Health and Safety Compliance: The Core Legal Duties Every UK Employer Must Have in Place

On this page

  • The general duty under the Health and Safety at Work etc. Act 1974
  • Written health and safety policy
  • Risk assessments
  • Competent person appointment
  • Accident reporting and RIDDOR
  • Training, information and supervision
  • First aid arrangements
  • Employers’ Liability insurance
  • Where to start if your compliance has gaps

Health and safety law in Great Britain is built around the Health and Safety at Work etc. Act 1974. This places general duties on employers, employees and others.

Beneath the Act sits a framework of Regulations that translate those duties into specific requirements.

Understanding what you are legally required to have in place, and what happens when those duties are not managed properly, is the foundation of an effective health and safety management system.

The general duty of employers

Section 2(1) of the Health and Safety at Work etc. Act 1974 requires employers to ensure, so far as is reasonably practicable, the health, safety and welfare at work of their employees.

Section 3 extends duties to people who are not employees but who may be affected by the work, such as contractors, visitors, clients or members of the public.

“So far as is reasonably practicable” means the employer must balance the level of risk against the time, trouble, cost and effort needed to control it. It is not a loophole. Where controls are standard practice in an industry, it will be difficult to justify not having them in place.

“I did not know I needed to do that” is not a safe position. Employers are expected to understand and manage the health and safety duties that apply to their business.

The core framework: what you must have in place

Written health and safety policy

Every business must have a policy for managing health and safety. If the business has five or more employees, the policy must be written down.

A suitable health and safety policy should include:

  • a statement of intent;
  • clear responsibilities;
  • practical arrangements for managing health and safety.

The policy must also be brought to the attention of employees.

Suitable and sufficient risk assessments

Risk assessments are required under Regulation 3 of the Management of Health and Safety at Work Regulations 1999.

Employers must assess the risks to employees and others who may be affected by their work activities. For employers with five or more employees, the significant findings must be recorded.

A suitable and sufficient risk assessment should identify real hazards, consider who may be harmed and how, evaluate the level of risk, identify controls and record further action where needed.

Competent person appointment

Employers must appoint one or more competent persons to help them meet their health and safety duties.

A competent person should have sufficient training, experience, knowledge and other qualities to properly assist the employer. This can be someone internal, someone external, or a combination of both.

Where suitable competence exists internally, it should normally be used. Where it does not, external competent person support may be appropriate.

Accident reporting and RIDDOR

The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 require certain workplace incidents, occupational diseases and dangerous occurrences to be reported to the relevant enforcing authority.

Reportable events include:

  • work-related fatalities;
  • specified injuries;
  • over-seven-day incapacitating injuries;
  • certain occupational diseases;
  • dangerous occurrences;
  • certain injuries to non-workers.

Employers should also keep suitable accident records. In many workplaces this is done through an accident book, and accident records may also be required for social security and reporting purposes.

Health and safety information, instruction, training and supervision

Employers must provide the information, instruction, training and supervision necessary to protect employees and others affected by the work.

This may include:

  • induction training;
  • task-specific training;
  • toolbox talks;
  • refresher training;
  • supervision for inexperienced workers;
  • briefings on risk assessments, method statements and COSHH assessments;
  • training records to show what has been provided.

Training should be relevant to the work and should be refreshed where necessary.

First aid arrangements

Employers must make sure employees can receive immediate help if they are injured or become ill at work.

All workplaces should have first aid arrangements based on the nature of the work, the size of the workforce and the risks involved.

As a minimum, this will normally include:

  • a suitably stocked first aid kit; an appointed person to take charge of first aid arrangements;
  • information for employees about first aid arrangements.

Higher-risk workplaces may need trained first aiders, additional equipment or more detailed emergency arrangements.

Employers’ Liability insurance

Most employers must have Employers’ Liability insurance as soon as they become an employer.

The insurance must cover at least £5 million and must be provided by an authorised insurer. Many policies provide cover above this minimum.

Employers’ Liability insurance helps cover compensation costs if an employee is injured or becomes ill because of the work they do.

Where to start if your compliance has gaps

The most effective starting point is an honest review of what is currently in place.

Ask:

  • Do we have a current health and safety policy?
  • Are our risk assessments suitable and specific to the work?
  • Have we appointed a competent person?
  • Are employees trained and briefed?
  • Are accidents and near misses recorded and investigated?
  • Are first aid arrangements suitable?
  • Are statutory inspections, maintenance and records up to date?
  • Does what we have on paper match what actually happens?

Prioritise by risk. Risk assessments and competent person support are usually the best starting point because other arrangements flow from them.

If you know your compliance framework has gaps but lack the internal expertise to address them, external health and safety support from a qualified consultant can be a practical route. A competent consultant should identify what needs to be done, help you prioritise and build a framework that reflects how your business actually works.

Need support?

North East Health and Safety provides competent person support, risk assessment reviews, policy writing and practical health and safety consultancy for UK businesses.

Contact us to discuss your requirements.

Last reviewed: June 2026