­­­­­­­­

There is a useful thought experiment for understanding what makes agentic AI different from the AI tools that have been embedded in corporate travel management for the past decade. The older tools — recommendation engines, price prediction models, automated expense categorisation are advisory. They surface information, flag anomalies, or generate options. A human makes the decision and takes the action. Agentic AI does the action itself. It books the flight, changes the hotel, sends the notification, checks the policy, and escalates the exception, without waiting to be instructed at each step. 

That distinction matters more in corporate travel than in almost any other enterprise function, because corporate travel management is a domain where the gap between what the policy says and what travellers actually do has always been wide, expensive, and difficult to close through instruction alone. Research consistently finds that a significant proportion of business travellers book through unapproved third-party channels — not because they are deliberately non-compliant, but because the approved channels are slower, harder to use, or less capable of meeting the specific requirements of a given trip. Agentic AI changes that calculus by making the compliant path faster and easier than the workaround.

In 2025, roughly 40% of travellers worldwide used AI-based tools for some part of their trip planning. Corporate adoption is moving faster than leisure adoption, driven by the quantifiable efficiency gains that enterprise travel managers can report to procurement and finance leadership. SAP Concur data indicates that AI-powered travel and expense management reduces the time required to book travel and submit expense reports by around 53%. Those are meaningful numbers in organisations where high-frequency business travel represents a material operating cost. The question that IT and travel managers at mid-sized companies are now navigating is not whether to deploy agentic AI in travel management, but how to deploy it in a way that preserves policy control, maintains duty of care obligations, and does not create new governance risks in the process of eliminating old inefficiencies. 

What Agentic Systems Actually Handle

The commercial narrative around agentic travel AI sometimes implies a degree of capability that outpaces current reality. It is worth being precise about what these systems do well, where they perform inconsistently, and what remains genuinely outside their competence in a corporate context.Agentic systems handle routine itinerary assembly well. Given a destination, a travel window, a budget band, and a policy framework, a well-configured travel AI agent can search across available inventory, apply fare and accommodation rules, check loyalty programme eligibility, generate a compliant itinerary, and present it for a single-click booking confirmation faster than a trained travel agent working a GDS terminal. In high-frequency travel programmes, this automation of the standard booking workflow translates directly into measurable time savings and consistent policy compliance on the uncomplicated majority of trips.

They also handle disruption rebooking in transit increasingly well. The multi-agent architecture described in recent technical implementations allows a disruption detection agent, a rebooking options agent, a compliance checking agent, and an approval workflow agent to operate in sequence — identifying the disruption, generating compliant alternatives, verifying policy applicability, and routing a proposed solution to the traveller and their manager within minutes of the triggering event. For a corporate traveller caught by a delayed inbound connection at a foreign airport, this is the difference between receiving a confirmed alternative within two minutes and spending forty-five minutes on hold with an airline's general customer service line.

Where agentic systems struggle is in the genuinely complex, contextually dependent decisions that experienced travel managers handle well. Duty of care in a rapidly evolving security situation requires real-time geopolitical judgment that no current AI system can make reliably. A traveller whose connecting itinerary has collapsed and who has a time-critical business commitment the following morning may require a combination of flight change, overnight accommodation, client communication, and senior management notification that involves implicit organisational knowledge about priorities, relationships, and risk tolerance that is not in the policy document. The best-designed agentic systems recognise these situations as falling outside their decision authority and escalate them to a human, fast. The poorly designed ones attempt to automate everything and produce worse outcomes in the edge cases that most need good judgment. 

Policy Integration: The Design Problem Most Deployments Get Wrong

Corporate travel policy is, in most mid-sized organisations, a document that sits somewhere between strategy and fiction. The strategy is to control spend, ensure compliance with duty of care obligations, and leverage negotiated rates with preferred suppliers. The fiction is that employees read it, remember it, and apply it consistently in the moment-to-moment decisions of booking a flight or choosing a hotel on a tight timeline.

