EOR Legal Issues: 10 Risks Every Employer Must Know (2026)

Employer of record legal issues affect every company hiring internationally through a third-party employer — from misclassification penalties exceeding $25,000 per violation in California, to permanent establishment tax exposure in Germany, to outright EOR prohibitions in Mexico. Understanding these risks before you sign an EOR contract is the difference between compliant global hiring and costly legal exposure. For the complete list of employment tasks an EOR handles, see our guide on employment tasks an employer of record handles.

This guide covers the 10 most critical employer of record legal issues, including whether an EOR can sponsor work visas, which countries restrict or prohibit EOR arrangements, and a due diligence checklist to evaluate providers. See our PEO vs EOR comparison for the model differences and our guide on EOR benefits and limitations.

An employer of record is a legal entity that serves as the official employer for workers you direct day-to-day — handling payroll, tax withholding, benefits, and compliance in countries where you don’t have your own entity. EOR providers carry legal responsibility for employment compliance, but your company retains liability for co-employment claims, permanent establishment exposure, IP ownership gaps, and data protection violations. Here are the specific legal risks to evaluate. are legal structures in which a company acts as the employer for workers who are not formally employed by your business. EOR providers are typically knowledgeable about legal risk in the countries they operate — but that does not mean you should skip due diligence. Here are the legal risks to be aware of.

1. EORs Need Specialized Legal Expertise in Each Country

EOR providers need specialized legal expertise in every country where they operate to navigate local employment laws, manage payroll and benefits, and handle employee-related legal issues.

This may involve obtaining visas and work permits for foreign employees, negotiating employment contracts, and handling tax and payroll issues. EOR providers also need knowledge of labor laws, employee benefits, and employment disputes to effectively assist their clients.

Country-specific rules create significant variation. For example, Sweden and Germany both have laws that impact hiring through an EOR. In both countries, hiring an employee through an EOR is considered “employee leasing,” and each country has rules that determine how long you can “lease” an employee for before you must establish your own entity.

In Germany, the Arbeitnehmerüberlassungsgesetz (AÜG) limits the duration of employee leasing to 18 months, after which the employee must be hired directly by the client company. Sweden has similar restrictions under its staffing agency regulations.

2. Aggregator vs. Direct Entity: Not All EORs Operate the Same Way

This is one of the most overlooked legal risks. Many EOR providers claim to have direct in-country expertise — meaning they have their own local entities and staff — but this may not always be the case.

Some providers operate as aggregators, using a network of third-party partners and local vendors rather than their own entities. This means the company legally employing your team may be several steps removed from the brand you signed with. Others have a direct entity model with owned local subsidiaries.

Aggregator models create real risks: inconsistent service quality, unclear liability chains during disputes, and uneven employee support across countries. A team in Germany might get fast, knowledgeable help while your Brazil team waits days for responses from a subcontractor.

It is important for organizations to verify the local presence and expertise of an EOR provider. Ask directly whether they own their entities or use partners, and request documentation. Those with direct in-country expertise typically offer more reliable tax reporting and compliance.

3. Some Countries Have Outlawed or Restricted EOR Arrangements

While EORs are perfectly legal in most countries, some jurisdictions have outlawed or heavily regulated these arrangements due to concerns about worker rights and employment law compliance.

Mexico: EOR arrangements are now largely impossible due to legal changes implemented in 2021 under the outsourcing reform (Ley Federal del Trabajo). Companies can no longer use third-party employers for their core business activities. Only specialized services outside the company’s main business purpose can be outsourced.

The Philippines: The Philippines has long prohibited EOR arrangements under its labor code. The Department of Labor and Employment (DOLE) has taken an increasingly aggressive enforcement stance, with stricter penalties for companies that use EOR arrangements to evade employer responsibilities.

Singapore: Singapore has tightened regulations on foreign hires through EOR arrangements, requiring more scrutiny of the actual employer-employee relationship.

Both Mexico and the Philippines enacted these restrictions to protect workers’ rights and ensure companies are held accountable for complying with employment laws. If you’re hiring remote workers from a country where EOR arrangements are restricted, discuss the legal landscape with your EOR’s legal team before proceeding.

