Digital Services Act 2023 - Report on the results of the Systemic Risk Assessment conducted by Booking.com B.V. under the Digital Services Act 2022 Booking.com BV. No part of this documentation may be reproduced or transmitted in any form or for any purpose without the express permission Introduction At Booking.com, our mission is to make it easier for everyone to experience the world. We believe that travel can bring out the best in humanity. Travel promotes a better understanding of different cultures and ways of life. We also believe in and work towards making travel a force for good in the world - one that enriches people’s lives through a range of experiences, big and small. As a travel platform, it is at the core of our activities to facilitate travel experiences centred on our customers and underpinned by our values. Our long-held values as well as our guidelines and terms and conditions for all users of our platform - travellers and supply partners - are designed to foster safe and welcoming travel experiences for all. ❖ Travel Respectfully (Act with Integrity) \- We expect our employees, customers and partners to treat each other with respect. We do not tolerate any form of harassment, discrimination, hate speech, manipulation, physical violence or any other threatening or abusive behaviour. Additionally, we expect our supply partners and travellers to conduct business on our platform in an honest and professional manner, to not misrepresent themselves and to respect agreements that are made with each other. ❖ Travel Safely \- The safety (physical and otherwise) of our travellers, supply partners and employees is our priority. Users of our platform may not engage in or promote any activities that bring harm to any person. ❖ Travel Confidently \- We are committed to providing the best user experience for everybody who uses our travel services. That means that we take user privacy seriously and are committed to protecting and safeguarding user privacy in accordance with our Privacy and Cookie Statement and applicable laws. We are dedicated to ensuring that our online environment is trusted and secure. We exercise vigilance to ensure that we iterate our processes and controls to address emerging challenges and risks and do so in real time. Keeping data provided on our platform safe and secure is important to us. Booking.com therefore protects users’ personal data and credit card information in line with applicable laws, including the GDPR and the data security standards of the Payment Card Industry (PCI DSS). 1 At Booking.com, we believe that the importance of the travel industry as a powerful global economic driver cannot be viewed separately from our responsibility to ensure there is a world worth experiencing for future generations. Sustainability is not only intertwined with the long-term viability of our industry, it is foundational to our business. Our environmental, social, and governance (ESG) initiatives, processes and principles demonstrate our continued emphasis on being a sustainable and ethical global business. We are committed to respecting and promoting human rights wherever we do business. As one of the world’s leading online travel companies, we respect the human rights of our stakeholders by seeking to avoid infringing on the rights of others and working to address adverse human rights impacts of the travel sector. Our commitment to respect and promote human rights, as reflected in our Human Rights Statement, is based on internationally recognized standards and principles, including the United Nations (UN) Guiding Principles on Business and Human Rights. At Booking.com we measure success not only by the value that we create for our company but by the positive impact we create for all - our employees, customers, partners, communities, other stakeholders, stockholders and governments. We now present the findings of our risk assessment as required by the EU’s Digital Services Act (DSA). 2 Section 1 - Report on DSA Risk Assessment The DSA requires that “very large online platforms” (VLOPs) conduct annual risk assessments to determine if and how their services (or the use of their services) may pose systemic risks to EU citizens. The Booking.com online platform (“Booking.com” or the “platform”) has received a VLOP designation, and this report sets out the results of our assessment. Our assessment was conducted over a five-month period with a range of stakeholder groups and in collaboration with advisors and consultants, including a global non-profit sustainable business network and consultancy. Together, we leveraged diversity of thought and expertise to assess the range of risk categories outlined in the DSA as well as the experiences and realities of our business environment. Our process included convening focus group discussions with key stakeholders across our organisation (including: Engineering, Compliance \& Ethics, Data Privacy \& Security, Legal \& Public Affairs, Trust \& Safety and others). This assessment - though responsive to the specific requirements of the DSA - is not our first foray into understanding the ways in which our business interacts with or impacts the world around us. In fact, it builds on a body of work and a culture of responsibility and safety that has long been part of Booking.com. Our expectations for ourselves and our partners are published in a number of public-facing resources. Our commitment to respecting and promoting human rights wherever we do business is reflected in our Human Rights Statement - the result of a thorough assessment (supported by business and human rights experts) of human rights risks throughout our ecosystem. We have also outlined steps we are taking with respect to the risk of human trafficking and modern slavery in our Modern Slavery Statement. Our commitments to ethics, ESG and sustainability, privacy, fair competition, and other core values can be found in our Code of Conduct, Supplier Code of Conduct, Climate Action Plan and our Sustainability Report - inviting all who do business with us to share our commitment to absolute integrity and adhere to the highest ethical standards, applicable laws, and our own requirements for fostering safe and inclusive travel experiences. This risk assessment report has been prepared under the supervision of the Booking.com B.V. Head of DSA Compliance, and has been reviewed and approved by the company’s Management Body. The nature of the assessment (and most of the risks) addressed by the DSA is not dissimilar from that which we have, over time, been conscious of and have been addressing prior to the introduction of the DSA. 3 Our assessment shows that the design and functioning of Booking.com does not pose significant systemic risks to EU citizens because of the nature of our service and our history of continuously assessing and mitigating risks to society. That is largely because: 1. We are a transaction-focused platform and not a user-generated content-focused platform. Our platform connects travellers (those who make travel reservations via our platform) with memorable destinations and trips. Our travellers do not use Booking.com to access news, share strong opinions or influence the behaviour of others (outside of their travel experiences), or post high-risk or harmful user-generated content. As such, the likelihood of illegal content appearing on our platform is limited and the possibility of such content (were it to occur) spreading “rapidly and widely through accounts with a particularly wide reach or other means of amplification” is even more limited (see, Recital 80 of the DSA). 