You need to know about the EU-AI-Act
On August 1, 2024, the European Union's Artificial Intelligence Act entered into force. This isn't a proposal or a consultation document. It's law: the world's first comprehensive regulatory framework for artificial intelligence.
And if you operate a hotel in the EU, employ staff in Europe, or serve European guests, it applies to you.
When I speak with hotel executives about artificial intelligence, the conversation usually follows a predictable pattern. They're excited about AI-powered revenue management, intrigued by chatbots that never sleep, and curious about automated and autonomous check-ins.
Then I ask: "Do you know about the EU AI Act?"
Silence.
"Does your legal team know about your dynamic pricing algorithm?"
More silence.
"Who on your board is responsible for AI governance?"
At this point, they usually change the subject.
I've seen this movie before. In 2000, I watched companies rush to build websites without understanding e-commerce law, data protection, or cybersecurity. When the bubble burst, the survivors weren't the ones with the flashiest technology—they were the ones who built sustainable, compliant, strategic digital operations.
History is repeating itself. And this time, the stakes are higher.
Test your EU AI Act knowledge in 10 questions
Click to Start Assessment
The EU AI Act Isn't Coming. It's Here.
The AI Act categorizes artificial intelligence systems by risk level. Most people assume hotels use "low-risk" or "minimal-risk" AI. They're wrong.
Your hotel likely operates multiple high-risk AI systems right now:
1. Biometric Identification Systems
2. Safety-Critical Systems
3. Employment & HR Systems
4. Access to Essential Services
If you're using any of these—and most modern hotels use at least two—you're subject to the strictest tier of AI Act requirements.
The AI Act explicitly places responsibility on "management bodies."
In practical terms, this means:
-
General Managers
-
Chief Technology Officers
-
Board Members/Directors
-
Executive Leadership Teams
This isn't about IT departments anymore. This is about fiduciary duty at the executive level.
The Penalties Are Stiff
The EU doesn't write regulations without teeth. The EU AI Act fine structure is severe:
| Violation | Fine (whichever is higher) |
|---|---|
| Prohibited AI practices | €35 million OR 7% of global annual turnover |
| High-risk non-compliance | €15 million OR 3% of global annual turnover |
| Incorrect/misleading information | €7.5 million OR 1.5% of global annual turnover |
Is you AI vendor compliant?
The AI Act distinguishes between:
-
Providers (who develop/supply AI systems)
-
Deployers (who use AI systems for their business)
Both have obligations. And as a hotel, you're the deployer.
This means:
❌ You can't outsource compliance to your AI powered PMS vendor
❌ "Industry-standard" software doesn't automatically mean "compliant"
❌ A vendor's Terms of Service won't protect you from regulatory fines
You need to conduct due diligence. And that requires knowledge most hoteliers don't have.
What Smart Hotels Are Doing Right Now
The hotels that will thrive in the post-hype AI era aren't waiting. They're:
1. Conducting AI Inventory Audits
Documenting every AI system currently in use:
-
What data does it process?
-
What decisions does it make?
-
Who's the vendor/provider?
-
What's the risk classification?
-
What documentation exists?
2. Establishing AI Governance Structures
Creating clear accountability:
-
Appointing an "AI Governance Lead" (often CTO or Risk Officer)
-
Forming cross-functional AI steering committees
-
Developing internal AI policies aligned with AI Act requirements
-
Training management bodies on AI risk oversight
3. Implementing Vendor Compliance Requirements
Updating procurement processes:
-
Mandatory AI Act compliance questionnaires for all tech vendors
-
Contract clauses requiring documentation sharing
-
Service Level Agreements including AI performance monitoring
-
Clear allocation of compliance responsibilities
4. Building Internal Capability
Investing in education:
-
Executive training on AI regulation
-
IT team certifications in AI governance frameworks
-
Legal counsel briefings on AI Act requirements
-
Staff awareness programs on AI ethics and transparency