When reality transforms faster than the law, a dangerous gray area emerges.
That's exactly where many companies find themselves today. Especially in strictly regulated industries such as finance, legal, and real estate. Hybrid working models have long been common practice and are often even expected by candidates. But the legal system is struggling to keep pace. The legal framework was created for a different understanding of work – one in which being present in the office was the norm.
The problem is that the flexibility that is practiced today conflicts with standards that require physical presence, such as working time monitoring, occupational safety, data protection, and insurance. In particularly sensitive areas such as real estate or finance, this can quickly become a risk for the organization, for executives, and for employees themselves.
The need is clear: contractual regulations are required that not only comply with the current legal situation but also reflect the reality of working life. And this is precisely the strategic task facing HR, legal, and corporate management.
The biggest gaps in today's labor law
German labor law is historically tailored to a working world in which desks and working hours were determined by employers.
If you didn't sit in an office, you were considered the exception. Since the pandemic, there has been some progress in specific areas, such as the amended Nachweisgesetz (NachwG) [German Employment Evidence Act], which since 2022 requires greater transparency regarding working conditions (Seatti 2023). However, hybrid working models continue to fall through the cracks of outdated terminology and tacit assumptions.
A key example: the term “telework” as defined in the Workplace Ordinance (ArbStättV) is strictly defined. Only those who work permanently from a permanently equipped workplace at home are covered. Mobile work, i.e. flexible working from different locations, is not regulated by law. And this has become the norm.
These gray areas lead to uncertainty. Does the Working Hours Act also apply in hotel rooms? Who is liable in the event of an accident in a coworking space? How is data protection ensured when employees process sensitive customer data while on the move? In practice, companies have to create their own standards – often in consultation with the works council, legal department, and data protection officers.
What's more, many contracts are not prepared for hybrid scenarios. There is a lack of information on the place of work, working time arrangements, IT equipment, or the obligation to return to the office. These items are not only legally relevant, but also culturally significant. Where there are no rules, uncertainty arises and with it a risk to trust, motivation, and compliance.
From office to remote: What really changes legally
As we move from fixed office workplaces to hybrid or fully mobile ways of working, key responsibilities are shifting. What was previously regulated by visibility and physical proximity now requires contractual clarity and digital control.
One key example is the documentation of working hours. Companies are legally obliged to record the hours worked, regardless of whether the work is done in the office or at home (BMAS 2024). In practice, this means that even with trust-based working hours, time tracking tools must be introduced that function properly not only from a technical standpoint but also in terms of data protection law.
At the same time, the issue of occupational safety and health extends much further than many people realize. Those who work in a hybrid model are also subject to their employer's duty of care when working from home. This includes risk assessments, ergonomic recommendations, and technical equipment (CMS 2024). Particularly critical is the fact that in many cases, it is not even known under what conditions employees actually work. There is not only a lack of control here, but often a lack of awareness.
Mandatory accident insurance also plays an important role. Insurance coverage is generally provided for home offices – but only under certain conditions. The direct route to the printer or a fall on the basement stairs may be covered, but this is not necessarily the case. The decisive factor is the connection to the professional activity (Barmer 2025). Companies are well advised not to leave this to chance.
Last but not least, data protection is coming into the spotlight. Access to sensitive data from home or on the go requires technical security measures such as encrypted connections, VPNs, and access restrictions. Organizational measures such as mandatory training or clear rules on the use of private devices are also essential, especially in industries where regulatory requirements do not allow for exceptions (Numeris 2025).
Hybrid working is therefore not only transforming the place where work is done, but also shifting legal responsibility to a new level. Those who fail to respond with clear rules risk more than just inefficient processes: it is a question of liability, compliance – and ultimately trust.
What hybrid employment contracts need to deliver today
In many companies, the switch to working from home is still based on an email, a verbal agreement, or tacit acceptance. This is no longer sufficient. If you want to organize hybrid work in a legally compliant manner, you must also reflect this in your contracts. And not in abstract terms, but in concrete terms.
