PUIhoteles
ESEN Get started
PUI compliance
Connection to the PUI LawIdentity captureGuest registry
How it works
Query modelConnected to R2Security & encryption
For your hotel
No technical teamLlaveMX & e.firmaCompliance dashboard
By lodging type
HotelsHostelsMotelsAirbnb & short rentals
By situation
Hotels in Mexico CitySole proprietorSmall lodging
Compare
PUIhoteles vs ConectaPUIPUIhoteles vs PUIMexicovs Build it yourself
Learn
What is the PUI LawThe fine for not complyingBlogHelp center
Company
AboutContact
Pricing Get started
Guide · PUI compliance

PUI Law compliance checklist for your hotel

An actionable list to verify, point by point, that your lodging is compliant with the PUI Law: what identity to capture from each guest, which prerequisites to have ready, what to keep and, if you are in Mexico City, the additional local requirements. Designed for an owner or manager to walk through and tick each box.

Get startedCreate your demo

How to use this checklist

This checklist sums up, in an owner’s language, what your lodging must have to comply with the PUI Law. Walk through it top to bottom and mentally tick each point. If you don’t have one, that’s your pending item.

Remember the key distinction: anything about capturing and keeping identity is already mandatory and you can solve it today. Anything about full interconnection to the platform is enabled once the government publishes the SNIP Operations Manual, which is still pending; meanwhile, it’s worth getting the prerequisites ready.

If your establishment is in Mexico City, additional local requirements apply on top of the federal ones, which we include in their own section. If you are not in Mexico City, that section does not apply to you, but it’s good to know it.

What you must CAPTURE from each guest

The minimum identity the PUI requires you to record. This is already mandatory.

CURP

The national guest’s Unique Population Registry Code, where applicable.

Full name

Exactly as it appears on their official identity document.

Date of birth

To identify the person unambiguously.

Identity document

National ID for nationals; passport or migratory form (FMM) for foreigners.

Nationality (foreigners)

For foreign guests, record their nationality along with their passport or migratory form.

What is NOT asked

No credit card, no amount paid, no record of what they consumed. It is identity, not billing.

What you must HAVE READY (prerequisites)

The items that leave you prepared for interconnection. You can solve them now.

A valid SAT e.firma

The advanced electronic signature of the holder (individual) or the legal representative (company).

A created LlaveMX account

The government’s free digital identity, your access key to the official portal.

Portal profile + inbox

Your establishment’s profile registered and the institutional notifications inbox active.

A registered query URL

The endpoint protected with JWT and TLS where you’ll answer queries. It’s registered when you interconnect.

Security reports

The service’s SAST, DAST and SCA reports, approved before going to production.

Request within its window

The formal access request, once the SNIP manual is published, within the 45-business-day window.

What you must KEEP

Keeping the registry orderly and available is part of compliance.

An up-to-date guest registry

The identity record of your guests, orderly and current, not in a loose notebook.

Exportable for audit

That you can export the registry when required, clearly and verifiably.

Stored securely

These are sensitive personal data: they must be stored securely, not exposed or accessible to just anyone.

If you are in Mexico City (additional requirements)

Mexico City adds local obligations on top of the federal ones. In force since 18 April 2026.

  1. Photo identificationRecord a photo ID of the guest, in addition to the identity the federal PUI requires.
  2. Entry and exit timeKeep a record of each guest’s entry and exit time.
  3. Vehicle detailsRecord the vehicle’s plates, the driver and the assigned room when applicable.
  4. CCTV in common areasMaintain video surveillance (CCTV) in common areas and keep the recordings for 90 days.
  5. Keep records for one yearStore the corresponding records for one year, in accordance with Mexico City’s local rules.

Frequently asked questions about compliance

What is the minimum I must capture now?
Each guest’s identity: CURP, name, date of birth and document (national ID for nationals; passport or migratory form and nationality for foreigners). That is already mandatory.
Can I finish the whole checklist today?
The capturing and keeping of identity, yes. The prerequisites (e.firma, LlaveMX) too. Full interconnection completes once the SNIP Operations Manual is published, which is pending.
Do the Mexico City requirements apply to every hotel in the country?
No. Those are local Mexico City requirements, in force since 18 April 2026. If your establishment is not in Mexico City, that section does not apply to you, but the federal one does.
What happens if I’m missing a checklist item?
That’s your pending item. Start with what is already mandatory (capturing and keeping identity), prepare the prerequisites and leave interconnection ready for its window. The Art. 43 Bis penalty applies per infraction.
How long must I keep the records?
For the federal PUI, keep your registry up to date, secure and exportable. In Mexico City, additionally, records are kept for one year and CCTV recordings for 90 days.
Does PUIhoteles help me cover the whole checklist?
Yes. PUIhoteles captures identity at check-in, keeps your registry exportable, guides you with the e.firma and LlaveMX, registers your query URL and connects you, all connected to R2 OS in real time. Setup is $4,350 MXN and $930 MXN per month (plus VAT), with no lock-in.

Put PUIhoteles to work for you

Get started