Guide

Prevent sexual harassment in the workplace

Your legal duty to take reasonable steps to prevent sexual harassment at work, effective from 26 October 2024. Covers the anticipatory duty, third-party harassment by customers and clients, risk assessment requirements, training obligations, and the 25% tribunal compensation uplift for breaching this duty.

Retail & Consumer GoodsHealthcare & Social CareTechnology & Digital UK-wide

From 26 October 2024, all employers have a legal duty to take reasonable steps to prevent sexual harassment of their employees. This new obligation was introduced by the Worker Protection (Amendment of Equality Act 2010) Act 2023, which inserts section 40A into the Equality Act 2010.

This is a significant change in the law. Previously, employers could only be liable for sexual harassment after it had occurred. Now, you must take proactive steps to prevent it from happening in the first place.

Why this matters for your business:

  • The duty is anticipatory - you must act before harassment occurs, not just respond to complaints
  • It applies to all employers regardless of size - there is no small business exemption
  • Breaching this duty can result in a 25% uplift to compensation awards if a harassment claim succeeds
  • The Equality and Human Rights Commission (EHRC) can take enforcement action even without an individual complaint

This guide explains what you must do to comply with your new legal obligations.

Understanding the new preventative duty

The duty under section 40A is fundamentally different from previous discrimination law. It shifts the focus from reacting to harassment to actively preventing it.

Key features of the duty:

  • Anticipatory: You must identify and address harassment risks before any incident occurs
  • Proactive: Having a policy is not enough - you must take active, ongoing measures
  • Proportionate: What counts as "reasonable steps" depends on your business size, resources, and specific risks
  • Sexual harassment only: This specific duty applies to sexual harassment under section 26(2) of the Equality Act, not other forms of harassment

The duty covers harassment by colleagues, managers, and third parties such as customers, clients, and suppliers. This is a significant reinstatement of protection that was removed in 2013.

What "reasonable steps" means in practice

The law requires you to take "reasonable steps" - not "all possible steps". What is reasonable depends on your circumstances, including your size, sector, and specific risk factors.

The EHRC technical guidance identifies eight areas where employers should take action:

  1. Risk assessment: Identify and document sexual harassment risks specific to your workplace
  2. Anti-harassment policy: Have a clear, comprehensive policy that is communicated to all staff
  3. Training: Provide effective training to all employees and enhanced training for managers
  4. Reporting mechanisms: Create multiple, accessible routes for reporting harassment
  5. Third-party procedures: Have policies specifically addressing harassment by customers, clients, or visitors
  6. Prompt investigation: Take complaints seriously and investigate without delay
  7. Monitoring: Review the effectiveness of your measures and update as needed
  8. Leadership commitment: Senior management must visibly champion prevention efforts

The tribunal test: If a harassment claim succeeds, the tribunal will consider whether you took reasonable steps to prevent it. If you did, you may have a defence. If you did not, you face the 25% compensation uplift.

Third-party harassment: customers, clients, and visitors

One of the most significant aspects of the new law is that it explicitly requires employers to take reasonable steps to prevent sexual harassment by third parties - people who are not your employees.

This reinstates and strengthens protection that was removed by the Enterprise and Regulatory Reform Act 2013. Under the old law (repealed in 2013), employers were only liable after three incidents of third-party harassment. Now, the duty is anticipatory - you must act before any harassment occurs.

Conducting a sexual harassment risk assessment

While not explicitly required by the statute, conducting a risk assessment is strongly recommended by the EHRC and is likely to be considered essential evidence that you took reasonable steps.

Your risk assessment should consider:

Workplace factors:

  • Lone working - staff who work alone with clients, customers, or colleagues
  • Power imbalances - situations where junior staff interact with senior staff or influential clients
  • Work-related social events - conferences, away days, office parties
  • Business travel and overnight stays
  • Remote working and online communications (video calls, messaging)

Sector-specific risks:

  • Customer-facing roles in retail, hospitality, and healthcare
  • Night-time economy work (bars, clubs, late-night retail)
  • Entertainment and creative industries
  • Professional services with client entertaining
  • Any role involving vulnerable service users

Workforce factors:

  • Gender composition of teams and departments
  • Use of temporary, agency, or zero-hours workers
  • History of harassment complaints or concerns
  • Staff turnover patterns in particular teams
  • Results of staff surveys or exit interviews

Document your assessment and review it at least annually, or whenever significant changes occur (new premises, new client relationships, restructuring, or after any incident).