2. We only allow partners that offer travel services on our platform (“supply partners”) and travellers (together, “users”) to upload a limited range of content, and such content is confined to specific areas of the service (like guest reviews for accommodation properties). We do not provide a personalised user-specific homepage with user-generated content or news feed where people continuously post broad ranges of content types. Where travellers or supply partners do upload their own content (e.g., property reviews or content related to the property listings), it must comply with our policies and content moderation processes, which prohibit abusive, discriminatory or otherwise harmful content. As such, our platform is unlikely to be used (or even usable) in ways that contribute to “negative effects on democratic processes, civic discourse and electoral processes, as well as public security” (see, Recital 82 of the DSA). 3. Our travellers spend their time on Booking.com in a focused and targeted way: to search and seamlessly book travel experiences. Our services are not designed to be “binged” and do not organically carry that kind of allure. The nature of our service (as described above) materially limits the possibility of the platform being used for “coordinated disinformation campaigns related to public health, or [in ways that] stimulate behavioural addictions of recipients of the service” (see, Recital 83 of the DSA). 4. Our platform is generally not for use by or of a nature that attracts minors. Our terms and conditions limit the use of our platform to those over the age of 16, and the 4 type of content on our platform is not generally associated with minors or direct harm to minors. 5. Where other risks to society may occur (e.g., cyber fraud, phishing, etc.), they stem largely from abuse or inauthentic use of the service (as opposed to the nature and design of the service) that is not in line with our published terms and conditions. On the basis of our assessment, we believe that our platform and services pose only low risks to society - with the majority of risks assessed presenting only moderate potential impact on individuals. Our internal processes and controls are generally effective at addressing these risks, and the impacts (should such risks materialise) are generally remediable. As noted above and with reference to our values, human rights commitments, and Codes of Conduct, we are constantly working to enhance the experience and safety of our travellers and supply partners. The results of this risk assessment have informed some of our ongoing efforts to ensure the safety and integrity of our platform. Importantly, where necessary, we have adopted or are in the process of adopting further measures, in addition to the many existing safety features and functions we operate, to further mitigate the risks identified. Section 2 - Methodology The DSA requires that we assess the impact of Booking.com in four key risk areas: 1. illegal content; 2. the exercise of fundamental rights; 3. civic discourse, electoral processes, public security; and 4. gender-based violence, physical and mental well-being. We employed a human rights based approach to conduct the systemic risk assessment, grounded in the widely accepted methodology of human rights due diligence under the UN Guiding Principles on Business and Human Rights, which offers an authoritative and trusted methodological framework and thus enabled us to: 1. achieve compliance with both the spirit of and letter of the DSA; 2. achieve a higher quality assessment through the use of a tested and proven methodology; and 3. draw from Booking.com’s broader human rights due diligence activities and experience. 5 We conducted our assessment taking the following steps: First, we took into account the severity of these risks by reference to three key factors: 1. Scope: this refers to the number of our users (or other people) who could be affected by the risk. 2. Scale: this refers to the gravity and significance of the impact as experienced by any individual affected person. 3. Remediability: this refers to any limits on the ability to put those affected back in the situation they were in before the impact. Second, we assessed the probability of each risk materialising (more likely than not), i.e., with respect to any population of people or to a specific individual. For example, the risk that discriminatory content could be visible to any user or a specific individual towards whom the comment or content may be targeted. Last, we determined a combined risk weighting taking into account the severity of each risk and the probability of occurrence. Importantly, our methodology gives severity three times the weight of probability in our assessment of the risk. This is aligned with international human rights standards and approaches and ensures that even if the probability of a risk materialising is low, the risk may nonetheless be given more weight depending on the severity of the impact on the affected individuals. We assessed the risks that Booking.com may pose to EU citizens by analysing a number of risk scenarios designed to give us broad and comprehensive coverage of the areas required by the DSA. We applied our methodology to each risk statement, and have grouped the results into three tiers in descending order of significance - with significance being a combination of severity (the scope of how many people may be affected, the seriousness of any impact and the degree of remediability), and probability (likelihood of the risk materialising). In assessing the severity and probability of the systemic risks identified, we took into account the risk factors listed in Article 34.2 of the DSA, considering their relevance and to what extent they increased and/or reduced the risk. As noted above, we have weighed the severity of impact three times more than probability. As such, the tiering below is primarily driven by the severity (and of that, remediability in particular) of a potential adverse impact and not just by the likelihood or probability (or lack thereof) that the adverse impact will materialise. 