Compliance by design

Three regulations. One platform.

Restaurants in Germany must satisfy three compliance regimes in 2026 — the EU AI Act (Art. 50, from August 2026), the GDPR, and the KassenSichV. Tablario covers all three from the first call, never bolted on.

Compliance

Three pillars, built in

Every regulation has a clear anchor in the system — not in a wiki nobody reads.

EU Regulation 2024/1689

EU AI Act

Every caller hears the legally required AI disclosure at the start of the call. On explicit refusal, we atomically transfer to a human — no gap, no data leak.

Full statement

Regulation 2016/679

GDPR

Hosting in Frankfurt (AWS eu-central-1), every call carries the AI Act disclosure as the lawful basis plus a full audit trail. Audio and personal data are automatically anonymised after 30 days (GDPR Art. 5(1)(c), Art. 17).

German Federal Tax FAQ

KassenSichV

Tablario takes reservations — no cash transactions, no TSE requirement. The separation between reservation logic and POS logic is documented and auditable.

Fakten

Key facts at a glance

When your accountant or DPO asks — here are the answers.

Servers: Frankfurt · AWS eu-central-1
Audio recordings: Max. 30 days · then automatically anonymised
PII anonymisation: Automatic after 30 days
Subprocessors: Full list on request (DPA)
AI disclosure: At the start of every call (DE/EN/FR/IT)
Payment processing: Out of scope — no TSE needed

FAQ

Frequently asked

01What changes for restaurants from August 2026?+

The EU AI Act (Art. 50) requires providers of AI systems to transparently inform end-users that they are interacting with an AI. Tablario already meets this obligation — the AI disclosure is part of every call.

02Do we need a TSE for Tablario?+

No. Tablario processes reservations and calls — not POS transactions. The KassenSichV (TSE requirement) only applies to point-of-sale systems. When you later process payments through Tablario, that flow is contractually separated from reservation logic.

03Where is my data stored — and for how long?+

Exclusively in Frankfurt on AWS eu-central-1. Call audio is stored for up to 30 days (lawful basis: the AI Act disclosure at the start of every call serves as consent under GDPR Art. 6(1)(a)) and is then automatically anonymised. Personal reservation data is anonymised 30 days after the event (GDPR Art. 5(1)(c), Art. 17).

Reply within 1 business day

Weekdays between 9 am and 6 pm CET

GDPR compliant

Servers in Germany · no data sales

Made in Germany

Founder-led support straight from Cologne

Cancel monthly

No contract, no setup fee

Ready for the 2026 obligations?

Start a 30-day free trial — we set you up compliant on day one.

Start 30-day free trial Talk to us