Who Is Legally Responsible When You Hire Through an EOR?

Why Legal Responsibility Confusion Creates Compliance Risk

When companies hire through an EOR, they assume the EOR handles "everything legal." This oversimplification creates dangerous gaps.

Employer of Record means the EOR becomes the legal employer on paper. They sign employment contracts, process payroll, withhold taxes, and manage statutory benefits. But the client company retains significant responsibilities: directing work, managing performance, maintaining workplace policies, and protecting intellectual property.

The confusion happens because responsibilities don't align with intuition. You manage the employee day-to-day but don't employ them legally. The EOR employs them legally but doesn't control their work. This split creates a grey area where critical responsibilities can fall through the cracks.

When responsibilities are unclear, compliance failures compound. The EOR assumes you're handling work direction and IP assignments. You assume the EOR is managing termination procedures and data privacy. Neither party owns the full picture, and gaps emerge.

The consequences are real: employment lawsuits naming the wrong party, intellectual property disputes over ownership, data breaches due to unclear responsibility for security policies, tax audits revealing withholding errors, and regulatory violations that both parties assumed the other was preventing.

This guide clarifies exactly which legal responsibilities sit with the EOR, which remain with your company, and which require coordination between both parties. Understanding this split is essential for compliance management and risk mitigation.

TL;DR

The EOR owns:

• Legal employer status and employment contracts
• Payroll processing, tax withholding, and remittance
• Statutory benefits administration (health insurance, pensions, social security)
• Employment law compliance in the local jurisdiction
• Work permits and visa sponsorship (where applicable)
• Formal termination procedures and severance calculations
• Government reporting and employer registrations

Your company owns:

• Day-to-day work direction and management
• Performance feedback and improvement plans
• Intellectual property assignments and confidentiality agreements
• Workplace conduct policies and code of conduct enforcement
• Data security and privacy compliance for systems employees access
• Business strategy, priorities, and operational decisions
• Decision to hire, promote, or terminate (communicated through EOR)

Shared responsibilities requiring coordination:

• Termination execution (you decide, EOR implements legally)
• Employee onboarding (EOR handles contracts, you handle systems access)
• Benefits beyond statutory minimums (you choose, EOR administers)
• Compliance training (EOR provides employment law training, you provide role-specific training)
• Employee disputes (EOR handles legal process, you provide context and input)

Critical distinction: The EOR is the employer of record (legal status) but not the employer in practice (operational control). You direct the work; they handle legal administration.

What Does "Employer of Record" Actually Mean Legally?

An Employer of Record is the legal entity that employs workers on behalf of another company. In the employment relationship, the EOR is the employer on paper - they sign contracts, appear on payslips, and hold legal employer status under local labor law.

From the employee's perspective: The EOR is their employer. Employment contracts name the EOR as the employer. Payslips show the EOR as the paying entity. If the employee has a legal dispute, they file against the EOR.

From the government's perspective: The EOR is the employer. Tax authorities recognize the EOR as the entity responsible for withholding and remittance. Labor inspectors audit the EOR for compliance. Immigration authorities see the EOR as the sponsoring employer for work permits.

From your company's perspective: The EOR is a service provider managing legal employment administration while you control the actual work.

This three-way split creates complexity. Legal status sits with the EOR. Operational control sits with you. The employee experiences both.

Why this structure exists: Most countries require a legal entity registered in the jurisdiction to employ workers. Setting up a local entity takes months and costs tens of thousands of dollars. EORs solve this by using their existing legal entity to employ workers on your behalf, enabling fast global hiring without entity setup.

The trade-off: You gain speed and simplicity but split legal responsibilities with a third party. Understanding this split prevents compliance failures.

EOR Legal Responsibilities: What They Own

Employment Contracts and Legal Employer Status

The EOR is responsible for:

• Drafting employment contracts compliant with local labor law
• Signing contracts as the legal employer
• Ensuring contracts include all legally required terms (probation periods, notice periods, termination clauses)
• Updating contracts when laws change or roles evolve
• Maintaining official employment records

What this means in practice: When you hire someone in Germany through an EOR, the employment contract is between the employee and the EOR's German legal entity. The contract must comply with German labor law, including mandatory probation periods (typically 6 months), notice period requirements (varies by tenure), and works council notification rules.