6 Tier 1 consists of risks where we assess the nature of an adverse impact as high (factoring severity, scope and probability); with high impacts being those where it is either not possible or particularly challenging to fully remediate the impact. Tier 2 consists of risks where we assess the nature of an adverse impact as moderate - (factoring severity, scope and probability); with moderate impacts being those where the impact can be remediated to a significant degree with only minimal residual impact. Tier 3 consists of risks where we assess the nature of an adverse impact (factoring severity, scope and probability) as low; with low impacts being those where the impact can be fully remediated with no measurable residual impact. Further, we considered how the risk and safety mitigation systems and processes we already have put in place (developed and honed over more than 25 years running our platform) might impact the potential risks identified. We also took into consideration any impact that these mitigation measures would have on other fundamental rights (e.g., the potential impact of a mitigation measure on freedom of speech or expression). Section 3 - “Results” The results of our assessment (reflected in Figures 1 and 2 below) indicate that the design and functioning of Booking.com does not pose significant risks to EU citizens. Importantly, when viewed in the light of other types of platforms that have received VLOP designations from the European Commission, we consider that Booking.com falls well on the low end of the risk spectrum. Nonetheless, ours is a culture of learning and continuous improvement. We routinely use information and experience gleaned from all aspects of our business and our interactions with our stakeholders to build on and improve our products and services. The same is true here. Our DSA risk assessment will inform our DSA compliance journey as well as the steps we will take to further mitigate the risks discussed below. We will report on mitigation measures as required by the DSA in due course. 7 Figure 1 - Results of the risk assessment Figure 2 - Description of risks 8 Tier 1 Fundamental rights Risk that users may engage in discriminatory behaviour towards other users on the platform (non-discrimination) Travellers of the Booking.com platform have only limited interactions with supply partners and ordinarily no direct interaction with other travellers on the platform. Communication or interaction channels are focused on facilitating the travel experience or to conclude a reservation. Booking.com does not have communications channels of the type generally associated with social media and that are conducive to sharing views or opinions that are unrelated to the narrow topic of travel experiences. For instance, we do not provide a personalised user-specific homepage with user-generated content or news feed where people continuously post broad ranges of content types. As such, risks in this area could emanate in only a limited number of ways: ● In our partner-to-guest messaging utility (which allows, for example, a hotel to send messages to a traveller ahead of or during their stay). By having access to demographic details (or information that could be indicative of demographic data such as name or nationality) of a traveller, a supply partner could, potentially, engage in a discriminatory exchange with that traveller (and vice versa) through the partner-to-guest utility. ● In our guest reviews utility. Travellers are able to leave reviews of their travel experiences on our platform and could potentially use inappropriate or discriminatory language in describing people or places. ● In interactions between our employees and our users. Travellers and supply partners may interact with our customer service representatives in addressing their various travel-related needs. It is possible that users engage in potentially discriminatory exchanges with our colleagues or vice versa. Such exchanges and interactions would be in violation of our terms and conditions and, where applicable, our Code of Conduct and Supplier Code of Conduct. 9 Booking.com does not tolerate any form of discrimination - within our company or on our platform. Our Content Standards and Guidelines set out Booking.com's expectations of acceptable content for travellers and supply partners and include specific reference to discriminatory language and hate speech as well as content promoting violence, discriminatory language or hatred against a person or groups. Our terms and conditions for supply partners require them to respect the fundamental rights of customers and to not engage in or allow discrimination. We also have a range of content moderation policies and enforcement options in place. Unfortunately, discriminatory beliefs and values are present in society and are likely to be expressed when bringing together people in the context of travel and tourism. While all users could potentially experience discriminatory behaviour, it is more likely to be directed at people belonging to groups with protected characteristics (e.g., discrimination on the basis of race, colour, ethnicity, nationality, country of origin, religion, sexual orientation, gender, gender identity or expression and marital or familial status, or actual or perceived disability). We have, on some occasions, received reports with allegations of discriminatory behaviour. We take seriously and address any reports of misconduct from travellers or supply partners including allegations of discriminatory behaviour, and take appropriate and proportionate action (including suspension and removal from the platform) where necessary. Users and employees may report discriminatory conduct on the platform via our customer service teams or via the company’s Compliance helpline reporting function. Our Trust and Safety and Content Moderation teams and processes have generally been effective in identifying discrimination on our platform (as expressed via content on the platform) and subsequently removing or addressing such content or conduct (giving regard to key considerations including freedom of speech and expression). That said, content moderation and discrimination detection systems may well have some limitations due to the difficulties in detecting certain types of discriminatory content (e.g., local dialects or symbols). It can also be challenging for automated tooling to determine and analyse the context of a particular exchange. Discriminatory behaviour could have potential to be distressing and harmful for the individual at whom it is directed. Some consequences of discriminatory behaviour may be remediable (e.g., compelling a supply partner to honour the terms of a reservation or removing discriminatory content); but we recognise that the impact of the discriminatory intent and expression, once experienced, can have psychological and other impacts that are difficult to remediate fully or at all. 10 Tier 2 Illegal content Risk of abuse or misuse of service by publishing of listings for fraudulent purposes (content relating to illegal activities) Our standard terms and conditions for our supply partners are designed to ensure that they comply with relevant legal obligations at a minimum. We have extensive content moderation practices and processes designed to identify and remove content within a listing that is likely to mislead, deceive or confuse our travellers. Furthermore, we utilise human and machine intelligence to monitor offerings on our platform and to safeguard its integrity against fraudulent actors. However, fraudsters or purported service providers could seek to abuse our platform for improper purposes. This could include publishing non-existent properties listed for the purpose of extracting fraudulent payments or obtaining traveller details for illicit purposes, or listing properties without the owner’s consent. We conduct risk-based due diligence on our supply partners including having verification methods in place aimed at verifying the location of properties and utilising machine learning models to identify fraudulent properties. Those efforts may, however, be limited by a number of factors including the availability of