Business travel has never been a simple matter of booking flights and filing expense reports. Today, a single employee crossing a state line – or a border – can trigger tax obligations, payroll requirements, immigration violations, and tort liability. All at once.
This guide covers what matters, why it matters, and what you need to do about it.
Every compliance failure in corporate travel traces back to one of three problems:
The third category is the one that ends careers and generates headlines. That’s where this guide focuses.
When your employee sets foot in another state to conduct business, that state may immediately claim the right to tax your company. This is called establishing a tax nexus. You don’t need a warehouse or an office there. A traveling employee can be enough.
Most states use bright-line thresholds – specific sales, payroll, or property benchmarks – to determine when a company has nexus. California, for example, applies these automatically under Revenue and Taxation Code Section 23101. But California also reserves the right to claim nexus even when those thresholds aren’t crossed, if any transaction for financial gain occurred within the state.
Congress passed Public Law 86-272 in 1959 to protect out-of-state businesses from income tax if their only in-state activity was soliciting orders for tangible goods. That protection is disappearing.
Here is the problem no one tells you about. The threshold that requires you to withhold payroll tax rarely matches the threshold that requires your employee to file a nonresident return. The gap between those two numbers is where audits happen.
| State | Employee Must File | Employer Must Withhold |
|---|---|---|
| New York | Day 1 | After 14 days |
| California | Day 1 (any income). | After $1,500 in earnings |
| Arizona | Day 1 | After 60 days |
| Illinois | After 30 days | After 30 days |
| Connecticut | After 15 days + $6,000 | After 15 days |
| Texas / Florida | N/A (no income tax) | N/A |
The practical consequence: your employee is legally obligated to file a nonresident return in New York from their first day of work there. You don’t have to withhold anything until day 15. The employee often doesn’t know they owe tax. The gap creates personal audit exposure, and when expense records are examined, the company gets dragged in.
Illinois represents the best practice. Filing and withholding thresholds align at 30 days, removing the gap entirely.
New York, Pennsylvania, Nebraska, and Delaware apply a particularly aggressive rule: if your employee’s primary office is in one of these states, all their income is taxed there – even if they work remotely from another state – unless working remotely is a demonstrated business necessity.
In May 2025, the Zelinsky II tribunal reaffirmed that New York taxes remote workdays even when the employee never enters the state. New Jersey then enacted its own matching rule retroactive to January 2023.
Your practical obligation: maintain precise, day-by-day location logs for every employee with a primary office in a convenience-rule state. Without them, you cannot defend against double-taxation claims.
The Mobile Workforce State Income Tax Simplification Act of 2025 (S. 1443) would cap state tax authority at 30 days of physical presence. The AICPA supports it. The Federation of Tax Administrators opposes it, and the bill remains stalled in the Senate Finance Committee. Manage your program under the current law.
Your Undefined CoS allocation renews each year. For most routes this renewal is automatic, at the same level as the previous year, provided you hold an A-rating and have an active allocation.
For some routes (Seasonal Worker, Service Supplier, Secondment Worker, UK Expansion Worker), renewal is not automatic. You must submit a manual renewal request up to three months before your allocation year ends. Unused CoS do not carry over.
The Fair Labor Standards Act requires you to pay non-exempt employees for all hours worked, including certain travel time. Errors here don’t just create back-pay exposure. They create class-action exposure.
The rules are more specific than most HR teams realize:
Not compensable:
Compensable:
It depends:
The Seventh Circuit ruled in Walters v. Professional Labor Group (2024) that construction workers must be paid for travel to overnight worksites when it cuts across their normal working hours. The Sixth Circuit reached the opposite conclusion in Abell v. Sky Bridge Resources (2017).
This circuit split means your risk depends on your geography. In California and New York, state wage laws are even stricter than the FLSA. If you operate in those states, pay the higher standard.
Foreign nationals entering the U.S. on a B-1 business visa or under ESTA may attend meetings, negotiate contracts, attend conferences, or arrange orders for goods manufactured abroad. They may not perform productive work, deliver services, write code, test software, manage operations, or receive U.S.-source compensation.
The test comes from the 1966 BIA case Matter of Hira: permissible B-1 activity is transactional or exploratory. The traveler’s employer must remain abroad, profits must accrue abroad, and no U.S. entity may pay the traveler.
| Category | Permitted | Prohibited |
|---|---|---|
| Commercial | Attending board meetings, negotiating contracts, taking orders | Executing operations, delivering consulting services |
| Technical | Installing or repairing equipment located outside the U.S. | Coding, testing, software development |
| Training | Short-term knowledge transfer with unique skills | Hands-on product development |
| Financial | Participating in litigation, settling estates | Overseeing active U.S. investments |
In 2013, Infosys settled with the U.S. government for $34 million. This is the largest immigration enforcement settlement ever recorded. Federal investigators found that Infosys had systematically used B-1 visa holders to perform work that legally required H-1B visas: software design, implementation, and testing. Internal memos instructed employees to avoid words like “implementation” or “testing” during border interviews.