You don't draft this contract. The EOR does. You provide role details - job title, responsibilities, compensation - but the EOR translates this into legally compliant contract language.

Why this matters: If the contract violates local labor law, the EOR bears primary liability. If a termination is challenged as unlawful dismissal, the employee sues the EOR, not your company directly.

Your residual responsibility: Provide accurate role information. If you misrepresent the role or change it significantly without updating the contract, disputes can arise about what was actually agreed.

Payroll Processing, Tax Withholding, and Remittance

The EOR is responsible for:

• Calculating gross-to-net payroll accurately
• Withholding income tax at correct rates
• Calculating and withholding employee social security contributions
• Paying employer social security contributions
• Remitting all withheld amounts to tax authorities on time
• Filing payroll tax returns
• Providing employees with compliant payslips
• Handling payroll corrections if errors occur

What this means in practice: Each month, the EOR processes payroll. They calculate what the employee receives net and what must be withheld for taxes and social contributions. They remit these amounts to the appropriate government agencies and provide the employee with a payslip showing the breakdown.

Payroll tax compliance is complex. France has 40+ different contribution types. Germany requires specific rounding rules. The UK has National Insurance thresholds that change annually. The EOR owns this complexity.

Why this matters: Payroll errors create employee dissatisfaction and regulatory penalties. If the EOR miscalculates withholding and the employee owes back taxes, or if they fail to remit employer contributions and face penalties, the EOR bears primary responsibility.

Your residual responsibility: Provide accurate compensation data (salary, bonuses, equity). If you promise a salary but fail to communicate a change to the EOR, the employee may be paid incorrectly.

For crypto-native companies using token compensation or stablecoin payroll, the EOR must handle tax withholding on digital asset income. Legacy EORs often fail here, treating tokens as "special projects" requiring manual intervention. Crypto-native EORs automate this.

Statutory Benefits Administration

The EOR is responsible for:

• Enrolling employees in mandatory health insurance
• Making required pension contributions
• Providing statutory paid leave (vacation, sick leave, parental leave)
• Managing unemployment insurance enrollment
• Administering workers' compensation insurance
• Ensuring compliance with mandatory benefits rules

What this means in practice: Each country mandates different benefits. France requires enrollment in the national health system and mandatory supplemental health insurance. Germany requires contributions to statutory pension and unemployment funds. The UK has auto-enrollment pension requirements.

The EOR handles all of this. They enroll employees, make contributions, process leave requests, and ensure compliance with statutory minimums.

Why this matters: Benefits compliance is legally complex and varies dramatically by country. Failure to enroll employees in mandatory programs creates liability and employee harm.

Your residual responsibility: Competitive benefits beyond statutory minimums. If you want to offer enhanced vacation, private health insurance, or 401(k)-style retirement plans, you coordinate with the EOR to implement, but it's your strategic decision.

Employment Law Compliance

The EOR is responsible for:

• Monitoring changes to local labor law
• Updating contracts and policies when laws change
• Ensuring termination procedures comply with legal requirements
• Managing works council notifications (in countries that require them)
• Responding to labor inspections and audits
• Defending against employment-related legal claims
• Providing employment law guidance to client companies

What this means in practice: Labor laws change constantly. France updates its labor code frequently. Germany adjusts works council requirements. The EOR monitors these changes, understands their implications, and updates employment practices accordingly.

If an employee files a claim for wrongful termination, the EOR is the named defendant because they're the legal employer. They manage the legal defense, though they'll coordinate with you on facts.

Why this matters: You can't reasonably be expected to monitor labor law changes in every country where you hire. The EOR owns this responsibility as part of the service.

Your residual responsibility: Complying with EOR guidance. If the EOR tells you that terminating an employee in France requires specific documentation and process, and you ignore that guidance, you create risk for both parties.

Work Permits and Visa Sponsorship (Where Applicable)

The EOR is responsible for:

• Sponsoring work permits and employment visas where required
• Preparing and filing immigration applications
• Maintaining employer immigration compliance
• Renewing permits before expiration
• Notifying authorities of employment changes affecting visa status

What this means in practice: If you want to hire a non-EU citizen in Germany, they need a work permit. The EOR, as the legal employer, sponsors the permit application, files paperwork, and maintains compliance.