Agentic AI changes the structural relationship between policy and behaviour by embedding the policy into the booking workflow rather than asking individuals to self-apply it. When the system will only surface compliant options, the compliant option is the easy option. This is the core value proposition, and it is real. But the design challenge is that corporate travel policies are rarely clean, complete, or consistent. They are documents written at a point in time that may or may not reflect current supplier relationships, current duty of care standards, current expense approval hierarchies, or the genuinely exceptional cases that every organisation encounters.

An agentic system needs to be fed a policy framework that it can actually interpret, which means that organisations deploying travel AI typically need to go through a policy review and rationalisation exercise first. This is not the technology provider's job. It is the travel manager's job, supported by legal and finance. The systems that perform well in production are the ones where the policy has been made explicit, the exceptions have been documented, and the escalation paths have been defined. Systems deployed against a vague or contradictory policy framework will produce inconsistent results regardless of the algorithm quality.

The contextual interpretation challenge is worth dwelling on. A junior employee booking a business class transatlantic flight is probably in violation of policy. The same junior employee, travelling as last-minute support for a CEO-level client meeting after a 14-hour overnight, may represent a legitimate exception. Current agentic systems can be configured to recognise categories of exception — flight duration thresholds, role-based entitlements, disruption-related upgrades — but genuine contextual judgment of the "was this actually appropriate?" variety remains a human responsibility. The AI enforces the rules. The humans own the rules, and they own the decisions that fall outside them. 

A Scenario: The Collapsed Itinerary

Consider a realistic corporate travel scenario that illustrates both the capability and the governance requirements of agentic AI deployment.

A senior project manager travels from London to Frankfurt on a Monday morning for a two-day client engagement. The outbound journey is smooth. On Wednesday afternoon, a weather event grounds departures from Frankfurt airport for three hours. Her return flight is cancelled. She has a board-level presentation at the company's London headquarters the following morning at 9am that cannot be moved.In a conventional travel management setup, this situation requires her to call the travel management company's emergency line, wait for an agent, explain the situation, identify alternatives, check policy compliance on any upgrade or re-routing costs, and then manage her own hotel booking if she cannot depart that evening. The whole process, under pressure, with incomplete information about available alternatives, typically takes between thirty and ninety minutes. She probably ends up in a hotel she booked herself through a third-party app, which creates an expense reconciliation problem and a duty of care visibility gap.

In an agentic AI deployment, the system detects the cancellation through a real-time flight status feed before she has been notified by the airline. It queries available onward options within her fare conditions and the organisation's policy framework. It identifies that the last viable connection via Amsterdam is within a 70-minute window, checks that re-booking is within her policy entitlement for disruption scenarios, and pushes a notification to her phone with a single-tap confirmation. Simultaneously, it flags the trip-in-progress in the duty of care dashboard, updates her manager's travel visibility report, and pre-populates an expense claim for the dinner she will need to have at the airport. If the Amsterdam connection is the last viable option and she confirms, the system issues the new ticket and sends a departure gate notification. If the only realistic option is an overnight, it books a preferred-supplier hotel, applies her loyalty number, and schedules a morning check-out reminder.

The scenario is not hypothetical. This is the operational design that the better-built agentic travel platforms are executing now, and the business case it generates — measured in recovered productivity, reduced out-of-policy spend, and improved traveller satisfaction — is what is driving adoption at the enterprise level. The caveat is that the system works because the policy framework was well-defined, the supplier integrations were properly configured, and the duty of care escalation protocols were set up correctly before the trip began. 

Duty of Care in the Agentic Era

Duty of care is the obligation that employers have to ensure the safety and wellbeing of employees travelling for business purposes. In most jurisdictions, this obligation has always been somewhat abstractly defined — organisations know they are responsible, but the practical mechanisms for discharging that responsibility in real time have historically been limited.

