Guide
Health and safety basics
Essential health and safety requirements for all employers.
All employers have a legal duty to ensure the health, safety and welfare of their employees under the Health and Safety at Work Act 1974 (HSWA). This is the principal legislation governing workplace safety in the UK, and it applies to all businesses regardless of size.
What the law requires
The Health and Safety at Work Act 1974 and the Management of Health and Safety at Work Regulations 1999 require employers to:
- Conduct risk assessments and provide safe equipment and working conditions
- Ensure materials are properly stored, handled, used and transported
- Provide information, training, instruction and supervision to employees
- Inform workers fully about all potential hazards
- Consult with employees on health and safety matters
Employee responsibilities
Employees also have legal duties under Sections 7 and 8 of the Act:
- Take reasonable care of their own health and safety and that of others
- Cooperate with their employer on health and safety matters
- Use PPE in accordance with instruction and training
- Report any damage, defects or hazards they identify
- Not interfere with or misuse anything provided for health and safety
The 5-step risk assessment process
Risk assessment is the foundation of workplace health and safety. The HSE recommends this 5-step approach:
Step 1: Identify the hazards
Walk around your workplace and look for anything that could reasonably cause harm. Consider physical hazards (machinery, electricity, working at height), health hazards (chemicals, dust, noise), and organisational hazards (stress, fatigue, lone working).
Step 2: Decide who might be harmed and how
Consider all workers including part-time staff, contractors, cleaners, and visitors. Pay special attention to young workers, new employees, pregnant workers, and people with disabilities who may face additional risks.
Step 3: Evaluate the risks and decide on precautions
For each hazard, consider how likely harm is and how serious it could be. Apply the hierarchy of control: eliminate the hazard if possible, substitute with something less dangerous, use engineering controls, implement safe systems of work, and use PPE as a last resort.
Step 4: Record your findings and implement them
If you have 5 or more employees, you must record your significant findings in writing. Even with fewer employees, keeping records is best practice. Share findings with employees and implement the control measures you've identified.
Step 5: Review and update regularly
Risk assessments aren't a one-off exercise. Review them when circumstances change (new equipment, different processes, after accidents) or at least annually. Update controls as needed.
Requirements by business size
H&S obligations scale with your workforce. See our dedicated guide for details on what changes at each threshold.
Health and safety requirements by business size
Common workplace hazards
Your risk assessment should consider these common hazards:
Manual handling: The Manual Handling Operations Regulations 1992 require you to avoid hazardous manual handling where possible, assess risks that can't be avoided, and reduce the risk of injury. There are no specific safe weight limits in law - you must assess each situation.
Display screen equipment (DSE): If staff use computers habitually for significant periods (generally more than 1 hour per day), you must assess their workstation setup, provide breaks from screen work, and offer eye tests on request. This applies equally to home workers.
Slips, trips and falls: One of the most common causes of workplace injuries. Control contamination, ensure adequate lighting, keep areas tidy and free from obstructions, and maintain floors in good condition.
Working at height: The Work at Height Regulations 2005 apply to any work where someone could fall and injure themselves - there's no minimum height threshold. Always avoid working at height where possible, use equipment to prevent falls, and minimise fall distances.
Electrical safety: Over 1,000 electrical accidents are reported to HSE each year, with approximately 30 resulting in fatalities. Ensure equipment is safe, have it regularly inspected (PAT testing), and train staff on electrical hazards.
Enforcement and penalties
Health and safety law is enforced by either the Health and Safety Executive (HSE) or local authorities, depending on your business type:
- HSE enforces: Construction, manufacturing, factories, farms, chemical plants, railways
- Local authorities enforce: Shops, offices, retail, pubs, clubs, hotels, care homes, leisure facilities, warehouses
Penalties for non-compliance:
- Fines are unlimited for health and safety offences
- Multi-million pound penalties are common for larger companies (fines are proportional to turnover since 2016 sentencing guidelines)
- Directors can face up to 2 years imprisonment for offences committed with their consent or negligence
- Gross negligence manslaughter carries a maximum of life imprisonment
- Directors can be disqualified for up to 15 years
HSE maintains a conviction rate exceeding 90% when cases reach court. Fines are substantial and proportional to turnover under the 2016 sentencing guidelines.