Why this matters: Immigration law requires a legal employer to sponsor visas. Since the EOR is the legal employer, they hold this responsibility.

Your residual responsibility: Providing information needed for applications (role details, justification for hire) and understanding that immigration timelines may delay hiring.

Not all EORs offer visa sponsorship. Some only employ workers who already have the right to work. Ask explicitly during EOR evaluation if visa sponsorship is included.

Formal Termination Procedures

The EOR is responsible for:

• Executing terminations in compliance with local labor law
• Calculating notice periods correctly
• Determining severance pay (where applicable)
• Providing required termination documentation
• Managing legal challenges to terminations
• Processing final pay accurately

What this means in practice: When you decide to terminate an employee, you communicate that decision to the EOR. The EOR determines how to execute it legally: required notice period, severance obligations, documentation needed, and process to follow.

In Germany, terminations require written notice with specific content and timing. In France, certain terminations require advance notification to works councils. The EOR owns ensuring these procedures are followed.

Why this matters: Termination compliance prevents wrongful dismissal claims. Errors in notice period calculation or severance payments create legal exposure.

Your residual responsibility: Making the termination decision and providing business justification. The EOR executes, but you decide.

Your Company's Legal Responsibilities: What You Own

Day-to-Day Work Direction and Management

You are responsible for:

• Assigning tasks and projects
• Setting priorities and deadlines
• Providing work direction and feedback
• Managing day-to-day operations
• Determining how work is performed

What this means in practice: Even though the EOR is the legal employer, you manage the employee operationally. You tell them what to work on, how to prioritize, and what success looks like. This is the core of the working relationship.

Why this matters: Courts distinguish between legal employment and operational control when assessing liability. If an employee causes harm while performing work you directed, you may bear liability even though the EOR is the legal employer.

Critical nuance: Some jurisdictions have strict rules about "co-employment" or "joint employment" when operational control is too direct. Your EOR should guide you on what's permissible.

Performance Management and Feedback

You are responsible for:

• Conducting performance reviews
• Setting performance goals and KPIs
• Providing ongoing feedback
• Managing performance improvement plans
• Documenting performance issues that may lead to termination

What this means in practice: The EOR can't evaluate job performance - they don't see the employee's work. You own performance management because you direct the work.

If performance issues arise that may justify termination, you document them and coordinate with the EOR on whether the documentation is sufficient under local labor law.

Why this matters: Performance-based terminations require documentation. Many countries protect employees from arbitrary dismissal. Your performance records form the evidentiary basis for lawful termination.

Coordination point: The EOR advises on what documentation is legally sufficient. You provide the substantive performance feedback. Together, you determine if termination is justified and legally defensible.

Intellectual Property Assignments and Confidentiality

You are responsible for:

• Ensuring employees sign IP assignment agreements
• Protecting confidential information and trade secrets
• Enforcing non-disclosure agreements
• Managing IP ownership disputes
• Securing proprietary work product

What this means in practice: Employment contracts typically include basic confidentiality language, but you need stronger IP protections for proprietary work.

You should require employees to sign separate IP assignment agreements and NDAs that assign all work product to your company and protect confidential information. The EOR can facilitate this, but it's your agreement, not theirs.

Why this matters: IP created during employment may not automatically belong to your company under all jurisdictions' laws. Explicit assignment agreements remove ambiguity.

Critical for startups: Investors and acquirers will audit IP ownership. If key employees haven't signed proper IP assignments, it creates deal risk.

Coordination point: Some EORs include IP assignment clauses in their standard employment contracts. Confirm this explicitly. If not, you need separate agreements.

Workplace Policies and Code of Conduct

You are responsible for:

• Establishing workplace conduct expectations
• Enforcing anti-harassment and anti-discrimination policies
• Managing workplace investigations when issues arise
• Maintaining a respectful and compliant work environment
• Providing role-specific training (e.g., security awareness, compliance)

What this means in practice: Your employee handbook, code of conduct, and workplace policies apply to EOR-employed workers. You set expectations for behavior, communication standards, and professional conduct.

If harassment or discrimination allegations arise, you conduct the investigation (or engage an external investigator). The EOR can advise on legal requirements, but you own the workplace culture.

