StelarWork
← Back to the blog
9 July 2026 · vigilance certificate · URSSAF · due diligence · subcontracting · IT services firm · non-EU freelancer

URSSAF vigilance certificate: what it's for and who must provide it

Above €5,000 excl. tax, the vigilance certificate becomes unavoidable. What it proves, who issues it, and how to handle the case of a non-EU subcontractor.

URSSAF vigilance certificate: what it's for and who must provide it

A missing vigilance certificate can block a purchase order, delay a project start or expose your IT services firm to a joint-liability risk.

For a firm, the topic looks administrative. Yet it's central as soon as you subcontract a service to an independent contractor, a company or an external supplier.

The URSSAF vigilance certificate serves to prove that a French counterparty is up to date with its social-security obligations. It's part of the client's due diligence. In practice, it lets your procurement, legal or compliance department verify that the supplier isn't in a situation of undeclared work.

The point gets more complex with a tech freelancer based outside the European Union, for example in Dubai or Bali. That freelancer can be perfectly legitimate in their country of residence, yet unable to provide a French URSSAF certificate. For a French firm, this creates immediate contractual friction.

What is the URSSAF vigilance certificate for?

The vigilance certificate is a document issued by URSSAF (the French social-security collection agency) to a business or independent contractor established in France.

It indicates that the counterparty complies with its reporting and payment obligations for social contributions. It doesn't cover a supplier's entire compliance, but it's a key piece of due diligence.

It's requested in subcontracting relationships, provisions of services or the supply of work performed by a counterparty.

For a firm, it typically comes up in three situations:

  • when you contract with a French subcontractor;
  • when your end client requires a documented subcontracting chain;
  • when your compliance department wants to secure the supplier file before issuing the purchase order.

Key takeaway The vigilance certificate isn't an isolated formality. It's part of a broader system for combating undeclared work and securing subcontracting.

When is the vigilance certificate mandatory?

Due diligence applies notably when the contract concerns an obligation of an amount at least equal to the threshold set by the French Labour Code.

That threshold is set at €5,000 excluding tax, under the rules on combating undeclared work. The main references are Articles L.8222-1 et seq. of the French Labour Code, plus the associated regulatory texts.

The verification must be carried out:

  • when the contract is concluded;
  • then periodically during the contract's performance — in practice every six months until the end of the service.

For a firm, this means it isn't enough to collect one certificate at kick-off. You also have to organise documentary follow-up when the mission lasts several months.

That follow-up can concern:

  • the URSSAF vigilance certificate;
  • the registration extract or equivalent document;
  • the supplier's legal identity;
  • the contractual elements proving the nature of the service;
  • the purchase orders, deliverables and invoices.

Who must provide the vigilance certificate?

The vigilance certificate is provided by the counterparty established in France.

That can be:

  • a French company;
  • a French sole proprietorship;
  • an independent contractor registered in France;
  • a French subcontractor involved in your service chain.

The client — here, the firm — must collect and verify this certificate. An unverified or expired certificate may not be enough to demonstrate effective diligence.

URSSAF provides a verification service allowing you to check a certificate's authenticity. This step matters, because a mere PDF sent by email isn't always robust proof.

Point of vigilance for firms A vigilance certificate must be authentic, recent and consistent with the supplier that invoices. If the invoice comes from company A, a certificate from company B doesn't secure the relationship.

What the certificate doesn't prove

The URSSAF vigilance certificate doesn't prove everything.

On its own, it doesn't confirm:

  • the provider's technical quality;
  • the correct legal qualification of the contract;
  • the absence of an unlawful-labour-lending risk;
  • the absence of a permanent establishment;
  • the reality of a foreign freelancer's tax residence;
  • the overall tax compliance of the chain.

It mainly attests to the French social-security compliance of the counterparty concerned.

For a firm, it must therefore be embedded in a broader system: supplier qualification, service contract, deliverables, invoicing terms, access management, and end-client approval of the subcontracting where necessary.

