EOR Legal Issues: 10 Risks Every Employer Must Know

If you’re considering working with an employer of record (EOR), you need to understand the legal issues that can arise — even when using a reputable provider.

This guide covers the most critical EOR legal risks, with country-specific examples and a practical checklist to help you evaluate providers. With the right due diligence, you can mitigate these risks and find an EOR that meets your compliance requirements.

Employer of record arrangements are legal structures in which a company acts as the employer for workers who are not formally employed by your business. EOR providers are typically knowledgeable about legal risk in the countries they operate — but that does not mean you should skip due diligence. Here are the legal risks to be aware of.

1. EORs Need Specialized Legal Expertise in Each Country

EOR providers need specialized legal expertise in every country where they operate to navigate local employment laws, manage payroll and benefits, and handle employee-related legal issues.

This may involve obtaining visas and work permits for foreign employees, negotiating employment contracts, and handling tax and payroll issues. EOR providers also need knowledge of labor laws, employee benefits, and employment disputes to effectively assist their clients.

Country-specific rules create significant variation. For example, Sweden and Germany both have laws that impact hiring through an EOR. In both countries, hiring an employee through an EOR is considered “employee leasing,” and each country has rules that determine how long you can “lease” an employee for before you must establish your own entity.

In Germany, the Arbeitnehmerüberlassungsgesetz (AÜG) limits the duration of employee leasing to 18 months, after which the employee must be hired directly by the client company. Sweden has similar restrictions under its staffing agency regulations.

2. Aggregator vs. Direct Entity: Not All EORs Operate the Same Way

This is one of the most overlooked legal risks. Many EOR providers claim to have direct in-country expertise — meaning they have their own local entities and staff — but this may not always be the case.

Some providers operate as aggregators, using a network of third-party partners and local vendors rather than their own entities. This means the company legally employing your team may be several steps removed from the brand you signed with. Others have a direct entity model with owned local subsidiaries.

Aggregator models create real risks: inconsistent service quality, unclear liability chains during disputes, and uneven employee support across countries. A team in Germany might get fast, knowledgeable help while your Brazil team waits days for responses from a subcontractor.

It is important for organizations to verify the local presence and expertise of an EOR provider. Ask directly whether they own their entities or use partners, and request documentation. Those with direct in-country expertise typically offer more reliable tax reporting and compliance.

3. Some Countries Have Outlawed or Restricted EOR Arrangements

While EORs are perfectly legal in most countries, some jurisdictions have outlawed or heavily regulated these arrangements due to concerns about worker rights and employment law compliance.

Mexico: EOR arrangements are now largely impossible due to legal changes implemented in 2021 under the outsourcing reform (Ley Federal del Trabajo). Companies can no longer use third-party employers for their core business activities. Only specialized services outside the company’s main business purpose can be outsourced.

The Philippines: The Philippines has long prohibited EOR arrangements under its labor code. The Department of Labor and Employment (DOLE) has taken an increasingly aggressive enforcement stance, with stricter penalties for companies that use EOR arrangements to evade employer responsibilities.

Singapore: Singapore has tightened regulations on foreign hires through EOR arrangements, requiring more scrutiny of the actual employer-employee relationship.

Both Mexico and the Philippines enacted these restrictions to protect workers’ rights and ensure companies are held accountable for complying with employment laws. If you’re hiring remote workers from a country where EOR arrangements are restricted, discuss the legal landscape with your EOR’s legal team before proceeding.

4. Using an EOR Does Not Eliminate Permanent Establishment (PE) Risks

A permanent establishment (PE) is a fixed place of business through which a company carries on its business activities. If a company has a PE in a foreign country, it may be subject to corporate tax on income and profits generated through that PE. For more on tax risks of permanent establishment, see our permanent establishment guide.

EOR arrangements can create risks related to the potential creation of a PE. If the EOR is deemed to be acting as an agent for your company, or if employees are deemed to be working under your direction, your company may be considered the actual employer and subject to taxes associated with having a PE in that country.

The risk increases based on several factors:

• The number of employees hired through the EOR in a single country
• The duration of their employment (longer engagements increase PE risk)
• The type of work being carried out (revenue-generating activities are higher risk)
• Whether your managers exercise operational control while visiting the country
• The presence of independent contractors alongside EOR employees

Example: A U.S. company uses an EOR for a sales team in Germany. The VP of Sales conducts reviews, approves payouts, and negotiates contracts during visits to Germany. Tax authorities could argue that operational control exists in Germany, creating PE exposure and subjecting the company to German corporate tax — regardless of the EOR arrangement.

It is critical to understand the potential risks and obligations associated with having a PE in a foreign country and to seek legal advice as necessary. Read more about EOR tax implications.

5. Co-Employment Risks Persist Even with an EOR

Co-employment risks refer to the potential legal and compliance issues that arise when two entities share responsibility for an employee. Even if your EOR is the legal employer of your employee, you may still be deemed a co-employer in a court case or regulatory investigation.

In the context of using an EOR to hire workers internationally, co-employment risks may include:

• Liability for local HR, payroll, and tax withholding requirements
• Potential breaches of the employment contract between the EOR and the worker
• Shared liability for workplace safety violations
• Exposure during wrongful termination claims

Some countries have strict regulations around co-employment. France and South Africa consider certain co-employment arrangements illegal. The UK has cracked down on “umbrella companies” that blur employer responsibility lines.

