Rules For When AI Helps, When Staff Step In, And What The PMS Should Store

UK government research found that 43% of UK businesses reported a cyber security breach or attack in the last 12 months. That single number is a useful starting point for a “warm handoff” conversation, because when an AI concierge is speaking to guests and your PMS is storing operational truth, you’re handling both service quality and information risk in the same breath.

At the same time, front desks are being asked to do more with fewer hands, and UKHospitality reported 107,000 hospitality vacancies in the quarter to April 2024 (15% above pre-pandemic levels). So the goal here is practical above all: set clear rules for what AI should handle confidently, when a human should step in, and what the PMS should record so your team can act fast and consistently.

A good handoff doesn’t feel like tech for tech’s sake. It feels like calm professionalism.

If you’re running a hospitality venue, you don’t need convincing that guest contact comes in waves. What’s worth talking about is how a simple handoff model turns those waves into something your team can ride, rather than react to.

The staffing backdrop also matters: UKHospitality’s ONS-backed figure of 107,000 vacancies in hospitality (quarter to April 2024) is a reminder that spare capacity often isn’t sitting in the rota waiting to be used. In the same update, UKHospitality also noted wages in the sector increased by 9.5% in March 2024, which is a positive signal of investment, but it also adds pressure to get value from every hour you’re paying for.

This is where an AI concierge can help, as long as it’s treated like the first step in a service process, not a separate channel that creates extra admin later. Think of the AI as your structured intake: it gathers essentials, confirms intent, and keeps momentum. Then, when a request needs judgement, discretion, or empathy, the baton is passed to a person with the context already neatly packaged.

The “warm” part matters. It means the guest doesn’t have to start again, and your receptionist doesn’t have to play detective.

Warm handoff rules shouldn’t stop at “who answers next.” They also need to say what gets stored, where, and for how long, because guest comms are full of personal details and offhand comments that don’t belong in permanent systems.

The Cyber Security Breaches Survey 2025 (commissioned by DSIT and the Home Office) is blunt about how common breaches are, and it also puts a price tag on disruption: the report estimates the average cost of the most disruptive breach was £1,600 per business, based on what respondents believed and self-reported. The report also cautions that these self-reported costs may underestimate the full financial impact, which is worth keeping in mind when someone says, “It’ll probably be fine.”

The silver lining is that storing less can actually improve service, because it forces clarity. When your PMS record contains only what’s needed to deliver the stay well, handovers get faster and fewer details get lost in clutter.

A simple PMS nutrition label test helps: every field should earn its place by answering, “What decision does this enable?” Use this as the one-page standard your AI concierge and staff both follow:

 

 

Methodology likewise matters when you’re basing policy on statistics: the same government survey used a random probability telephone and online survey of 2,180 UK businesses with fieldwork between August and December 2024, alongside 44 in-depth interviews between October and December 2024. That’s not someone’s opinion on LinkedIn. It’s structured evidence you can responsibly use as a benchmark.

Most handoff problems don’t come from bad intentions. They come from unclear boundaries.

The ICO’s Guidance on AI and data protection is a solid anchor for setting those boundaries, and the ICO notes this guidance was updated on 15 March 2023. The ICO also flags that, because the Data (Use and Access) Act came into law on 19 June 2025, the guidance is under review and may change, which is exactly why “set-and-forget” isn’t a realistic approach to AI governance.

For hospitality teams, that translates into something refreshingly practical: decide in advance what the AI must never “decide” on its own. Not because AI is inherently problematic, but because your operation has policies, legal duties, and brand standards that need human accountability.

One more useful detail from the Cyber Security Breaches Survey 2025: in the “food or hospitality” sector grouping, only 12% of businesses reported having a board member with responsibility for cyber security (compared with 27% of businesses overall). That’s not a criticism, it’s an opportunity, because a warm handoff can double as your “who owns what” document when you don’t have layers of governance.

Here’s the question to keep things straightforward: what’s the one type of that, if mishandled, would create the most regret for your team? If the answer involves judgement, money, safety, or dignity, it belongs on the “human” list.

A strong warm handoff model does something incredibly powerful: it protects your team’s attention. With vacancies still high in hospitality, protecting attention is one of the most positive operational moves you can make.

The government’s cyber survey data shows breaches are common enough, and disruptive enough, that storing “just in case” information is a habit worth replacing with purposeful records. And the ICO’s guidance makes it clear that AI-enabled services sit inside the same fairness, transparency, and governance expectations as everything else you do with personal data.

Write your rules down, keep them short, and design them so both AI concierge and humans can follow them without interpretation gymnastics. Do that, and your PMS becomes a reliable memory, your team gets cleaner handovers, and guests feel like they’re being looked after by people who talk to each other.

If a guest asked you tomorrow, “What did you store about me, and why?”, would the answer feel clear and comfortable?