4. Using an EOR Does Not Eliminate Permanent Establishment (PE) Risks

A permanent establishment (PE) is a fixed place of business through which a company carries on its business activities. If a company has a PE in a foreign country, it may be subject to corporate tax on income and profits generated through that PE. For more on tax risks of permanent establishment, see our permanent establishment guide.

EOR arrangements can create risks related to the potential creation of a PE. If the EOR is deemed to be acting as an agent for your company, or if employees are deemed to be working under your direction, your company may be considered the actual employer and subject to taxes associated with having a PE in that country.

The risk increases based on several factors:

• The number of employees hired through the EOR in a single country
• The duration of their employment (longer engagements increase PE risk)
• The type of work being carried out (revenue-generating activities are higher risk)
• Whether your managers exercise operational control while visiting the country
• The presence of independent contractors alongside EOR employees

Example: A U.S. company uses an EOR for a sales team in Germany. The VP of Sales conducts reviews, approves payouts, and negotiates contracts during visits to Germany. Tax authorities could argue that operational control exists in Germany, creating PE exposure and subjecting the company to German corporate tax — regardless of the EOR arrangement.

It is critical to understand the potential risks and obligations associated with having a PE in a foreign country and to seek legal advice as necessary. Read more about EOR tax implications.

5. Co-Employment Risks Persist Even with an EOR

Co-employment risks refer to the potential legal and compliance issues that arise when two entities share responsibility for an employee. Even if your EOR is the legal employer of your employee, you may still be deemed a co-employer in a court case or regulatory investigation.

In the context of using an EOR to hire workers internationally, co-employment risks may include:

• Liability for local HR, payroll, and tax withholding requirements
• Potential breaches of the employment contract between the EOR and the worker
• Shared liability for workplace safety violations
• Exposure during wrongful termination claims

Some countries have strict regulations around co-employment. France and South Africa consider certain co-employment arrangements illegal. The UK has cracked down on “umbrella companies” that blur employer responsibility lines.

To mitigate co-employment risks, carefully evaluate employment partners and understand the nature of the employment arrangement — including whether the EOR is the sole legal employer or if co-employment is involved. Clear contractual delineation of responsibilities is essential.

6. Data Protection and Privacy Compliance

When you use an EOR, the provider handles sensitive employee data — personal identification, payroll information, tax records, bank details, and more. Weaknesses in data protection practices can lead to serious breaches, especially in regions with strict privacy laws like the EU’s GDPR.

Key data protection risks include:

• GDPR compliance: If your EOR processes data of EU-based employees, both you and the EOR may be considered data controllers or processors under GDPR. Non-compliance can result in fines of up to €20 million or 4% of global annual turnover.
• Subcontractor data handling: Aggregator-model EORs that use third-party partners may lack proper data processing agreements with those subcontractors, creating gaps in data protection.
• Data residency requirements: Some countries require employee data to be stored within their borders. If your EOR uses centralized servers in a different jurisdiction, this may violate local data residency laws.
• Cross-border data transfers: Transferring employee data between countries requires appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Ask any prospective EOR about their data protection certifications (ISO 27001, SOC 2), data residency policies, and how they handle cross-border transfers.

7. Intellectual Property Ownership Gaps

Intellectual property (IP) ownership is a frequently overlooked legal risk when using an EOR. Without clear IP assignment clauses in the employment contract, work created by an EOR-employed worker may legally belong to the EOR — not your company.

IP ownership risks include:

• Invention and patent rights: In many countries, employment contracts default to the employer owning employee inventions. If the EOR is the legal employer, they may own the IP unless explicitly assigned to you.
• Copyright ownership: Similarly, copyright in work produced during employment typically belongs to the employer of record by default.
• M&A complications: Unclear IP ownership becomes a significant problem during mergers, acquisitions, or investment due diligence.

Review EOR contracts carefully to ensure they include robust IP assignment provisions. The contract should specify that all IP created by employees hired through the EOR is automatically assigned to your company. Seek legal advice to ensure IP protection across different jurisdictions.

8. Contractor Misclassification Is Not Always Covered by EOR Providers

Employer of record misclassification risk — the possibility that a worker classified as an independent contractor is reclassified as an employee — is one of the most expensive legal issues EOR users face. When a government agency or court determines that a contractor should have been an employee, the penalties fall on your company, not the EOR.