The hard case: the tech freelancer based outside the EU

The most frequent case appears when your firm wants to work with a tech freelancer based outside the European Union.

Typical example: a senior developer, a cloud architect or a data expert genuinely resides in Dubai, Bali, Bangkok or elsewhere outside the EU. They work remotely, have a local status, invoice from their country of residence and have no URSSAF registration in France.

In that case, they generally can't provide a French vigilance certificate, since they aren't affiliated with the French social-security regime.

The problem isn't necessarily that the freelancer is "non-compliant". The problem is that your firm has to apply a French supplier process, often designed for providers established in France.

The result:

  • procurement asks for a URSSAF certificate;
  • the freelancer can't provide it;
  • legal blocks or asks for foreign equivalents;
  • the end client may refuse a poorly documented chain;
  • the project start is delayed.

Equivalent documents for a foreign supplier: mind the practice

When a counterparty is established abroad, the texts provide for documents suited to that situation. Articles D.8222-7 and D.8222-8 of the French Labour Code notably frame the supporting documents that can be requested from a foreign counterparty.

In practice, the firm may have to collect equivalent documents, for example:

  • proof of registration in the country of establishment;
  • a local social-security or tax compliance certificate, if one exists;
  • documents translated or understandable by the compliance teams;
  • information clearly identifying the entity that invoices;
  • elements proving the service is delivered from abroad.

But this approach often remains hard to operate.

Not all countries issue a clear equivalent to the URSSAF certificate. Formats differ. Local administrations can be slow or ill-suited to French requirements. The documents can be refused by the end client or by procurement.

For a firm, the topic is therefore not only legal. It's also operational: the supplier must be "signable" within your internal circuits.

Due diligence doesn't disappear with a non-EU freelancer

The fact that a freelancer is based outside the EU doesn't remove the duty of vigilance.

Your firm must remain able to demonstrate that it verified its counterparty and structured the relationship consistently.

The points to document notably include:

  • who invoices;
  • from which country;
  • under which status;
  • for which service;
  • with which deliverables;
  • under which validation terms;
  • with no organised presence in France;
  • with no subordination or staff secondment.

This last point matters. A sound subcontracting relationship must be structured as a provision of services, with a scope, deliverables, supplier responsibility and consistent invoicing.

It must not look like staff seconded into the firm's or the end client's teams without genuine autonomy.

Compliance point The contract must target a service, not a mere presence. The elements to prefer are the scope, the deliverables, the acceptance criteria, the purchase order and the invoicing of the service.

The vigilance certificate and the firm's subcontracting chain

In firm projects, the chain can be more complex than in a classic supplier relationship.

You can have:

  • a large-account end client;
  • a lead firm;
  • a subcontractor;
  • a specialised freelance expert;
  • sometimes several tiers of subcontracting.

Each link adds a documentary risk.

The end client can demand transparency on the subcontractors. It can also prohibit certain schemes, require prior approvals or impose compliance clauses.

Your firm must then be able to answer several questions:

  • is the supplier identified?
  • can they be referenced?
  • do they provide the required documents?
  • is the contract consistent with the service sold to the client?
  • are the day rate and the margin documented within a normal commercial logic?
  • is the undeclared-work risk handled?
  • is the reclassification risk reduced?

The vigilance certificate is one piece. It isn't the whole answer.

The risk if the firm doesn't verify

In the event of a breach of due diligence, the client can be exposed to joint financial liability if the counterparty is found to be in a situation of undeclared work.

That can notably concern certain amounts owed by the counterparty to the social-security or tax authorities, in the situations provided for by the texts.

There's also a contractual risk. An end client can consider that the firm failed to meet its supplier-compliance obligations. That can create an invoicing block, a refusal of the subcontracting or a request to replace the provider.

Finally, there's a reputational risk. A firm that doesn't control its subcontracting chain can lose the trust of its large-account clients.