information against which we validate the location of the properties and reliability of verification methods in some markets. Fraudulent listings may result in some range of harm to travellers - including paying for or arriving at properties that in reality may not exist, incurring additional expenses from having to make replacement travel plans, or inconvenience or other loss of comfort and enjoyment. While we take any impact on our travellers seriously, given the damage suffered here is principally (though not entirely) financial in nature, the harm is generally more remediable than in other areas where psychological or physical impacts could occur. Risk that illegal hate speech may be available on the platform (content that is illegal in itself) Our Content Standards and Guidelines and our Customer Terms of Service set out Booking.com's expectations of what is not acceptable content for travellers and supply partners to include in reviews, images and listings. These guidelines also specifically address 11 hate speech and discriminatory language as well as content promoting violence, discriminatory language or hatred against a person or groups. We have robust systems in place to detect any such harmful content on Booking.com. However, moderation in regards to hate speech can be challenging due to difficulties in detecting this type of content and analysing or accounting for context when using automated tools. The nature of Booking.com as a transaction-focused platform with a specific and narrow focus (travel arrangements) renders the likelihood of travellers or supply partners sharing high-risk illegal content (such as hate speech) lower than on other platforms that are content-focused. The Booking.com service does not ordinarily allow for direct interaction between travellers. However, the mere existence of communication channels on any platform, including Booking.com, presents some possibility of the use of hate speech. Where these types of illegal and harmful content do materialise, the severity of the impact on the traveller may be significant and may not always be fully remediable (e.g., in the case of psychological distress). Risk that child sexual abuse material / sexual exploitation material may be available on the platform (content that is illegal in itself) Booking.com's Content Standards and Guidelines (including our content moderation policy) prohibits content that contains sexually explicit material including content that sexually exploits children or presents them in a sexual manner. We also prohibit content that is deemed legally restricted based on local laws or content that is obscene, offensive or not appropriate for all audiences. We have automated detection mechanisms to moderate images containing nudity and images that are sexual in nature. The likelihood of child sexual abuse material being uploaded to Booking.com is low given the platform’s narrow purpose of offering travel experiences and reservations. In addition, there are limited features on Booking.com that enable the sharing of images. However, we recognize that if it were to occur, the severity of impact on the traveller may be significant and that impact may not always be fully remediable (e.g., in the case of psychological distress). 12 Risk that the platform may be used for the sharing of illegal non-consensual private images (content that is illegal in itself) Booking.com’s content moderation policy prohibits any content of an adult nature - including content that contains sexually explicit material, whether or not consensual. While the nature of Booking.com and its intended use make it unlikely that users of the service would share illegal non-consensual private images on Booking.com, we recognize that if it were to occur, the severity of impact on the traveller may be significant and that impact may not always be fully remediable. Risk of abuse or misuse of the service for human trafficking (content relating to illegal activities / fundamental rights) We are cognizant of the risk that Booking.com may be abused or misused by third parties for the purpose of human trafficking and sexual exploitation, in contravention of our terms and conditions. We have processes in place to mitigate human trafficking risks focused on accommodation providers - including internal human trafficking prevention guidelines, internal and external training and awareness raising efforts, and content moderation guidelines and controls over information that is included in the promotion of service listings on Booking.com. We recognize that harm caused by human trafficking and sexual exploitation, among other illegal practices, is severe, with high degrees of physical and psychological harm. These harms may not be fully remediable. Our assessment has determined that the risk that travellers or supply partners would promote such activities on Booking.com (whether explicitly or surreptitiously) is inherently low, and further reduced by the existing mitigation measures at Booking.com. These are and remain important areas of attention for many companies operating in the hospitality industry and we are committed to continuously evolving our efforts to reduce the risk of the services in our platform being abused or misused for the purpose of human trafficking and sexual exploitation. 13 Fundamental rights Risk of unfair commercial practices due to misleading descriptions, pictures or illegal charges (consumer protection) Booking.com embraces a customer centric culture which places our customers at the centre of everything we do. Additionally, we maintain a broad range of controls and resources designed to prevent unfair practices in line with legal obligations in the EU. These include our team of experienced consumer law and compliance professionals charged with promoting compliance with relevant rules and regulations. The harm associated with unfair commercial practices could range from minor financial impacts to distress caused by travel experiences that do not meet our travellers’ expectations. As such, while still important, we consider that the severity of the impact falls on the lower end of the spectrum and it is likely that most harms will be remediable. We continually adopt best practices and technologies to monitor and meet our obligations to travellers to ensure we remain vigilant with respect to unfair commercial practices. Risk of data breaches (protection of personal data) The nature of the Booking.com service is such that it invites travellers and supply partners to only provide certain personal data (including names, physical or electronic addresses and, in some cases, financial information) that is necessary to complete transactions on the platform. However, data of this nature may be of interest to ill-intentioned actors and cyber attackers, for illicit purposes including fraud. Given the volume of potential transactions on the platform, and the ubiquitous nature of cyber threats in e-commerce generally, there is some likelihood of a digital threat or breach (phishing, malware, etc.) materialising. While risks of this nature could occur in a number of ways, we consider that they generally fall into two categories: ● attempts to compromise our own systems via phishing, malware, human intelligence or other direct attacks on our platform; or ● attempts to obtain traveller or other data indirectly via traveller or partner account take-overs. 