As a business owner, understanding your legal health and safety responsibilities is essential to protect both your employees and your business. The UK health and safety framework can seem complex, but meeting your obligations doesn’t require overwhelming resources or expertise. This guide provides a clear, step-by-step approach to compliance for 2026, helping you navigate the Health and Safety at Work Act 1974 and related regulations efficiently. Whether you employ five people or fifty, knowing how to meet legal obligations protects everyone and keeps your business running smoothly.
Table of Contents
- Understanding Your Legal Duties And Risk Assessment
- Preparing Your Health And Safety Policies And Appointing Competent Persons
- Implementing Control Measures And Reporting Requirements
- Maintaining And Reviewing Your Health And Safety System
- Simplify Your Health And Safety Compliance With ACI Safety
- Frequently Asked Questions
Key takeaways
| Point | Details |
|---|---|
| Foundation law | The Health and Safety at Work Act 1974 establishes core employer duties for all UK businesses. |
| Risk assessment | Proportionate risk assessments identify hazards and control measures suited to your business size. |
| Written policies | Businesses with five or more employees must maintain documented health and safety policies. |
| Competent support | Appointing competent persons and providing training ensures effective safety management. |
| Incident reporting | RIDDOR 2013 requires reporting specific accidents and dangerous occurrences to HSE. |
Understanding your legal duties and risk assessment
The Health and Safety at Work etc Act 1974 is the primary legislation for health and safety in the UK, placing responsibility on employers to protect employees and others affected by the business. This duty applies to every business, regardless of size or sector. You must ensure, so far as reasonably practicable, the health, safety and welfare of your employees whilst at work. This includes providing safe equipment, safe systems of work, competent supervision, and a safe workplace environment.
Risk assessments are a core requirement, involving identifying hazards, evaluating risks, and implementing control measures proportional to business risks. The process follows five clear steps. First, identify hazards in your workplace that could cause harm. Second, determine who might be harmed and how. Third, evaluate the risks and decide on control measures. Fourth, record your findings and implement controls. Fifth, review and update your assessment regularly.
Your risk assessment must be suitable and sufficient, meaning it addresses the actual risks your business faces without unnecessary complexity. A construction site requires different assessments than an office environment. The key is proportionality: your assessment should match the scale and nature of your operations. A small retail shop doesn’t need the same documentation depth as a manufacturing facility, but both must identify and control their specific hazards.
For businesses with fewer than five employees, a written policy or risk assessment is not legally required but the duty to ensure safety remains. You still must think through the risks and take sensible precautions. Documenting your approach, even informally, helps demonstrate compliance if questioned. Many small businesses find simple written records valuable for training new staff and maintaining consistency.
Pro Tip: Review your risk assessments at least annually and immediately after any significant change to work activities, equipment, or premises. Changes like new machinery, different work processes, or even moving to a new location can introduce fresh hazards that require assessment.
Common workplace hazards by sector
| Sector | Typical hazards | Priority controls |
|---|---|---|
| Office | Display screen equipment, manual handling, slips and trips | Workstation assessments, clear walkways, ergonomic equipment |
| Construction | Working at height, manual handling, machinery | Fall protection, lifting equipment, machine guarding |
| Retail | Manual handling, violence, slips and trips | Training, security measures, housekeeping |
| Hospitality | Burns, cuts, slips, manual handling | Safe equipment, protective clothing, training |
Preparing your health and safety policies and appointing competent persons
Legal compliance requires keeping a written policy if you have five or more employees and appointing competent persons for health and safety. Your health and safety policy must outline your commitment to safety, explain who does what, and describe how you manage risks. The policy typically has three sections: a general statement of intent, organisation details showing responsibilities, and arrangements explaining your practical safety measures.
The general statement declares your commitment to health and safety and is signed by the most senior person in your business. The organisation section identifies who is responsible for specific safety tasks, from directors to supervisors. The arrangements section details how you handle risk assessments, training, incident reporting, fire safety, first aid, and other practical matters. This document should be accessible to all employees and reviewed regularly.
Management of Health and Safety at Work Regulations 1999 mandates appointment of competent persons and provision of training and information to staff. A competent person has the knowledge, experience and training to help you meet your health and safety duties. For small businesses, this might be yourself if you have the necessary understanding, or you might appoint an employee with relevant experience. Larger or higher risk businesses often need external consultants or dedicated safety officers.
