Tax Authorities Caught Up
For three years, distributed teams operated in a gray zone. Companies hired remote workers across borders and figured compliance out later (or didn’t). That window is closing fast.
The strongest next step is to pair this viewpoint with EOR comparisons, EOR cost modeling, and term-level clarity in the EOR glossary.
Germany’s tax office now actively audits companies with remote workers in-country, specifically looking for permanent establishment (PE) indicators. The trigger points are predictable: an employee who signs contracts on behalf of the company, an employee with a fixed workspace dedicated to company activities, or an employee who has been performing core business functions in Germany for more than 183 days. Any one of those can create a corporate tax obligation in Germany even if the company has no entity, no office, and no intention of “being” in Germany.
The Netherlands resumed contractor misclassification enforcement after nearly a decade of delays, and the penalties are retroactive. France expanded its definition of “travail dissimule” (hidden work) to cover more remote arrangements where a foreign employer directs work performed on French soil without a local establishment. Australia’s ATO published new guidance on when a foreign company’s remote worker creates a taxable presence, focusing on employees who exercise decision-making authority.
The common thread: tax authorities have moved from “we’ll deal with this later” to “we’re dealing with this now.” Companies that ignored cross-border tax implications for their remote workers in 2023–2024 are receiving audit inquiries in 2026. The cost of retroactive compliance, back taxes, interest, and penalties, is significantly higher than the cost of getting it right upfront.
Contractor Classification Got Stricter
The global crackdown on misclassification intensified across every major hiring market. The ILO’s employment security framework has long argued that disguised employment relationships harm workers and states alike — and national enforcers are finally acting on that position. This isn’t a trend piece; it’s a practical reality that affects budget planning for any company using international contractors.
The Netherlands’ DBA enforcement, delayed since 2016, is now live with real penalties. The Dutch Tax Authority is targeting relationships where contractors work exclusively for one client, follow client-set schedules, and use client-provided tools. Penalties include retroactive employment taxes plus fines that can reach 25–50% of the unpaid amount.
The UK expanded IR35 audits to target tech companies with large contractor pools. HMRC’s approach is straightforward: if a contractor would be an employee under the same terms without the intermediary (their limited company or umbrella), the engagement is inside IR35 and employer NICs apply. Several mid-size tech companies received six-figure assessments in late 2025 for misclassified contractors dating back to 2021–2022.
California continued prosecuting ABC test violations, and the state’s Franchise Tax Board is now cross-referencing 1099 filings with contractor engagement duration data. The ABC test’s “B prong” (the worker performs work outside the usual course of the hiring entity’s business) remains the hardest to pass for tech companies using engineering contractors.
The pattern across jurisdictions: longer-term, exclusive contractor relationships are the primary target. If someone has worked for you full-time for 12+ months with no other clients, the classification risk is high in virtually every developed market. The “independent” in independent contractor means something, and if the reality of the relationship contradicts the label, tax authorities are now equipped and motivated to reclassify.
The practical impact: companies that relied on contractors for cost flexibility are being forced to convert workers to employee status or face penalties. EOR providers report a 30–40% increase in contractor-to-employee conversions since mid-2025. Deel processes several thousand conversions per quarter. Remote built a dedicated conversion workflow into their platform. The conversion trend isn’t slowing down.
What Actually Changed This Year
Three specific regulatory developments that affect distributed teams right now, not in theory, but in the form of active enforcement and new reporting obligations.
OECD digital economy guidance
The OECD published updated guidance on taxing the digital economy that several countries are adopting into domestic law. The key change: the guidance narrows the safe harbors for remote workers creating taxable nexus. Previously, a single remote employee in a country was unlikely to trigger corporate tax obligations if they weren’t signing contracts or making binding decisions. The updated framework expands the definition of “dependent agent” to include employees who habitually play a principal role in contract negotiation, even if they don’t have formal signing authority.
For companies with senior salespeople, account managers, or business development leads working remotely in countries where the company has no entity, this is a material change. A VP of Sales working from Lisbon who negotiates deal terms with European clients could create a PE in Portugal under the updated guidance, even if someone in headquarters signs the final contract.
DAC7 reporting across Europe
Multiple EU countries implemented the DAC7 directive requiring digital platforms to report contractor payment data to tax authorities. If you’re paying contractors through platforms like Deel, Remote, or Multiplier, that payment data (contractor identity, payment amounts, dates, and your company details) is now visible to tax offices across 27 EU member states plus the UK under a parallel arrangement.
The practical consequence: contractors who underreported income from platform-facilitated payments will be caught. Companies that paid contractors in EU countries without considering local tax withholding obligations will show up in cross-referenced data. DAC7 doesn’t change the law. It gives tax authorities the data to enforce laws that were already on the books.
If you’re paying contractors in Europe through any platform, assume the local tax authority knows exactly how much you paid, to whom, and when. Plan accordingly.
Social security coordination complexity
The EU’s updated posting rules require employers to obtain A1 certificates for any employee working temporarily in another EU member state. The certificate proves the employee remains covered by their home country’s social security system and prevents double contributions. Enforcement is tightening, and employees stopped at border-adjacent worksites or flagged in social security audits without a valid A1 certificate expose their employer to retroactive social security payments in both countries.
The complication for EOR-employed workers: the EOR’s entity in Country A is the employer, but the employee works temporarily in Country B. The EOR needs to obtain the A1 certificate, but many providers don’t proactively manage this for short-term travel or workation scenarios. If your EOR-employed team members travel between EU countries for work, confirm whether your provider handles A1 certificates or if you need to request them case by case.
What to Do About It
Audit your current setup. Map every worker by country, classification (employee vs. contractor), and whether you have an entity or EOR in place. Flag any contractor who’s worked exclusively for you for 6+ months. That’s your highest-risk category.
For high-risk contractors, convert them to employee status through an EOR before a tax authority does it for you. Voluntary reclassification costs the EOR platform fee plus employer taxes going forward. Involuntary reclassification costs retroactive taxes, interest, penalties, and potentially legal fees to contest the assessment. The math is straightforward.
For remote employees in countries where you have no entity, run a PE risk assessment. The questions are specific: Does this employee sign or negotiate contracts? Do they have a fixed workspace? Have they been there for more than 183 days? If the answer to any of those is yes, talk to a tax advisor about your exposure before the local authority sends you a letter.
Review your EOR provider’s compliance monitoring capabilities. The better providers (Deel, Remote, Rippling) flag PE risk indicators in their platform and alert you when an employee’s work pattern creates potential tax exposure. If your current provider doesn’t do this, you’re flying blind in an enforcement environment that’s actively looking for you.
The era of “hire anywhere, worry later” is over. The compliance cost of distributed teams is now a line item, not an afterthought. Budget for it, manage it proactively, or pay significantly more when an authority catches up.
To move from strategy to execution, use remote jobs by country and benchmark provider options in EOR comparisons.
Further Reading
- Contractor vs. Employee: Classification Guide — How to determine worker status and avoid misclassification penalties across jurisdictions
- Hiring in Germany — Employment law, PE risk factors, and tax obligations for remote workers in Germany
- Hiring in the United Kingdom — IR35 rules, employer costs, and EOR considerations for the UK
- Hiring in the United States — Federal and state classification rules, tax obligations, and contractor enforcement trends
- Remote Review — How Remote handles compliance monitoring, PE risk alerts, and contractor-to-employee conversions
- Compare EOR providers
- Read Deel review
Was this page helpful?
Tell us or send a correction.