PUIhoteles
ESEN Get started
PUI compliance
Connection to the PUI LawIdentity captureGuest registry
How it works
Query modelConnected to R2Security & encryption
For your hotel
No technical teamLlaveMX & e.firmaCompliance dashboard
By lodging type
HotelsHostelsMotelsAirbnb & short rentals
By situation
Hotels in Mexico CitySole proprietorSmall lodging
Compare
PUIhoteles vs ConectaPUIPUIhoteles vs PUIMexicovs Build it yourself
Learn
What is the PUI LawThe fine for not complyingBlogHelp center
Company
AboutContact
Pricing Get started
Legal analysis · Guidelines DOF 27 Nov 2025

The PUI Guidelines (DOF 27 November 2025)

Published in the Diario Oficial de la Federación on 27 November 2025, the Guidelines are the first secondary instrument that develops the obligation created by the LGMDFP reform. We analyse what they regulate, their role in the implementation chain of the Single Identity Platform, and how they relate to the later Technical Manual. Reading for lawyers and compliance teams who need the full regulatory hierarchy.

Get startedCreate your demo

What they are and where they fit in the hierarchy

The July 2025 reform to the LGMDFP set the substantive duty —to record identity and interconnect to the PUI— but, like any general law, did so in terms that require development. The Guidelines published in the Diario Oficial de la Federación on 27 November 2025 are the administrative instrument that brings that duty down to concrete operating rules, within the framework the law itself authorises.

In the regulatory hierarchy, the Guidelines sit below the law and above the purely technical manuals: they specify the compliance framework without being able to go beyond what the LGMDFP authorises. Their function is to give the lodging obligation applicable contours, so that an operator and an authority know with reasonable certainty what is expected and how it is verified.

For a compliance team, the Guidelines are the piece that turns an abstract legal mandate into a concrete compliance programme. It is the document where the Article 12 Bis duty begins to take operational shape before descending to the technical detail the Manual provides.

The role of the Guidelines in implementation

How they sit between the law and the technical layer.

They develop the law

They turn the substantive duty set by the LGMDFP reform into operating rules.

They define the compliance framework

They specify the applicable scope of the obligation for bound parties and authority.

They precede the Technical Manual

They are the step before the interconnection detail provided by the Technical Manual v1.0 (DOF 23 Jan 2026).

They link to data protection

They frame the processing of personal data that capture and interconnection entail.

Why they matter, even though they are not the law

A common error is to read only the text of the law and consider the compliance analysis exhausted. In Mexican administrative practice, secondary instruments such as the Guidelines are decisive: it is there that the terms the law leaves open are specified and where an authority finds the criteria to verify compliance. Ignoring them leaves an incomplete analysis.

The Guidelines also serve a legal-certainty function for the bound party. By setting operating rules published in the Diario Oficial, they limit discretion and let the operator structure its compliance on a known basis, rather than being left to shifting interpretations. For a firm, the Guidelines are a required reference when opining on a lodging’s situation.

They should be read together, not in isolation. The Guidelines (November 2025) and the Technical Manual (January 2026) form a sequence: the former frame compliance and the latter provides the interconnection detail. The obligation is understood in full only when both are read in light of the Article 12 Bis duty.

How to read the Guidelines within the regulatory set

A reading path so as not to lose the hierarchy or the chronology.

  1. Start from the legal dutyFirst locate Article 12 Bis of the LGMDFP: it is the source of the obligation the Guidelines develop.
  2. Read the Guidelines (27 Nov 2025)Identify the compliance framework they specify: applicable scope and operating rules of the obligation.
  3. Continue with the Technical Manual (23 Jan 2026)Descend to the interconnection detail: endpoints, authentication and encryption to connect to the PUI.
  4. Await the SNIP Operating ManualThe instrument that will open the access procedure is still pending; without it, full interconnection is not formalised.

What an operator should verify in light of the Guidelines

How to translate the framework into verifiable internal controls.

Identity capture

That the establishment records each guest’s identity in line with the scope the framework specifies.

Register retention

That the record is kept in full and available for the platform’s purposes.

Data security

That the processing of personal data is carried out with the measures the framework frames.

Interconnection readiness

That the means to connect to the PUI are foreseen for when the operating framework allows.

Traceability before the authority

That compliance can be evidenced before the competent search authority.

Consistency with the Manual

That the preparation is consistent with the technical detail the later Technical Manual provides.

Official sources

Operating Guidelines of the Single Identity Platform, published in the Diario Oficial de la Federación on 27 November 2025. Secondary instrument that develops the obligation created by the July 2025 LGMDFP reform (Articles 12 Bis and 43 Bis).

Superior framework: General Law on the Forced Disappearance of Persons, Disappearance Committed by Private Parties, and of the National Search System (LGMDFP). Later technical instrument: Technical Manual v1.0, published in the Diario Oficial de la Federación on 23 January 2026.

Responsible bodies: Ministry of the Interior (SEGOB), National Population Registry (RENAPO) and National Search Commission (CNB), with technical support from the Digital Transformation and Telecommunications Agency (ATDT).

Frequently asked questions about the Guidelines

What are the PUI Guidelines?
They are the secondary instrument, published in the DOF on 27 November 2025, that develops into operating rules the duty the LGMDFP reform imposed on lodgings. They specify the compliance framework without being able to go beyond what the law authorises.
What is their place in the regulatory hierarchy?
They sit below the LGMDFP and above the purely technical detail. They develop the law and precede the Technical Manual v1.0 (DOF 23 Jan 2026), which provides the interconnection specifications.
Why do they matter if the obligation is already in the law?
Because in administrative practice the secondary instruments specify the terms the law leaves open and provide the verification criteria. A compliance analysis that ignores the Guidelines is incomplete.
Are the Guidelines enough to interconnect?
Not on their own. They frame compliance, but the interconnection detail is provided by the Technical Manual, and formalising access depends on the SNIP Operating Manual, still pending as of June 2026.
Did the Guidelines change the data that is recorded?
The identity data follow the Article 12 Bis duty: CURP, name, date of birth and document. The Guidelines and the Manual develop the scope and the treatment; they do not turn the register into commercial or spending information.
How should I read the Guidelines to advise a hotel?
Together with the law and the Technical Manual: start from Article 12 Bis, read the Guidelines for the compliance framework and the Manual for the technical detail, and bear in mind that full interconnection awaits the SNIP Operating Manual.

Put PUIhoteles to work for you

Get started