Appointing competent support involves several steps:
- Assess what health and safety knowledge your business needs based on your risks
- Identify whether existing staff have relevant competence or if external help is required
- Provide training and resources to your appointed person
- Define their responsibilities clearly in writing
- Give them sufficient time and authority to fulfil their role
You must provide employees with clear information, instruction and training about workplace risks and control measures. This includes induction training for new starters, specific training for hazardous tasks, and refresher training when procedures change. Training should be practical, relevant and documented. Keep records showing who received what training and when, as this demonstrates legal compliance.
Consultation with employees is a legal duty, not an optional extra. Workers often have the best insight into practical safety issues because they perform the tasks daily. You must inform staff about workplace risks, control measures, and emergency procedures. For businesses with employee representatives or union safety representatives, formal consultation structures apply. Smaller businesses can consult directly with staff through team meetings or one to one discussions.
Pro Tip: Involve employees in reviewing risk assessments and developing safe working procedures. Their practical knowledge improves your safety measures, and their involvement increases compliance because people follow rules they helped create. Consider appointing safety champions from different teams who can feedback concerns and suggestions.
Understanding COSHH assessment responsibilities is particularly important if your business uses hazardous substances. The employer holds ultimate responsibility, but competent persons often conduct the assessments. This includes identifying hazardous substances, assessing risks, implementing controls, and monitoring exposure.
Implementing control measures and reporting requirements
Employers must ensure health, safety and welfare by providing safe systems, PPE, training, and facilities. Control measures follow a hierarchy from most to least effective. Elimination removes the hazard entirely. Substitution replaces something dangerous with something safer. Engineering controls physically separate people from hazards. Administrative controls change how people work. Personal protective equipment is the last resort when other controls are insufficient.
Safe systems of work are structured methods that reduce risks to the lowest practicable level. They detail the task, identify hazards, specify control measures, and explain the sequence of operations. For complex or high risk activities, written safe systems or method statements are essential. These documents guide workers through tasks safely and consistently. Regular review ensures systems remain effective as circumstances change.
Personal protective equipment includes items like safety boots, hard hats, gloves, eye protection, and high visibility clothing. You must provide PPE free of charge when other controls don’t sufficiently reduce risk. PPE must be suitable for the task, fit properly, and be maintained in good condition. Training employees to use PPE correctly is mandatory, and you should monitor compliance.
Welfare facilities are basic provisions that support employee health and wellbeing. You must provide toilets, washing facilities, drinking water, rest areas, and facilities for changing and storing clothing. The specific requirements depend on your workforce size and the nature of work. Construction sites need different welfare provisions than office environments, but the principle remains: employees need adequate facilities to maintain health and hygiene.
Comparing common control measures
| Control measure | Effectiveness | Implementation cost | Maintenance requirement |
|---|---|---|---|
| Elimination | Highest | Variable | None |
| Substitution | High | Moderate to high | Low |
| Engineering controls | High | High | Moderate |
| Administrative controls | Moderate | Low to moderate | High |
| PPE | Lowest | Low to moderate | Moderate |
RIDDOR 2013 requires reporting specific workplace accidents and incidents to HSE to comply with the law. Reportable incidents include deaths, specified injuries like fractures or amputations, over seven day injuries where someone cannot work for more than seven consecutive days, occupational diseases, and dangerous occurrences that could have caused serious harm. You must report most incidents within 10 or 15 days, though deaths and specified injuries require immediate reporting.
Reporting is straightforward through the HSE online system. You need basic details about your business, the injured person, the incident circumstances, and the injury nature. Keep your own records of all workplace incidents, even minor ones that don’t require HSE reporting. These records help identify patterns, inform risk assessment reviews, and demonstrate your safety management approach. A simple accident book or digital log captures essential information.
“Failing to report required incidents under RIDDOR can result in prosecution and substantial fines. The HSE takes non-reporting seriously because accurate data helps identify industry trends and target enforcement activity. Compliance protects your business from legal consequences and contributes to wider workplace safety improvements.”
Pro Tip: Train supervisors and managers to recognise reportable incidents and understand reporting procedures. Quick, accurate reporting demonstrates responsible management and ensures you meet legal deadlines. Maintain a simple checklist of RIDDOR reportable events in your accident book or incident log to prompt correct decisions.
Understanding your risk assessment obligations helps you implement proportionate controls that match your actual business risks. Regular reviews ensure controls remain effective as your business evolves.
Maintaining and reviewing your health and safety system
Health and Safety law requires planning, organising, controlling, and reviewing health and safety arrangements regularly. This continuous cycle ensures your safety measures remain effective and adapt to changing circumstances. Planning involves setting objectives and deciding how to achieve them. Organising means establishing the structure, responsibilities and resources needed. Controlling implements your plans through risk assessments, safe systems, and training. Reviewing monitors performance and identifies improvements.
