Health & Safety at Work: A Complete Guide for UK Employers

Health and safety law in the UK is extensive and actively enforced by the Health and Safety Executive (HSE). Getting it wrong can mean improvement notices, prohibition notices, prosecution, unlimited fines, or imprisonment. This guide explains the key legal obligations for UK employers.

1. The Health and Safety at Work Act 1974

The Health and Safety at Work Act 1974 (HSWA 1974) is the primary piece of health and safety legislation in Great Britain. It imposes a general duty on employers to ensure, so far as is reasonably practicable, the health, safety, and welfare of all their employees. The duty extends beyond employees to cover contractors, visitors, and members of the public affected by the business's activities.

Key duties under HSWA 1974 include:

• Providing and maintaining safe plant and systems of work
• Ensuring safe use, handling, storage, and transport of substances
• Providing information, instruction, training, and supervision
• Maintaining safe premises, access, and egress
• Providing a safe working environment with adequate welfare facilities

The HSE is the national regulator and can investigate workplaces, take samples, issue notices, and prosecute. HSE enforcement tools include:

• Improvement notices — requiring specific changes within a set time period
• Prohibition notices — immediately stopping an activity posing serious risk; non-compliance is a criminal offence
• Prosecution— can result in unlimited fines and up to 2 years' imprisonment for individuals

Employers with five or more employees must also have a written health and safety policy, setting out the organisation's approach and assigning responsibilities.

2. Risk Assessments

The Management of Health and Safety at Work Regulations 1999 require every employer to carry out a suitable and sufficient risk assessment of the risks to employees and others arising from their work. Employers with five or more employees must record the significant findings in writing.

The HSE's five-step risk assessment process:

1. Identify the hazards — anything with the potential to cause harm (equipment, chemicals, working methods)
2. Decide who might be harmed and how — consider employees, visitors, contractors, members of the public, and vulnerable groups (new and expectant mothers, young workers, those with disabilities)
3. Evaluate the risks and decide on precautions — consider likelihood and severity; apply the hierarchy of controls (eliminate, substitute, engineer, administrative, PPE)
4. Record your findings and implement them — document significant hazards, who is at risk, and control measures in place
5. Review your assessment and update if necessary — review when there are significant changes to processes, equipment, or workforce, or after an incident

A risk assessment is a living document, not a box-ticking exercise. Generic assessments downloaded from the internet without customisation to actual workplace conditions provide little legal protection.

3. Fire Safety

Fire safety in non-domestic premises is governed by the Regulatory Reform (Fire Safety) Order 2005 (RRO), which applies to virtually all non-domestic premises in England and Wales. The person responsible for a premises (typically the employer, owner, or occupier) is the responsible person and must:

• Carry out a fire risk assessment and review it regularly
• Identify measures to reduce the risk of fire and ensure people can safely escape
• Implement fire safety measures (detection, alarm systems, fire-fighting equipment, emergency routes and exits)
• Record the assessment findings if five or more employees or if premises are licensed
• Provide fire safety information and training to employees
• Appoint a sufficient number of competent persons to assist with fire safety

Fire marshals (also called fire wardens) must be appointed to assist with evacuations. The number needed depends on the size and layout of the premises. Fire drills should be conducted at least annually.

Fire risk assessments must be reviewed after material changes to the premises or processes, after a fire incident, or where there is reason to suspect the assessment is no longer valid.

4. Employer's Liability Insurance

Employer's liability (EL) insurance is compulsory under the Employers' Liability (Compulsory Insurance) Act 1969 for any business that employs one or more people in Great Britain. The minimum required cover is £5 million, though most policies provide £10 million as standard.

Key compliance requirements:

• The policy must be from an authorised insurer (listed on the Financial Services Register)
• The certificate of insurance must be displayed at each workplace where employees can easily see it, or made available electronically
• Certificates must be kept for at least 40 years after the policy ends (for latent disease claims)

The HSE can fine employers up to £2,500 per day for failure to hold adequate EL insurance — one of the few fixed-penalty provisions in health and safety law. This fine applies even if no accident has occurred.

Limited exemptions exist for certain family businesses (where all employees are close relatives) and public sector bodies.

5. RIDDOR Reporting

The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) requires employers, self-employed persons, and those in control of a workplace to report certain workplace incidents to the HSE.

Reportable incidents include:

• Work-related deaths of workers and non-workers — report immediately by phone, then in writing within 10 days
• Specified injuries to workers — fractures (other than fingers, thumbs, or toes), amputations, permanent loss of sight, crush injuries to the head or torso, degloving injuries, loss of consciousness, any injury requiring admittance to hospital for more than 24 hours — report within 10 days
• Over-7-day incapacitation — where a worker is unable to perform their normal work for more than 7 consecutive days (not counting the day of the accident) — report within 15 days
• Injuries to non-workers requiring hospital treatment — report within 10 days
• Occupational diseases — e.g. carpal tunnel syndrome, occupational dermatitis, hand-arm vibration syndrome — report when a doctor confirms the diagnosis
• Dangerous occurrences (near-miss events from a prescribed list) — report within 10 days

Reports are submitted online via the HSE website or by phone for fatalities. Records must be kept for at least 3 years. Failure to report is a criminal offence.

