workplace safetyrisk assessment

Who Needs to Do Risk Assessments? UK Legal Requirements

Find out who is legally required to conduct risk assessments in the UK. Learn about employer duties, self-employed obligations, and specific requirements for different workplace scenarios.

This guide includes a free downloadable checklist.

Get the checklist

The short answer: almost everyone with a workplace or business activity in the UK must conduct risk assessments. The Management of Health and Safety at Work Regulations 1999 impose this duty on all employers, and many self-employed people must assess risks too.

Which best describes your situation?

Let's identify your risk assessment obligations.

Employers: Legal duty to assess risks

If you employ anyone—even one person—you must conduct risk assessments. This is a fundamental duty under UK health and safety law.

The legal requirement

Under the Management of Health and Safety at Work Regulations 1999 (Regulation 3), every employer must:

  • Make a suitable and sufficient assessment of:
    • The risks to the health and safety of employees while at work
    • The risks to the health and safety of persons not in their employment arising from their work activities
  • Identify the measures needed to comply with health and safety legislation
  • Review the assessment when necessary

This duty applies regardless of:

  • Business size — one employee or thousands
  • Sector — office, retail, manufacturing, services, any industry
  • Business structure — limited company, partnership, sole trader with staff
  • Employee type — full-time, part-time, temporary, casual, or fixed-term
  • Work location — office, shop, factory, outdoor work, remote work, or mobile work
Key Point

The duty to assess risks kicks in the moment you employ someone. If you're about to hire your first employee, you must conduct risk assessments before they start work. "I'm only a small business" is not an exemption.

Who counts as an employee?

For risk assessment purposes, you must assess risks to:

Your direct employees:

  • Full-time permanent staff
  • Part-time workers
  • Temporary and fixed-term contracts
  • Casual and zero-hours workers
  • Apprentices and trainees
  • Agency workers you've directly employed
  • Directors working under employment contracts

Plus everyone else your work affects:

  • Contractors and their workers
  • Agency workers supplied by others
  • Visitors to your workplace
  • Customers and service users
  • Delivery drivers and couriers
  • Members of the public
  • Neighbouring businesses and residents
Warning:

Your risk assessment duty extends beyond your employees. You must assess risks to anyone who could be affected by your work activities, whether they work for you or not. This broad scope catches everyone from customers in your shop to passers-by near your construction site.

Recording requirements for employers

Whether you must write down your risk assessments depends on how many people you employ:

5 or more employees:

  • Must record the significant findings in writing
  • Must record any group of employees especially at risk
  • Must record the arrangements for protecting health and safety

Fewer than 5 employees:

  • No legal requirement to write it down
  • But strongly recommended to create written records anyway
  • Certain specific assessments must still be documented (fire, COSHH, etc.)

Small vs Large Employer Obligations

Fewer Than 5 Employees

  • Must conduct risk assessments
  • No general requirement to record in writing
  • Should record for evidence and protection
  • Must document fire, COSHH, and specialist assessments
  • Review regularly
  • Implement control measures

5 or More Employees

  • Must conduct risk assessments
  • Must record significant findings in writing
  • Must document groups especially at risk
  • Must document all arrangements for H&S protection
  • Review regularly and document reviews
  • Implement and monitor control measures

Bottom line: The core duty to assess risks applies to all employers equally. The difference is the documentation requirement—larger employers must create written records, while smaller employers should do so for practical and evidential reasons.

Self-employed obligations

If you're self-employed with no employees, your obligations depend on whether your work activities could affect other people.

When self-employed people must assess risks

You must conduct risk assessments if:

Your work could affect others:

  • You work in other people's premises (clients' offices, customer homes)
  • Members of the public could be affected by your work
  • You share a workplace with others
  • Your work activities create risks for neighbouring properties

You use hazardous substances or processes:

  • Chemicals, solvents, or cleaning products (COSHH applies)
  • Activities creating dust, fumes, or vapours
  • Work with biological hazards

You conduct high-risk activities:

  • Working at height (ladders, scaffolding, roofs)
  • Hot work (welding, cutting, grinding)
  • Confined space entry
  • Electrical work
  • Work with machinery or power tools

You work on construction sites:

  • Risk assessments and method statements (RAMS) typically required
  • Site operators will require documented assessments
  • CDM Regulations impose specific duties

Your insurance or contracts require it:

  • Public liability insurance may require evidence of risk assessments
  • Client contracts often mandate documented assessments
  • Particularly common when working for larger organizations or public sector
Key Point

Self-employed people have the same duty as employers to conduct risk assessments if their work could affect the health and safety of others. The key question is: could your work activities harm anyone other than yourself?

When self-employed people don't need assessments

You're generally exempt if:

  • You work entirely alone from home
  • Your work creates no risk to anyone else
  • You use no hazardous materials or processes
  • Your work involves only low-risk activities
  • You have no interaction with clients or public in hazardous contexts

Example scenarios:

Exempt (no assessment required):

  • Freelance writer working from home office on a laptop
  • Online tutor conducting video lessons from home
  • Graphic designer working alone with standard computer equipment

Not exempt (assessment required):

  • Plumber visiting customer homes (work affects householders, involves tools and water systems)
  • Mobile hairdresser visiting clients (chemicals, electrical equipment, public interaction)
  • Gardener working at customer properties (machinery, chemicals, public present)
  • Photographer at events (equipment, public interaction, various venues)

Documentation for self-employed

If you need to conduct risk assessments, you should document them even though there's no specific legal requirement for self-employed individuals with no employees:

Why document:

  • Demonstrates compliance if challenged by HSE
  • Required by most client contracts
  • Needed for insurance purposes
  • Shows professional approach to safety
  • Protects you legally if incident occurs

What to document:

  • The work activities and locations
  • Hazards you've identified
  • Who might be harmed
  • Precautions you take to control risks
  • Emergency procedures
  • Review date

A simple one or two-page document covering your typical work activities is usually sufficient.