14 Booking.com complies with relevant laws designed to protect personal data, but our commitment to data security goes beyond compliance with legal requirements. We regularly enhance our defences against cyber attacks and online fraud attempts by leveraging industry best practices and technologies and have a dedicated team of cyber security professionals led by our Chief Information Security Officer. Our cybersecurity, fraud detection/prevention and data protection measures are generally effective in preventing attacks that seek to compromise our platform or harvest personal data processed within our platform. Additionally, we maintain measures to detect traveller and supply partner account take-overs, including working with and providing education and awareness to partners and travellers on identifying potential attacks and avoiding them. However, even in the event of a breach, the impact is generally remediable - as the harm may in most cases be limited to financial loss. That said, some impacts may be more difficult to remedy (e.g., in cases of identity theft that go beyond immediate or confined financial loss). Risk of unnecessary or disproportionate government data requests (protection of personal data) Booking.com may, from time to time, receive requests for traveller or supply partner data from government authorities (often as part of regulatory enforcement or investigation matters). We comply with relevant laws in the EU and other jurisdictions where we operate while applying a rigorous focus on protecting the personal data as well as the rights and freedoms of users who provide data. We reject requests that cannot be confirmed as legitimate, necessary and proportionate. We employ specific teams, processes and procedures to ensure requests by government authorities are addressed in consideration of lawfulness, data minimization and other privacy principles to safeguard individual rights and freedoms across all users of our platform. While the vast majority of requests we receive come from within the EU, we acknowledge that there can be broad variance in rule of law applications in various countries - including the extent to which requests for information are legitimate, necessary and proportionate. We recognize that data requests from some countries may not comport with these parameters and that such requests, if complied with, may have significant adverse impacts on the user concerned depending on the purposes for which that data is requested. Our dedicated teams are experienced in handling these risks and our processes have proved effective in significantly reducing the likelihood that inappropriate requests will be fulfilled. 15 Risk that the platform may be used for the sharing of highly personal information of users (right to respect for private and family life) Our Customer Terms of Service prohibits conduct that infringes on the privacy rights of any users. Our Guest review removal conditions make clear that Booking.com will not accept any reviews that contain unauthorised information relating to an identified or identifiable natural person. We have content moderation policies and we use automated systems to address the risk of sharing highly personal information of users. The severity of impact on travellers, if their highly personal information were shared on our platform, would vary depending on the nature of the information disclosed. Such impact may generally be remediable by removing the content concerned from the platform. Risks that the platform and its recommender systems may use personal data / aggregated personal data in a way that is not necessary for the stated purpose in the Privacy notices (protection of personal data); or in a way that could result in unjustified discrimination (non-discrimination) Clarity and transparency with respect to how we use our travellers’ and supply partners’ personal data is important to us and to our users. Our user Privacy Statement and the “How we work” section on our website describes the types of personal data collected and how it is used by Booking.com. We rely on certain personal data, such as IP addresses of users browsing our platform, in order to show relevant content such as language and appropriate currency. In order to provide our services, we require certain other personal data such as name and email address and may utilise aggregated personal data for analysis and service improvements. Logged-in users have the option to provide and store additional personal data or preferences in their accounts. However, we do not intentionally collect special categories of personal data (such as racial and ethnic origin, sexual orientation etc., as defined under the GDPR) for use in our recommender systems. In those instances when we may use profiling (as defined under the GDPR) in a recommender system, the user is given the option to opt-out of personalised recommendations. This means the user will view service recommendations without our recommender systems using profiling. While there may be a possibility that aggregate personal data may be used in a way that stretches beyond users’ expectations, the nature of services offered on the platform, and the 16 type of personal data collected about users, means that impact of such use beyond the stated purpose in our user Privacy Statement and the “How we work” section on our website would likely be minimal. In addition, given that we do not currently use special categories of personal data for personalised recommendations, we consider it unlikely that our recommender systems would result in discrimination. Risk that content may be available on the platform promoting discriminatory beliefs, values or harmful stereotypes (non-discrimination) As noted elsewhere in this document, with respect to discriminatory behaviour, discriminatory beliefs and values are present in society and carry some likelihood of expression when bringing together people in the context of travel and tourism. While all users could potentially be recipients of discriminatory behaviour, it is most likely to be directed at people belonging to groups with protected characteristics (e.g. discrimination on the basis of race, colour, ethnicity, nationality, country of origin, religion, sexual orientation, gender, gender identity or expression and marital or familial status, or actual or perceived disability). We have identified instances of discriminatory content on the platform. The instances we have identified more commonly relate to general discriminatory statements directed at a specific group rather than instances of discriminatory behaviour targeted at specific people (covered as a Tier 1 risk). Content moderation, though generally effective, may have some limitations due to the difficulties in detecting certain types of discriminatory content, and for automated efforts to determine and analyse context. However, we continue to ensure our policies are robust, effective and in line with industry best practices (while respecting freedom of speech and expression). We also have enforcement options in place, and our Trust and Safety processes are designed to identify and address discriminatory content on the platform and utilise machine learning systems to