Regular monitoring checks whether your safety measures work in practice. This includes workplace inspections, reviewing incident records, checking training completion, and observing work activities. Inspections should be systematic, covering different areas on a rotating schedule. Document findings and track corrective actions to closure. Monthly or quarterly inspections suit most small businesses, with more frequent checks for higher risk areas.
Employee consultation provides valuable feedback for improving safety arrangements. Workers often spot hazards or impractical procedures that managers miss. Consultation can be informal through regular conversations or structured through safety committees and suggestion schemes. Act on feedback promptly and explain decisions when suggestions cannot be implemented. This builds trust and encourages ongoing participation.
The phrase ‘so far as is reasonably practicable’ requires balancing risk against time, cost and effort to implement control measures. This doesn’t mean you can ignore risks because controls are expensive. It means you must weigh the risk level against the sacrifice needed to control it. High risks require greater effort and expense to control than low risks. If a control measure is grossly disproportionate to the risk, it may not be reasonably practicable.
Applying this principle requires judgement. Consider the likelihood and severity of potential harm, the current state of knowledge about risks and controls, and the availability and cost of control measures. Document your reasoning when deciding whether additional controls are reasonably practicable. This demonstrates thoughtful decision making if your approach is questioned.
Schedule formal reviews of your entire health and safety system annually as a minimum. More frequent reviews may be needed if:
- A serious incident or near miss occurs
- Work activities, equipment or substances change significantly
- New employees join or roles change
- You move premises or expand operations
- New regulations or guidance affect your sector
- Monitoring reveals control measures are not working effectively
Reviews should examine your risk assessments, policies, training records, incident data, and employee feedback. Update documents to reflect current practices and identified improvements. Communicate changes to all affected employees and provide any necessary additional training.
Pro Tip: Keep comprehensive documentation of your health and safety arrangements, including policies, risk assessments, training records, inspection reports, and incident logs. Good records demonstrate your compliance efforts and provide evidence if accidents occur or enforcement authorities visit. Digital systems can simplify record keeping, but ensure backups exist and records remain accessible.
Maintaining legal compliance requires ongoing attention, not one-off efforts. Building health and safety into your regular business routines makes compliance manageable and sustainable. Brief safety discussions at team meetings, quick workplace checks during site visits, and immediate action on reported hazards all contribute to effective safety management without overwhelming administrative burden.
Simplify your health and safety compliance with ACI Safety
Managing health and safety compliance efficiently requires practical, professional documentation that meets UK legal requirements without consuming excessive time. ACI Safety provides standardised health and safety documents designed specifically for small to medium-sized UK businesses, helping you implement the approaches outlined in this guide quickly and accurately.
Our customisable health and safety policy template provides the structured framework you need for legal compliance, delivered as an easy-to-edit Word document. Simply add your business details, tailor the arrangements to your operations, and you have a professional policy ready for use. We also offer comprehensive risk assessment and method statement templates covering common business activities and hazards, saving you hours of development time whilst ensuring thorough, compliant documentation. All templates are instantly downloadable and designed for practical use by busy business owners who need efficient compliance solutions.
Frequently asked questions
What are UK employers’ primary legal duties under health and safety law?
Employers must ensure, so far as reasonably practicable, the health, safety and welfare of employees and others affected by business activities. This includes providing safe work systems, adequate training, competent supervision, safe equipment, and a secure workplace environment.
Do all businesses need a written health and safety policy?
Written health and safety policies are legally required only if you have five or more employees. Smaller businesses must still manage risks effectively and ensure safety, but formal written policies are not mandatory. Many small businesses find simple documentation helpful for consistency and training despite not being legally required.
What is a suitable and sufficient risk assessment?
A suitable and sufficient risk assessment identifies workplace hazards, evaluates who might be harmed and how, and implements control measures proportional to the risks. It should be practical, focused on significant risks, and regularly reviewed when circumstances change. Proportionality is key: your assessment should match your business size and risk level.
What must employers report to the Health and Safety Executive?
Employers must report work-related deaths, specified serious injuries, over seven day injuries, occupational diseases, and dangerous occurrences as defined by RIDDOR 2013. Reporting deadlines vary from immediate for deaths and serious injuries to within 10 or 15 days for other incidents. Failure to report can lead to prosecution and fines.
How often should risk assessments be reviewed?
Risk assessments should be reviewed at least annually and immediately after significant changes such as new equipment, different work processes, incidents, or changes to premises. Regular reviews ensure your control measures remain effective and appropriate as your business evolves. Document review dates and any changes made to demonstrate ongoing compliance.
