Subcontractor and sourcer compliance for agencies
The obligations a recruitment agency takes on when it uses independent sourcers, freelance recruiters, or sub-agents to deliver work on behalf of clients, covering contract structure, data processing agreements, employment classification, client consent requirements, and liability passthrough.
Michal Juhas · Last reviewed May 8, 2026
What is subcontractor and sourcer compliance for agencies?
When a recruitment agency brings in an independent sourcer, freelance recruiter, or sub-agent to deliver work on a client engagement, the agency does not shed its obligations to the client. It picks up new ones. The agency remains the primary party under the client contract, which means every failure by the subcontractor lands on the agency: missed data obligations, a misrepresented candidate, an unpaid employment tax, or a breach of the confidentiality clause the client negotiated into the master services agreement.
Subcontractor compliance is the set of controls that sits between "I need extra sourcing capacity" and "I am exposed to a claim." Those controls cover four main areas: whether the client has consented to the subcontracting arrangement, whether the contract between the agency and subcontractor mirrors the key obligations in the client agreement, whether a data processing agreement is in place for GDPR-regulated candidate data, and whether the subcontractor's employment classification is defensible under the applicable tax law.
Agency owners who work with freelance sourcers regularly often treat this as informal until a dispute or audit surfaces. Getting the paperwork in order before the first brief is sent out is cheaper than resolving a misclassification inquiry or a GDPR complaint after a placement.
In practice
- An agency owner adds a specialist sourcer to a retained executive search. Before briefing her, she checks the client MSA, finds a written-consent clause, and sends the client a one-paragraph notification. The client replies with approval in writing. When the candidate is placed, there is no basis for the client to dispute the fee on the grounds that an unauthorised third party was involved.
- A staffing agency uses a network of freelance sourcers in three countries. An HMRC inquiry arrives asking whether the sourcers should have been treated as employees. The agency can produce signed agreements documenting the basis for independent contractor classification, reducing exposure to a penalty.
- An RPO team subcontracts data enrichment to a vendor based outside the EU. Because the subcontractor agreement lacks a data processing clause and standard contractual clauses, the agency receives a data subject access request it cannot answer cleanly. The situation would have been avoided with a compliant DPA signed before the first candidate record was shared.
Quick read, then how hiring teams use it
This page is for agency principals, agency ops managers, and in-house TA leaders who work with freelance sourcers, sub-agents, or external search partners. Skim the first section for the definition. Use the second when you are deciding how to structure, document, and monitor a subcontractor relationship on a live engagement.
Plain-language summary
- What it means for you: Every time you use a freelance sourcer or sub-agent to deliver client work, you inherit compliance obligations you may not have thought through: client consent, a contract that mirrors your client agreement, data handling rules, and employment classification.
- How you would use it: Before briefing any subcontractor, check the client MSA for consent requirements, issue a subcontractor agreement with back-to-back terms, and sign a data processing agreement if the subcontractor will touch candidate data.
- How to get started: Pull your most recent freelance sourcer engagement. Check whether you have a signed agreement, a client consent record, and a data processing clause. If any of those are missing, draft them before the next engagement starts.
- When it is a good time: Before you share the first brief, not after the placement is made and an invoice is questioned.
When you are running live reqs and tools
- What it means for you: The agency is on the hook to the client for what the subcontractor does, including data mishandling, a misrepresented candidate, or a GDPR complaint. Back-to-back terms and a data processing agreement shift that exposure back to the subcontractor in writing.
- When it is a good time: Before any briefing call with a freelance sourcer or sub-agent, especially if the client MSA has a consent or subcontracting clause. For retained search or RPO engagements, treat this as part of project set-up, not an afterthought.
- How to use it: Use a standard subcontractor agreement template that mirrors your client-facing master services agreement. Add a data processing annex for any engagement where the subcontractor will receive candidate personal data. Get client consent in writing before the subcontractor starts work.
- How to get started: Draft a one-page subcontractor onboarding checklist covering consent obtained, agreement signed, DPA signed, insurance confirmed, and classification documented. Run it for every new subcontractor regardless of engagement length.