detect such content. Risk that content moderation systems may perform less optimally in certain languages potentially resulting in over / under removal of harmful content (non-discrimination) Our content moderation processes utilise machine learning models in 43 different languages to detect inappropriate content. Such content is subsequently reviewed manually either by a native speaker or in the absence of a native speaker, the content is translated to English. Booking.com currently does not have human moderators in every language that the platform supports. As such, the enforcement of our content moderation policies may have some limitations in cases where we do not have a native speaker available, particularly where 17 geographic or cultural context is required and where such context may not be readily captured by machine translation. We recognize that under-removal (i.e., failing to remove content that ought to be removed) could result in some range of harm depending on how harmful the content is (e.g., discriminatory content). The potential harm or impact of over-removal is lower. However, given the transactional (versus user generated content-focused) nature of our platform, the volume of potentially removable content is relatively low and the proportion of users who might be affected by under / over removal of content is similarly low. Risk of harmful misuse of the service by minors (respect for the rights of the child) Booking.com is not intended for use by or directed at minors. Our Customer Terms of Service require users to be at least 16 years old to use the platform. In addition to these terms, there are practical barriers which render our services less accessible to minors. In particular, in order to access many of our services, a credit card or other form of online payment method is required to make a reservation. We consider this reduces the practical risk: these types of payment methods are generally only accessible to persons above the age of 18 in the EU. Despite this, we have measures and policies in place that ensure that only safe and appropriate content is displayed to all users of our services, including minors. The protection of minors online is of critical importance, and the severity of impact on minors from a range of online activities may be high. Children who access online travel platforms like Booking.com to make travel arrangements without adult consent may be doing so in higher risk situations e.g., to engage in dangerous activities like drug use or self-harm. Our assessment indicates that there is low probability of this risk materialising given the minimum age requirement on our platform and the logistical barriers to access (e.g., the payment method required to make a reservation). In rare instances where minors are endangered by using our platform or services, our Trust \& Safety team and relevant processes are designed to respond to such occurrences with higher priority when we are made aware of them. 18 Gender based violence, public health, physical and mental well-being Risk that users may engage in online behaviour that amounts to, incites or encourages gender-based violence (gender-based violence) Our Content Standards and Guidelines and our Customer Terms of Service set out Booking.com's expectations of what is not acceptable content for travellers and supply partners to include in reviews, images and listings. These guidelines also specifically address content promoting violence against a person or groups. Due to the nature of Booking.com as a transactional-focused platform, the likelihood of users engaging in online behaviour that amounts to, incites, condones or encourages gender based violence is lower than on platforms that are content-focused. However, the mere existence of communication channels on any platform, including Booking.com, presents some possibility of such online behaviour. We recognise that if such conduct were to occur, the impact is likely to be significant and difficult to remediate. We maintain a range of content moderation policies and enforcement options as well as an experienced Trust \& Safety team and machine learning to mitigate this risk whenever such behaviour is identified. However, we recognize that moderation may have limitations due to the difficulties in current technology detecting content that may amount to, incite, or encourage gender-based violence, and that there are challenges in analysing or accounting for context when using automated tools. Risk that users may engage in abusive behaviour towards other users on the platform (physical and mental well-being) We maintain a range of content moderation policies and enforcement options in place to mitigate this risk. However, moderation may have limitations due to the difficulties in detecting certain types of abusive content, and analysing or accounting for context when using automated tools. Users of the Booking.com platform have limited opportunities for user-to-user interaction. As such, abusive behaviour towards other users on Booking.com is only possible on specific channels of the platform (for example, in guest reviews or in partner to traveller messaging). We recognise that abusive behaviour can have serious psychological impacts on individuals, 19 particularly when it is specifically directed at a specific person, and can be difficult to remediate fully. Risk that harmful (but legal) content on the platform may impact well-being of users (physical and mental well-being) Our Customer Terms of Service set out what is and is not allowed on the platform, including inappropriate behaviour (e.g., violence, threats or invasion of privacy). Our content moderation policies and guidelines prohibit content that promotes or facilitates serious physical or mental health violence against others. The guidelines also specifically condemn content that promotes violence, discriminatory language or hatred against a person based on who they are, as well as content that harasses, bullies or threatens others or is obscene or offensive or shocking. Due to the nature of Booking.com as a transactional-focused (as opposed to a user-generated content-focused) platform, the likelihood of users sharing legal but harmful content is relatively lower than platforms that are content focused. However, the existence of communication channels on any platform, including Booking.com, presents some possibility for harmful content. Where these types of harmful content do materialise, the severity of the impact on the traveller may be significant and could be more difficult to remediate fully. Booking.com offers reporting mechanisms for travellers to report such content. All reports are addressed and if appropriate, proportionate remedial action is taken. Tier 3 Illegal content Risk that intellectual property may be illegally available on the platform (content that is illegal in itself) By design and nature of operation, Booking.com imposes strict limitations on the type of content that travellers and supply partners can post on the platform. These limitations naturally curtail the posting of content that is protected by intellectual property laws and our content standards and guidelines include specific reference to Intellectual Property. As such, we generally do not encounter intellectual property issues at