Guide

Meet your workplace health and safety legal obligations

Understanding your fundamental health and safety duties under UK law. Covers key legislation including HASAWA 1974, risk assessment requirements, and practical compliance steps for small business employers.

Construction & Property UK-wide

Why health and safety law exists

UK health and safety law exists to protect workers and others affected by work activities from harm. Every year, hundreds of thousands of workers suffer workplace injuries or work-related ill health. The law sets minimum standards that all employers must meet.

Health and safety law applies to all employers, regardless of size. From the moment you employ your first person, you have legal duties. Even if you're self-employed, you have duties to protect yourself and others affected by your work.

This guide explains the fundamental legal framework and what you must do to comply.

The primary legislation: Health and Safety at Work etc. Act 1974

All workplace health and safety law in Great Britain stems from one principal statute:

Understanding "reasonably practicable"

The Act uses the phrase "so far as is reasonably practicable" throughout. This is a crucial legal concept you need to understand.

What it means: You must balance the level of risk against the time, trouble and cost of controlling it. However, the law is weighted in favour of health and safety. You can only avoid taking action if you can demonstrate that the measures would be "grossly disproportionate" to the risk.

In practice:

  • If there's a significant risk of serious injury or death, cost is rarely a defence
  • You must consider all available control measures, from elimination to PPE
  • Industry good practice sets the minimum standard - you must at least meet it
  • The burden of proof is on YOU to show why something wasn't reasonably practicable

Example: Installing guardrails on a factory mezzanine floor costs £5,000. The risk is workers falling 3 metres onto concrete. This is reasonably practicable - the cost is proportionate to preventing serious injury or death. You cannot argue the cost is too high.

Your risk assessment duties

The most fundamental requirement under health and safety law is to assess workplace risks and act on your findings. This duty comes from the Management of Health and Safety at Work Regulations 1999:

What risk assessment actually means

A risk assessment is not a bureaucratic form-filling exercise. It's a systematic examination of what in your workplace could cause harm, so you can decide whether you're doing enough to prevent that harm.

The five steps:

  1. Identify hazards - Walk around your workplace and spot anything that could cause harm (chemicals, machinery, manual handling, slips/trips, work at height, etc.)
  2. Identify who might be harmed and how - Consider employees, contractors, visitors, cleaners, young workers, pregnant workers, disabled workers, lone workers
  3. Evaluate the risks and decide on control measures - For each hazard, decide if current precautions are adequate or if you need to do more. Use the hierarchy of controls: eliminate, substitute, engineering controls, administrative controls, PPE
  4. Record your findings and implement them - Write down significant hazards, who's at risk, and what you're doing about it (required if 5+ employees, but good practice for all). Then actually implement the controls
  5. Review and update - Review at least annually, or when something changes (new equipment, new process, after an accident)

Common mistake: Businesses often complete a risk assessment as a one-off task and file it away. Risk assessment is an ongoing process. If you change what you do, add new equipment, or have an accident, you must revisit your assessment.

Your practical compliance requirements

Beyond risk assessment, there are specific things you must have in place:

When specific regulations apply to your business

HASAWA 1974 and the Management Regulations are the foundation, but depending on what your business does, additional specific regulations may apply. Two of the most common are:

If you use work equipment

If you use any work equipment - from hand tools to complex machinery - the Provision and Use of Work Equipment Regulations 1998 (PUWER) apply:

When PUWER applies to you: If you provide tools, machinery, or equipment for employees to use, you must comply with PUWER. This includes power tools, lifting equipment, office equipment, kitchen equipment in hospitality, garage equipment in automotive businesses - anything used for work.

If you use hazardous substances

If your work involves chemicals, fumes, dusts, vapours, or biological agents, the Control of Substances Hazardous to Health Regulations 2002 (COSHH) apply:

When COSHH applies to you:

  • Cleaning businesses: Using cleaning chemicals, disinfectants
  • Manufacturing: Solvents, adhesives, paints, metal fumes, wood dust
  • Hospitality: Cleaning products, cooking fumes (especially from frying)
  • Construction: Silica dust, cement, paints, solvents
  • Healthcare: Disinfectants, sterilising agents, biological hazards
  • Beauty/hairdressing: Hair dyes, perming solutions, nail products

If you answered "yes" to any of these, you need COSHH assessments in addition to your general risk assessment.

Fire safety requirements

Every business with premises must also comply with fire safety law. This is in addition to HASAWA requirements:

What this means in practice: You must carry out a fire risk assessment covering fire hazards, people at risk, fire detection and warning systems, escape routes, firefighting equipment, and staff training. Since October 2023, ALL businesses must record this assessment in writing - there's no longer an exemption for small businesses.

Getting started with compliance

If you're new to health and safety, here's the practical sequence to follow:

  1. Understand who's responsible

    As the business owner or employer, you are legally responsible for health and safety. You can delegate tasks (appointing a manager to conduct risk assessments) but you cannot delegate legal responsibility. If something goes wrong, you are liable.

  2. Get employers' liability insurance

    From your first employee, you must have at least £5 million employers' liability insurance. This is a legal requirement. You can be fined £2,500 per day for not having it. Your insurer will give you a certificate - display it where employees can see it or make it available on request.

  3. Conduct your general risk assessment

    Walk through your workplace and identify hazards. Use HSE's templates if helpful. Focus on significant risks - things that could actually cause harm. Record your findings if you have 5+ employees (but do it anyway - it's good practice). Most importantly: implement the control measures you identify.

