How to meet travel regulations for short-term rentals

Property manager reviewing rental regulations


TL;DR:

  • Compliance with EU travel regulations requires short-term rental owners to register properties, display registration numbers, and report accurate listing data to authorities. Proper guest data collection must adhere to national laws and GDPR, limiting data to what is legally necessary and deleting it after retention periods. Platforms must report listing details monthly and remove non-compliant listings promptly, making automated workflows essential for ongoing compliance.

Compliance with travel regulations for short-term rentals is defined as the legal obligation to register your property, collect and submit guest data, and report listing activity to government authorities. EU Regulation 2024/1028 made this mandatory across all EU member states, requiring every short-term rental property to carry a unique registration number displayed on active listings. Property managers and owners who miss these requirements face penalties, platform delisting, and enforcement action. Understanding travel compliance is no longer optional. It is the baseline for operating legally across Europe.

How to meet travel regulations: registrations and documentation by country

The first step in compliance with travel regulations is obtaining the correct registration for each jurisdiction where you operate. Requirements differ significantly by country, and confusing one scheme with another is a common and costly mistake.

Hands filling short-term rental registration form

National registrations require proof of ownership, identity documents, cadastral references, and self-certification of safety devices in some countries. France uses a 13-digit Declaloc number, Italy requires a CIN (Codice Identificativo Nazionale), and Spain requires an NRUA (Número de Registro de Uso Alojativo) alongside regional licences. Each scheme has its own document checklist, and missing a single item delays registration.

The table below summarises the key registration schemes, required documents, and penalty ranges across four major European markets.

Country Registration scheme Key documents required Penalty range
France Declaloc (13-digit number) Proof of ownership, ID, tax ID Up to €50,000; repeat violations up to €1 million in Paris
Italy CIN Proof of ownership, safety certifications, ID From €800 per violation
Spain NRUA + regional licence Cadastral reference, ID, regional approval Varies by autonomous community
United Kingdom Local licensing (varies) ID, safety certificates, planning consent Varies by local authority

Penalties for non-registration range from €800 in Italy to €50,000 in France, with repeat violations reaching €1 million in cities like Paris. These are not theoretical figures. Enforcement is active, and platforms are legally required to remove non-compliant listings.

Once registered, your registration number must appear on every listing across every platform where your property is advertised. Deadlines for display compliance are set nationally, so check the specific cutoff date for each country. For a full breakdown of the 2026 European registration requirements, the rules vary enough that country-by-country verification is the only reliable approach.

Infographic displaying compliance steps for rentals

How do you collect and manage guest data compliantly under GDPR?

Guest data collection sits at the intersection of national registration law and GDPR. Most property managers misunderstand this area. Consent is not required for mandatory legal guest data processing under GDPR Article 6(1)©. Processing is done to comply with a legal obligation, not personal choice. This distinction matters because building consent flows for legally mandated data collection is unnecessary and creates false compliance signals.

The correct lawful bases for processing guest data in short-term rentals are:

  • Legal obligation (Article 6(1)©): Processing required by national registration laws, such as submitting passport details to police authorities in Italy or Spain.
  • Contract performance (Article 6(1)(b)): Processing necessary to fulfil the rental agreement, such as identity verification at check-in.

Collect only what national law requires. Over-collecting guest data increases liability risk. If a country requires name, nationality, and document number, collecting date of birth or email address for registration purposes exceeds the legal basis and breaches GDPR’s data minimisation principle.

Retention periods also vary. Passport scan retention is often limited to 30 days unless national law specifies otherwise. After the retention period ends, you must delete the data. Keeping records beyond the legal limit is a GDPR violation, not a precaution.

Hosts acting commercially must document processing activities in a Record of Processing Activities (RoPA) and sign Data Processing Agreements with any third-party vendor handling guest data. The household exemption does not apply when renting multiple units or operating through professional platforms. For a detailed walkthrough of your obligations, the GDPR compliance guide for hospitality operators covers each requirement clearly.

Pro Tip: Map your data flows before you onboard any new software vendor. List every point where guest data is captured, stored, or transmitted, then confirm each vendor has a signed Data Processing Agreement in place. This is what a regulatory audit will ask for first.

What are the platform reporting requirements for short-term rentals?

Platforms are not passive intermediaries under EU Regulation 2024/1028. They carry active reporting obligations, and your listing’s survival depends on how well you interact with those obligations.

Platforms must report monthly listing-level data to authorities, including property address, registration number, listing URL, nights rented, and guest count per night. This is not aggregate data. It is precise, per-listing reporting. That means any inaccuracy in your registration number or listing details flows directly into the official record.

The reporting chain works as follows:

  1. You supply your registration number and accurate property details to the platform.
  2. The platform compiles this data monthly and submits it to the relevant national authority.
  3. Authorities cross-reference submissions against their registration databases.
  4. Discrepancies trigger enforcement action against the host, not the platform.

Platforms must remove listings within 10 business days of an authority order for standard violations, or within 48 hours for serious cases. There is no warning period for the host. The listing goes down, and revenue stops immediately. Platforms have thin public documentation on their internal compliance workflows, so you cannot rely on them to flag problems before acting.

Conduct a quarterly audit of every platform account you manage. Confirm that the registration number displayed matches the current registration certificate, that the property address is exact, and that the listing URL has not changed. Managing this across multiple channels is where automated compliance workflows reduce risk significantly.

Pro Tip: Set a calendar reminder for the first week of each month to verify that your registration numbers are correctly displayed on every active listing. Platform interfaces change, and a system update can silently remove or corrupt a registration number field.

