So here's something that should bother you. Tennessee already passed its algorithmic pricing bill. Enacted January 22, 2026. Effective July 1. That's not "coming"... that's here. And the language in SB 1807 defines "personalized algorithmic pricing" as any dynamic pricing set by an algorithm using personal data. Think about what your RMS does. It looks at booking patterns, loyalty tier, device type, search history, stay history. That's personal data. Every rate your system pushed last night potentially falls under this definition.

Let's talk about what "personal data" actually means in these bills, because this is where it gets interesting (and by interesting I mean terrifying for anyone running revenue management). Tennessee's definition is broad enough that NetChoice, a major tech trade group, has publicly argued it would capture loyalty discounts. Your IHG Rewards rate? Your Hilton Honors member pricing? Those are algorithmically generated prices based on personal data. The bills aren't distinguishing between "we used your browsing history to charge you more" and "we used your loyalty status to charge you less." The legislators writing these bills don't understand the difference. And the law doesn't care about your intent... it cares about the mechanism.

Connecticut is the one that should make your stomach drop. Their bill includes criminal fines up to $250,000 for individuals and $6,000,000 for businesses, plus civil penalties up to $1,000,000 per violation. Per violation. How many rate changes does your RMS push in a night? Fifty? A hundred? Now multiply. Ohio's HB 665 goes after algorithms trained on nonpublic competitor data... which is exactly what happens when your RMS vendor aggregates anonymized rate shopping data across their client base to improve recommendations. That's the product. That's literally what you're paying for. And Ohio wants to make it criminal. I talked to a revenue manager last month who told me his RMS pushes over 200 rate changes per week across his portfolio. He had no idea these bills existed. None.

Look, I've built rate-push systems. I know what's under the hood of most RMS platforms. The architecture wasn't designed with state-by-state regulatory compliance in mind. These systems are cloud-based (obviously... it's 2026), which means the computation happens on servers that don't care about state lines, but the rate gets applied to a hotel that very much exists inside a specific state's jurisdiction. Your RMS vendor is almost certainly not tracking which state legislatures are drafting algorithmic pricing bills. I asked three vendors about this last week. One had a "regulatory monitoring team" that turned out to be one compliance person covering all of North America. One said they were "aware of the landscape." The third asked me to send them the bill numbers. These are companies charging you $500-$2,000 a month and they can't tell you whether their product is about to become a compliance liability in four states. The Travel Technology Association has been sending letters to lawmakers warning that these bills will actually increase prices by restricting discount algorithms... and they're probably right. But being right about economics doesn't matter when the bill passes anyway because "algorithm price gouging" polls at about 80% approval with voters.

The real problem isn't any single bill. It's the patchwork. If you're a brand operating in 30 states and four of them have different algorithmic pricing disclosure requirements, rate floor restrictions, and penalty structures, your enterprise RMS doesn't get to push one national rate strategy anymore. It needs state-level compliance logic. That's a rebuild, not a patch. And who pays for that rebuild? Not the RMS vendor (check your contract... I guarantee there's no clause covering state-level algorithmic pricing legislation). Not the brand (they'll issue "guidance" and shift liability to the franchisee). The hotel pays. The owner pays. Like always.

So here's what's actually happening. Tennessee passed SB 1807 on January 22nd. It takes effect July 1st. That's not a proposal... that's law, 107 days from now, and it prohibits "personalized algorithmic pricing" defined as dynamic pricing set by an algorithm using personal data. Connecticut, Maryland, and Ohio have their own versions in committee right now. Ohio's HB 665 would ban pricing algorithms trained on nonpublic competitor data and require disclosure if algorithms influence pricing for any business over $5M in gross receipts.

Now let me tell you what this actually does to your hotel. Every major RMS... IDeaS, Duetto, Atomize, the native tools baked into your PMS... works by ingesting demand signals, competitor pricing, historical booking patterns, and (depending on your configuration) guest-level data to push rate recommendations or automatic rate changes in real time. That's the product. That's what you're paying for. These bills target exactly that mechanism. Ohio's version specifically goes after "nonpublic competitor data," which... what do you think your RMS is pulling from rate shopping tools? Public data? Some of it, sure. But the line between public and nonpublic gets very blurry very fast when you're talking about real-time comp set scraping. And Tennessee's definition of "personal data" in pricing context is broad enough that loyalty tier pricing, return guest rate adjustments, even corporate negotiated rates could theoretically trigger disclosure requirements. Has anyone actually tested where those boundaries are? No. That's the problem.

Look, I've built rate-push systems. I know exactly how the sausage gets made inside an RMS. The algorithm doesn't "decide" a rate the way a revenue manager does. It processes inputs through a model and outputs a number. When that model fails (and I've been in the room at 12 AM when it fails), the question becomes: who's responsible? The vendor who built the model? The hotel that deployed it? The management company that approved the configuration? These bills don't answer that question clearly... they just create the liability. Ohio's HB 665 assigns criminal penalties. Criminal. For a pricing algorithm. I talked to a revenue manager last month at a 400-key convention hotel who told me she overrides her RMS recommendations maybe 15% of the time. The other 85%? The machine sets the rate, the rate goes live, nobody reviews it in real time. Under these bills, every one of those automated rate pushes could become a compliance event. Multiply that across 365 days, multiple room types, multiple channels. The exposure math is terrifying.

Here's what nobody in hospitality is asking yet: what happens to your vendor contract? I've reviewed RMS agreements where the liability for pricing decisions sits entirely with the property. The vendor provides the tool. You provide the inputs. You accept the output. If Ohio passes HB 665 and your algorithm pushes a rate that a state AG decides was based on nonpublic competitor data, your vendor's EULA probably says that's your problem, not theirs. Pull your RMS contract out of the filing cabinet this week. Search for "compliance," "liability," "indemnification," and "regulatory." If those clauses don't explicitly address state-level algorithmic pricing legislation... and they won't, because most of these contracts were written before any of this existed... you have a gap. A gap that could cost you six or seven figures in a state with Connecticut-level penalties.

The contagion risk is the real story here. New York already has an Algorithmic Pricing Disclosure Act that went live in November 2025. California's AG launched a "surveillance pricing" sweep in January. Fifty-one bills across 24 states were introduced in the first seven months of 2025 alone, up from 10 the prior year. That trajectory isn't slowing down. If you're a management company operating in 15 states with a centralized RMS configuration, you're about to need a compliance matrix that tracks which states require disclosure, which ban certain data inputs, which impose rate-change frequency limits, and which create criminal exposure for the GM or the ownership entity. The vendors aren't building this for you. The brands aren't building this for you. So either you build it yourself, or you're flying blind into a regulatory environment that's moving faster than your legal team thinks it is. The Dale Test question here is brutal: when this system triggers a violation at 2 AM because the algorithm auto-pushed a rate using data that's now illegal in Tennessee, what exactly is the night auditor supposed to do about it?