  4. Check if specific regulations apply

    Do you use work equipment? You need PUWER compliance. Do you use hazardous substances? You need COSHH assessments. Do you have premises? You need a fire risk assessment. Identify which regulations apply to your specific business activities.

  5. Create a written H&S policy (5+ employees)

    If you employ 5 or more people, you must write down your health and safety policy. This has three parts: (1) Statement of intent (your commitment to H&S), (2) Organisation (who does what), (3) Arrangements (how you manage specific risks). Templates are available on the HSE website.

  6. Provide information and training

    Tell your employees about workplace risks and how to stay safe. Provide specific training for high-risk tasks (using machinery, handling chemicals, working at height, etc.). Record what training you've provided. Make sure new starters get induction training covering basic H&S.

  7. Set up accident recording

    Keep an accident book to record all injuries, however minor. If certain serious injuries occur, you must report them to HSE under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations). The HSE website explains what's reportable.

  8. Review and improve continuously

    Review your risk assessments at least annually. If you have an accident, investigate why it happened and update your risk assessment. When you introduce new equipment, processes, or substances, assess the risks before you start using them. Health and safety is an ongoing management process, not a one-off task.

Common issues and how to address them

"We're too small for health and safety to apply to us"

Reality: Health and safety law applies from the moment you employ one person. Even sole traders have duties to themselves and others affected by their work. Size affects the administrative burden (written policies from 5 employees), but not whether the law applies.

"We've never had an accident, so we don't need to do anything"

Reality: This is like saying "I've never crashed, so I don't need brakes." The absence of accidents means your current measures are working, or you've been lucky. The law requires you to assess risks proactively, not wait for something to go wrong. And when HSE inspects, "we've been lucky" is not a defence.

"Health and safety is just common sense"

Reality: Partly true - much of H&S is common sense. But it's common sense applied systematically. The law requires you to document your thinking, show you've considered all hazards, and demonstrate you've done what's reasonably practicable. "Common sense" without documentation won't satisfy an HSE inspector or protect you in court after an accident.

"The paperwork is too complicated"

Reality: For most small businesses, H&S compliance doesn't require complex paperwork. HSE provides simple templates for risk assessments and policies. A basic risk assessment for an office might be 2-3 pages. A café might need 5-6 pages covering kitchen equipment, hot surfaces, slips/trips, and manual handling. Start with HSE's "Health and Safety Made Simple" guidance.

"What if an inspector visits and finds something wrong?"

Reality: HSE inspectors understand that businesses aren't perfect. What they're looking for is evidence that you're managing H&S actively: you've done risk assessments, you've implemented controls, you review things regularly. If they find a problem, they usually work with you to fix it. Enforcement action (notices, prosecution) is reserved for serious breaches or repeated failures. The best approach: be honest, show what you've done, and be willing to improve.

"Can't I just pay someone to do it all for me?"

Reality: You can appoint a competent person (internal or external) to help you comply, but you cannot delegate legal responsibility. If you hire a consultant to write risk assessments, you must still understand them, implement the controls they recommend, and keep them up to date. The law holds you, the employer, accountable - not your consultant.

Enforcement and penalties

Health and safety law is enforced by the Health and Safety Executive (HSE) and local authorities. Inspectors can visit your workplace without notice.

What inspectors can do:

  • Improvement Notice: Requires you to fix a problem within a specified time (typically weeks to months)
  • Prohibition Notice: Stops an activity immediately if there's a risk of serious personal injury
  • Prosecution: For serious breaches, you can be prosecuted in criminal court

Penalties for health and safety offences:

  • Magistrates' Court: up to £20,000 fine and/or up to 6 months imprisonment
  • Crown Court: unlimited fine and/or up to 2 years imprisonment
  • Both the company and individual directors/managers can be prosecuted
  • Average fine for fire safety offences: £47,000 (2023 data)

Beyond legal penalties, a serious accident can destroy your business reputation, lead to civil compensation claims, increase insurance premiums, and result in loss of contracts.

Getting help and further guidance

You don't have to navigate health and safety law alone. HSE provides extensive free guidance for small businesses:

  • Health and Safety Made Simple: Step-by-step guidance tailored to small businesses
  • Industry-specific guidance: Sector-specific advice for retail, hospitality, construction, manufacturing, etc.
  • Template risk assessments: Ready-to-use templates you can adapt
  • Free advice line: HSE's contact centre can answer basic questions

If your business has complex risks, consider appointing a competent health and safety advisor. This could be:

  • A trained employee (who's completed IOSH or NEBOSH training)
  • An external consultant (check they're qualified - CMIOSH, NEBOSH Diploma, etc.)
  • A combination: external support for complex issues, trained internal staff for day-to-day management

Farm health and safety essentials

Essential health and safety requirements for farmers and farm workers. Covers legal duties, risk assessment, the top causes of farm fatalities, and practical guidance for managing the most dangerous hazards including vehicles, falls, livestock, machinery, and confined spaces.

Read guide

Health surveillance at work

When health surveillance is legally required at work and how to set it up. Covers COSHH hazardous substances, noise, hand-arm vibration, lead, asbestos, ionising radiation, and compressed air. Explains employer duties, appointing occupational health providers, record retention (40 years), and acting on results.

Read guide

Manage workplace risk assessments under MHSW 1999

Your legal duties for risk assessment under the Management of Health and Safety at Work Regulations 1999. Covers employer duties, the principles of prevention, competent person requirements, health surveillance, and when you must record findings in writing.

Read guide

Health and safety for small businesses

A simplified guide to health and safety compliance for businesses with fewer than 5 employees. Covers what you must do, what you can skip, and free HSE tools to help you comply without spending a fortune.

Read guide