What practical steps can property managers take to stay compliant?

Ongoing compliance is a workflow problem, not a one-time task. Property managers who treat registration as a box to tick and then move on are the ones who face enforcement action six months later.

A reliable compliance workflow covers these core steps:

  • Obtain the correct registration number for each property in each jurisdiction before listing.
  • Display the registration number on every platform listing immediately upon receipt.
  • Collect only the guest data fields required by national law at check-in.
  • Submit guest data to the relevant authority within the legally required timeframe.
  • Archive guest records securely and delete them after the applicable retention period.
  • Audit platform listings monthly to confirm registration data accuracy.
  • Maintain a RoPA and signed Data Processing Agreements with all vendors.

Common errors that lead to enforcement action include: listing a property before registration is confirmed, using an expired or incorrect registration number, collecting more guest data than the law requires, and failing to delete data after the retention period. Each of these errors is avoidable with a documented process.

Compliant workflow Common mistake
Register before listing Listing while registration is pending
Display registration number on all platforms Displaying number on one platform only
Collect only legally required guest fields Collecting email, phone, and date of birth unnecessarily
Delete guest data after retention period Retaining data indefinitely “just in case”
Audit listings monthly Assuming platform data is always accurate

When an authority issues an enforcement order, respond within the stated timeframe and supply all requested documentation immediately. Delays escalate penalties. A well-maintained audit trail, including registration certificates, data processing records, and submission confirmations, is your primary defence. The property management compliance checklist for Europe covers each of these steps in sequence and is worth keeping accessible during audits.

Pro Tip: Treat your compliance documentation like your financial records. Keep registration certificates, submission confirmations, and Data Processing Agreements in a single, organised folder per property. If an authority contacts you, you want to respond within hours, not days.

Key takeaways

Meeting travel regulations for short-term rentals in Europe requires country-specific registration, GDPR-compliant guest data handling, and accurate monthly platform reporting to avoid delisting and financial penalties.

Point Details
Register before listing Obtain your Declaloc, CIN, or NRUA before advertising any property on any platform.
Display registration numbers everywhere Every platform listing must show the correct registration number or face removal.
Collect only what the law requires Over-collecting guest data breaches GDPR’s data minimisation principle and increases liability.
Delete data after retention periods Passport scans and guest records must be deleted once the legal retention period ends.
Audit listings monthly Platform data can change silently; a monthly check prevents unexpected delisting.

Why compliance is harder than it looks, and what actually works

Regulatory compliance for short-term rentals has become genuinely complex over the past two years. I have seen property managers with well-run portfolios get caught out not because they ignored the rules, but because the rules changed faster than their processes did. EU Regulation 2024/1028 is the clearest example. The registration mandate was not a surprise, but the speed of enforcement and the precision of platform reporting obligations caught many operators off guard.

The uncomfortable truth is that manual compliance does not scale. If you manage more than three or four properties across different countries, tracking registration deadlines, data retention periods, and monthly platform audits by hand is a full-time job on its own. The margin for error is too small. A single incorrect registration number on a single platform can trigger a listing removal with no warning.

What actually works is integrating compliance into your booking workflow from the start, not bolting it on afterwards. Automation and integrated property management systems significantly reduce compliance errors and platform delisting risks. That is not a sales point. It is the practical reality of managing multiple jurisdictions with different deadlines and different data requirements. The property managers I have seen handle enforcement audits well are the ones with documented processes and automated data submissions. The ones who struggle are the ones still relying on spreadsheets and manual uploads.

Stay informed as laws evolve. National governments are adding requirements on top of the EU baseline, and regional rules in Spain and Italy continue to shift. Subscribe to official regulatory updates in each country where you operate, and review your compliance workflow at least twice a year.

— Alex

Guestadmin: compliance built into your property management

Keeping up with registration requirements, guest data rules, and platform reporting across multiple European properties takes time that most property managers do not have to spare.

https://guestadmin.io

Guestadmin is built specifically for this. The platform captures guest data at check-in, processes it with AI, and submits it to the relevant authorities within 24 hours. It connects with major PMS and OTA platforms via API, so your registration numbers and listing data stay accurate across every channel. The multi-property compliance workflow built into Guestadmin maintains audit trails automatically, so you are always ready for an enforcement review. For property managers comparing their options, the top property management software comparison for 2026 sets out the key features to evaluate before committing to a platform.

FAQ

What is EU Regulation 2024/1028?

EU Regulation 2024/1028 requires all short-term rental properties in the EU to obtain a unique registration number and display it on every active listing. Platforms must report monthly listing data to authorities and remove non-compliant listings within 10 business days.

No. Under GDPR Article 6(1)©, processing guest data to comply with a legal registration obligation does not require consent. Consent is only needed when processing is based on personal choice, not legal duty.

What happens if my registration number is wrong on a platform listing?

Platforms submit your registration number to authorities monthly. An incorrect number triggers a discrepancy in the official record, which can lead to an enforcement order and listing removal within 10 business days, or 48 hours for serious violations.

How long must I keep guest data after a stay?

Retention periods vary by country. Passport scan retention is often limited to 30 days unless national law specifies a longer period. After the retention period ends, you must delete the data to remain GDPR-compliant.

Does GDPR apply if I only rent one property?

The household exemption under GDPR does not apply when renting through professional platforms or managing multiple units commercially. Hosts operating in this context must maintain a RoPA and sign Data Processing Agreements with any third-party vendor handling guest data.

Comments are closed.