How to handle a non-EU freelancer without a URSSAF certificate?

Three approaches generally exist.

1. Contract directly with the foreign freelancer

That's possible in some cases, subject to a suitable analysis.

But it assumes your firm accepts:

  • the foreign documents;
  • any translations;
  • the differences in governing law;
  • the international-payment risks;
  • the associated tax and social-security checks;
  • the end client's compliance constraints.

This option can work when the compliance department is equipped and the end client explicitly accepts the scheme.

It becomes harder when procurement requires a French supplier, a URSSAF certificate or a standardised file.

2. Give up on the freelancer

That's the simplest solution administratively, but not always the most relevant for the project.

For some rare tech profiles, the available and competent expert may be outside the EU. Refusing them for a purely documentary reason can hurt the delivery.

3. Go through a compliant French supplier

That's StelarWork's role.

StelarWork steps onto the contract between your firm and a tech freelancer based outside the EU. StelarWork contracts in its own name with the firm, invoices the firm, organises the service relationship and pays the foreign freelancer within the defined framework.

The goal is to turn a hard-to-reference relationship into a French supplier relationship that is documented and consistent with B2B compliance requirements.

StelarWork acts as a French supplier in a provision-of-services relationship: the company keeps its own contractual role, distinct from domiciliation or EOR models, and doesn't act as a legal or tax firm. The freelancer remains an independent provider.

The logic is contractual: your firm works with an identified French supplier, within a provision-of-services framework, with French compliance documents where applicable.

What StelarWork brings a firm on the vigilance certificate

For a firm, the stake is simple: being able to reference a supplier that fits the boxes procurement and compliance expect.

As StelarWork is a French company, it can provide the documents generally expected of a French supplier, subject to its situation being up to date at the time of the request:

  • a URSSAF vigilance certificate;
  • the company's legal information;
  • supplier identification elements;
  • French invoicing;
  • a contractual framework in French;
  • documentation of the service.

This doesn't exempt your firm from its own duty of vigilance. However, it aims to make the relationship more readable and more usable in your internal processes.

The non-EU freelancer doesn't artificially become French. Their real tax and social-security status remains tied to their personal situation and their country of residence. StelarWork removes an administrative friction on the firm's side by structuring the relationship through a French supplier.

Sound configuration The freelancer genuinely resides outside the EU, effectively works remotely, has no organised presence in France, and the service is framed by deliverables. StelarWork contracts in its own name with the firm and organises a documented supplier relationship.

Abusive configuration to exclude A foreign "shell" company is used while the person actually works from France or has an organised presence there. This type of arrangement can create tax, social-security and contractual risks. It must not be presented as a compliance solution.

The non-EU freelancer's taxation: the reality principle

A tax residence isn't decreed in a contract.

It depends on reality: place of living, duration of presence, centre of interests, effective location of the work, local rules and applicable treaties.

For a freelancer who says they're a non-EU tax resident, the points of vigilance notably are:

  • genuine residence outside France;
  • effective presence outside France, often assessed with benchmarks like the 183 days depending on the countries and treaties;
  • no organised presence in France;
  • genuine remote work from abroad;
  • no fictitious foreign company used to mask a French activity.

StelarWork does not sell a tax advantage. StelarWork doesn't create a tax residence abroad. If a freelancer benefits from a local tax regime, that stems from their pre-existing, genuine situation.

StelarWork's role is to remove a contractual and administrative friction for the French firm, not to manufacture tax optimisation.

Vigilance certificate: an operational checklist for a firm

Before contracting with a supplier in a service chain, your firm can check the following points.

Supplier documents

  • An up-to-date vigilance certificate if the supplier is established in France.
  • Verification of the certificate's authenticity.
  • A registration extract or equivalent document.
  • Legal details consistent with the invoice.
  • The signatory's identity or authority.