- What to watch for: MSA clauses that prohibit subcontracting entirely, cross-border data transfers without standard contractual clauses, freelance sourcers whose working pattern starts to resemble employment, and subcontractor agreements that do not include a matching guarantee or claw-back clause if the placed candidate leaves inside the guarantee window.
Where we talk about this
On AI with Michal live sessions, the compliance and commercial structure of agency operations comes up in the AI in recruiting track, particularly when agency owners discuss scaling sourcing capacity with freelancers and managing the documentation that client relationships require. The Workshops cohort covers both the operational and legal side of agency agreements so principals understand where they are exposed and how to structure subcontractor relationships before a dispute surfaces.
Around the web (opinions and rabbit holes)
Third-party content on subcontractor compliance for recruitment agencies spans employment law commentary, agency owner forums, and HR operations resources. These are starting points, not endorsements. Verify any legal position with employment counsel before relying on it in a live arrangement.
YouTube
- IR35 for recruitment agencies explained walks through how off-payroll working rules apply when agencies use freelance sourcers and sub-agents.
- How to write a subcontractor agreement for staffing agencies covers the key clauses that protect the agency when third parties are delivering client work.
- GDPR data processing agreements for recruitment agencies explains how DPAs work in practice when candidate data moves between an agency and a sub-processor.
- Using freelance sourcers on client engagements in r/RecruitmentAgencies surfaces practitioner perspectives on consent, documentation, and what happens when a placement goes wrong and a sub-agent was involved.
- IR35 and recruitment subcontractors in r/LegalAdviceUK includes accounts from agency owners dealing with employment classification questions on UK-based freelance sourcing arrangements.
- GDPR and third-party data processors in r/gdpr covers DPA requirements for organisations that share personal data with external vendors, directly applicable to candidate data shared with subcontractors.
Quora
- What obligations does a recruitment agency have when using a freelance sourcer? collects practitioner and legal perspectives on subcontractor documentation and liability.
Subcontractor compliance tier comparison
| Arrangement | Client consent required | DPA required | Classification risk | Fee split document |
|---|---|---|---|---|
| Freelance sourcer (short term) | Check MSA | Yes, if handling candidate data | Medium (IR35 or state test) | Referral or split agreement |
| Sub-agent (extended engagement) | Usually yes | Yes | Higher (hours, direction, tools) | Formal sub-agent agreement |
| RPO sub-vendor | Almost always | Yes, plus SCC if cross-border | Depends on jurisdiction | SOW-level schedule |
Related on this site
- Glossary: Master services agreement (MSA) for agency services, Statement of work (SOW) for recruiting projects
- Glossary: Agency indemnification clauses, Co-employment and staffing agency liability
- Glossary: Joint employment liability for agencies, Client pass-through compliance for agencies
- Glossary: Split placement fees in recruitment agencies, Backfill periods and replacement guarantees
- Glossary: GDPR and first-touch outreach, Retained search vs contingency recruiting
- Glossary: Agency data room and due diligence, Recruitment factoring and agency cash flow
- Workshops: AI in recruiting
- Course: Starting with AI: the foundations in recruiting
- Membership: Become a member
Frequently asked questions
What is subcontractor compliance in a recruitment agency context?
Subcontractor compliance covers the obligations triggered when a recruitment agency hires an independent sourcer, freelance recruiter, or sub-agent to perform work the agency has contracted to deliver for a client. The agency remains the primary obligor to the client, so compliance failures by the subcontractor are attributed to the agency. The main risk areas are employment classification (whether the subcontractor is genuinely independent), data handling under GDPR or equivalent laws, back-to-back contractual terms that pass client obligations downstream, and client notification requirements embedded in the master services agreement. Most agency MSAs require written client consent before subcontracting work.
Does a recruitment agency need to inform its client when it uses a subcontractor?
Most master services agreements include a subcontracting clause requiring the client's prior written consent before any third party performs work under the contract. Some agreements restrict subcontracting entirely. Before onboarding a sourcer or sub-agent, check the specific client MSA for consent requirements, exclusivity restrictions, and limitations on where work can be performed, which is relevant for cross-border subcontracting. Failing to obtain required consent can give the client grounds to reject a placement, dispute an invoice, or terminate the agreement. If the MSA is silent on subcontracting, seek written client acknowledgment anyway to document the arrangement and protect invoicing rights.
