State Algorithmic Pricing Bills Are Coming for Your RMS. Most Hotels Aren't Ready.
Four states are pushing legislation that could require your revenue management system to explain itself, limit how often it changes rates, or make you liable when the algorithm gets it wrong. Tennessee's bill is already law.
So here's what's actually happening. Tennessee passed SB 1807 on January 22nd. It takes effect July 1st. That's not a proposal... that's law, 107 days from now, and it prohibits "personalized algorithmic pricing" defined as dynamic pricing set by an algorithm using personal data. Connecticut, Maryland, and Ohio have their own versions in committee right now. Ohio's HB 665 would ban pricing algorithms trained on nonpublic competitor data and require disclosure if algorithms influence pricing for any business over $5M in gross receipts.
Now let me tell you what this actually does to your hotel. Every major RMS... IDeaS, Duetto, Atomize, the native tools baked into your PMS... works by ingesting demand signals, competitor pricing, historical booking patterns, and (depending on your configuration) guest-level data to push rate recommendations or automatic rate changes in real time. That's the product. That's what you're paying for. These bills target exactly that mechanism. Ohio's version specifically goes after "nonpublic competitor data," which... what do you think your RMS is pulling from rate shopping tools? Public data? Some of it, sure. But the line between public and nonpublic gets very blurry very fast when you're talking about real-time comp set scraping. And Tennessee's definition of "personal data" in pricing context is broad enough that loyalty tier pricing, return guest rate adjustments, even corporate negotiated rates could theoretically trigger disclosure requirements. Has anyone actually tested where those boundaries are? No. That's the problem.
Look, I've built rate-push systems. I know exactly how the sausage gets made inside an RMS. The algorithm doesn't "decide" a rate the way a revenue manager does. It processes inputs through a model and outputs a number. When that model fails (and I've been in the room at 12 AM when it fails), the question becomes: who's responsible? The vendor who built the model? The hotel that deployed it? The management company that approved the configuration? These bills don't answer that question clearly... they just create the liability. Ohio's HB 665 assigns criminal penalties. Criminal. For a pricing algorithm. I talked to a revenue manager last month at a 400-key convention hotel who told me she overrides her RMS recommendations maybe 15% of the time. The other 85%? The machine sets the rate, the rate goes live, nobody reviews it in real time. Under these bills, every one of those automated rate pushes could become a compliance event. Multiply that across 365 days, multiple room types, multiple channels. The exposure math is terrifying.
Here's what nobody in hospitality is asking yet: what happens to your vendor contract? I've reviewed RMS agreements where the liability for pricing decisions sits entirely with the property. The vendor provides the tool. You provide the inputs. You accept the output. If Ohio passes HB 665 and your algorithm pushes a rate that a state AG decides was based on nonpublic competitor data, your vendor's EULA probably says that's your problem, not theirs. Pull your RMS contract out of the filing cabinet this week. Search for "compliance," "liability," "indemnification," and "regulatory." If those clauses don't explicitly address state-level algorithmic pricing legislation... and they won't, because most of these contracts were written before any of this existed... you have a gap. A gap that could cost you six or seven figures in a state with Connecticut-level penalties.
The contagion risk is the real story here. New York already has an Algorithmic Pricing Disclosure Act that went live in November 2025. California's AG launched a "surveillance pricing" sweep in January. Fifty-one bills across 24 states were introduced in the first seven months of 2025 alone, up from 10 the prior year. That trajectory isn't slowing down. If you're a management company operating in 15 states with a centralized RMS configuration, you're about to need a compliance matrix that tracks which states require disclosure, which ban certain data inputs, which impose rate-change frequency limits, and which create criminal exposure for the GM or the ownership entity. The vendors aren't building this for you. The brands aren't building this for you. So either you build it yourself, or you're flying blind into a regulatory environment that's moving faster than your legal team thinks it is. The Dale Test question here is brutal: when this system triggers a violation at 2 AM because the algorithm auto-pushed a rate using data that's now illegal in Tennessee, what exactly is the night auditor supposed to do about it?
Here's what you do this week. If you operate in Tennessee, Ohio, Maryland, or Connecticut, pull your RMS vendor contract and find the liability clause... I guarantee it doesn't cover this. Call your vendor rep and ask them directly: "What is your compliance roadmap for state algorithmic pricing legislation?" If they don't have one, that tells you everything. Revenue managers... start documenting your override decisions and your RMS configuration logic now, because when a state AG comes asking how your rates are set, "the computer did it" is not going to be an acceptable answer. And if you're part of a management company running properties across multiple states, get your legal team and your revenue team in the same room this month. Not next quarter. This month. Tennessee goes live July 1st.