Training requirements

Training is consistently identified by tribunals as a key indicator of whether reasonable steps were taken. A policy without training is unlikely to establish a defence.

Training for all employees should cover:

  • What constitutes sexual harassment under section 26(2) of the Equality Act
  • The difference between harassment and banter - why "it was just a joke" is not a defence
  • Your organisation's policy and reporting procedures
  • The potential consequences of harassment (for the harasser and the organisation)
  • Bystander intervention - how to challenge inappropriate behaviour safely

Enhanced training for managers should additionally cover:

  • Recognising warning signs and early indicators
  • How to receive and respond to disclosures sensitively
  • Investigation procedures and confidentiality requirements
  • Supporting complainants through the process
  • Third-party harassment - when and how to refuse service or end client relationships

Training frequency: The EHRC recommends refresher training at least annually. Induction training should be provided to all new starters within their first week.

Record keeping: Document who attended training, when, and what was covered. Keep records for at least 6 years (the limitation period for tribunal claims plus potential extensions).

Establishing reporting and complaints procedures

Employees must have clear, accessible, and trusted routes to report harassment. Research consistently shows that most harassment goes unreported, often because victims do not trust the process or fear retaliation.

Effective reporting mechanisms:

  • Multiple reporting routes - not just through line managers (who may be the problem)
  • Named contact person or people (often HR, but could be trained volunteers)
  • Anonymous reporting option (while noting limitations for investigation)
  • External whistleblowing hotline for serious concerns
  • Clear written guidance on how to make a report

Your complaints procedure should:

  • Be published and communicated to all staff
  • Explain the process clearly, including timescales
  • Guarantee confidentiality as far as possible
  • Protect complainants from retaliation (victimisation is separately unlawful)
  • Explain the range of possible outcomes
  • Offer support to complainants throughout the process

Investigation requirements:

  • Acknowledge complaints promptly (within 2 working days recommended)
  • Appoint an impartial investigator with appropriate training
  • Interview all relevant parties and witnesses
  • Consider precautionary measures while investigating (e.g., separation of parties)
  • Document all steps and decisions
  • Communicate the outcome to both parties
  • Offer a right of appeal

EHRC enforcement powers

The Equality and Human Rights Commission has significant powers to enforce the section 40A duty - and crucially, it can act even without an individual making a complaint.

EHRC enforcement options include:

  • Investigation: The EHRC can investigate suspected breaches of the duty proactively, based on intelligence, sector concerns, or media reports
  • Unlawful act notice: If breach is found, the EHRC can issue a notice requiring you to prepare an action plan
  • Binding agreements: The EHRC can enter into legally binding agreements with employers to take specific actions
  • Court proceedings: The EHRC can apply for injunctions to compel compliance
  • Publication: Investigation reports may be published, naming non-compliant employers

Important: EHRC enforcement is separate from and additional to individual tribunal claims. You could face both regulatory action from the EHRC and compensation claims from affected employees.

The EHRC has indicated it will prioritise enforcement in sectors with known high harassment risks, including hospitality, retail, healthcare, and entertainment.

The 25% compensation uplift

If an employee succeeds in a sexual harassment claim and the tribunal finds you breached the duty to take reasonable steps, it must consider increasing the compensation award by up to 25%.

Practical compliance checklist

Use this checklist to assess your current compliance and identify gaps:

  1. Conduct a sexual harassment risk assessment

    Identify and document harassment risks specific to your workplace, including customer/client interactions, lone working, power imbalances, work events, and sector-specific factors. Review annually and after any incident.

  2. Develop or update your anti-harassment policy

    Ensure you have a written sexual harassment policy that defines harassment, explains reporting procedures, sets out investigation process, and confirms zero tolerance. Communicate to all staff.

  3. Implement comprehensive training

    Train all employees on what constitutes sexual harassment and how to report it. Provide enhanced training for managers on handling complaints and investigations. Refresh training annually.

  4. Establish multiple reporting channels

    Create accessible reporting routes that do not depend solely on line managers. Consider anonymous reporting options. Ensure staff know how and where to report concerns.

