StelarWork
← Back to the blog
3 July 2026 · unlawful labour lending · subcontracting · service · IT services firm · tech freelancer

Unlawful labour lending: the legal definition and how to avoid it in tech subcontracting

Unlawful labour lending isn't just lawyer-speak: it's a criminal offence. A plain definition, concrete tech-mission examples, and the reflexes to never fall into it.

Unlawful labour lending: the legal definition and how to avoid it in tech subcontracting

Introduction

The risk of unlawful labour lending often appears too late: at the point where the IT services firm has already sold the mission, identified the freelancer, obtained the end client's approval — and then discovers the contractual scheme doesn't hold up.

The topic becomes sensitive when the person involved is independent, based outside the EU, and hard to contract directly. The firm wants to secure the mission. The end client wants a clear supplier. The freelancer wants to stay independent. Between the three, the line between compliant subcontracting and a supply of labour can blur.

Unlawful labour lending isn't a mere contractual-wording defect. It's a criminal, social-security and commercial risk. It can lead to reclassification, weaken the subcontracting chain and expose the firm to claims from the end client, the authorities or the person involved.

The stake is therefore not to "push a mission through". The stake is to structure a genuine, documented provision of services, with an identified supplier, deliverables, contractual liability and a consistent compliance chain.

Warning This article provides general information on the risks linked to unlawful labour lending, subcontracting and the provision of services. It does not constitute personalised legal, tax or social advice. Every situation must be analysed with your usual advisers in light of the contracts, the operational facts and the jurisdictions involved.

Unlawful labour lending: what exactly are we talking about?

In French law, unlawful labour lending ("marchandage") targets a for-profit labour-supply operation that causes harm to the worker concerned or circumvents the application of legal or collective-agreement rules.

The risk is close to another topic: unlawful labour supply. The two concepts are often analysed together, because they question the same operational reality: who really directs the work? Who bears the risk? Who sells a service? Who merely supplies human capacity?

For an IT services firm, the critical point isn't only the signed contract. It's the consistency between the contract, the purchase order, the delivery and the day-to-day reality of the mission.

A compliant provision of services rests on an outcome logic. The supplier commits to a defined mission, deliverables, a scope, a responsibility and consistent invoicing.

Conversely, the risk rises when the relationship looks like the supply of a profile embedded in the end client's organisation, managed directly by it, with no genuine supplier autonomy, no identifiable deliverables and no service responsibility.

Why IT services firms are particularly exposed

Firms work by nature within complex contractual chains.

An end client expresses a need. The firm answers with a technical skill. A freelancer may be mobilised to deliver all or part of the mission. The whole can be framed by a framework agreement, a purchase order, procurement requirements, subcontracting clauses and compliance obligations.

This mechanism is common. It isn't a problem in itself.

The risk appears when the firm can't demonstrate that it's buying a genuine service from a compliant supplier. It's even more sensitive with a freelancer based outside the EU — notably in Dubai, Bali or another jurisdiction where the contractual, tax and documentary standards don't always match what a French client expects.

The questions come fast:

  • Who invoices the firm?
  • Which law applies?
  • Who verifies the freelancer's identity and status?
  • How is genuine tax residence documented?
  • Who carries the contractual compliance obligations?
  • How do you prevent a mission from being analysed as a mere supply of labour?
  • How do you handle VAT, invoicing and payment traceability?
  • How do you answer the end client's due diligence?

A firm can have a good freelancer, a genuine client need and a technically sound mission — but a fragile contractual scheme.

Compliant subcontracting vs unlawful labour lending: the operational line

Subcontracting isn't prohibited. It's even a normal mode of delivery in digital services.

But compliant subcontracting must remain a provision of services. That assumes a consistent contractual and operational organisation.

The following criteria are often decisive.

1. An identified service scope

The mission must be described by a clear professional object: development of a module, architecture audit, cloud migration, fixing of a batch of bugs, contribution to a data initiative, technical documentation, acceptance testing, expert support.

The vaguer the scope, the higher the risk.

A purchase order limited to "senior Java consultant, 5 days a week" documents a service poorly. It gives the impression that what's sold is a presence, not an outcome.

A service-oriented purchase order describes the context, the objectives, the expected deliverables, the milestones, the acceptance criteria and the respective responsibilities.