The lesson is not subtle. U.S. immigration authorities look past what your invitation letters say. They look at what your employees actually do.
OSHA’s General Duty Clause applies wherever your employee works, not just at your offices. Client sites, hotels, airports, rental cars: all covered. Injuries sustained while traveling for business are presumed work-related and must be recorded on your OSHA 300 log, with two exceptions:
The “going and coming” rule generally protects employers from liability during normal commutes. It does not protect you during business travel.
In Jeewarat v. Warner Bros. Entertainment (2009), a California court ruled that attending an out-of-town business conference constitutes a “special errand” for the employer. Warner Bros. paid for airfare, lodging, and parking. The executive was driving home from the airport when he caused a fatal collision. Warner Bros. was held vicariously liable — because the trip, from departure to final return, was considered within the scope of employment.
The same principle applies to personal vehicles. In Lobo v. Tamco (2010), the court found that if an employer expects an employee to have their personal vehicle available for client visits, the employer can be liable for accidents during the employee’s ordinary commute. Frequency of use is irrelevant.
Buying travel insurance is not enough. The 2015 English case Dusek v. StormHarbour Securities established the standard clearly: before sending an employee into a high-risk environment, you must conduct a proportional risk assessment. StormHarbour sent an investment banker to Peru by chartered helicopter without checking the operator’s safety record, the pilot’s qualifications, or local weather patterns. The helicopter crashed in bad weather. The court ruled the employer breached its duty of care.
You must be able to demonstrate that you evaluated the risks and had the authority to cancel the trip if the risks were unacceptable.
Directing employees to a specific hotel or transportation provider does not transfer your liability to that vendor. Courts have held consistently that if an employee is harmed by an unsafe hotel or transportation company you selected without proper vetting, the organization bears direct liability. Vet your vendors.
These numbers should inform your governance priorities:
The governance gap between what CFOs believe and what travel managers know is your biggest internal risk.
Every trip is booked through your Travel Management Company (TMC). No exceptions. This gives you location data for duty of care, an audit trail for tax authorities, and oversight of employee safety. Seventy-nine percent of travellers already accept employer location tracking when framed around safety.
Tools like Centuro Global can monitor travel days by state, flag withholding triggers automatically, and generate compliance filings. The alternative is manual tracking across 50 different state thresholds, which fails at scale.
Under IRC Section 162(a), travel reimbursements are tax-free to employees and fully deductible by the company, but only if your expense program meets three IRS requirements:
If your program fails these tests, all reimbursements become taxable wages.
Require VPNs with multi-factor authentication for all international travel. Explicitly prohibit “shadow AI” tools, non-approved AI applications that employees use to process company data. Forty-four per cent of travel managers now rank digital hacking and information leaks as a more pressing threat than weather or physical delays.
Your records are your evidence. If UKVI asks to see something during a compliance visit and you cannot produce it, they will treat that as non-compliance — even if you were compliant in practice.
Records can be held digitally or in physical files — either is acceptable provided they are secure, GDPR-compliant, and readily retrievable. You should be able to produce any record at short notice. Build record keeping into your normal HR processes from day one.
Business travel compliance is not an HR administrative function. It is a risk management discipline that touches tax law, labor law, immigration, tort liability, and cybersecurity simultaneously. The cost of a reactive program – audits, litigation, regulatory penalties, and reputational damage – vastly exceeds the cost of building a proactive one.
Know where your people are. Know what they’re doing. Have the systems to prove it.
Centuro Global can provide you with such a system.
This guide is based on US government guidance current as of June 2026. Business travel compliance rules change regularly. Verify current requirements with Centuro before acting on specific details.
Discover more global trends, mobility and travel regulation updates and company news.
The European Union’s new digital border control system, the Entry/Exit System (EES), is now fully operational across all Schengen Area borders as of 10 April 2026. This is a significant change in how British citizens and other non-EU nationals will enter and exit the Schengen Area, with major implications for business travel, compliance and border processes.
The European Union’s new digital border control system, the Entry/Exit System (EES), is now fully operational across all Schengen Area borders as of 10 April 2026. This is a significant change in how British citizens and other non-EU nationals will enter and exit the Schengen Area, with major implications for business travel, compliance and border processes.
The European Union’s new digital border control system, the Entry/Exit System (EES), is now fully operational across all Schengen Area borders as of 10 April 2026. This is a significant change in how British citizens and other non-EU nationals will enter and exit the Schengen Area, with major implications for business travel, compliance and border processes.
Discover how we can help your team with immigration, business travel and global expansion.
Book a call
