Guide
Preventing workplace harassment: employer duties
How to comply with strengthened harassment prevention duties from October 2026, including third-party harassment liability and 'all reasonable steps' requirements.
From 1 October 2026, the Employment Rights Act 2025 strengthens employer duties to prevent harassment. This builds on the Worker Protection Act 2023 (in force October 2024) by:
- Reintroducing liability for third-party harassment
- Strengthening the duty to take 'all reasonable steps' to prevent harassment
- Extending protections to all types of harassment (not just sexual harassment)
High-risk sectors: Employers in customer-facing sectors (retail, hospitality, healthcare, transport) face particular risks from third-party harassment liability.
What employers must do
Risk assessment
Conduct a harassment risk assessment covering:
- Customer and client interactions
- Contractor and supplier relationships
- Visitor access to your premises
- Lone working situations
- Late-night or alcohol-related environments
- Online harassment (if employees have public profiles)
Policies and procedures
- Update harassment policy to explicitly cover third-party harassment
- Include clear reporting mechanisms for staff
- Set out what action will be taken against third-party harassers
- Include support available to affected employees
Training
- Train all staff on what harassment is and how to report it
- Train managers on responding to harassment reports
- Train customer-facing staff on handling difficult customers
- Consider bystander intervention training
Visible deterrence
- Display notices that harassment of staff will not be tolerated
- Include anti-harassment statements on websites and in customer communications
- Consider body cameras or CCTV in high-risk areas
Response procedures
- Immediate support for affected employees
- Clear escalation process
- Power to remove or ban harassers
- Documentation of incidents and responses
- Follow-up with affected employees
The 'all reasonable steps' defence
Employers can defend third-party harassment claims by showing they took 'all reasonable steps' to prevent harassment. This is a higher standard than 'reasonable steps'.
To rely on this defence, you should be able to evidence:
- Comprehensive harassment policy covering third parties
- Regular training for all staff
- Risk assessment of third-party harassment
- Visible deterrence measures
- Effective reporting mechanisms
- Prompt action when harassment is reported
- Regular review and improvement of measures
No 'two strikes' rule: Unlike the previous provision (2010-2013), there is no requirement for harassment to have happened twice before liability arises. Employers can be liable for the first incident if they failed to take all reasonable steps to prevent it.
Sector-specific guidance
Retail
- Display notices at tills and customer service points
- Train staff on de-escalation techniques
- Ensure managers are available to support staff
- Consider panic buttons or security presence
Hospitality
- Clear policies on refusing service to harassers
- Staff training on handling intoxicated customers
- Safe procedures for lone closing staff
- CCTV in public areas
Healthcare
- Signage about acceptable patient/visitor behaviour
- Lone worker procedures
- Incident reporting systems
- Support for staff experiencing harassment
Compliance checklist
- Conduct harassment risk assessment including third-party risks
- Update harassment policy to cover third-party harassment
- Roll out training to all staff
- Install or update signage
- Review and improve reporting mechanisms
- Ensure managers know how to respond to reports
- Document all preventive measures taken
- Schedule regular reviews of anti-harassment measures