As the service export industry evolves, businesses face many unique challenges to deliver them. Some of these issues may look familiar to those with experience in exporting commodities, while others are tax considerations and compliance provisions that relate directly to the service exports industry.
In previous articles, we’ve talked about the different ways service exports can be delivered. In this article, we’ll look at what you need to consider when sending employees to represent your company by delivering services remotely to foreign locations. These services vary widely and might be provided in a number of different ways. The commonality among them is that an idea is created that has value and is shared across national boundaries.
In today’s world, this sharing could occur in any of the following ways:
- Sending documents or ideas via email
- Through the cloud (sharing files on Drop or DropBox, for example)
- Sending hard copies (paper or USBs) of designs and ideas via express mail
- By fax
- Sharing ideas or providing solutions by telephone (landline, cellular, or VOIP)
- By “remoting” into another computer or IT system using a software program (think of the IT person in the Philippines who takes control of your desktop to troubleshoot a problem)
Are there any risks associated with these exports?
The technology and processes to accurately track all of these mostly virtual activities do not yet widely exist. Remote service exporters should note, however, that governments worldwide are aware of these growing activities, and are actively working on ways to track and tax them more effectively. There are certainly ways you might get tripped up, so you should be cognizant of the risks and address them appropriately.
The three primary types of compliance risks to consider when providing services:
(1) Export compliance
(3) Data privacy concerns in the case of remote access
Let’s look at each of these in more detail.
1. Export compliance still applies to remotely-provided services
Transmissions of concepts, drawings, ideas, and information are still deemed to be exports under the laws of Canada and the U.S.
If encrypted technology is used to remote into a foreign system, you should check to make sure it is not subject to licensing requirements.
In addition, the destination country will need to be checked against country restrictions. The customer should also be checked against any list of denied parties or other known bad actors.
Sometimes, while executing a project remotely, assistance may be needed from a local firm. In this case, your company must have a process for ensuring this company and its principals are also screened.
- If the services are related to any kind of product sale, make sure you consider all the necessary related services BEFORE you sell the product to a particular country. Do this so that you can consider any export issues related to the services as part of the product sale – don’t just evaluate the “exportability” of the product alone.
- If you provide only services, remember that you are still exporting. Before you agree to provide services, ensure that you have checked all the relevant export compliance issues (e.g., verify that the customer is not on any denied party or other bad actor list, make sure that the country where the service is being delivered does not have restrictions; make sure the contract paperwork does not contain anti-boycott language; investigate “red flags,” etc.)
- Be sure to check any licensing requirements software on encrypted software used to “remote” into foreign computer systems.
2. Consider the tax risks
The tax risks primarily relate to income tax or value-added tax (VAT). Let’s look at each in a little more detail.
Income tax/permanent establishment (PE) risk
This risk arises when a company located in one country starts doing things that trigger corporate income tax in a foreign country. Governments everywhere will try to tax productive activities whenever they can.
Certain “de minimis” activities are allowed (usually spelled out by a tax treaty between the two countries), but once that threshold is crossed, local authorities will attempt to assess income tax on the local activities.
Unfortunately, there is no agreed-upon set of principles among countries for remote or virtual services. In fact, there is considerable disagreement about their treatment. This is an area where the tax laws have lagged significantly behind the reality of how many services are delivered today across borders.
The reality is that companies providing only export services to a country (with no other types of economic activities occurring there) are probably at a low risk of triggering any local income tax obligations. Generally, among the 38 members of the Organization for Economic Cooperation and Development (OECD), providing less than 181 days’ worth of services remotely will not create income tax risk.
However, companies that provide services but also do other activities in that country, such as sending employees there to provide onsite services, operating a warehouse, or having a sales agent there have a significantly greater risk profile.
These companies need to have a system to track all their various activities in each country. Companies that fail to track all of these activities are at a much greater risk of falling into the PE trap. Make sure you obtain good international tax advice if you conduct business in a foreign country beyond the remote provision of services.
Value-added tax, or VAT
VAT may be assessed on the transaction because the service export is deemed to occur in the foreign country. For example, Singapore has clearly taken the position that all services provided via the internet should include local VAT tax. There are new EU VAT rules applicable to services that will come into effect in January of 2017, and several other countries have introduced similar legislation.
These laws will mean that companies providing certain services to foreign countries will be obligated to add local VAT to their invoices. This will be a true added cost of the service, since many foreign companies will be unable to offset this cost, or will find it inconvenient to recover it (in countries where it can be recovered).
As noted previously, most governments’ ability to actually track these virtual services remains limited. However, there is a huge difference between not collecting VAT because the local law is unclear versus not collecting VAT that is legally obligated in the hopes of not getting caught.
Exporters providing virtual services in particular will want to closely monitor developments around this topic, as it is evolving rapidly.
3. Get to know data privacy laws
Remoting into foreign computers, whether to troubleshoot and fix software bugs, to share raw data, or to conduct “white hat hacking,” is becoming increasingly common.
Anytime someone from one country has access behind the firewall of another country’s system, there are not only data security issues, but also data privacy considerations.
In much of the world, personal data is protected, and the type of data protected is quite broad. For example, in the EU, it is against the law for a company in the U.S. to have access to any personal data residing on a server in Europe – including office telephone numbers, employment history, or dietary needs – without adequate data protection programs in place.
If your company is providing services where this could occur, become familiar with any applicable data privacy laws, and design an appropriate compliance program.
- Involve your tax team early in the planning process. If you don’t have an in-house tax resource, help educate your finance team so that they understand the importance of getting good external international tax planning advice.
- Become familiar with the various country laws assessing VAT on services, and monitor developments closely.
- Consider data privacy regulations when “remoting” into foreign computers
The service export industry is growing rapidly around the world, and things aren’t getting any simpler for those involved. Although difficult to systematically check today, rest assured countries around the world are working aggressively to better track and monitor many types of remotely-provided services that increasingly cross borders.