Valletta Software

Rebuilding a Field-Workforce Time-Tracking Platform for the EU’s New Working-Time Rules

Web
app
Rebuilding a Field-Workforce Time-Tracking Platform for the EU’s New Working-Time Rules
Home » Success stories » Time-Tracking Platform

Rebuilding a Field-Workforce Time-Tracking Platform for the EU's New Working-Time Rules

An EU-based time-tracking software company ran a working platform for field teams, the construction, cleaning and maintenance crews who clock in on site rather than at a desk, but it carried two years of technical debt just as new working-time-registration rules began turning objective time tracking into a legal requirement across Europe. We rebuilt the core, added a lightweight track for the new use case, and wired worked time straight into national social-security reporting. For confidentiality we describe the engagement without naming the company or the people involved.

Key Takeaways

  • Automatic national social-security filing of worked time, with no manual re-keying.
  • GPS check-in and geofencing that prove a worker was on site, not just tapping a button.
  • A new lightweight time-card track for the mandatory working-time-registration use case.
  • EU-resident, access-controlled data with audit logging, built for GDPR from the start.

The client is an EU-based SaaS company whose platform records working time for deskless teams. Its customers are field businesses, mainly construction, cleaning and maintenance, where the question is not just how many hours were worked but whether the worker was actually on site. The platform had been built over roughly two years by a previous team. It functioned, but it carried defects, gaps in functionality, and architectural debt that made the next step, compliance with new EU working-time rules, hard to deliver. For confidentiality we describe the engagement without naming the company or the people involved.

The Challenge: A Working Platform Carrying Two Years of Debt, Meeting a New Law

The product already had paying customers and a real workflow. It also had the quiet kind of problem that does not show up in a demo: two years of accumulated defects, missing functionality, and an architecture that resisted change, all surfacing exactly when a new legal deadline arrived.

Across several EU countries, objective working-time registration was moving from good practice to legal duty. That raised the stakes for a platform whose whole purpose was recording hours: it now had to produce records reliable enough to satisfy regulators and feed them into the national social-security system, not just display them in an app. Building that on top of a fragile codebase meant every new feature was slower and riskier to ship than it should have been.

There was also a mismatch between the product's complexity and the simplest new requirement. The existing data model was built around projects, sub-projects, contractors and subcontractors, which suited large sites but was overkill for the plainest legal case: a worker who simply needs to clock in, clock out, and leave a location stamp. And because these are field teams, customers needed something a desk-bound system never has to prove, that the person was physically on the job site rather than tapping a button from somewhere else.

  • Technical debt from a previous build: defects and gaps that made every new feature slower and riskier to ship
  • A new working-time-registration duty, rolling out across several EU countries, requiring objective records that flow to the national social-security system
  • A heavyweight data model (projects, sub-projects, contractors, subcontractors) that was overkill for the simplest new use case: plain check-in, check-out and a location stamp
  • Field-specific fraud risk: customers needed proof that a worker was physically on site, not just a tap from anywhere
The platform before and after the rebuild: two years of technical debt, a heavyweight data model and no automatic reporting versus a compliance-first core, a light check-in track and automatic national social-security filing
The platform, before and after: a debt-laden build became a compliance-first core with a lightweight check-in track and automatic national social-security filing.

The Approach: Senior Engineers, Tech Leads, and a Compliance-First Rebuild

We embedded senior engineers, tech leads and project managers who already understood time-registration architecture into the client's stack and roadmap, rather than rebuilding from zero. The aim was to strengthen the core and ship the new compliance capabilities on top of it, keeping the running product alive for existing customers throughout.

Compliance and EU data residency were treated as non-negotiable design constraints, not afterthoughts. Because the platform records who worked, when and where, every part of it had to comply with the EU General Data Protection Regulation, with data staying resident in the EU and personal data minimized to what each task strictly requires.

From there, two decisions shaped the build. First, we separated the product into two tracks: a full track for complex sites and a new light track for the simple legal use case, so the heavyweight model no longer stood in the way of plain check-in and check-out. Second, we designed the integrations to national social-security reporting and to the client's ERP and billing layer up front, so worked time and usage data would flow automatically instead of being re-keyed.

The Solution: GPS Check-In, a Light Track, and Automatic Compliance Reporting

  • Prove presence, not just a tap. GPS geolocation is tied to the moment of check-in and check-out, and geofencing means a clock-in only counts inside the job-site radius. Presence becomes evidence, which is exactly what field customers and the law both need.
  • Two tracks from one foundation. A full track for complex sites (projects, sub-projects, contractors and subcontractors, each tracking their own time and location) and a new light track (check-in, check-out and geotag only) for the simple mandatory-registration use case. Customers pick the track that fits, on the same platform.
  • Automatic national social-security reporting. Worked time captured in the app flows directly into the national social-security system, so the records the law requires are filed automatically rather than re-keyed. It is built to extend country by country as the new rules spread.
  • Clean integrations and multi-tenant scale. A documented API connects the client's ERP and billing tools for per-user billing and usage data, and a multi-tenant architecture lets each employer onboard and manage its own workforce, with per-country content rather than just translation.

Because the platform records personal data about where and when people work, EU data protection shaped the design rather than following it:

  • Data is EU-resident, with processing kept inside the region to meet data-residency requirements.
  • Personal data is minimized to what each task strictly requires, so location and identity are used only where the use case demands it.
  • Access is role-based and scoped by function, and every relevant action is written to an audit log.
  • No worker or customer data is routed through public AI services or third-party training pipelines at any point.

The platform worked in a demo. Making it hold up under a new law, in production, was the real job.

The Results: Compliant, Lighter, and Ready for the Next Country

The rebuild moved the platform from a working demo to a system that holds up in production under a new legal regime. Worked time now files itself to the state, field customers can prove presence rather than trust a tap, and the simplest legal use case has a track of its own. The architecture is laid out so the same compliance flow can be extended to the next country as the rules arrive.

After the rebuild: automatic national social-security filing, GPS and geofencing proof of presence, a new light time-card track, and EU-resident access-controlled data
What the rebuild delivered: automatic compliance reporting, defensible proof of on-site presence, a lightweight track for the new law, and EU-resident data by design.
  • The platform now files national social-security records automatically.
  • A lightweight track exists for the new mandatory-registration use case.
  • GPS and geofencing give customers defensible proof of on-site presence.
  • The architecture is ready to extend to additional EU countries as the rules roll out.

The result is a time-tracking platform that field businesses can rely on for compliance and that the company can extend country by country without rebuilding it again. For more engagements like this, browse our success stories.

Frequently Asked Questions

Can you build software that reports working time to a national social-security system?

Yes. We build the integration so that captured hours are filed automatically, and we design it to extend country by country as the new EU working-time rules roll out.

How do you stop time-tracking fraud for field teams?

GPS check-in tied to the moment of clocking, plus geofencing that only counts a clock-in inside the job-site radius, so presence is proven, not just tapped.

How do you handle EU data protection?

Data is EU-resident and access-controlled, with audit logging, and personal data is minimized to what each task strictly requires.

Building Time-Registration Software for the New EU Rules?

We have proven, hands-on experience delivering this kind of compliant time-registration software. Tell us where your roadmap and the new rules are creating pressure, and we will show you how we would help.

Get a free consultation: vallettasoftware.com/contact

Related Success Stories

Let’s talk