To mitigate co-employment risks, carefully evaluate employment partners and understand the nature of the employment arrangement — including whether the EOR is the sole legal employer or if co-employment is involved. Clear contractual delineation of responsibilities is essential.

6. Data Protection and Privacy Compliance

When you use an EOR, the provider handles sensitive employee data — personal identification, payroll information, tax records, bank details, and more. Weaknesses in data protection practices can lead to serious breaches, especially in regions with strict privacy laws like the EU’s GDPR.

Key data protection risks include:

• GDPR compliance: If your EOR processes data of EU-based employees, both you and the EOR may be considered data controllers or processors under GDPR. Non-compliance can result in fines of up to €20 million or 4% of global annual turnover.
• Subcontractor data handling: Aggregator-model EORs that use third-party partners may lack proper data processing agreements with those subcontractors, creating gaps in data protection.
• Data residency requirements: Some countries require employee data to be stored within their borders. If your EOR uses centralized servers in a different jurisdiction, this may violate local data residency laws.
• Cross-border data transfers: Transferring employee data between countries requires appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Ask any prospective EOR about their data protection certifications (ISO 27001, SOC 2), data residency policies, and how they handle cross-border transfers.

7. Intellectual Property Ownership Gaps

Intellectual property (IP) ownership is a frequently overlooked legal risk when using an EOR. Without clear IP assignment clauses in the employment contract, work created by an EOR-employed worker may legally belong to the EOR — not your company.

IP ownership risks include:

• Invention and patent rights: In many countries, employment contracts default to the employer owning employee inventions. If the EOR is the legal employer, they may own the IP unless explicitly assigned to you.
• Copyright ownership: Similarly, copyright in work produced during employment typically belongs to the employer of record by default.
• M&A complications: Unclear IP ownership becomes a significant problem during mergers, acquisitions, or investment due diligence.

Review EOR contracts carefully to ensure they include robust IP assignment provisions. The contract should specify that all IP created by employees hired through the EOR is automatically assigned to your company. Seek legal advice to ensure IP protection across different jurisdictions.

8. Contractor Misclassification Is Not Always Covered

Contractor misclassification refers to the risk that a worker classified as an independent contractor may be reclassified as an employee by a government agency or court. This can happen if the worker does not meet the criteria for independent contractor status under local law.

The consequences of misclassification are severe:

• Fines and penalties — California alone imposes penalties exceeding $25,000 per violation
• Back taxes, unpaid benefits, and retroactive wage obligations
• Employment law compliance failures related to wage and hour requirements

EOR providers typically offer services that help companies avoid misclassification, such as guidance on employment laws and assistance with proper worker classification. However, this service is not always included in EOR packages and may come at an additional cost.

Evaluate your need for misclassification protection and confirm it is explicitly included in your EOR agreement. If you’re converting existing contractors to EOR employees, make sure the EOR handles the transition compliantly.

9. Financial Risks: Hidden Fees and Payroll Failures

Beyond legal and compliance risks, EOR arrangements carry financial risks that can impact your bottom line:

• Hidden fees: Not all EOR providers are transparent about pricing. Watch for charges related to onboarding, offboarding, currency conversions, benefit administration, and compliance filings that may not appear in the headline rate.
• Currency markups: Some EORs add undisclosed exchange rate markups when paying employees in foreign currencies. These can add 1-3% or more to your actual costs.
• Payroll errors: Late salaries, incorrect tax deductions, or missed benefit payments damage employee trust and can expose your company to legal liability — especially in co-employment jurisdictions where errors by the EOR may still fall back on you.
• Cost escalation at scale: EOR services are priced per-employee. While manageable for small teams, this becomes expensive as headcount grows. For businesses planning long-term operations in a region, setting up a local entity may eventually be more cost-effective.

Request a complete fee breakdown before signing with any EOR, and compare total cost of ownership across providers.

10. Provider Stability and Business Continuity Risk

If your EOR goes bankrupt, exits a market, or suffers a major operational outage, payroll, benefits, and compliance filings can stall — but your employees still expect everything to run on time.

The EOR market has seen significant consolidation and market exits in recent years. Companies that skip financial and operational due diligence on their provider often face:

• Payroll disruptions and delayed salary payments
• Lost employment records and compliance documentation
• Gaps in benefits coverage and insurance
• Difficulty transferring employees to a new provider

Evaluate your EOR’s financial stability before signing. Ask about their funding, years in operation, client base, and what happens to your employees if the provider exits a market. A transition plan should be part of your agreement.

EOR Due Diligence Checklist

Before selecting an EOR provider, work through this checklist to mitigate the legal risks covered above:

• ☑ Does the EOR own its entities in your target countries, or does it use partners?
• ☑ Are employment contracts reviewed by local legal counsel in each country?
• ☑ Does the EOR carry adequate professional liability insurance?
• ☑ Are IP assignment clauses included in all employment contracts?
• ☑ Is misclassification protection explicitly included in the service?
• ☑ Does the EOR hold data protection certifications (ISO 27001, SOC 2)?
• ☑ Is the pricing model fully transparent, with no hidden fees?
• ☑ What is the EOR’s process for handling regulatory changes in-country?
• ☑ Does the agreement include a business continuity and transition plan?
• ☑ Can the EOR provide references from clients in your industry and target countries?

For a broader comparison of providers, see our guide on choosing the right EOR for your business and our breakdown of EOR service costs.

Recommended EORs

---

---

---

---