Agentic AI materially changes what duty of care looks like in practice, in both enabling and complicating ways. On the enabling side, continuous itinerary monitoring, real-time alert integration with travel risk intelligence platforms, and automated check-in protocols give travel managers a level of visibility into their travelling population that was previously only achievable through dedicated travel management company services at significant cost. An AI system that knows where every business traveller in a programme is at any given moment, and that can push contextually relevant safety information or check-in prompts automatically, is a meaningfully better duty of care infrastructure than a spreadsheet and a support email address.

The complication is that as AI systems take on greater autonomous decision-making authority in corporate travel — booking, rebooking, approving exceptions, managing supplier relationships — the question of who is accountable when something goes wrong becomes harder to answer cleanly. The legal principle is that organisations will be held to a duty of care standard regardless of whether the decision that failed was made by a human or an algorithm. As legal scholarship and regulatory thinking in this area evolves, organisations deploying agentic AI in travel need to ensure that the human accountability layer is explicit, not theoretical. The AI makes decisions within a policy framework that humans defined. Humans review the exceptions the AI escalates. Humans are responsible for the outcomes. Building these accountability structures into the technology deployment, not retrofitting them after a failure, is the governance work that differentiates mature from immature agentic implementations. 

The Integration Architecture That Makes It Work

Corporate travel management does not exist in isolation. The agentic AI layer sits on top of a stack that typically includes a travel management company or booking platform, a GDS or direct NDC connections to airlines and hotel chains, an expense management system, an HR system containing traveller profiles and approval hierarchies, and a travel risk intelligence feed. The agentic system needs to read from and write to all of these in real time.

This integration complexity is where many mid-sized company deployments encounter their first significant obstacle. The technology for agentic travel management exists and works well in controlled environments. The challenge in production is that legacy expense systems do not always expose the APIs that a modern agentic layer needs. HR systems that contain the approval hierarchy data are often not designed for real-time querying by external systems. GDS inventory access rules may conflict with the automated ticketing workflows the AI requires. None of these problems are insurmountable, but they are integration engineering challenges that need to be scoped, budgeted, and sequenced realistically.

The organisations that have moved fastest from pilot to production-scale deployment have typically done so by starting with the workflows where integration complexity is lowest and value is clearest. Full itinerary assembly automation, real-time disruption notification, and expense pre-population are often achievable with relatively contained integration work. The more ambitious workflows — genuine policy exception management, multi-party approval in real time, cross-carrier re-accommodation during major disruptions — require deeper integration and more governance design work before they can be safely automated. 

What This Means for the IT Manager Evaluating Platforms

The commercial travel AI market has grown rapidly, and the capability claims of different platforms vary enormously. For IT managers at mid-sized organisations evaluating whether and how to deploy agentic travel management, a few assessment criteria are worth treating as non-negotiable.

Policy engine configurability matters more than AI sophistication. A system that can accurately represent your organisation's actual policy — including the exceptions, the escalation rules, and the hierarchy of competing priorities — will produce better outcomes than a more advanced system running against an approximation of your policy. Ask vendors how their policy configuration works, how long it takes to update when your policy changes, and how they handle genuinely ambiguous cases.

Failure mode design is the second criterion. What does the system do when it encounters a booking situation outside its training distribution? What does it do when a supplier API is unavailable? What does it do when the traveller's response to a notification times out? Systems that fail gracefully and escalate quickly are significantly more operationally reliable than systems optimised purely for automation rate.

The third is data governance. Agentic travel systems process significant volumes of personal data — travel history, location, spending patterns, loyalty programme information. The GDPR and employment law implications of how this data is stored, processed, and retained need to be addressed at procurement stage, not as an afterthought once the system is live.

DevPals advises mid-sized enterprises on the selection, integration, and governance of agentic AI in travel management and broader enterprise workflows.

Our approach treats policy design, integration architecture, and accountability structure as co-equal priorities alongside the technology itself. If you are evaluating this space or already mid-implementation and encountering friction, we are available to review where you are and what the path forward looks like.