Why this matters: Even though the EOR is the legal employer, you control the work environment. Workplace culture violations create liability for your company.

Coordination point: Terminations for conduct violations require coordination. You document the conduct issue and determine it warrants termination. The EOR evaluates whether the documentation is legally sufficient and executes the termination.

Data Security and Privacy Compliance

You are responsible for:

• Protecting employee data in your systems
• Complying with GDPR, CCPA, and other data privacy laws for data you control
• Ensuring secure access to your applications and infrastructure
• Managing data breaches that affect employee information you maintain
• Providing required privacy notices for data you collect

What this means in practice: The EOR maintains official employment records (contracts, payroll data). You maintain operational data (work product, email, system access logs).

If your systems are breached and employee data is compromised, you bear responsibility for the breach, notification requirements, and remediation.

Why this matters: GDPR and similar laws impose obligations on data controllers. For employment data you control (email, work product, system access), you're the controller and bear compliance responsibility.

Coordination point: Determine data ownership boundaries clearly. The EOR owns payroll and benefits data. You own work-related data. Both parties need appropriate privacy policies and security controls.

Decision to Hire, Promote, or Terminate

You are responsible for:

• Deciding which candidates to hire
• Determining promotions and role changes
• Deciding when employment should end
• Setting compensation levels (within EOR guidance)

What this means in practice: The EOR doesn't make hiring or termination decisions. You do. The EOR executes those decisions in a legally compliant manner.

You identify a candidate, negotiate terms, and decide to hire. The EOR drafts the contract and onboards them legally. You evaluate performance over time and decide to promote or terminate. The EOR implements those decisions according to local labor law.

Why this matters: Decision-making authority determines liability. You own business decisions; the EOR owns legal implementation.

Coordination point: The EOR may advise that a proposed termination is legally risky or that a compensation structure violates local law. You make the final decision, but ignoring EOR guidance creates risk.

Shared Responsibilities Requiring Coordination

Employee Onboarding

Split responsibility:

• EOR handles: Employment contracts, tax forms, benefits enrollment, payroll setup
• You handle: System access, role training, team introductions, operational onboarding
• Coordination needed: Timing the legal start date with operational readiness

Why coordination matters: Legal onboarding and operational onboarding must align. If the employee's legal start date is January 15 but they don't receive system access until January 22, you're paying for unproductive time.

Best practice: Establish a joint onboarding checklist with clear ownership for each task. Use the EOR's onboarding timeline to trigger your internal IT and HR processes.

Benefits Beyond Statutory Minimums

Split responsibility:

• You decide: What competitive benefits to offer (enhanced vacation, private health insurance, retirement matching)
• EOR administers: Implementing, enrolling employees, processing claims
• Coordination needed: Feasibility, cost, and administration complexity

Why coordination matters: Not all benefits are easy to administer globally. Some countries have limited provider options. Costs vary dramatically by jurisdiction.

Best practice: Discuss benefits strategy with your EOR during contract negotiation. Understand what's feasible, what's costly, and what's administratively complex.

Termination Execution

Split responsibility:

• You decide: Termination is necessary based on performance, conduct, or business needs
• You document: Performance issues, conduct violations, or business justification
• EOR evaluates: Whether documentation is legally sufficient
• EOR executes: Notice delivery, severance calculation, final pay, legal compliance
• Coordination needed: Timing, messaging, and legal risk assessment

Why coordination matters: Terminations are legally risky. If documentation is insufficient or procedures are wrong, wrongful dismissal claims arise.

Best practice: Never surprise the EOR with a termination decision. Discuss potential terminations in advance. The EOR can advise on documentation needed and legal risk.

For crypto companies, terminations involving unvested tokens require additional coordination. Equity and token vesting may require specific legal treatment beyond standard severance.

Employee Disputes and Investigations

Split responsibility:

• You investigate: Workplace issues (harassment, discrimination, policy violations)
• You determine: Appropriate remedial action
• EOR advises: Legal requirements and risk
• EOR defends: Legal claims filed against them as the employer of record
• Coordination needed: Fact-finding, legal strategy, and resolution

Why coordination matters: The EOR is the legal defendant in employment claims, but you have the facts and context. Joint defense requires sharing information and aligning strategy.