The financial consequences of misclassification are severe and specific:

• Fines and penalties: California imposes penalties exceeding $25,000 per violation under AB5. The UK’s IR35 framework can impose back-tax liabilities of up to 100% of unpaid taxes plus penalties.
• Back taxes and retroactive benefits: Misclassified workers may be entitled to unpaid wages, overtime, health insurance, retirement contributions, and paid leave — retroactively.
• Compliance failures: Wage and hour violations, failure to provide mandatory benefits, and incorrect tax withholding can trigger regulatory audits across multiple jurisdictions simultaneously.

EOR providers typically offer misclassification protection services, but this coverage is not always included in standard EOR packages. Some charge an additional 10-20% premium for misclassification insurance. Before signing, confirm that your EOR agreement explicitly includes misclassification protection and specifies which jurisdictions it covers.

If you’re converting existing contractors to EOR employees, ensure the EOR manages the transition compliantly — including proper contract termination, tax reclassification, and benefits enrollment from the correct start date.

9. Financial Risks: Hidden Fees and Payroll Failures

Beyond legal and compliance risks, EOR arrangements carry financial risks that can impact your bottom line:

• Hidden fees: Not all EOR providers are transparent about pricing. Watch for charges related to onboarding, offboarding, currency conversions, benefit administration, and compliance filings that may not appear in the headline rate.
• Currency markups: Some EORs add undisclosed exchange rate markups when paying employees in foreign currencies. These can add 1-3% or more to your actual costs.
• Payroll errors: Late salaries, incorrect tax deductions, or missed benefit payments damage employee trust and can expose your company to legal liability — especially in co-employment jurisdictions where errors by the EOR may still fall back on you.
• Cost escalation at scale: EOR services are priced per-employee. While manageable for small teams, this becomes expensive as headcount grows. For businesses planning long-term operations in a region, setting up a local entity may eventually be more cost-effective.

Request a complete fee breakdown before signing with any EOR, and compare total cost of ownership across providers.

10. Provider Stability and Business Continuity Risk

If your EOR goes bankrupt, exits a market, or suffers a major operational outage, payroll, benefits, and compliance filings can stall — but your employees still expect everything to run on time.

The EOR market has seen significant consolidation and market exits in recent years. Companies that skip financial and operational due diligence on their provider often face:

• Payroll disruptions and delayed salary payments
• Lost employment records and compliance documentation
• Gaps in benefits coverage and insurance
• Difficulty transferring employees to a new provider

Evaluate your EOR’s financial stability before signing. Ask about their funding, years in operation, client base, and what happens to your employees if the provider exits a market. A transition plan should be part of your agreement.

EOR Legal Status by Country — Where EOR Arrangements Are Restricted

Employer of record legal issues vary significantly by jurisdiction. While EOR arrangements operate legally in most countries, several key markets restrict or prohibit third-party employment. Understanding the legal status in your target country before signing an EOR contract prevents costly compliance failures.

The following countries have known restrictions on EOR arrangements:

• Mexico: The 2021 outsourcing reform (Ley Federal del Trabajo) effectively banned EOR arrangements for core business activities. Companies can only outsource specialized services unrelated to their main business purpose. Violations carry fines of 2,000 to 25,000 times the daily minimum wage — up to $250,000 USD per violation.
• The Philippines: The labor code prohibits EOR arrangements. DOLE enforcement has intensified, with penalties including imprisonment of 2-4 months or fines of 10,000-50,000 PHP per violation.
• Singapore: Tightened regulations on foreign hires through EOR arrangements require scrutiny of the actual employer-employee relationship. The Ministry of Manpower can reject Employment Pass applications if the EOR arrangement appears to circumvent local hiring rules.
• China: EOR arrangements operate in a legal gray area. The Ministry of Human Resources has issued directives restricting third-party labor dispatch, limiting it to temporary, auxiliary, or substitute positions with a 10% workforce cap.
• Vietnam: Labor dispatch is restricted to temporary positions under 12 months, and dispatch workers cannot exceed 20% of total workforce. Direct employment or a local entity is required for permanent hires.
• Saudi Arabia: The Saudization policy (Nitaqat) requires companies to meet Saudi national employment quotas. EOR arrangements that don’t contribute to Nitaqat targets face restrictions on work permits and visas.