2. Verifiable deliverables or milestones

A service can be agile, iterative or framed technical assistance. But it must leave professional traces.

Handled tickets, documentation, delivered components, audit reports, technical progress notes, sprint validations, specifications, scripts, tracking boards: these elements show the relationship rests on a structured contribution.

The total absence of deliverables makes the qualification more fragile.

3. Execution autonomy

The supplier must retain autonomy in organising its contribution, even when working in a client environment.

It can of course comply with security constraints, IT procedures, meeting schedules, project tools and coordination requirements.

But oversight must not turn into direct subordination. The person must not be treated as an internal employee of the end client or the firm.

The signals to watch:

  • leave approved as for an internal staff member;
  • inclusion in the client company's org chart;
  • an email address or signature that maintains confusion;
  • direct HR management by the end client;
  • the absence of a supplier-side manager;
  • daily instructions with no contractual service framing;
  • personal appraisal of the individual rather than validation of deliverables.

4. A responsibility carried by the supplier

In a provision of services, the supplier carries contractual responsibility for what it delivers.

That implies suitable clauses: scope, deadlines, confidentiality, security, intellectual property, compliance, documentary audit, liability, termination, continuity and validation.

The chain must be organised back-to-back when several contracts exist: end client / firm contract, firm / French supplier contract, supplier / independent non-EU freelancer contract.

Back-to-back doesn't mean mechanical copy-paste. It means aligning the essential obligations to avoid dead zones: confidentiality, IP, security, compliance, deliverables, deadlines, non-solicitation, data processing where applicable.

The main risks for the firm

Unlawful labour lending isn't just a theoretical risk.

For a firm, it can produce several concrete effects.

Reclassification of the relationship

If reality shows a relationship of subordination or excessive integration, reclassification can be sought. It can target the relationship with the person involved or weaken the contractual chain.

Reclassification depends on the facts. The contract matters, but it isn't enough. Teams exchanges, emails, mission progress notes, absence approvals and management practices can weigh heavily.

Criminal and social-security risk

Unlawful labour lending and neighbouring practices are governed by the French Labour Code. The consequences can include sanctions, demands for regularisation, litigation and serious damage to commercial reputation.

For a firm referenced with large accounts, this topic can also trigger procurement audits, invoicing blocks or remediation requests.

Commercial risk with the end client

An end client can refuse a subcontracting chain deemed too opaque.

This notably happens when the person is established outside the EU, invoices from a jurisdiction procurement doesn't understand well, or when the compliance documents are incomplete.

The risk isn't only legal. It's also operational: a blocked mission, delayed onboarding, a suspended purchase order, a refused referencing.

Tax risk and permanent establishment

When a freelancer is genuinely a non-EU tax resident, the firm must avoid shortcuts.

A sound configuration assumes genuine residence, genuine remote activity, no organised presence in France and consistent documentation. Tax residence isn't reduced to an administrative address. It depends on facts: effective presence, centre of interests, place of activity, local obligations.

An abusive configuration consists in using a shell entity or a façade residence to mask an activity carried out from France. This type of arrangement must be ruled out.

Permanent establishment is also a point of attention. A French party concluding contracts in a foreign freelancer's name could create a tax risk for that freelancer. A more robust scheme avoids this representation logic. The French supplier contracts in its own name and carries its own commercial relationship with the firm.

Tax point The fact that a freelancer is already a tax resident in a jurisdiction with a different tax regime isn't a product to "optimise". StelarWork does not sell tax avoidance. The basic condition remains reality: effective residence, work genuinely carried out outside France, no stable organisation in France and consistent documentation.

The sensitive case of the non-EU tech freelancer

Firms increasingly encounter independent tech freelancers based outside the EU.

The topic is frequent for data, cloud, cybersecurity, software engineering, DevOps or product engineering profiles. These profiles work remotely, sometimes have a local company, and can't always be contracted directly by the French firm.

The reasons are many:

  • an unreferenced supplier;
  • a bank account outside the usual zone;
  • tax documentation that's hard to verify;
  • no certificate or recognised equivalent;
  • incompatible end-client clauses;
  • procurement's refusal to contract with a foreign entity;
  • uncertainty about VAT or the reverse charge;
  • difficulty auditing the freelancer's real status;
  • a risk of contractual misalignment with the end client.

The firm then finds itself in a dead end: the profile is good, the client need is real, but the supplier isn't "signable" by French standards.