Best practice: Notify the EOR immediately when significant employee issues arise. Don't wait until a formal claim is filed. Early coordination prevents legal missteps.

Compliance Training

Split responsibility:

• EOR provides: Employment law training (employee rights, anti-discrimination, data privacy basics)
• You provide: Role-specific training (security awareness, industry compliance, proprietary processes)
• Coordination needed: Ensuring nothing falls through gaps

Why coordination matters: Employees need both legal compliance training and job-specific training. If both parties assume the other is handling it, employees remain untrained.

Best practice: Clarify training ownership upfront. The EOR should provide foundational employment law training. You handle everything role-specific.

What Happens When Responsibilities Are Unclear?

Scenario 1: IP Ownership Dispute

Your developer in Poland creates valuable software. No IP assignment agreement was signed. The developer leaves and claims ownership of the code. Your company and the EOR both assumed the other handled IP assignments.

Outcome: Legal uncertainty about IP ownership, potential litigation, investor due diligence failures.

Prevention: Explicit IP assignment agreements signed by all employees, with clear ownership documented.

Scenario 2: Termination Executed Poorly

You decide to terminate an underperforming employee in France. You communicate the decision to the EOR with one week's notice. The EOR executes immediately. The employee sues for wrongful dismissal because French law required a mandatory warning process and 30 days' notice.

Outcome: Wrongful dismissal claim, potential reinstatement order or significant severance award, legal fees.

Prevention: Consult the EOR before making termination decisions. Understand local legal requirements and build them into your timeline.

Scenario 3: Data Breach in Your Systems

An employee's work laptop (managed by your company) is stolen, exposing personal data. GDPR notification requirements apply. Your company assumes the EOR handles it because they're the legal employer. The EOR assumes you handle it because you controlled the device.

Outcome: Missed GDPR notification deadlines (72 hours), regulatory penalties, employee notification failures.

Prevention: Clear data ownership and breach response protocols documented upfront.

Scenario 4: Token Compensation Tax Withholding Failure

You grant RSUs to employees hired through an EOR. The tokens vest and are distributed. The EOR doesn't withhold income tax on the token value at vesting because they've never handled token compensation before. Employees receive unexpected tax bills. Some owe more than they have in liquid funds.

Outcome: Employee dissatisfaction, potential legal claims, tax authority inquiries, reputational damage.

Prevention: Use an EOR that natively handles token compensation with automated tax withholding. For crypto companies, this is non-negotiable.

How to Prevent Responsibility Gaps

Document Responsibilities in Writing

Create a "division of responsibilities" document with your EOR that explicitly states:

• Which party owns each major responsibility
• Coordination points and escalation procedures
• Communication expectations and response times
• How disputes will be resolved

This document should be referenced in your service agreement or attached as an appendix.

Establish Regular Communication Cadences

Monthly or quarterly check-ins with your EOR prevent issues from festering. Discuss:

• Upcoming hires or terminations
• Employee issues or complaints
• Regulatory changes in key jurisdictions
• Process improvements or friction points

Communication prevents surprises.

Train Your HR and Management Teams

Your team must understand:

• The EOR is the legal employer, but you direct the work
• Terminations require EOR coordination - don't act unilaterally
• Performance documentation standards that satisfy legal requirements
• When to escalate issues to the EOR vs. handle internally

Internal training prevents compliance errors.

Use an EOR With Proactive Guidance

Reactive EORs only respond when you ask questions. Proactive EORs anticipate issues and guide you before problems arise.

Proactive EORs:

• Notify you of upcoming regulatory changes
• Flag potential compliance risks in your practices
• Provide pre-termination consultations
• Offer regular compliance training for your team

Reactive EORs:

• Respond to tickets
• Execute instructions without questioning
• Let you discover compliance issues through errors

Choosing the right EOR partner with proactive guidance prevents most responsibility gap issues.

Special Considerations for Crypto-Native Companies

Token compensation creates additional responsibility complexity:

• Tax withholding on token vesting: Who calculates fair market value at vest? Who withholds income tax? Who reports to tax authorities?
• Custody and distribution: Who holds tokens pre-distribution? Who executes distributions? Who integrates with Fireblocks, Anchorage, or other custodians?
• Vesting schedule administration: Who tracks vesting schedules? Who determines vest dates? Who handles forfeitures on termination?
• Regulatory reporting: Who files beneficial ownership reports? Who handles securities law compliance (if applicable)?

