Getting startedCompliance

Intro to compliance

The Lodging Supply GraphQL API provides visibility into regulatory information for jurisdictions where properties will be listed. The goal of the compliance capability is to manage EG regulatory information within software, provide real-time EG regulatory requirements, assist in validating status, and increase operational efficiency. After you have integrated this API, lodging partners can

  • Query for regulatory requirements for a given property or jurisdiction
  • Add or update regulatory data on the property to meet mandatory requirements
  • Retrieve status and details about a property's registration
  • Validate registration status against EG requirements

Importantly, you can use the capability's queries to review regulatory information that can be defined for a property, such as its entity type and location. Based on that, you can set regulatory data on the property to meet mandatory requirements, such as those defined in Europe (the DAC7 directive), France, San Diego, London, Tasmania, and Australia. See DAC7 requirements (below) for an example.

Note: You can download the launch kit here.

The compliance capability is part of the Lodging Supply GraphQL API, which enables connectivity providers to retrieve and manage property and reservation information. All response bodies, including errors, are encoded in JSON. All requests and responses must be made over a secure connection.

If you are unfamiliar with GraphQL concepts, such as queries and mutations, read this overview to learn more.

Important: Partners must not put Expedia in breach of any privacy or data protection laws. Therefore, to maintain the highest standards of data protection and privacy compliance (such as upholding data minimization, ensuring an appropriate lawful basis is relied upon and robust security measures are in place), we require that partners DO NOT use real personal data under any circumstances during the testing and certification process. Instead, we require partners to use dummy data, fictitious information, or data specifically designated for testing and certification purposes so that no personal data is accessed, shared, and/or reused between partners unnecessarily and unlawfully.

Workflow

  1. Retrieve regulatory requirements.

    You can query for regulatory requirements in two ways:

    • By property ID
    • By jurisdiction

    By property ID:

    The district query retrieves regulatory requirements at the property level for the specified property's jurisdiction. In this request example, the locale argument on district retrieves the results in US English (en_US).

    Be aware that compliance requirements differ by country. For example, in France, it is mandatory for a unit to be assigned regulatorySubType, which is not applicable to Spanish properties (regulatorySubType is null). And the regulatoryCategory value varies across countries and depends on the registrationNumberRequirements.

    1query {
    2 property(id: "53185459", idSource: EXPEDIA) {
    3 geoLocation {
    4 latitude
    5 longitude
    6 }
    7 district(locale: "en_US") {
    8 id
    9 description
    10 nativeLocale
    11 localizedName
    12 referenceUrls
    13 registrationRequired
    14 legalPropertyTypes {
    15 type
    16 subtype
    17 }
    18 requirements {
    19 regulatoryCategory
    20 regulatoryCategoryLabel
    21 qualifiedPropertyTypes {
    22 type
    23 subtype
    24 }
    25 registrationNumberRequirements {
    26 numberType
    27 numberTypeLabel
    28 localName
    29 format
    30 regex
    31 isOptional
    32 isExpirationDateRequired
    33 allowPendingRegistrations
    34 url
    35 thirdPartyValidation {
    36 required
    37 attributes
    38 }
    39 }
    40 additionalDataRequirements {
    41 key
    42 keyLocalized
    43 type
    44 typeLocalized
    45 subtype
    46 subtypeLocalized
    47 group
    48 groupLocalized
    49 isOptional
    50 }
    51 minStayNights
    52 maxNightCap {
    53 annualLimit
    54 isEnforced
    55 }
    56 exemptions {
    57 category
    58 description
    59 }
    60 isVacationRental
    61 }
    62 }
    63 }
    64}

    By jurisdiction:

    Issue the districtByCoordinates query to retrieve a jurisdiction's regulations. This is useful if a lodging partner wants to review requirements before listing properties in a jurisdiction.

    These examples retrieve all regulatory information for the specified jurisdiction, such as allowed property types, registration numbers, and minimum and maximum length-of-stay requirements. The responses show requirements for hotels and vacation rentals.

    1query {
    2 districtByCoordinates(
    3 latitude: 20.798362
    4 longitude: -156.331926
    5 locale: "en_US"
    6 ) {
    7 id
    8 description
    9 nativeLocale
    10 localizedName
    11 referenceUrls
    12 registrationRequired
    13 legalPropertyTypes {
    14 type
    15 subtype
    16 }
    17 requirements {
    18 regulatoryCategory
    19 regulatoryCategoryLabel
    20 qualifiedPropertyTypes {
    21 type
    22 subtype
    23 }
    24 registrationNumberRequirements {
    25 numberType
    26 numberTypeLabel
    27 localName
    28 format
    29 regex
    30 isOptional
    31 isExpirationDateRequired
    32 allowPendingRegistrations
    33 url
    34 thirdPartyValidation {
    35 required
    36 attributes
    37 }
    38 }
    39 additionalDataRequirements {
    40 key
    41 keyLocalized
    42 type
    43 typeLocalized
    44 subtype
    45 subtypeLocalized
    46 group
    47 groupLocalized
    48 isOptional
    49 }
    50 minStayNights
    51 maxNightCap {
    52 annualLimit
    53 isEnforced
    54 }
    55 exemptions {
    56 category
    57 description
    58 }
    59 isVacationRental
    60 }
    61 }
    62}
  2. Retrieve the property's registration information and compliance status.

