As artificial intelligence (AI) becomes increasingly integrated into business operations, travel agencies are beginning to question whether EU AI laws should be considered. The simple answer depends on how your business uses AI.
Most travel companies don't develop their own AI. Instead, they are buying or commissioning AI systems for a variety of business functions. This means that the relevance of the law depends on the use case, particularly if the AI system is within the scope of the law.
Where does AI fit in the travel business?
AI can be used in a variety of ways throughout the business of a travel agency.
- Internal use: For example, an AI-equipped HR system that supports recruitment and employee management.
- Reservations and Inventory Management: AI may be used to curate travel options, optimize inventory selection, and provide booking recommendations.
- Customer Tools: A chatbot or virtual assistant that interacts directly with customers on a website.
Each of these use cases pays different levels of regulatory attention under EU AI law.
What does the EU AI law do?
The Act provides rules regarding AI use based on risk categories. It completely prohibits certain high-risk AI systems, places strict obligations on others, and minimizes risk.
Travel agencies are likely to be considered “developers” of AI, meaning they implement AI systems rather than developing them. It is important to note that this law is EU regulations, but it has an out-territorial scope. For example, a UK company falls under its authority when dealing with EU customers or agents.
Classify AI systems by risk
The following are the risk categories under the law:
- Prohibited systems: These are unauthorized systems, including systems that identify individuals in real time (using facial recognition, for example) in publicly accessible spaces. And using subliminal techniques, systems that distort people's actions and decisions are distorted in ways they may not be aware of. This category is very unlikely to have a direct impact on travel agencies.
- High Risk System: These are systems related to employment and personnel management, for example. If an HR system uses AI to evaluate candidates, it may be classified as high risk.
- Limited or minimal risk: These include systems such as chatbots for customers.
High-risk AI systems have strict obligations on deployers, including recordkeeping, appointment of managers, and maintaining compliance documents. For minimal risk systems like chatbots, the focus is on transparency. Customers need to let them know that they are interacting with AI rather than humans.
Practical steps for travel agencies
- Understand whether AI usage is within scope. Are you deploying AI systems that fall under the legal definition? Although AI solution providers should ideally carry out this analysis, it is important that the company knows its responsibility.
- Determine your role: Are you a deployer or a provider? Deployers still have compliance obligations that they need to recognize.
- Carefully review your contract: When procuring AI systems, we will scrutinize the contract to ensure compliance with the law. Some providers may not be aware of these regulations, particularly those in the EU, such as many US technology suppliers.
Preparing for continuous compliance: This law is gradually being implemented at deadlines. Non-compliance can lead to penalties on a similar scale as GDPR fines.

Related News