  5. Create third-party harassment procedures

    Develop specific procedures for handling harassment by customers, clients, or visitors. Empower staff to challenge inappropriate behaviour and refuse service where necessary. Display notices where appropriate.

  6. Document everything

    Keep records of risk assessments, policies, training attendance, complaints received, investigations conducted, and actions taken. Maintain records for at least 6 years.

  7. Monitor and review

    Track complaint numbers and patterns. Conduct regular staff surveys on workplace culture. Review effectiveness of measures and update as needed. Report to senior leadership.

  8. Secure leadership commitment

    Ensure visible senior management commitment to preventing harassment. Include harassment prevention in leadership communications and business objectives.

Common mistakes to avoid

  • Thinking a policy is enough: Having an anti-harassment policy, even a good one, is not sufficient. You must actively implement it through training, risk assessment, and monitoring.
  • One-off training: Training from years ago will not establish a defence. Training must be regular, refreshed, and documented.
  • Ignoring third-party harassment: Telling staff to "put up with" customer behaviour, or that "the customer is always right", directly contradicts your legal duty. You must have procedures to protect staff from third-party harassment.
  • Assuming small size means lower duty: While what is "reasonable" is proportionate to your resources, very small employers still have obligations. A sole trader employing one person must still have a policy and provide basic training.
  • Reactive rather than proactive approach: Waiting for a complaint before acting is the opposite of what this law requires. You must anticipate and prevent, not just respond.
  • Poor record keeping: If you cannot prove what steps you took, you cannot establish the defence. Document your risk assessment, training, policy communications, and complaints handling.
  • Failing to follow your own procedures: Having good procedures but not following them is worse than having none. If your policy says complaints will be investigated within 7 days, you must meet that commitment.
  • Tolerating "banter": Dismissing sexual comments or behaviour as "just banter" creates a hostile environment and demonstrates you are not taking reasonable steps. What matters is the impact on the recipient, not the intent of the perpetrator.

Sector considerations

While this duty applies to all employers, some sectors face higher risks and may need to take additional steps:

Hospitality and night-time economy: Customer-facing roles, alcohol involvement, late-night working, and power dynamics with customers create elevated risks. Consider panic buttons, two-person closing procedures, CCTV in public areas, and visible "zero tolerance" signage.

Retail: Front-line staff deal with high volumes of public interaction. Train staff on de-escalation, empower them to refuse service to abusive customers, and ensure management backing for such decisions.

Healthcare: Patient contact, intimate care situations, and lone working create specific risks. Establish chaperone policies, patient behaviour agreements, and clear escalation procedures.

Professional services: Client entertaining, business development expectations, and partner/associate power dynamics require attention. Set clear boundaries on client entertainment and investigate any concerns about senior staff promptly.

Creative and entertainment industries: Auditions, on-set work, and industry networking events have documented high harassment risks. Consider industry codes of conduct, intimacy coordinators where relevant, and specific event procedures.

Summary: your obligations from 26 October 2024

The Worker Protection Act 2023 creates a new era of employer responsibility for preventing sexual harassment. The key points to remember:

  1. The duty is anticipatory: You must act to prevent harassment before it occurs
  2. It applies to all employers: No size exemption exists
  3. Third-party harassment is included: You must protect employees from customers, clients, and visitors
  4. Reasonable steps are required: What is reasonable depends on your circumstances, but training, policy, risk assessment, and reporting procedures are baseline expectations
  5. 25% compensation uplift: Breaching this duty increases tribunal awards significantly
  6. EHRC enforcement: Regulatory action can be taken even without an individual complaint

Taking this duty seriously protects your employees, protects your business from financial and reputational harm, and contributes to creating safer workplaces across the economy.

Equality Act 2010 employer compliance

Your legal duties under the Equality Act 2010 including protected characteristics, discrimination types, reasonable adjustments, harassment prevention, and the new Worker Protection Act 2024 duty to prevent sexual harassment.

Read guide

Preventing discrimination at work

Your duties under the Equality Act 2010 to prevent workplace discrimination. Covers the nine protected characteristics, types of unlawful conduct, reasonable adjustments for disabled employees, and equal pay requirements.

Read guide

DBS checks for employers

When and how to request Disclosure and Barring Service (DBS) checks for employees. Includes check types, fees, regulated activity rules, and devolved nation differences.

Read guide