scale. Where we do, they tend to relate to copyright claims on photographs and we address those through our moderation and related processes. Where this risk materialises, it is very unlikely to severely 20 impact users at scale as any potential harm is more likely to be some financial loss to the intellectual property owner. Such losses are more readily remediable. Risk that content on the platform may constitute illegal defamation (content illegal in itself) Our Customer Terms of Service set out what is and is not allowed on the platform, including inappropriate behaviour (e.g., violence, threats or invasion of privacy). Our content moderation policy also prohibits potentially defamatory statements against individuals. Due to the transactional-focused nature of the Booking.com platform, the likelihood of travellers or supply partners sharing high-risk illegal content (like defamation) is significantly lower than on other platforms that are content-focused which further reduces this risk. With respect to defamation, an added layer of complexity is the non-existence of a harmonised definition across the EU and often the fact that potentially defamatory content requires factual assessment. Risk that content on the platform may promote sale of illegal products and services (e.g. drugs, gambling, underage drinking) (content relating to illegal activities) Our Content Standards and Guidelines prohibit content that is illegal or otherwise restricted under local laws, including content that offers, sells, advertises or facilitates the sale of regulated or restricted goods and services. Our guest review removal conditions stipulate that reviews promoting, supporting or inciting illegal activities will not be made available on the platform and our content moderation policy prohibits such content. We have, on some occasions, identified content on our platform which promotes sale of restricted items through listings, reviews, etc. through our content moderation systems. We take down such content upon identification. While we recognise that the harm caused by different types of illegal products and services or counterfeit goods may vary, such harm is generally remediable (e.g., by removing such content on the platform). 21 Risk that content relating to war crimes, genocide, crimes against humanity or terrorism may be available on the platform (content illegal in itself) Our Content Standards and Guidelines prohibit content promoting hate, or violence, including violence against others on the basis of who they are and content that promotes, facilitates or encourages any kind of violence against others. Booking.com's content moderation policy provides ground for rejecting content that supports, ignores, or trivialises war crimes, genocides, and crimes against humanity. Due to the nature of Booking.com as a transaction-focused platform as opposed to a social media platform, it is highly unlikely that the platform would be used to disseminate such content. In the unlikely event these risks were to materialise, it is equally unlikely to cause significant impact at scale, as any harm may be remediated by removing the content concerned. Fundamental rights Risk that content on the platform may be unjustifiably removed and risk that users are not able to appeal content removals and/or report or appeal potentially violating content (freedom of expression and information) The vast majority of information on Booking.com relates to travel services, and therefore it is unlikely that the removal of content on our site would be considered to harm or materially impact the freedom of speech of users. In addition, we have expanded our mechanisms for appealing content moderation decisions as part of our DSA compliance efforts and further protect freedom of speech of users. Therefore, the likelihood of content being wrongly removed and users wanting to appeal the content removal decision, or of a removal being disproportionate or unnecessary, is low. Risk that the platform may be used for the purposes of stalking (right to respect for private and family life) The transactional nature of the Booking.com platform is such that it is unlikely to be used for stalking. Opportunities for user-to-user interaction are limited and any reviews that contain unauthorised information relating to an identified or identifiable natural person are not allowed under our existing content moderation policies. 22 Risk that services or features on the platform may not function equitably for users with certain disabilities or limited digital literacy (non-discrimination) Our Customer Service team enables accessibility requests to cater for the needs of those with disabilities and digital literacy challenges. We provide options for users of the Booking.com service to identify their preference for seeing listings with accessibility criteria, which reduces the risk of disabled travellers being recommended inappropriate options. Making our platform accessible remains a focus area for us. We have and will continue to make enhancements to our platform for making it more accessible to persons with disabilities or limited digital literacy and will be doing so in line with the requirements of the European Accessibility Act (2025). Risk that platform features (e.g. Customer Service support) may provide inconsistent experience to users across different languages and markets (non-discrimination) Booking.com is available in all official European languages - ensuring equal access to our services across all European markets. We recognise that there may be instances when users who only speak less common languages may have a different experience of using Booking.com than those who speak commonly spoken languages. For example, our Customer Services may not have speakers of all European languages available at all times. However, this risk is only likely to arise in a small number of cases. Where it does arise, given the nature of the Booking.com service, the severity of issues is likely to be on the lower end of the spectrum. Risk that personally identifiable information about a child may become available on the platform (respect for the rights of children) Our policies prohibit unauthorised photographs of young children from being posted where the child is identifiable (e.g., where their face is visible) and the occurrence of such images on Booking.com, in practice, is not common. As noted above in addressing the risk of harmful misuse of the service by minors, Booking.com is not intended for use by children and we do not encourage the sharing of personal information. Very little personally identifiable information on children (e.g., names of room occupants or date of birth when required for flight reservations) is collected by Booking.com. 23 Risk that users may submit reviews containing false information (consumer protection) Accurate and non-misleading reviews of accommodation properties and other travel offerings are an important feature of the Booking.com service. To that end, we have put in place restrictions around who can submit reviews. We have content moderation systems in place to ensure that in the instances it may occur, misleading content is removed from Booking.com. This applies to both reviews submitted by legitimate travellers that may contain false or misleading information