Most legacy EORs built for fiat payroll lack infrastructure for token grant administration. They treat tokens as "special projects" requiring manual workarounds. This creates responsibility gaps:

• You assume the EOR handles tax withholding (they don't)
• The EOR assumes you handle custody and distribution (you lack legal authority)
• Nobody owns vesting schedule administration (it falls through the gap)

Crypto-native EORs like Toku build token compensation into the platform. Tax withholding is automated. Vesting schedules are tracked. Custody integration is built-in. Responsibilities are clear because the system handles them.

For crypto companies: Using a legacy EOR not built for token compensation creates operational and legal risk. Stablecoin payroll faces similar challenges. Choose an EOR that natively supports your compensation model.

FAQs About EOR Legal Responsibilities

If the EOR is the legal employer, am I protected from all employment liability?

No. While the EOR bears primary liability as the legal employer, you can still face claims related to work direction, discrimination, harassment, IP disputes, or data breaches in systems you control. Legal employer status doesn't eliminate all client company liability.

Can an employee sue my company even though the EOR is the legal employer?

Yes. Employees can name both parties in lawsuits, especially for discrimination, harassment, or wrongful termination claims. Courts will evaluate who had operational control and decision-making authority.

Who pays if an employment lawsuit is filed?

Typically, the EOR defends claims against them as the legal employer and bears legal costs. However, if your company's actions caused the claim (e.g., you directed discriminatory conduct), you may bear financial liability or be required to indemnify the EOR under your service agreement. Review indemnification clauses carefully.

Does the EOR own work product created by employees?

No. The EOR is the legal employer, but intellectual property typically belongs to the client company (you) if proper IP assignment agreements are in place. Without explicit IP assignments, ownership can be ambiguous. Always secure IP assignments.

What happens if the EOR makes a payroll or compliance error?

The EOR bears liability for errors they cause. If they miscalculate taxes, fail to remit contributions, or violate labor law, they're responsible for penalties and remediation. However, if errors result from incorrect information you provided (e.g., wrong salary data), liability may shift to you.

Can I terminate an employee without consulting the EOR?

Legally, you can make the termination decision, but executing it without EOR consultation creates enormous risk. The EOR knows local labor law requirements. Terminating without proper notice, documentation, or procedure can trigger wrongful dismissal claims. Always coordinate terminations with your EOR.

Do I need separate insurance even though the EOR has coverage?

Possibly. The EOR carries employment practices liability insurance (EPLI) for their role as legal employer. You may want separate coverage for liability stemming from your operational control, workplace policies, or IP/data issues. Consult an insurance broker.

Who handles government audits or labor inspections?

The EOR handles them because they're the legal employer of record. However, they may need information from you (business justification for roles, documentation of work performed). Cooperation is essential.

Conclusion: Clarity Prevents Compliance Failures

When you hire through an Employer of Record, legal responsibilities split between two entities. The EOR owns legal employer status, payroll compliance, benefits administration, and employment law adherence. You own work direction, performance management, IP protection, and workplace policies.

Gaps emerge when responsibilities are unclear. IP disputes, termination errors, data breaches, and tax withholding failures happen when both parties assume the other is handling something.

Prevent gaps by:

• Documenting responsibilities explicitly in writing
• Establishing regular communication with your EOR
• Training your team on the EOR model and coordination requirements
• Using an EOR with proactive compliance guidance

For crypto-native companies, token compensation and stablecoin payroll create additional complexity. Choose an EOR built for digital assets to ensure responsibilities are clear and systems are built for your compensation model.

Understanding who owns what isn't just legal housekeeping - it's the foundation of compliant, low-risk global employment.

Work With an EOR That Makes Responsibilities Clear

Toku provides transparent Employer of Record services with explicit responsibility documentation, proactive compliance guidance, and dedicated account management.

For crypto-native companies, Toku's platform includes token grant administration and stablecoin payroll as core capabilities - not afterthoughts. Responsibilities are clear because the system handles complexity automatically.

Talk to Toku About Global Employment