As cross‑border remote work becomes a permanent feature of global workforce strategies, organizations are reassessing how tax and compliance risks are managed outside traditional office structures. In November 2025, the Organization for Economic Co‑operation and Development (OECD) released updated commentary to its Model Tax Convention on Income and on Capital to clarify how permanent establishment (PE) principles apply to modern mobile home-office arrangements.
While the update does not change the legal definition of PE, it provides important interpretive guidance for short‑ and long‑term remote work for home‑office arrangements. Richard Tonge, partner at Grant Thornton Advisors LLC, and Sheryll S. A. Young, SGMS‑T, director of global mobility, risk, and compliance at OpenText and chair of WERC’s Tax Policy Forum, offered a look at how the revised commentary raises the threshold for PE risk while placing greater responsibility on organizations to be transparent in their activities.
For organizations with internationally mobile employees, the OECD’s model double tax treaty remains a critical framework for determining when business activities conducted abroad may give rise to PE. This issue is particularly relevant where employees work in countries where their employer does not otherwise have a formal corporate presence. As Tonge explains, PE represents a “deemed corporate presence” in a jurisdiction, potentially exposing employers to corporate income tax, local filing obligations, and transfer pricing scrutiny.
The OECD’s November 2025 update significantly clarifies how existing PE principles should be applied to remote and home‑office scenarios. Young notes that the revised commentary is intended to address how and where work is performed today rather than fundamentally redefining PE concepts established in Article 5 of the Model Tax Convention.
The key clarification relates to home‑office arrangements. Under earlier interpretations, a home office could create a PE if it was considered to be “at the disposal” of the employer. The updated commentary reduces reliance on that concept for technical precision and raises the threshold for when remote work locations may constitute a fixed place of business. Tonge explains that under the new guidance, short‑term remote work—generally up to 183 days—will not ordinarily be seen as sufficiently permanent to create PE.
“If that period exceeds 183 days, then there needs to be a commercial reason for the employee being in that location for a PE to arise,” Tonge says. “This provides a bit more flexibility for remote work compared to the previous guidance, where the threshold for PE creation through home offices was lower.”
For global mobility teams, this clarification offers greater flexibility but also reinforces the need for careful oversight. Where remote work exceeds short‑term durations or involves core business activities, organizations must be able to demonstrate the commercial rationale, permanence considerations, and the nature of work being performed to support their PE risk assessments.
Organizations Should Adopt Better Remote Work Compliance Policies
The updated OECD commentary reinforces the need for organizations to take a more structured and proactive approach to managing cross‑border remote work. As flexible work arrangements extend beyond traditional office environments, organizations must ensure they understand not only where employees are working, but what business activities they are performing and why those activities are being conducted in a particular location. Without that visibility, remote arrangements can unintentionally increase PE risk.
Young emphasizes that PE risk is less about employee presence alone and more about the substance of the work performed. “If employees are regularly working in a country and doing meaningful business there, it could create PE risk exposure,” she says. While the core PE tests—fixed place of business, degree of permanence, and business activity conducted through that location—have not changed, the OECD commentary makes clear that applying those tests in a digital, mobile work environment requires more deliberate governance.
Operational interpretation is where many organizations will feel the greatest impact. Historically, PE‑creating activities were easier to detect because they occurred in visible settings such as offices, client sites, or sales locations. Today, the same activities can take place virtually through laptops and mobile devices. “The updated OECD commentary increases the importance of organizations being able to demonstrate, with evidence, how and where business activities are performed under existing PE principles,” Young says. This shifts the burden toward better documentation, tracking, and internal controls.
A particular risk area is what Young describes as “scope creep,” where workers are assigned remote work on a temporary basis but then begin performing core business functions that can lead to PE risk. Governance and compliance policies are key to keeping scope creep at bay through better remote work management and monitoring.
