Forgetting Something? Why Companies Can No Longer Ignore this Hidden Compliance Risk for Business Travel

Short business trips can often feel low risk, with travel managers assuming that certain compliance obligations need not apply. There can, however, be immediate risks that are missed relating to contributions potentially due in the destination country for pensions, healthcare, disability benefits and more. In other words, all things that fall under the umbrella of social security, one of the key obligations that can easily get overlooked. Many businesses with a widespread international footprint need to be aware of such obligations.

Compliance Overload

Large organizations oversee tens to hundreds of thousands of business trips each year. With the average international trip costing around $1,100 (2025 GBTA survey), even a seemingly modest 1 percent administrative burden translates into significant expenditure. This expense is often absorbed as a routine cost of doing business rather than recognized as the compliance risk it truly is. Meanwhile, the underlying obligations are expanding rapidly. Over the past decade, the number of social security Certificates of Coverage or Portable Documents A1 (PD A1) has tripled (data for 2023, according to the EU’s latest 2025 publication), with European Commission data showing millions now issued annually, including a growing proportion covering multi-state work (about a third of the total number of certificates issued).

It is perhaps inevitable that things like social security obligations are not always at the top of the list when planning business travel. Assumptions that someone else is handling the compliance aspects of travel, combined with failure to grasp that obligations can be triggered immediately, can leave otherwise compliant organizations in a bad position. Indeed, many do not include social security checks in business travel approval workflows simply because the responsibility is unclear.

____________________________________________________________________________

What's actually changing: EU A1 exemption at a glance

• What's exempt: Attendance-only trips between EU member states — meetings, conferences, seminars, training
• Duration: Up to three consecutive days, within a 30-day window
• What still requires an A1: Trips where employees perform work or provide services (regardless of length); construction-sector work; multi-state workers
• What's unchanged: Posted Workers Directive notifications remain separate
• Status: Proposed — working through the European Parliament. Authorities are expected to apply stricter enforcement to trips that fall outside the new exemption.

____________________________________________________________________________

Hybrid work has, unsurprisingly, increased complexity rather than reduced it. Global teams are dealing with more movement, more data, and less visibility. This is further stretching compliance teams as they try to manage their ever-increasing workload. The coupling of a rise in short, frequent, and sometimes last-minute trips results in difficulties tracking where people are, for how long, and for what reason. This is compounded by the diverging social security rules that different countries have adopted.

These risks are further amplified by the intersection with other regulatory regimes. The benefits of more instantaneous data as well as increased data-sharing between European authorities––illustrated by systems such as the Schengen Area Entry/Exit System (EES), which has already uncovered thousands of overstays––signals increased enforcement across the board. Overall, authorities are becoming more sophisticated in their approach, with many no longer just looking at compliance obligations in isolation. With various authorities cooperating much more closely, both within specific jurisdictions and internationally, it is becoming ever more important to tackle compliance requirements holistically.

We are seeing the regulatory landscape become more demanding and complex in real time. The EU is preparing for the first major overhaul of its social security coordination framework since 2004. Following a decade of negotiations, including trilogue with Member States and the Commission, the proposed revisions are still working their way through the European Parliament, and the direction of travel is clear: tighter coordination, narrower exemptions and a firmer expectation that employers can evidence where, why and for how long their people are working abroad.

For business travellers, the headline change of these revisions is positive: employees traveling to another EU member state solely to attend meetings, conferences, seminars or training (for up to three consecutive days within a 30-day window) will no longer require an A1 certificate. This removes a compliance burden that has long been disproportionate for short-stay, presence-only trips. Based on approximately 600,000 trips across our client base into countries where A1 applies, 58 percent of trips are for three or fewer days. But this exemption comes with sharper edges than it first appears.

There are important limitations, mainly that the exemption applies to attendance-type activities only, employees performing work or providing services still require an A1, regardless of how short the trip. The construction sector is excluded entirely; multi-state workers are not exempt and notifications under the EU Posted Workers Directive remain separate and unchanged.

In practice, many organizations have to-date taken a risk-based approach to A1 compliance for business travel. While these proposed changes formally codify an exemption for the shortest trips, they may equally signal that authorities intend to apply stricter enforcement to travel that falls outside the new exemption. Organizations that have relied on informal market practice should factor this into their compliance review.

Ultimately, despite years of discussion, a persistent lack of ownership continues to hamper progress within organizations. Business travel compliance has long been a “hot potato,” passed between functions without clear accountability. In this vacuum, awareness remains low, even as the stakes rise.

What’s at Stake

There are a growing number of consequences for companies that get this wrong. This doesn’t necessarily mean outright financial penalties, but the cash flow impact of having to pay social security in a host country can be substantial. In many cases the consequences can feel much more immediate and inconvenient. Employees may find themselves barred from entering a client’s premises until the appropriate documentation is secured, which could result in missed meetings and awkward rescheduling, not to mention costly operational disruptions or a damaged reputation.

Employees (and even their colleagues) can also be denied future entry to a country or face difficulties in accessing benefits they thought they were entitled to. This is where situations can arise in which a worker needs medical attention, only to find their coverage is invalid.

The reality of cross-border business travel in Europe is that compliance failures are rarely the result of negligence; they are structural. Global work systems were simply not designed for the complexity and volume of modern mobility patterns, and they have not kept pace. As mobility increases, these outdated frameworks are strained further, creating overloaded systems that rely on assumptions rather than precision. As a result, social security obligations are missed, not because employers or employees are careless, but because the systems themselves are no longer fit for purpose.

Companies can avoid all this by beginning to raise awareness within HR, mobility, and finance teams before developing a clear policy for international business travel that includes social security right alongside immigration or tax requirements. As part of this, they should carry out proactive assessments of the rules and relevant documents needed for the specific jurisdiction. Tracking is also key. More mobility means a stronger grip on tracking all business travel, regardless of length.

Perfect compliance may be an unrealistic goal in the short term, but the cost of inaction is no longer theoretical and beginning to take action today is essential. Authorities are sharing data, the rules are tightening, and the systems most companies rely on weren't built for this volume of movement. The companies that start now—mapping their travel, assigning ownership, building social security into the same workflow as immigration and tax—will be the ones that aren't scrambling when enforcement catches up.