A Singapore-based corporate traveller is booked on a connecting flight through Dubai en route to a client meeting in London. Overnight, airspace closures across the Gulf force their carrier to suspend the route entirely. They are stranded at Changi with no onward booking, no clear alternative, and a meeting in twelve hours.
This is not a hypothetical. In early 2026, the Middle East conflict triggered the suspension of Singapore Airlines’ Dubai routes, disrupted Qatar Airways’ normal schedules, and eliminated the transit options that — until that week — handled roughly 40% of Asia-Europe connecting traffic. For corporate travellers across APAC booked via Middle East hubs to London, Frankfurt, or Paris, the disruption was immediate and the options were limited.
In each of these situations, the question that lands on the TMC’s desk is the same: where are our travellers, and what do we do next?
Duty of care — the legal and moral obligation of an employer to protect its employees during business travel — is not a new concept. But the expectation of what it looks like in practice has shifted significantly. Corporate clients increasingly expect their TMC to provide not just bookings, but a proactive risk management layer: real-time awareness of where travellers are, automated alerts when conditions change, and the operational capability to respond when something goes wrong.
For TMCs operating in Asia-Pacific, this expectation is shaped by a region whose travellers depend heavily on Middle East hubs as gateways to Europe, the Middle East, and Africa — and where geopolitical disruption can close those gateways overnight. This guide explains what duty of care means in practice, how travel risk management connects to it, and what TMCs need to have in place to fulfil both.
What Is Duty of Care in Corporate Travel?
Duty of care in corporate travel refers to an employer’s legal and moral obligation to take reasonable steps to protect the health, safety, and security of employees while they are travelling on company business. It is not a voluntary commitment — in most jurisdictions, it is a legal requirement, grounded in employment law, health and safety legislation, and in some markets, specific corporate travel regulations.
The obligation has two distinct layers. The legal layer varies by jurisdiction: Singapore’s Workplace Safety and Health Act, Australia’s Work Health and Safety Act, and equivalent legislation across APAC markets all impose duties on employers to ensure, as far as reasonably practicable, the safety of workers — including those working away from the office. The moral layer is broader: companies that send employees into complex or hazardous environments carry a responsibility that goes beyond legal compliance.
For TMCs, duty of care is not their obligation — it is the corporate client’s obligation. But the TMC is the operational partner that makes it possible to fulfil. A TMC that cannot tell a corporate client where their travellers are, cannot alert them when a risk emerges, and cannot support rebooking or evacuation is a TMC that leaves its client legally and operationally exposed
What Is Travel Risk Management?
Travel risk management is the operational framework that translates duty of care obligations into concrete, executable processes. It covers the full lifecycle of a business trip — before departure, during travel, and after return — and defines what actions are taken at each stage when risks are identified.
The three phases of travel risk management are:
• Pre-trip: Risk assessment for the destination, traveller briefing, policy approval, and itinerary capture. This is where risks are identified and mitigation measures are put in place before the trip begins.
• In-trip: Real-time traveller tracking, disruption monitoring, and alert communication. This is where the TMC’s technology and operational capability are tested — the ability to identify a risk, locate affected travellers, and initiate a response.
• Post-trip: Incident review, policy update, and traveller debrief. Risk events that occur are documented and fed back into the pre-trip risk assessment process for future journeys.
The foundation of effective travel risk management is itinerary data. A TMC can only locate, alert, and support travellers whose bookings are captured in the managed programme. Every booking made outside the corporate channel — through a consumer OTA, direct with an airline or hotel — is a traveller the TMC cannot see and cannot help. This is why OBT adoption rate is not just a cost management metric; it is a safety metric.
In APAC, the risk landscape spans natural disasters, political instability, medical emergencies, and flight disruptions — all of which can unfold faster than a manual response can keep up with. The question is not whether these risks exist, but whether the TMC has the tools to respond when they do.
How a Corporate Booking Tool Enables Duty of Care
A corporate booking tool is the data foundation on which travel risk management is built. Without complete, real-time itinerary data, duty of care is aspirational rather than operational.
Real-Time Traveller Visibility
When all bookings flow through the managed CBT, the TMC and corporate travel manager have a live, global view of every traveller's location at any point in their trip — origin, destination, transit points, hotel, and return itinerary. This matters most when something goes wrong. In the event of a natural disaster, civil strike, or security threat, knowing exactly where every employee is located is the difference between a coordinated response and hours of frantic phone calls.
Automated Disruption and Risk Alerts
When a risk threshold is crossed — a flight cancelled, a weather warning issued, a government advisory elevated — the booking tool can push emergency notifications directly to the traveller’s phone with clear instructions and safety protocols. The traveller does not need to be monitoring the news or waiting for a call from their travel manager. The system reaches them first, with the information they need to act.