Without clear boundaries, employees may begin negotiating contracts, managing country‑specific operations, or performing senior decision‑making roles from jurisdictions where the organization did not intend to establish a taxable presence. Clear remote work policies, combined with active monitoring and defined escalation processes, are essential to prevent this drift.
Because PE determinations are often based on employer self‑assessment, organizations that lack governance frameworks face heightened audit and compliance risk. If a tax authority later determines that a PE existed but was not disclosed, employers may be subject to retroactive tax liabilities, interest, penalties, and transfer pricing adjustments.
“Once PE is determined, tax authorities will determine how much of the company’s profits are attributable to that undisclosed PE under transfer pricing rules,” Tonge says. Proactive risk management, such as early assessment, documentation of business rationale, and defined time limits for remote arrangements, can significantly reduce exposure.
For global mobility teams, cross‑border remote work should be treated as a governed process rather than a series of exceptions. Effective compliance policies require cross‑functional coordination among mobility, tax, human resources, payroll, legal, and immigration teams to ensure that flexibility is supported by consistent oversight, clear accountability, and defensible decision‑making.
“For organizations with a robust cross-border remote population, they need a more systematic monitoring of time, business purpose, and the nature of activities performed to determine whether their remote workforce could constitute a PE,” Young says.
Steps to Reduce PE Risk in Remote Work Arrangements
As cross‑border remote work becomes more common, organizations must put formal structures in place to assess and manage PE risk before issues arise. Both Tonge and Young stress that effective risk mitigation starts with clarity around organizational risk tolerance, acceptable activities, and the duration of remote work arrangements.
Tonge recommends that organizations establish clear parameters before approving remote work outside the employer’s home jurisdiction:
- Assess company risk tolerance before remote work begins.
- Establish clear parameters for the nature of remote work (e.g., not signing or negotiating contracts or performing sales activities).
- Provide a clearly defined start and end time during which remote work is done.
“Organizations should start treating cross-border work as a governed process, not a series of exceptions,” Young says. She recommends structured, cross‑functional oversight:
- Create structured but adaptable oversight for cross-functional governance teams to ensure each decision is assessed for business continuity and compliance.
- Implement monitoring tools to track where remote workers are and what the commercial reason is for each.
- Adopt employment contracts and policies that outline where tax, Social Security, and payroll responsibilities lie.
Importantly, organizations must weigh PE risk not only against potential tax exposure, but also against the compliance burden that may follow. In some cases, a “micro PE” may technically exist, but the attributable profits—and therefore the tax liability—are minimal.
In those scenarios, organizations must carefully consider materiality, compliance costs, and reputational risk when deciding how to proceed. “Robust oversight and scenario planning allow organizations to maintain compliance while accommodating workforce mobility in an uncertain world,” Young says.
Determining their risk tolerance ahead of time will guide companies in the design of their remote work policies and help them balance flexibility with compliance. “In practice, most companies don’t want to allow remote work arrangements that knowingly create a permanent establishment,” Tonge says.
Companies that allow cross-border remote work need a strong infrastructure. That includes tracking where employees are working, having approval processes, enforcing policies, and putting remediation processes in place if employees don’t follow the rules.
“It’s not enough to simply allow remote work; it has to be actively managed,” Tonge says. “As globally mobile workforces become more common, consideration of tax policies and corporate profits will get more attention, not less.”
According to Young, today’s global workforce operates as a system rather than a series of transactional siloes. The recent OECD commentary and guidance can help organizations navigate this environment more easily, but not all countries apply these principles in the same way or consistently.
“Some jurisdictions have taken positions that diverge from aspects of the OECD’s commentary on home-office arrangements and remote work, and others may adopt broader interpretations of when remote work creates PE,” she says.
Organizations can use the OECD developments as a catalyst to design more intelligent, data-informed cross-border work models. Global mobility teams play a central role in designing policies that balance employee flexibility with defensible PE risk assessments across jurisdictions. Organizations that invest in monitoring, governance, and scenario planning will be better equipped to adapt as authorities continue to scrutinize where—and how—work gets done.