    Use the registration query to retrieve a property's registration information at the unit (room type) level. This is useful in confirming a unit's information and determining its jurisdiction's requirements. The API returns the registration information in our system for all active and inactive units on the property.

    The following example retrieves registration information for the Croatian property used in the district query above. The response shows

    • Unit is compliant ("status": "COMPLIANT") because a registration number is provided in a valid format (as described in the reason field)
    • Two registration records are set on the unit: REGISTRATION_NUMBER and ENTITY_TYPE

    Note that the complete field is not included in the query because it reports information at a property level and does not provide the true value for some properties.

    1query {
    2 property(id: "53185459", idSource: EXPEDIA) {
    3 id
    4 name
    5 unitsPaginated(
    6 filters: {status: {state: ALL}}
    7 ) {
    8 elements {
    9 ids {
    10 id
    11 idSource
    12 }
    13 registration {
    14 district
    15 detail {
    16 compliant {
    17 status
    18 reason
    19 }
    20 regulatoryCategory
    21 numberOfPhysicalRooms
    22 registrationRecords {
    23 registrationNumber
    24 registrationNumberType
    25 registrationNumberTypeLabel
    26 expiry
    27 }
    28 }
    29 }
    30 }
    31 }
    32 }
    33}
  3. Update registration information.

    Use the updateUnitRegistration mutation to update registration information at the unit level. To continue with the example above, the following mutation sets all of the regulatory information required by the DAC7 mandate:

    1mutation {
    2 updateUnitRegistration(
    3 propertyId: "53185459"
    4 propertyIdSource: EXPEDIA
    5 forceSave: false
    6 registration: {
    7 details: [
    8 {
    9 unitId: "324183846"
    10 regulatoryType: "residence"
    11 regulatorySubType: ""
    12 regulatoryCategory: VACATION_RENTAL
    13 numberOfPhysicalRooms: 1
    14 registrationRecords: [
    15 {
    16 registrationNumber: "123456789"
    17 registrationNumberType: REGISTRATION_NUMBER
    18 },
    19 {
    20 registrationNumber: "Individual"
    21 registrationNumberType: ENTITY_TYPE
    22 },
    23 {
    24 registrationNumber: "Yes"
    25 registrationNumberType: IS_ADDRESS_IN_EU
    26 },
    27 {
    28 registrationNumber: "No"
    29 registrationNumberType: IS_RESIDENCE_IN_EU
    30 },
    31 {
    32 registrationNumber: "Test street 11, Dubrovnik, Croatia, postcode 2345"
    33 registrationNumberType: LEGAL_ADDRESS
    34 },
    35 {
    36 registrationNumber: "AB:Product123"
    37 registrationNumberType: ISSUED_TAX_ID
    38 }
    39 {
    40 registrationNumber: "BB 1234567 098765 registration"
    41 registrationNumberType: LAND_REGISTRATION_NUMBER
    42 },
    43 {
    44 registrationNumber: "1992-01-22"
    45 registrationNumberType: BIRTH_DATE
    46 },
    47 {
    48 registrationNumber: "Yes"
    49 registrationNumberType: IS_VAT_REGISTERED
    50 },
    51 {
    52 registrationNumber: "ExampleVAT123"
    53 registrationNumberType: VAT_ID
    54 }
    55 ]
    56 }
    57 ]
    58 }
    59 ) {
    60 complete
    61 details {
    62 compliant {
    63 status
    64 reason
    65 }
    66 warningStatus {
    67 description
    68 code
    69 }
    70 unitId
    71 regulatoryCategory
    72 regulatoryType
    73 regulatorySubType
    74 regulatoryCategoryLabel
    75 registrationRecords {
    76 registrationNumber
    77 registrationNumberType
    78 registrationNumberTypeLabel
    79 }
    80 }
    81 }
    82}

    Here are additional examples:

    1mutation {
    2 updateUnitRegistration(
    3 propertyId: "9309956",
    4 propertyIdSource: EXPEDIA,
    5 forceSave: false,
    6 registration: {
    7 details: [
    8 {
    9 unitId: "200299052",
    10 regulatoryType: "hotel",
    11 regulatoryCategory: HOTEL,
    12 registrationRecords: [
    13 {
    14 registrationNumber: "HSR12-34567"
    15 }
    16 ]
    17 }
    18 ]
    19 }
    20 ) {
    21 complete
    22 details {
    23 unitId
    24 compliant {
    25 status
    26 reason
    27 }
    28 registrationRecords {
    29 registrationNumber
    30 }
    31 warningStatus {
    32 description
    33 code
    34 }
    35 }
    36 }
    37}

Implementation details and limitations

  • When implementing your UI, we strongly recommend that you visually distinguish mandatory fields to reduce unsuccessful updates. This is especially true when the forceSave input argument of updateUnitRegistration is set to false. Updates to registration information will fail unless mandatory fields are completed.

