Reply to: Can I work remotely from Europe?

Part of the problem is that during the initial phase of securing the work you won't see anything other than the agency contract (or client if you're direct) which, in my experience, say very little about the restrictions around accessing systems and data from non-UK locations. It's only once you start having to do the mandatory training beloved by many clients that you find out you're not supposed to.

So, you'd have to ask about such restrictions either at the interview stage or in the event you're offered the contract which will make it clear that you're intending to work from a non-UK location.

I think it's much more far reaching than that. Public sector won't allow working outside the UK without a host of approvals. Critical areas of utility companies won't. Rather bizarrely at least one global pharma has restrictions but I think that's highly dependant on the area you work in (surprised me this one). All that is from direct experience and I'm pretty sure the NHS and most defense/security companies do so seriously reduces the number of clients that will allow this. And then there is a raft of clients that will allow it but keep a close eye on it and it needs to be disclosed, not quite permission in all cases, but disclosed.

It's tempting to call this utter BS, which it is if taken on face value as a glib comment but if you read between the lines and consider a host of things you didn't put you could actually be correct. The way you've phrased it isn't great but you could be correct.

Are you considering the clients privacy, data and security policies which you also have to sign as part of the 'demands of the contract' or are you just talking about the contract for work and nothing else?

If you get all the paperwork from a client including contract and other policies that apply to all, have read, understood and can comply with it and none of that mentioned restrictions about working abroad then yes, you are right, you don't have to tell them.

Problem is you've skipped over the problem bits in one simplistic comment 'meet the demands of the contract'. If you'd put 'demands of the contract and the other clients policies then it's none of the clients concern then you would be absolutely correct... and to be honest that's what people have been saying already. If the client allows their data to go offshore then fill your boots and there is no need to tell them.

If the client has clauses about not accessing data from outside the UK then you are dead in the water. To work abroad if they have these policies in you will have to lie to them, make a false statement and then hide the truth from them by technology breaching mulitple clauses along the way which is very bad and I am assuming you aren't suggesting they do this.

Unfortuantely you did go on to say
If the client won't allow data to be accessed or stored off shore then you are breaching multiple clauses and potentially laws doing this and it's a pretty stupid thing to do. Clients aren't daft and associated with the offshore stuff will be notes on using VPNs, VM's and other technical ways to breach their policies. Yes technically it might be possible as you say but a decent client will have all the eventualities covered to protect their data and a simple VM won't cut it.
I don't know much about Security but I'm finding it hard to believe that this setup will even work in this day and age.

There’s reasons why some of us have $15m insurance, and Billy has £15.
To misquote Red Adair, if you think professionals are expensive, try paying billybiro.

The people who say "stuff it I'm not telling the client" are basically too scared, because they know the client wouldn't accept it and it's probably a breach of contractual terms too. They aren't professionals, IMHO.

In that hypothetical scenario, how are you connecting to the UK-based VM? E.g. are you using another VPN? Is your remote access restricted to Spain, or could someone potentially connect to the VM from China? Do you use MFA when you connect to the VM?

In other words, does your setup meet the client's security requirements, or are you potentially exposing them to attack? It's entirely possible that you're doing it all in a secure way, without increasing the risks. However, it's also plausible that the client's security team will want to be aware of this so that they can review how you're doing it. If you don't tell them, and they get attacked because of you, I foresee unpleasant conversations with lawyers...

You're aware that I could be based in (say) Spain, connect to a Virtual Machine located in the UK and from there, access data that is also located in the UK and which might have to remain resident in the UK?

All else being equal (i.e. assuming I actually have legitimate access to the data, am using it for legitimate business reasons and don't transfer it off the UK-based VM etc.) then no laws/regulations around data-residency or access have been broken.

It's clear you've never worked in any industry where security, GDPR or PID is important. In the medical industry there are laws which govern data, where it can be stored and how it can be accessed. Not disclosing where you are connecting from is something that would not be treated well.
It's also relevant in B2C businesses, but the penalties are less severe.

Also, be sure to tell the client what colour socks you usually wear and what you have for breakfast every morning. You never know the minute you might fall afoul of the client's spurious preferences.

More seriously, the client does not need to know any of that. If the contracts are legit (Client Ltd. contracted with UK-based Contractor Ltd) and you're able to meet the demands of the contract - which may involve meetings in the UK at the client's site - then the place where you lay your head down each night is, quite frankly, none of the client's concern.

I'm more worried you don't know the difference between client and agent that all your location issues. That's inexcusable. How can do not know what you do?
The thing you are missing and has been touched on already is what is 'legal' and allowed in your contract are two different things. Of course it's legal to live in one country and do business in another or whatever. It's a global economy. The problem is how difficult is the tax arrangement and what are the requirements of the client. Many companies won't entertain contractors or even employees abroad either for data, tax or it's just pain in the arse. If the client will even entertain the idea when you apply then of course it's legal. Then you have to get past them to interview and then hopefully not have them put off when you explain your living situation. It narrows down your opportunities massively. You bring zero benefit and host of downsides vs a local bod so unless you are niche or have the ear of the client personally it's going to be tough.
If the client is OK with it so far then fill your boots. Just do a bit of research on what you are and who you work for. I can't understand how you are going to sort your complex tax affairs out if you don't even know who you work for and who is paying you.

The UK is in Europe, so you are living in Europe if you're in the UK.

I'm not sure why that is a question, as they clearly aren't the same. You will need to inform the supply chain and your working status will need to be consistent with both the upper and lower contracts if there's an agency in the chain. If there's an agent, YourCo is not contracted by the client. The problem is generally with agents (and umbrellas) in terms of your UK residency. There's a separate set of problems in your country of residence, of course.

I would definitely tell the client (is this the same as the agent?) that I am not living in the UK and that I can come to the UK whenever needed for meetings but that I am living in Europe. So I would not hide it from the client.

For me the questions is more about whether it's legal for the company and it sounds like from the answers that it's legal. I am sure there are thousands of UK business owners who don't live in the UK.

I worked in UK from NL and DE for a while, but CH is probably more anal, like it is mostly.
and it was before the idiots voted.

The OP may have a fairly relaxed attitude to all this - if we look at similar questions in the past, I venture that most of those posters were looking to disguise their personal residency status to acquire UK contracts. I think that's basically what you're warning against (both of us are warning against). In itself, this isn't going to be an issue under the Companies Act 2006 - personal residency status is not directly relevant in that regard, providing you have a UK registered office address for the company. The issue will be whether it's consistent with any contract signed and the answer to that is probably not, certainly not if there's a UK agent involved. There's a basic smell test here. Are you willing to disclose your personal residency status during contract negotiations? If the answer is "no", then you're clearly in the category of clueless posters we've seen before asking similar questions. The OP may not be that person.