For a full breakdown of where EOR is legal and where it’s restricted, see our guide on whether an employer of record is legal and our resource on EOR visa sponsorship capabilities.

Legal Protections for Companies Using an Employer of Record

Despite the employer of record legal issues covered above, EOR arrangements also provide meaningful legal protections that reduce risk compared to hiring without any employment structure. Understanding these protections helps you weigh whether an EOR is the right choice for your situation.

Compliance transfer: The EOR assumes legal responsibility for employment compliance — tax withholding, social security contributions, mandatory benefits, and local labor law adherence. In countries where the EOR holds its own entity, this transfers the primary compliance burden away from your company. According to NAPEO data, companies using professional employer organizations (which operate similarly to EORs) report 30% fewer compliance violations than those managing international employment independently.

Employment contract enforcement: EOR providers draft and maintain employment contracts that comply with local labor law, including mandatory notice periods, severance requirements, and termination procedures. This reduces the risk of wrongful termination claims falling back on your company.

Tax and payroll compliance: A legitimate EOR with owned entities handles all payroll tax calculations, social security contributions, and statutory deductions in each country. This eliminates the risk of calculation errors that could trigger tax audits — provided the EOR operates its own entities rather than subcontracting to local partners.

Insurance coverage: Most established EOR providers carry professional liability insurance, errors and omissions coverage, and workers’ compensation insurance. Verify these protections are in your agreement and confirm the coverage limits meet your risk tolerance.

For more on the protective benefits of EOR arrangements, see our guide on the benefits of using an employer of record.

When to Avoid an EOR Arrangement Entirely

Not every international hiring scenario calls for an employer of record. In some cases, the legal issues and financial costs outweigh the convenience. Here are four situations where you should skip the EOR and consider alternatives:

• Long-term, high-headcount presence in a single country: If you’re hiring 10+ employees in one country and planning to stay for more than 2 years, establishing your own entity is typically more cost-effective. EOR per-employee pricing ($500-$2,000/month) compounds quickly — a 20-person team can cost $120,000-$480,000 annually in EOR fees alone versus $25,000-$100,000 in one-time entity setup costs. See our EOR cost breakdown for the full analysis.
• Countries where EOR is restricted or prohibited: As covered above, Mexico, the Philippines, and other jurisdictions restrict or ban EOR arrangements. Using an EOR in these markets exposes your company to fines and legal action. Set up a local entity or use a PEO arrangement where legally permitted instead.
• High IP-sensitivity roles: Engineers, researchers, and creative professionals generating valuable intellectual property should be hired through your own entity whenever possible. EOR contracts may have IP assignment gaps that leave your company exposed during M&A due diligence or patent disputes. See our section on IP ownership risks above.
• Executive and leadership positions: Senior roles with decision-making authority, equity compensation, and board-level responsibilities create co-employment and permanent establishment risks that EOR arrangements may not adequately address. Direct employment through your own entity provides cleaner legal separation.

For guidance on whether an EOR makes sense for your situation, see our guide to determining if you need an EOR and our EOR evaluation framework.

EOR Due Diligence Checklist

Before selecting an EOR provider, work through this checklist to mitigate the legal risks covered above:

• ☑ Does the EOR own its entities in your target countries, or does it use partners?
• ☑ Are employment contracts reviewed by local legal counsel in each country?
• ☑ Does the EOR carry adequate professional liability insurance?
• ☑ Are IP assignment clauses included in all employment contracts?
• ☑ Is misclassification protection explicitly included in the service?
• ☑ Does the EOR hold data protection certifications (ISO 27001, SOC 2)?
• ☑ Is the pricing model fully transparent, with no hidden fees?
• ☑ What is the EOR’s process for handling regulatory changes in-country?
• ☑ Does the agreement include a business continuity and transition plan?
• ☑ Can the EOR provide references from clients in your industry and target countries?

For a broader comparison of providers, see our guide on choosing the right EOR for your business and our breakdown of EOR service costs.

Recommended EORs

---

---

---

---