What contracts should govern the agency-subcontractor relationship?
The core document is a subcontractor agreement that mirrors key terms from the client-facing master services agreement: confidentiality, non-solicitation of the client and its candidates, data handling obligations, fee terms, and liability limits. If the agency has a statement of work with a specific client, a matching project-level scope document for the subcontractor helps align deliverables. A data processing agreement is required under GDPR whenever the subcontractor handles candidate personal data on the agency's behalf. Include right-to-audit clauses and specify what happens to candidate data when the subcontractor relationship ends, covering deletion timelines and written confirmation procedures.
How does GDPR apply when a recruitment agency subcontracts sourcing work?
Under GDPR, the agency is typically the data controller for candidate personal data collected during a recruitment engagement. When a sourcer or sub-agent processes that data on the agency's behalf, they become a data processor. A written data processing agreement is legally required, covering categories of data processed, processing purpose, retention limits, security measures, deletion obligations, and how the sub-processor must handle data subject requests. The agency remains liable for the subcontractor's data handling, including any breach. Agencies should verify whether the subcontractor operates in a different jurisdiction, as cross-border transfers may need additional safeguards such as standard contractual clauses. See GDPR and first-touch outreach for how data obligations begin before a subcontractor is briefed.
How does employment classification affect agency subcontractor compliance?
Misclassifying a subcontractor as an independent contractor when the working relationship meets the legal definition of employment creates significant tax and employment law liability for the agency. In the UK, IR35 rules can transfer liability for unpaid employment taxes to the agency if a sourcer is deemed to be working inside IR35. In the US, IRS multi-factor tests and state-level tests such as California's ABC test can reclassify freelance sourcers as employees. Agencies should assess each subcontractor relationship against the applicable classification rules before engagement, document the basis for the classification, and revisit it when the working pattern changes. Legal advice is advisable for long-term or high-volume subcontractor arrangements that may draw regulatory scrutiny.
What insurance and liability provisions should a subcontractor agreement include?
A subcontractor agreement should require the subcontractor to hold adequate professional indemnity and public liability insurance, with minimum cover levels specified and an obligation to provide proof on request. The agreement should define the liability cap for the subcontractor's work and whether the agency can recover losses from the subcontractor if a client claim arises from the subcontractor's actions. Back-to-back indemnification clauses, where the subcontractor indemnifies the agency for losses caused by the subcontractor's negligence or breach, are standard in structured agreements. Without these provisions, the agency absorbs the full financial exposure from a subcontractor error, such as a GDPR breach or a misrepresented candidate. See agency indemnification clauses for the broader indemnification framework.
How does using a subcontractor affect the placement fee and guarantee period?
The placement fee the agency charges the client is unaffected by subcontracting: the agency invoices the client at the agreed rate and pays the subcontractor a proportion defined in the subcontractor agreement, sometimes called a split or referral fee. Specify whether it is calculated on the gross fee, net of VAT, or net of expenses to avoid disputes at invoicing. The guarantee period and backfill obligation remain the agency's responsibility to the client regardless of who sourced the placed candidate. Recovery from the subcontractor if the candidate leaves within the guarantee window depends on whether the subcontractor agreement includes a matching guarantee or claw-back clause. See split placement fees for shared fee structures.
Can AI tools help agencies manage subcontractor compliance workflows?
AI tools can draft subcontractor agreements, data processing annexes, and onboarding checklists from a brief that includes the subcontractor's role, data access scope, and applicable jurisdiction. Tools such as Claude or ChatGPT can also compare a subcontractor's proposed terms against the agency's standard template and flag gaps in confidentiality, IP ownership, or data handling clauses. Treat AI output as a first draft requiring legal review, not a final document. Do not paste candidate personal data or client confidential information into a general-purpose AI tool unless your data processing agreement explicitly covers AI-assisted drafting. See Claude in recruiting for practical AI drafting workflows in an agency context, and ChatGPT for recruiters for comparison.