It's precisely in this zone that the unlawful-labour-lending risk can rise if the relationship is improvised.

How to structure a more robust provision of services

A firm must be able to document that it's buying a service, not mere human capacity.

The structuring rests on several layers.

A clear supplier contract

The supplier must be identified, responsible and contractually committed.

The contract must specify:

  • the object of the service;
  • the expected deliverables or contributions;
  • the validation terms;
  • the confidentiality obligations;
  • the security rules;
  • intellectual property;
  • the compliance requirements;
  • the invoicing conditions;
  • liability;
  • the termination terms;
  • the obligations applicable in the event of subcontracting.

An outcome-oriented purchase order

The day rate can remain an economic calculation method. It's common in digital services.

But the day rate must not become the only object of the relationship. The purchase order must attach the invoiced time to a defined service.

A sound wording highlights the mission, the objectives, the milestones, the deliverables and the scope.

A fragile wording only highlights a profile title, a duration, a number of days and integration into a client team.

Proof of execution

Compliance is also demonstrated after signing.

You must be able to keep:

  • purchase orders;
  • framing exchanges;
  • deliverables;
  • validations;
  • tickets or reports;
  • invoices;
  • proof of payment;
  • supplier compliance documents;
  • useful certificates depending on the context;
  • elements on the real location of the activity where relevant.

Mission governance

The firm must keep readable governance.

Even when the end client interacts with the person daily, the firm must retain a contractual steering role: service monitoring, milestone validation, commercial interface, handling of out-of-scope requests.

The end client can frame its need. It must not manage the person like an internal staff member.

StelarWork's role in a compliant chain

StelarWork steps in between the French firm and the tech freelancer based outside the EU.

The model is simple: StelarWork invoices the firm, contracts in its own name, pays the freelancer and carries the contractual and administrative compliance layer linked to the service.

The goal is to turn a freelancer who's hard to contract directly into a French supplier that's more readable for the firm, without creating role confusion.

StelarWork does not act as the freelancer's representative in France. StelarWork does not conclude contracts in the freelancer's name. StelarWork contracts with the firm in its own name, then organises its contractual relationship with the independent freelancer.

This distinction matters to avoid creating a dependent-agent logic or a permanent-establishment risk through representation.

StelarWork doesn't sell a human presence. StelarWork structures a service between suppliers, with a contractual framework, back-to-back obligations and French invoicing to the firm.

For the firm, the benefit is operational:

  • an identified French supplier;
  • a contract more compatible with procurement standards;
  • invoicing in France;
  • better documentary traceability;
  • a clearer service framework;
  • management of the contractual obligations linked to the non-EU freelancer;
  • reduced compliance friction.

This model doesn't remove all risk. No serious scheme can promise that. It aims to reduce the opacity zones that make missions sensitive: an unreferenced supplier, scattered documentation, no back-to-back, tax ambiguity, poorly framed international payment, confusion between individual presence and a service.

Good practice for firms When you mobilise a non-EU freelancer, always formalise the mission as a service: object, deliverables, milestones, responsibilities, compliance obligations and validation. The contract must reflect the reality of the delivery.

What to avoid in your contracts and practices

Some wordings create needless risk.

To avoid:

  • describing only a "profile" without a service object;
  • presenting the person as a member of the internal team;
  • letting the end client alone manage the schedule, absences and priorities;
  • providing for no deliverable;
  • documenting no validation;
  • contracting directly with a foreign entity without minimal checks;
  • accepting a declared tax residence without factual consistency;
  • creating a contractual chain where no one clearly carries the responsibility;
  • paying for a presence with no attachment to a service;
  • letting it be believed that a French party acts in the foreign freelancer's name.

To prefer:

  • an identified contractual supplier;
  • a clear service scope;
  • a documented purchase order;
  • consistent invoicing;
  • back-to-back obligations;
  • proof of genuine residence and activity when the tax topic is at stake;
  • visible firm governance;
  • traceability of the deliverables;
  • a clear separation between end client, firm, supplier and independent freelancer.

A quick reading grid for a firm

Before launching a mission with a non-EU freelancer, ask yourself these questions.

Question 1: are we selling a service or a presence?

If the contract only speaks of a profile, a day rate and a volume of days, the description of the service must be strengthened.