RIDDOR and COSHH: Mandatory reporting and hazardous substance controls
Manufacturing businesses must comply with RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) and COSHH (Control of Substances Hazardous to Health Regulations 2002).
RIDDOR - What you must report
- Deaths and specified injuries: Fractures (except fingers/thumbs/toes), amputations, crush injuries to head/torso, severe burns (>10% body), loss of consciousness, loss of sight
- Over-7-day injuries: Worker incapacitated for more than 7 consecutive days
- Dangerous occurrences: Lifting equipment failures, pressure system failures, electrical fires/explosions, structural collapses, hazardous substance releases
- Occupational diseases: Work-related asthma, dermatitis, diseases from chemical exposure
RIDDOR reporting deadlines
- Deaths, specified injuries, dangerous occurrences: Report without delay (full report within 10 days)
- Over-7-day injuries: Report within 15 days of the accident
COSHH - Hazardous substances in manufacturing
You must assess and control exposure to:
- Chemicals: Solvents, adhesives, paints, metalworking fluids, cleaning products
- Process-generated hazards: Welding fumes (metal fumes), grinding/cutting dust, silica dust, vapours from heated substances
COSHH requirements
- Risk assessment: Document hazards, who's exposed, and control measures (mandatory written assessment if 5+ employees)
- Control hierarchy: Eliminate → Substitute → Engineering controls (LEV systems) → Administrative controls → PPE (last resort)
- Maintenance: Local Exhaust Ventilation systems must be tested every 14 months
- Health surveillance: Required where work-related disease is reasonably likely (lung function tests, skin checks, blood tests)
- Training: All workers must understand hazards and correct use of controls and PPE
Record keeping
- RIDDOR records: Keep for at least 3 years (best practice: 5-6 years)
- Health surveillance records: Keep for 40 years minimum
- Personal exposure monitoring: Keep for 40 years minimum
RIDDOR non-compliance: Criminal offence punishable by unlimited fines and up to 2 years imprisonment (Crown Court). Recent prosecutions include 6 months jail for unreported amputation and £500,000 fine for unreported explosion.
COSHH non-compliance: Criminal offence with unlimited fines and imprisonment in serious cases. HSE can issue Improvement Notices, Prohibition Notices (stop work immediately), or prosecute.
Report incidents online at HSE RIDDOR reporting or call 0345 300 9923 (fatal/major injuries only).
Healthcare-specific H&S: Infection control, sharps, and clinical risks
Healthcare employers face additional H&S requirements beyond general workplace duties:
Health and Safety at Work Act in healthcare
- Risk assessments must cover clinical risks including infection, violence/aggression, manual handling of patients, and exposure to blood-borne pathogens
- Competent advice: Complex healthcare risks typically require specialist H&S support beyond standard competent person requirements
- Safe systems of work must cover clinical procedures, not just general workplace activities
RIDDOR in healthcare
Healthcare-specific reportable injuries include:
- Sharps injuries: Needlestick injuries resulting in blood-borne virus exposure or prophylaxis treatment
- Violence and aggression: Physical assaults causing specified injuries (fractures, loss of consciousness)
- Moving and handling: Injuries from patient handling (back injuries, musculoskeletal disorders)
- Over-7-day incapacitation: Any work-related injury preventing work for 7+ consecutive days
COSHH in healthcare
Healthcare substances requiring COSHH assessment:
- Cytotoxic drugs: Chemotherapy agents - closed system handling, spill procedures
- Anaesthetic gases: Nitrous oxide, sevoflurane - scavenging systems, exposure monitoring
- Glutaraldehyde: Cold sterilisation - being phased out due to sensitisation risks
- Latex: Latex protein allergy risk from gloves - substitute with non-latex alternatives
- Blood-borne pathogens: Hepatitis B, C, HIV - vaccination, post-exposure prophylaxis
HSE and local authorities enforce health and safety law in healthcare settings. CQC can take regulatory action if H&S failures affect care quality. Recent healthcare prosecutions include £800,000 fine for sharps injury leading to hepatitis infection, and £650,000 fine for inadequate patient handling systems.