asking wasn't "give me another AI assistant on WhatsApp." It was: "I sell to clients in four languages and I can't hire multilingual reps for every market — how do I make this work?" AnyLinga is the answer to that. Your rep writes a message in their language; AnyLinga translates it on the way out; the customer's reply gets translated on the way in. The rep never needs to read the original foreign-language message unless they ask for it.
That positioning has a useful side effect under the new Meta policy. The policy regulates AI chatbots — software that holds a conversation with the customer in place of a human. AnyLinga is not one. It doesn't generate replies. It doesn't qualify leads. It doesn't decide anything about the conversation. The human on your team makes every decision; AnyLinga just translates the words across the language gap.
So if you run AnyLinga today, the January 15 deadline doesn't require any action from you. No migration project, no compliance review, no audit. The seven-step guide above is for the AI bots you might run alongside AnyLinga — your Kommo Salesbot, your support bot, your booking bot. AnyLinga handles the language; those bots handle the conversation logic; the two run side by side.
One detail worth flagging: AnyLinga still depends on WhatsApp Business API (the official one, via a verified BSP) to actually send and receive WhatsApp messages — the same infrastructure your compliant bot would use. We didn't build a WhatsApp scraper. The cautions about unofficial scrapers in the audit section above apply to AnyLinga's transport layer too. They apply to anyone sending WhatsApp messages, bot or not.
What changes for businesses outside the EU and Brazil
The Brazilian carve-out is real and currently in force for Brazilian users. If your customer base is heavily Portuguese-speaking and Brazil-based, your bot can technically continue to operate in its current form there. The EU antitrust review may produce a similar suspension in 2026 or 2027 — or it may produce nothing. The U.S., the rest of LATAM, MENA, and APAC are full-policy regions today.
Our read: design for compliance everywhere, treat the regional carve-outs as bonus flexibility, not as the operating model. A bot that's compliant globally works in Brazil too. A bot that depends on the Brazilian exception is one Supreme Court reversal away from a forced migration during peak season.
A compliance checklist before January 15, 2026
- ☐ The bot has a single, named business purpose (qualification / support / booking)
- ☐ Every conversation branch ends in a tagged outcome or a human handoff
- ☐ No branch contains "free-text to LLM" as a terminal node
- ☐ The bot is triggered by a specific Kommo pipeline stage
- ☐ The bot moves leads to a defined next stage on exit
- ☐ Human-handoff trigger is wired (3-confusions / sensitive keywords / explicit request)
- ☐ Conversation logs retained for ≥ 90 days
- ☐ Bot runs on a verified BSP (not an unofficial scraper)
- ☐ 14-day dry-run completed on real numbers
- ☐ The bot's purpose is documented somewhere your team can produce on request
- ☐ Conversation tree is stored as a versioned artifact (not just live in the Salesbot editor)
- ☐ Someone owns the bot — name and contact email recorded
If your bot is on an unofficial WhatsApp scraper, you have two compliance problems on January 15, not one. The AI policy applies regardless of how WhatsApp messages are sent; the second problem is that unofficial scrapers already get banned independent of any AI policy, with average lifespans measured in weeks. Fix the BSP situation first — the AI compliance question doesn't matter if the account is dead.
Structured stays. General-purpose goes. Audit your bot, document compliance, do the dry-run. Two paths forward: build a compliant bot yourself with the seven-step guide above, or skip the build and use AnyLinga (which already passes every check). If you're not sure where your bot lands on the audit, email us at sales@ventas-boost.com and we'll run a free 30-minute compliance review.