as well as reviews submitted by individuals that intend to circumvent our controls by posting reviews without making use of the service subject to the review. In respect of reviews submitted by supply partners, our Content Standards and Guidelines detail that content included in reviews should not mislead, deceive or confuse Booking.com travellers and that supply partners should not impersonate travellers. Commercial / self-promotional content in reviews is not allowed on Booking.com, and is addressed by our moderation teams. Our policies do not permit reviews that contain fake content and we have a number of measures in place to identify and moderate such content. We use machine learning models to detect such reviews and we conduct investigations into suspected violations of our policies. Guest reviews play an important role in aiding the exercise of consumer choice. We take the integrity of the reviews on our platform seriously. Naturally, our assessment confirms that reviews containing false or misleading information may have the effect of misinforming travellers and may contribute to them making particular travel arrangements. Some of that impact is remediable by removing false or misleading reviews. Travel reviews are inherently subjective and thus have some likelihood of inaccuracy. As a check against that risk of inaccuracy, supply partners can proactively challenge reviews that may not seem accurate. The combination of our travel review parameters and the enablement provided to supply partners reduces the likelihood of misleading reviews. Risk that geo-pricing on the platform may result in unjustified discrimination (consumer protection) Customers located in the European Economic Area (EEA) have access to the same content, prices and conditions on Booking.com. This ensures that we remain compliant with various legislations that regulate discriminatory access conditions. 24 Booking.com, however, may show different prices depending on user characteristics other than location. For example, certain supply partners may be able to give targeted discounts to a specific category of customers based on the ‘Genius’ Loyalty Program. Gender based violence, public health, physical and mental well-being Risk that content is available on the platform that glorifies or encourages eating disorders, self harm, or suicide Our Content Standards and Guidelines and our Customer Terms of Service set out Booking.com's expectations of what is not acceptable content for travellers and supply partners to include in reviews, images and listings, and further specify that content and reviews should be travel-related. While we acknowledge that exposure to such content can have serious impacts on the mental and physical well-being of individuals, our assessment has shown that the transaction-focused nature of Booking.com platform renders the probability of such content being available on the platform very low. Risks that are not present on / stemming from the Booking.com platform Our assessment has concluded that the below mentioned list of risks are not present on / do not stem from the design and functioning of the Booking.com platform. Fundamental rights Risk of negative effects on the right to human dignity related to the design, functioning and use of the platform's services and related systems (right to human dignity) The nature of the operation of the Booking.com platform does not reach the threshold for impact on human dignity. No risks reaching that threshold were identified as part of our assessment. Risk of negative effects on freedom and pluralism of the media related to the design, functioning and use of the platform's services and related systems (freedom of expression and information) The information available on Booking.com relates to opportunities to travel and engage in tourism-related activities and is clearly presented in that context. On that basis it is highly 25 unlikely that any such content could be perceived to undermine the freedom and pluralism of the media. Civic discourse, electoral processes, public security Risk of negative effects on civic discourse, electoral processes or public security Our assessment identified no risk in relation to negative effects on civic discourse, electoral processes or public security. Information and services available on the Booking.com platform relate to opportunities to travel and engage in tourism-related activities and are clearly presented in that context. On that basis, it is unlikely that any content or behaviour on Booking.com could have a material effect (let alone a negative effect) on civic discourse, electoral processes or public security. Gender based violence, physical and mental well-being Risk of negative impacts on public health and minors due to design, functioning and use of the platform and related services besides risks previously identified (public health and minors) As the information available and disseminated on Booking.com relates exclusively to opportunities to travel and engage in tourism-related activities and is clearly presented in that context, it is considered highly unlikely that any such content could be linked to negative impacts on the protection of public health or minors. 26 Conclusion As noted at the outset of this document, our risk assessment was conducted taking into account the particular parameters outlined in the DSA and utilising an established framework for assessing impacts on people and society. The exercise was supported by advisors and consultants, including a global non-profit sustainable business network and consultancy. Our assessment and the findings indicate that Booking.com (the platform and the services offered thereon) do not pose significant systemic risks to EU citizens. First, we are a transaction-focused platform and our services are not designed to be binged or addictive. Second, our platform offers limited opportunities for interaction between travellers and we do not provide personalised user-generated homepages or news feeds that allow for dissemination of a broad range of content types. Third, our platform is generally not for use by, or of a nature that appeals to, minors. We recognize, nonetheless, that no online platform that brings people together in the way that we do can operate without encountering any risks. Through our assessment, we have identified a number of potential risks, primarily relating to illegal content and certain fundamental rights with the most prominent risk being the risk that users may engage in discriminatory behaviour towards other users on the platform. Even though prohibited by our terms and conditions and policies, the risks we have identified stem largely from abuse or inauthentic use of our services. By and large, we have existing safety features and functions to address and further mitigate the risks we identified, ranging from content moderation technology and proficiencies to our trust and safety program. Booking.com remains committed to continuously enhancing the integrity and safety of our platform for all users and to contributing to the overall integrity of our industry. We look forward to sharing with the European Commission a report on mitigation measures we plan to take in respect of the risks identified in this report, and as required by the DSA, in due course. 27