Question 2: who carries the contractual risk?

A supplier must be responsible for what it delivers. If the contractual chain can't answer this question, it's too fragile.

Question 3: who really steers the work?

The end client can express its priorities. But the contractual steering of the service must remain readable on the firm's and the supplier's side.

Question 4: do the documents tell the same story?

Contract, purchase order, invoices, deliverables and emails must be consistent. A service described as packaged but managed as an undifferentiated daily presence creates a contradiction.

Question 5: is the freelancer's tax residence genuine?

A non-EU residence must correspond to a reality of life and work. Effective presence, the place of execution, local obligations and the absence of an organised presence in France are key elements.

Question 6: would the end client accept the chain in an audit?

That's often the best test. If the chain is too hard to explain to a procurement, legal or compliance department, it must be clarified before the start.

Unlawful labour lending and compliance: the right reflex isn't to avoid the topic

Unlawful labour lending is sometimes treated as a purely legal topic to be settled at the end of the process.

That's a mistake.

The risk builds in the operational layer: how the need is worded, the choice of supplier, onboarding, oversight, invoicing, deliverables, proof of execution.

For a firm, the right approach is to embed compliance from the commercial structuring of the mission.

That doesn't necessarily slow the business. On the contrary, a clear chain can reduce procurement blocks, smooth invoicing and reassure the end client.

The useful reflex isn't to hide the presence of a non-EU freelancer. The useful reflex is to place them within a documented service, carried by a supplier compatible with French requirements.

FAQ

Does unlawful labour lending also concern independent freelancers?

Unlawful labour lending is a labour-law concept, historically tied to the supply of labour. With a freelancer, the analysis often also covers the reality of independence, the subordination risk, reclassification and the consistency of the service.

Even without apparent salaried employment, a poorly structured chain can be challenged if it looks like the mere supply of a person embedded in the client's organisation.

Is a day-rate mission automatically risky?

No. The day rate is a common invoicing method in digital services.

The risk rises when the day rate becomes the only structuring element of the relationship. The invoicing must be attached to a defined service, with a scope, objectives, milestones and validation elements.

Is subcontracting prohibited for IT services firms?

No. Subcontracting is frequent and lawful when it corresponds to a genuine provision of services.

It must be authorised or framed according to the applicable contracts, notably with the end client. It must also comply with the confidentiality, security, intellectual property, compliance and documentary-control obligations.

Why does a non-EU freelancer raise more compliance questions?

Because the firm has to manage additional topics: governing law, international invoicing, real tax status, payment, documentation, procurement obligations, a possible reverse charge depending on the scheme, and consistency with the end client's clauses.

The risk isn't linked to being non-EU as such. It comes mostly from a poorly documented chain or a tax residence that doesn't match reality.

Does StelarWork let the freelancer pay less tax?

No. StelarWork doesn't sell a tax scheme or tax optimisation.

If a freelancer is already a genuine non-EU tax resident, with an activity genuinely carried out outside France, StelarWork can remove an administrative and contractual friction for the firm. The tax residence must remain genuine, documented and consistent with the facts.

Does StelarWork act in the freelancer's name?

No. StelarWork contracts in its own name with the firm.

This distinction is structuring. StelarWork isn't the freelancer's representative in France and doesn't conclude contracts in the freelancer's name. The relationship is organised as a chain of services between suppliers.

Does StelarWork remove the risk of unlawful labour lending?

No serious player can promise the total absence of risk.

StelarWork is designed to reduce the fragility zones: an unsignable supplier, insufficient documentation, no French contractual framework, complex invoicing, misaligned obligations. Compliance then depends on the operational reality of the service, the governance and the documents kept.

Conclusion

Unlawful labour lending isn't an abstract topic for an IT services firm. It plays out in the way a mission is contracted, steered and documented.

With a tech freelancer based outside the EU, the risk rises when the contractual chain is improvised: a supplier that's hard to sign, a poorly documented tax residence, no deliverables, vague governance, an end client too directly involved in managing the individual.

The answer isn't to systematically rule out these profiles. The answer is to structure a genuine provision of services, with a clear supplier, back-to-back obligations, readable invoicing and documented compliance.

StelarWork fits this logic: letting the firm work with a non-EU tech freelancer through a French supplier, contracting in its own name, designed to reduce compliance friction without turning the relationship into a supply of labour.