6. Manual Handling

The Manual Handling Operations Regulations 1992 apply to any activity involving lifting, lowering, pushing, pulling, carrying, or moving a load, and where there is a risk of injury.

The regulations require employers to follow a clear hierarchy:

1. Avoid — so far as reasonably practicable, avoid the need for employees to undertake manual handling that involves a risk of injury
2. Assess — where avoidance is not reasonably practicable, carry out an assessment of the manual handling operations
3. Reduce — take appropriate steps to reduce the risk of injury from assessed operations to the lowest level reasonably practicable

The HSE publishes guideline weights (e.g. up to 25 kg for men in ideal conditions) but these are not legal limits — the actual risk depends on factors including posture, frequency, distance, and the individual's capability. Training in safe handling techniques is required, and mechanical aids should be provided where they would reduce risk. Workers should be consulted about manual handling risks.

7. Display Screen Equipment (DSE)

The Health and Safety (Display Screen Equipment) Regulations 1992 apply to workers who habitually use display screen equipment as a significant part of their normal work — broadly, anyone using a computer, laptop, tablet, or smartphone for prolonged periods.

Employer obligations include:

• Carry out a workstation assessment for each DSE user (including home workers), addressing screen position, lighting, seating, keyboard, and mouse placement
• Reduce identified risks — adjusting workstation setup or providing appropriate equipment
• Ensure DSE users take adequate breaks or changes of activity — the regulations do not specify a minimum break period, but regular micro-breaks are recommended
• Provide eye and eyesight testson request at the employer's cost; tests should be offered every 2 years or when symptoms develop. If special corrective appliances (glasses) are needed specifically for DSE work, the employer must contribute to the cost
• Provide information and training on DSE risks and controls

With the growth of hybrid and home working, employers should ensure remote workers have appropriate equipment and that home workstation assessments are completed and reviewed.

8. Working at Height

Falls from height are one of the most common causes of workplace death and major injury. The Work at Height Regulations 2005 (WAHR 2005) require employers to:

• Avoid working at height where it is reasonably practicable to do so
• Where working at height cannot be avoided, prevent falls using collective protection measures (e.g. scaffolding with guard rails, mobile elevating work platforms)
• Where residual risk of a fall remains, minimise the distance and consequences of any fall (e.g. safety nets, fall arrest systems, personal fall protection — harnesses)

The hierarchy of controls:

1. Avoid — use ground-level working methods where possible
2. Collective prevention — guard rails, scaffolding, MEWP (cherry pickers), scissor lifts
3. PPE / fall arrest — harnesses and lanyards as a last resort

Ladders are not prohibited but should only be used for short-duration work where the risk assessment justifies them and other equipment is not proportionate. Poorly maintained ladders and improvised platforms (chairs, boxes) are a significant source of enforcement action. All working at height equipment must be inspected and maintained.

9. COSHH

The Control of Substances Hazardous to Health Regulations 2002 (COSHH) require employers to prevent or adequately control exposure to hazardous substances — chemicals, fumes, dusts, vapours, mists, nanotechnology, gases and asphyxiating gases, and biological agents.

The COSHH process:

1. Identify substances — obtain Safety Data Sheets (SDS) from suppliers for all hazardous chemicals used
2. Assess the risk — consider how the substance is used, who is exposed, and the routes of exposure (inhalation, skin contact, ingestion)
3. Apply the hierarchy of controls — substitute the hazardous substance with a less harmful alternative, then engineer controls (enclosure, local exhaust ventilation), then administrative controls, then PPE as a last resort
4. Ensure controls are used and maintained
5. Monitor exposure and carry out health surveillance where necessary (e.g. lung function tests for workers exposed to asthmagens)

Workplace Exposure Limits (WELs) published in EH40 are legally binding maximum concentrations of airborne substances. Exceeding a WEL is a breach of COSHH.

10. Mental Health and Wellbeing

Employers have a duty of care under HSWA 1974 that extends to workers' mental health. The Management of Health and Safety at Work Regulations 1999 require risk assessments to include psychosocial risks such as work-related stress. The HSE's Management Standards identify six key areas that, if not properly managed, are associated with poor mental health: demands, control, support, relationships, role, and change.

Practical employer obligations and good practice:

• Conduct stress risk assessments, particularly where there are indicators of high workload, role ambiguity, or bullying
• Make reasonable adjustments under the Equality Act 2010 where a mental health condition amounts to a disability — this might include flexible working, adjusted duties, or phased return to work
• Refer employees to occupational health where mental health is affecting their work capacity
• Implement an Employee Assistance Programme (EAP) providing confidential counselling and support
• Appoint trained mental health first aiders — not a legal requirement but increasingly expected by regulators and courts when assessing whether an employer took reasonable steps

Ignoring known mental health risks — particularly work-related stress — can result in civil claims for personal injury, as well as HSE enforcement action. Courts have found employers liable where stress-related illness was foreseeable and the employer failed to act.

Key obligations at a glance