Contract and purchase order

  • Services clearly described.
  • Deliverables identified.
  • Acceptance conditions provided for.
  • Supplier responsibility defined.
  • Invoicing consistent with the scope.
  • No wording comparable to staff secondment.

Subcontracting and the end client

  • Subcontracting authorisation if required by the client contract.
  • Compliance with the confidentiality and security clauses.
  • Access management compliant with the client's rules.
  • Traceability of the contractual chain.
  • Consistency between the service sold and the service bought.

Non-EU freelancer

  • Declared country of residence.
  • Local status or identified invoicing entity.
  • Work genuinely carried out remotely.
  • No organised presence in France.
  • Documented international payment terms.
  • Verification that the scheme doesn't rest on a shell entity.

Common mistakes to avoid

The first mistake is asking a freelancer who isn't established in France for a URSSAF certificate. If they aren't affiliated with URSSAF, they can't produce one.

The second mistake is accepting any foreign document without checking its scope. A local tax certificate doesn't necessarily prove the same thing as a French vigilance certificate.

The third mistake is confusing documentary compliance with operational compliance. Even with the right documents, a poorly structured relationship can create a risk.

The fourth mistake is describing the relationship as a mere embedded resource. In subcontracting, the vocabulary and the reality must correspond to a provision of services.

The fifth mistake is treating the freelancer's tax residence as a commercial argument. The residence must be genuine, documented and consistent with the delivery of the service.

Why the vigilance certificate is becoming a strategic topic for firms

Firms operate in an increasingly controlled environment.

End clients demand more transparency. Procurement teams standardise supplier files. Compliance departments want to reduce the risks of opaque subcontracting. Tech projects, meanwhile, sometimes need rare profiles available outside the EU.

The vigilance certificate then becomes a point of friction between the delivery need and the compliance requirement.

A non-EU freelancer can be technically excellent, available and already a tax resident abroad. But if your firm can't reference them cleanly, the mission doesn't start.

StelarWork answers precisely this friction: letting a French firm work with a non-EU tech expert through a French supplier, within a contractual framework designed to be more readable, more documented and more compatible with B2B requirements.

FAQ — URSSAF vigilance certificate and non-EU subcontracting

Is the vigilance certificate mandatory for all contracts?

It's required in the situations covered by the French Labour Code, notably for certain service or subcontracting contracts exceeding the legal threshold of €5,000 excluding tax. It must be collected when the contract is concluded and then renewed periodically during its performance.

Can a freelancer based in Dubai or Bali provide a URSSAF certificate?

Generally not, if they aren't established in France and aren't affiliated with the French social-security regime. They may have local documents, but those aren't a URSSAF vigilance certificate.

Can a firm work directly with a non-EU freelancer?

Yes, it can be possible, but the relationship must be analysed and documented. The firm must check its end client's requirements, its vigilance obligations, the available foreign documents, the reality of the remote service and any tax or social-security risks.

Does StelarWork replace the firm's duty of vigilance?

No. The duty of vigilance remains the client's obligation. StelarWork aims to ease the relationship by providing an identified French supplier, French invoicing and a documentary framework more compatible with firm processes.

What is StelarWork's positioning?

StelarWork is a French supplier that contracts in its own name with the firm and invoices in France, within a provision-of-services relationship. The non-EU freelancer remains an independent provider: StelarWork organises the contractual and documentary relationship without standing in for them.

Is the vigilance certificate enough to secure subcontracting?

No. It's important, but it isn't enough. You also need a consistent contract, deliverables, invoicing aligned with the service, a controlled subcontracting chain and a compliant operational reality.

Disclaimer

This article provides general information on the vigilance certificate, due diligence and subcontracting involving tech freelancers based outside the EU. It does not constitute personalised legal, tax or social advice.

Each situation must be analysed according to the facts, the contracts, the country concerned, the freelancer's genuine residence, the end client's requirements and the applicable rules. For a binding analysis, you should consult a qualified adviser.