How to register with the PUI: from zero to compliance
The complete, step-by-step guide for your lodging to comply with Mexico’s PUI Law. In plain language we explain what to do today (properly capturing each guest’s identity), which prerequisites to prepare (the SAT e.firma and LlaveMX) and what is still missing for full interconnection. No jargon, and honest about what is still pending from the government.
Before you start: what "registering with the PUI" means
PUI stands for Single Identity Platform. It comes from the General Law on the Forced Disappearance of Persons (LGMDFP), whose Article 12 Bis requires every lodging establishment to register each guest’s identity, and whose Article 43 Bis sets the penalty for those who fail to do so. The law’s purpose is to help locate missing persons; it is neither a fiscal nor a tourism law.
For an owner, "registering" has two sides worth keeping apart. The first is capturing and properly storing each guest’s identity: that is already mandatory and you can start today. The second is interconnecting your establishment to the federal platform to respond when authorities ask about a person: that has technical prerequisites and a government manual that is still pending.
This guide walks through both sides in logical order: first what you can and must do now (capture identity), then the prerequisites worth getting ready (e.firma and LlaveMX) and, finally, what is still missing to switch on the interconnection. That way you avoid the most common trap: freezing while you wait for "the system" and meanwhile failing to register your guests, which is exactly what the law requires today.
The full path, step by step
Five stages in order. The first depend only on you; the last, in part, on the government’s calendar.
- 1. Capture each guest’s identityStart TODAY. At every check-in record CURP, name, date of birth and document (national ID for nationals; passport or migratory form and nationality for foreigners). This is already an obligation and does not depend on any pending manual.
- 2. Keep an orderly, exportable registryDon’t let identity live in a loose notebook. Store it securely and be able to export it for audit. It is the basis on which you will later answer queries.
- 3. Obtain your SAT e.firmaThe SAT’s advanced electronic signature is the identification mechanism the platform requires. If you are a company, the legal representative’s; if you are an individual, the holder’s. Keep it valid from now.
- 4. Create your LlaveMX accountLlaveMX is the government’s free single digital identity. It is created in minutes with your CURP, phone, email and a password. It is the key to access the official portal. Having it ready saves friction when interconnection opens.
- 5. Request interconnection when it opensWith e.firma and LlaveMX ready, you will be able to set up your profile on the official portal, activate your institutional inbox and register the URL where you will receive queries. This stage opens when the government publishes the SNIP Operations Manual (pending as of this guide).
What you can do TODAY (and why not to wait)
The duty to register identity is already in force. It does not depend on the missing manual. So the right thing to do today is to start capturing each guest’s identity properly and to get the prerequisites ready: obtain the e.firma and create your LlaveMX. These are procedures you can get ahead on with no risk, and they leave you one step away from interconnection.
Waiting for "the system to launch" before you even start capturing is the costliest mistake. Every night you don’t record identity is compliance you fail to build, and the Article 43 Bis penalty applies per infraction. Capturing from now has no downside: it is exactly what the law asks of you and it prepares you for everything else.
What NOT to do along the way
Common mistakes that delay or complicate a lodging’s compliance.
Don’t wait for the manual to capture
Capturing identity is already mandatory. Postponing it "until the system is ready" only builds risk with no advantage.
Don’t keep identity in a notebook
These are sensitive personal data. An open notebook is neither secure nor exportable for audit. You need an orderly, protected record.
Don’t skip the e.firma "for now"
Without an e.firma you won’t be able to identify yourself to the platform when the time comes. It takes time to obtain; get it ready early.
Don’t confuse LlaveMX with e.firma
They are different and complementary: LlaveMX is your access to the portal; the e.firma is your legally valid signature. You need both.
Don’t improvise the query URL
The endpoint requires JWT authentication, TLS encryption and security reports. It is not just any web form; it needs serious infrastructure.
Don’t assume your PMS already complies
Capturing a CURP field is not the same as being interconnected. Verify both sides: identity registration and connection to the federal platform.
Honesty about interconnection: what is still missing
Let’s be clear about one piece of the calendar. The duty to register identity is already in force, but full interconnection is enabled once the SNIP Operations Manual is published, which as of this guide is still pending. When that manual appears, it opens a window of 45 business days to request access and formally interconnect.
That is no excuse to sit still. It is the opposite: because you know that window will be short, it pays to reach it with everything ready, that is, with identity already being captured, a valid e.firma and your LlaveMX created. Anyone who reaches that date from scratch will lose valuable days handling the basics while the clock on the 45 business days is running.
We do not invent portal URLs or reference numbers that do not yet exist. When the manual is published, this guide will be updated with the exact registration steps. What we can state today, based on what is already published, is which prerequisites are required, and those you can prepare without waiting for anyone.