As we settle into 2026, the "work from anywhere" revolution has firmly transitioned from a chaotic necessity into a complex operational reality. For Global Mobility (GM) leaders, the initial rush to accommodate remote requests has evolved into a sophisticated balancing act between employee experience and corporate risk.
Throughout 2025, our community submitted numerous benchmark questions regarding the policy frameworks, compliance risks, and operational parameters of international remote work. These enquiries, and the peer responses they generated, reveal a clear tension: whilst flexibility remains a key talent driver, organisations are increasingly determining the boundaries of "anywhere" to protect against tax, immigration, and security liabilities.
An analysis of these benchmark exchanges highlights four key themes that define the current state of global remote work.
Whilst the concept of "digital nomadism" suggests a borderless world, the corporate reality revealed in the benchmark data is heavily gated. Most organisations have moved away from open-ended permissions to structured "Red, Amber, Green" (RAG) country lists or restricted zones.
The primary drivers for these restrictions are corporate tax exposure and security. Multiple members cited specific "No-Go" lists that are "owned and maintained by our Corporate Security team" or tax departments.
Tax Risks High-tax jurisdictions are frequently blacklisted. As one member explicitly noted, their policy excludes specific nations "due to significant corporate tax risks". Another respondent reinforced this, stating that India is often treated as a "red flag" because they have "no entity there and PE [Permanent Establishment] risk". This sentiment was echoed by others who noted they restrict countries based on "strict tax legislation".
Security and Sanctions Beyond tax, geopolitical safety dictates policy. Companies are utilising data from insurers and government bodies - such as the FCDO - to automate denials. One member described a particularly robust system where "any request made to work from a restricted country will be automatically declined". They added that this is enforced technologically: "Any employee who logs in to a company device in a restricted company is flagged and their access is immediately disabled".
The takeaway from the 2025 data is clear: "Work from anywhere" effectively means "work from where we have an entity, low security risk, and a tax treaty."
How long is too long? This remained one of the most contentious questions submitted by members last year. Whilst policies vary, a consensus appears to be forming around a "safe harbour" period - typically between 10 and 30 days per rolling 12-month period.
The Conservative Approach Many companies cap remote work at roughly two weeks to avoid triggering tax residency or social security obligations. One respondent explained their strict parameters: "We allow 10 working days per 12 month period... If there is a tax and/or social security risk then the limit is 5 working days". Another member noted they allow "up to 15 days per calendar year, generally in a country where the colleague already has the right to work".
The "Workcation" Model Other organisations are more generous, viewing this as a well-being benefit. One company noted, "We allow annual leave combined with limited number of workdays, which we call Workcation, and should not exceed 30 calendar days".
The Operational Ceiling Thresholds often serve as a trigger for deeper compliance checks rather than a hard stop. For example, one member shared that "exceeding these limits is strictly prohibited" without executive exception. Conversely, another noted that requests over 30 days trigger a "full compliance review to ensure that there are no immigration, income tax, PE, social security... risk".
A specific and recurring friction point in the enquiries was the status of UK nationals wishing to work remotely in the EU. Post-Brexit, the distinction between a "business visitor" and a "worker" has become a compliance minefield.
Whilst some employees assume the 90-day Schengen allowance covers remote work, GM leaders are far more cautious. "Immigration compliance is mandatory, and UK nationals no longer have the right to work in the EU," one respondent warned, noting that business trips are for meetings, not productive work. They further clarified that "working is not included in this" and applied the same methodology used for business travellers.
However, the approach is not uniform, and the data reveals a split in risk appetite:
The Pragmatists: Some companies take a risk-based view. One member admitted, "In reality 1 week remote work is low risk... but I certainly would not approve 4 weeks". Another mentioned they "have made allowances for UK nationals requesting to remote work from France" despite the general rules, though they "are not advertising this".
The Strict Compliers: Others are uncompromising. One respondent stated flatly: "We do not approve such requests without either a passport or where we know there is a domestic exemption". Another confirmed they "do not approve requests for UK nationals to work remotely in EU locations under the 90-day Schengen allowance".
One member highlighted the potential consequences of ignoring these rules, noting that insurances "may be invalidated if working illegally - even if it is 'just a few days!' tagged on to a holiday".
Perhaps the biggest operational challenge identified in the benchmark questions is not setting the policy, but policing it. The data shows a mix of ownership between Global Mobility, HR, and Corporate Tax, often involving complex approval chains.
The "Don't Ask, Don't Tell" Problem Several respondents hinted at the difficulty of enforcing notice periods. "We ask for at least 4 weeks notice, but this is not being formally managed," admitted one member. Another noted, "In practice, requests are typically submitted at least a few weeks... in advance," but acknowledged they "don't always get it".
The Line Manager Gap A recurring theme is the reliance on line managers to assess "business impact," whilst GM assesses "compliance risk." One respondent detailed their criteria: "LM [Line Manager] must state the employee can perform their role with little or no impact to the team". However, they also noted a firm boundary: "we will not sponsor a work permit for employee remote work request".
Another member highlighted the complexity of approval workflows, stating that whilst there is no prescribed notice period, "the process requires both business and Global Mobility approvals," meaning employees must allow sufficient time for compliance checks.
As we navigate 2026, the "wild west" era of remote work appears to be closing. The benchmark data from the past year suggests that organisations are solidifying policies that are inclusive yet defensive. Whilst companies want to say "yes" to flexibility - often citing inclusion and employee wellbeing as drivers - they are backing those permissions with rigorous automated checks, strict country lists, and clear day-count ceilings.
For GM professionals, the insights from these questions serve as a reminder that the goal is no longer just enabling movement; it is about providing a transparent framework where employees understand that the freedom to work internationally comes with a necessary duty of compliance.