  • The registration query and updateUnitRegistration mutation’s response provide a couple fields that may be confusing:

    • The compliant object returns the compliance status for mandatory requirements only (at the unit level). If invalid information is provided for an optional regulatory requirement, or if regulatory information is set in a jurisdiction that does not require regulatory information, status: COMPLIANT is returned. For optional requirements, a warning is returned in the warningStatus field of the mutation's payload.

    • The complete field indicates whether a valid registration record was successfully written by the mutation. This field does not report whether the record fulfills the requirements of the property's district. Also, it reports information at the property level, though the property may contain deleted or inactive units and may provide inaccurate information for some properties. We do not recommend including this field.

Be aware of these limitations as you integrate the compliance capability:

  • This capability is not supported for properties in Japan. In general, the capability is only supported for properties in jurisdictions that are supported by our underlying regulatory service.

  • The capability is not tied to the go-live workflow, which means that non-compliant properties are not automatically delisted at this time.

  • Registration information is updated at the room-type level. Updating registration information at the property level is not supported.

Minimum certification requirements

Partners who want to adopt the compliance capability are required to successfully complete end-to-end certification with Expedia Group teams. Specifically, the partner be able to

  • Read regulatory requirements by property ID or by jurisdiction.

  • Read compliance status for each active unit of a property. Note that the query to retrieve a property's registration information at the unit (room type) level will return information for all units, active and inactive. Use the Product API for to identify the correct active unit ID before updating registration information.

  • Add or update each active unit in a jurisdiction with mandatory requirements. Ensure the following is in place:

    • Correct registration information
    • All mandatory regulatory information; for example, some jurisdictions have additional regulatory information (regulatorySubType or more than one registrationNumberRequirements)
  • Include warningStatus in your implementation to ensure that warnings are captured.

  • Implement a synchronization process for properties with mandatory regulatory requirements to capture non-compliant active units and add or update registration on regular basis. Refer to Updating registration information for details.

DAC7 requirements

The Directive on Administrative Co-operation (DAC7) is a European regulatory mandate that enforces annual reporting obligations for digital online platforms, crypto-assets and e-money (full details here). The directive requires digital platform operators in the EU (including all Expedia Group sites) to collect and report personal and business income information realized by sellers using their platforms for certain commercial services. The goal is to ensure all taxes — income tax as well as value-added tax (VAT) — are reported and assessed.

The compliance capability provides the district and districtByCoordinates queries to retrieve regulatory information that can be set for a property as defined by its jurisdiction. This might include a property's entity type, location, and various registration numbers. You should implement your UI so that the lodging partner can provide data for each of the regulatory requirements reported by the query.

As an example, the district query above shows that the following regulatory information can be set for vacation rentals and hotels located in Croatia:

  • REGISTRATION_NUMBER
  • ENTITY_TYPE
  • IS_TRADED
  • IS_GOVERNMENT_ENTITY
  • IS_ADDRESS_IN_EU
  • IS_RESIDENCE_IN_EU
  • LEGAL_ADDRESS
  • ISSUED_TAX_ID
  • PERMANENT_ESTABLISHMENT_COUNTRY
  • BUSINESS_REGISTRATION_NUMBER
  • BUSINESS_ISSUING_REGISTRY
  • LAND_REGISTRATION_NUMBER
  • BIRTH_DATE
  • IS_VAT_REGISTERED
  • VAT_ID
  • AUSTRALIAN_BUSINESS_NUMBER

The data that must be set for a property to meet the DAC7 mandate will depend on values provided for each regulatory requirement listed here.

If these values are provided for a property:Set this regulatory information:

ENTITY_TYPE: Business
+ IS_TRADED: No
+ IS_GOVERNMENT_ENTITY: No
+ IS_RESIDENCE_IN_EU: Yes

or

ENTITY_TYPE: Business
+ IS_TRADED: No
+ IS_GOVERNMENT_ENTITY: No
+ IS_RESIDENCE_IN_EU: No
+ IS_ADDRESS_IN_EU: Yes

  • LEGAL_ADDRESS
  • ISSUED_TAX_ID
  • VAT_ID
  • IS_VAT_REGISTERED
  • PERMANENT_ESTABLISHMENT_COUNTRY
  • BUSINESS_REGISTRATION_NUMBER
  • LAND_REGISTRATION_NUMBER

ENTITY_TYPE: Individual
+ IS_RESIDENCE_IN_EU: Yes

or

ENTITY_TYPE: Individual
+ IS_RESIDENCE_IN_EU: No
+ IS_ADDRESS_IN_EU: Yes

  • LEGAL_ADDRESS
  • ISSUED_TAX_ID
  • VAT_ID
  • IS_VAT_REGISTERED
  • BIRTH_DATE
  • LAND_REGISTRATION_NUMBER

Use the updateUnitRegistration mutation to set regulatory data on the property. To continue with our example, the mutation above sets all of the regulatory requirements for a vacation rental in Croatia.