The 2026 Middle East conflict made this capability tangible for APAC programmes. When airspace closures across the Gulf suspended Singapore Airlines’ Dubai routes and eliminated Middle East hub connections overnight, TMCs with automated itinerary monitoring could identify every affected traveller and initiate rebooking onto alternative corridors — via Istanbul or on direct routings — before their clients called. Those without it were managing the fallout reactively, hours after the disruption had already landed.
Forecepts has built on this principle directly. Its AI LLM Duty of Care Travel Alert case study demonstrates an AI language model that monitors and parses official government travel advisories — converting dense official-language warnings into structured, actionable alerts for travellers with active itineraries in affected areas, at a speed that manual monitoring cannot match.
Approved Suppliers as a Safety Layer
Duty of care does not begin when something goes wrong — it begins at the point of booking. By limiting traveller choices to vetted, pre-approved hotels and ground transport providers, the booking tool ensures that employees are consistently staying in safe, high-quality environments rather than making ad hoc decisions under time pressure. An approved supplier list is not just a cost control mechanism; it is the first layer of traveller protection.
Rebooking Authority and Speed
Duty of care is not just about knowing there is a problem — it is about being able to act on it. A CBT that gives the TMC's consultants immediate access to the affected PNR, with the authority and tools to rebook, reroute, or cancel on the traveller's behalf, reduces the response time from hours to minutes. In a fast-moving situation, this operational speed is what separates an effective duty of care response from a well-intentioned but ineffective one.
How AI Is Changing Travel Risk Management
The traditional model of travel risk management relied on human monitoring: a consultant watching a news feed, manually checking whether any active travellers were affected, and initiating contact. This model works at low volumes and in predictable risk environments. It does not scale to a TMC managing hundreds of active itineraries across a region as geographically and politically diverse as APAC.
AI changes this in two ways.
• Automated advisory parsing. Government travel advisories, airline operational notices, and weather warnings are published in dense, formal language that is time-consuming to read and synthesise manually. AI language models can monitor these sources continuously, parse the relevant details — affected locations, recommended actions, severity level — and generate structured alerts in a format that is immediately actionable for a travel consultant or directly pushable to a traveller’s mobile device.
• Itinerary cross-referencing at scale. Once a risk event is identified and parsed, the system can cross-reference it against all active itineraries in real time — identifying affected travellers, their current location, their onward bookings, and the appropriate response — in seconds rather than the hours a manual process would require.
The shift this enables is from reactive to proactive risk management. Instead of a TMC responding to a traveller who calls because their flight is cancelled or their hotel is in an evacuation zone, the TMC is contacting the traveller before they are aware of the problem, with options already prepared.
Building a Travel Risk Management Programme: A Framework for TMCs
For TMCs looking to formalise or upgrade their duty of care capability, the following framework provides a structured starting point.
Step 1: Capture Complete Itinerary Data
Every risk management capability downstream depends on this. The TMC needs a booking tool that captures all managed bookings — air, hotel, ground transport — in a single itinerary record, with sufficient detail to locate and contact the traveller at any point in their trip. Off-tool bookings that are not captured in the system represent gaps in the duty of care coverage.
Step 2: Establish a Risk Monitoring Baseline
Define which information sources the programme monitors — government travel advisories, airline operational notices, weather services, security intelligence feeds — and how often they are checked. For high-volume programmes or destinations with elevated risk profiles, automated monitoring is the only approach that scales. For smaller programmes, a structured manual review cadence with clear escalation triggers is the minimum viable baseline.
Step 3: Define the Communication Protocol
When a risk event is identified that affects active travellers, the protocol should define: who is notified first (traveller, travel manager, security team), through which channel (push notification, email, phone call), within what timeframe, and with what information. A communication protocol that has to be invented at the moment of a crisis is a protocol that will not work under pressure.
Step 4: Maintain Operational Rebooking Capability
The TMC needs the tools and the authority to act on behalf of affected travellers — rebooking flights, cancelling hotels, arranging ground transport, and coordinating with the corporate client’s internal security or HR function. This requires not just the technical capability within the booking platform but clear commercial arrangements with suppliers that allow for flexible rebooking in disruption scenarios.
Step 5: Review and Update After Every Significant Event
Every incident — whether a major crisis or a routine flight disruption that required active management — is an opportunity to identify gaps in the programme. What information was missing? What took longer than it should have? What did the traveller need that the programme could not provide? The post-incident review is what turns experience into a more resilient programme.
Final Thoughts
Duty of care is not a product feature. It is an operational commitment backed by the right data, the right tools, and the right processes. For TMCs, it is also an increasingly important competitive differentiator: as corporate clients become more sophisticated in how they evaluate travel programme partners, the ability to demonstrate a structured, technology-enabled approach to traveller safety is a meaningful reason to choose one TMC over another.
The foundation is always the same: complete itinerary data, real-time risk visibility, a tested communication protocol, and the operational capability to act. Everything else — AI-powered alert parsing, predictive risk modelling, automated rebooking — builds on top of that foundation.
For a broader view of how CBT capabilities and cost management connect to the TMC’s value proposition, see our articles on corporate booking tools for TMCs and business travel savings.