A modern employment contract should define the place of work – or, in the case of hybrid models, precisely regulate how often and under what conditions mobile work is permitted. It is not only a question of “whether,” but above all of “how”: Are there days when employees must be present at the office? Does the place of residence have to be within reach of the office? What technical requirements apply to the mobile workplace?
Working hours must also be clearly regulated. This applies not only to the number of hours per week, but also to issues such as availability, break times, and time recording. Even with trust-based working hours, employers remain obliged to monitor statutory maximum working hours and rest periods (Section 3 of the German Working Hours Act (ArbZG)).
Another item is equipment: Who bears the costs for a laptop, monitor, or office chair? Are electricity or internet costs reimbursed? And how is it ensured that the technical environment meets data protection and occupational safety requirements?
Last but not least, insurance coverage is an important item: Since a change in the law in 2021 (§ 8 SGB VII), accident insurance coverage in the home office has been brought into line with coverage in the workplace. Nevertheless, questions remain about regulations in other countries and about minimizing liability risks through clear contractual wording.
Many of the contract templates used today fail to provide answers to these questions. This is not a matter of mistrust, but of protection: for companies and employees alike.
Special case: regulatory industries - between flexibility and the obligation to monitor
The legal complexity of hybrid work is particularly evident in regulated industries. In areas such as financial services, legal advice, and real estate, there are increased requirements for data protection, documentation, and accountability.
Hybrid working is not only a question of organization here, but also of legality. Financial companies, for example, are subject to supervision by BaFin and the ECB. Remote work can trigger additional review and approval processes here. Especially if employees have access to sensitive customer data or carry out transactions from their home office.
In the legal sector, too, the question of maintaining confidentiality arises. Lawyers, notaries, and corporate lawyers who work remotely must ensure that no unauthorized third parties have access to confidential information (Numeris 2025).
In the real estate industry, on the other hand, handling personal data is an essential part of day-to-day business. Rental agreements, financing documents, land register extracts. All of these contain information that needs to be protected. Anyone working in a hybrid environment must therefore take particular care when it comes to storage locations, transmission routes, and retention periods.
Exploiting scope for action: Three models that are already working today
Model 1: Contract addendum for mobile work
A legally reviewed addendum to the employment contract regulates, among other things, the number of days of home office, technical equipment, time recording, and call-back rights.
Model 2: Collective works agreement
Ideal for larger workforces – standardizes processes, increases acceptance, and creates binding rules on data protection and compliance.
Model 3: Special contract for sensitive functions
Recommended for positions with a high level of responsibility: with individual clauses on access protection, reporting channels, and the obligation to return to the workplace.
Crucial in all three cases: It is not enough to simply formulate the regulations. They must be lived, technically supported, and regularly reviewed.
Conclusion: If you want modern work, you need a modern contract culture
Hybrid working is here to stay. However, it is only legally secure if companies are prepared to translate the reality of their employees' working lives into clear contracts. The good news is that there are many ways to adjust the parameters. The decisive factor is the willingness not only to tolerate hybrid working, but to structure it in a structured manner. This is especially important where responsibility is not an option, but an obligation.
Hybrid working is transforming how teams are managed, locations are used, and contracts are conceived. Anyone who wants to attract talent today needs people who understand this change. Numeris Consulting brings together recruiting expertise, industry knowledge, and strategic staffing strength. For companies that want to secure their hybrid reality with the right personnel. Contact us - we look forward to hearing from you.
Sources
- Barmer (2025): Employment contract and home office.
- BMAS (2024): Working Hours Act (ArbZG). bmas.de
- CMS Germany (2024): BMAS recommendations for hybrid screen work.
- Seatti (2023): Hybrid work in labor law.
- Haufe (2024): What to consider when setting up home office policies.
- Numeris Consulting (2025): Challenges and opportunities of hybrid working models in the legal and financial world.
Ready to find out more?