Tip:

Many clients, particularly larger businesses and public sector organizations, will not engage self-employed contractors without written risk assessments. Even if not legally required for your situation, having documented assessments can help you win contracts.

Landlords and property owners

Landlords have specific risk assessment duties, particularly regarding fire safety and the condition of their properties.

Fire risk assessments for landlords

Under the Regulatory Reform (Fire Safety) Order 2005, landlords must conduct fire risk assessments for:

Houses in Multiple Occupation (HMOs):

  • Must conduct comprehensive fire risk assessment
  • Must be documented in writing
  • Covers communal areas and means of escape
  • Must be reviewed regularly

Blocks of flats with communal areas:

  • Fire risk assessment of common parts required
  • Entrance halls, stairways, corridors, bin stores
  • Must document findings and implement fire safety measures
  • Review annually or when circumstances change

Commercial premises you let:

  • Usually tenant's responsibility as occupier
  • But landlord responsible for communal areas
  • Landlord must ensure tenant can comply with fire safety duties
  • Shared responsibility requires clear agreement

Mixed-use buildings:

  • Assessment needed for any shared or communal areas
  • Consider interaction between residential and commercial uses
  • Emergency escape routes must be adequate for all occupants
Warning(anonymised)

Landlord fined £150,000 for failure to conduct fire risk assessment

The Situation

A landlord of a converted Victorian house divided into seven flats had no fire risk assessment and inadequate fire safety measures. A fire occurred in one flat, and smoke spread through the common stairwell, blocking the only escape route.

What Went Wrong
  • No fire risk assessment conducted despite HMO licensing requirement
  • Single staircase was only means of escape for all flats
  • No fire doors separating flats from common stairway
  • No emergency lighting in stairwell
  • No fire detection in common areas
  • Landlord claimed ignorance of fire safety duties
Outcome

Fire service prosecution resulted in £150,000 fine plus £15,000 costs. Prohibition notice served preventing occupation until fire safety measures implemented. Landlord lost rental income for 8 months during compliance work. Fortunately no fatalities, but residents hospitalized for smoke inhalation.

Key Lesson

Fire risk assessments for HMOs and multi-occupied buildings are not optional. Failure to assess and control fire risks puts lives at danger and exposes landlords to severe penalties, prohibition of letting, and potential corporate manslaughter charges if a death occurs.

Other landlord risk assessment duties

Beyond fire safety, landlords must assess risks from:

Property condition and maintenance:

  • Structural hazards (unsafe stairs, railings, balconies)
  • Damp, mold, and ventilation issues affecting health
  • Electrical installation safety
  • Gas appliance safety
  • Asbestos in pre-2000 properties (duty to manage)
  • Legionella risk in water systems

When contractors work on your property:

  • Assess risks your property presents to contractors
  • Coordinate with contractor risk assessments
  • Ensure safe systems of work for maintenance
  • Particularly important for work at height, confined spaces, asbestos

Furnished lettings:

  • Fire safety of furniture (complies with regulations)
  • Electrical appliances are safe
  • Equipment is properly maintained
Note:

Landlords have duties under multiple pieces of legislation: the Fire Safety Order, the Housing Act, the Gas Safety Regulations, and general health and safety law. Risk assessments help you identify and meet these overlapping obligations systematically.

Specific roles and situations

Charities and voluntary organizations

Charities must conduct risk assessments if they:

  • Employ staff (even one person)
  • Use volunteers in ways that could expose them to risks
  • Provide services to vulnerable people
  • Operate premises open to the public
  • Conduct fundraising activities or events

Volunteer considerations: While volunteers aren't employees, you owe them a duty of care. Assess risks to volunteers just as you would for employees, particularly if they're working with vulnerable beneficiaries, driving, handling money, or involved in physical activities.

Trustees and directors

Company directors and charity trustees have personal responsibilities:

You must ensure:

  • The organization conducts adequate risk assessments
  • Findings are acted upon and controls implemented
  • Adequate resources are allocated to health and safety
  • Competent people are appointed to manage risks

Personal liability: Directors can be prosecuted personally under Section 37 of the Health and Safety at Work etc. Act 1974 if health and safety failures are due to their "consent, connivance, or neglect."

Key Point

Board-level responsibility for health and safety isn't delegable. While day-to-day management can be assigned to others, directors and trustees remain accountable for ensuring the organization meets its risk assessment duties.

Schools and education settings

Schools must conduct comprehensive risk assessments covering:

  • General workplace risks for staff
  • Risks to pupils during educational activities
  • Science experiments and practical subjects
  • Design and technology workshops
  • Physical education and sports
  • School trips and off-site activities
  • Risks to visitors and contractors
  • Specific assessments for young workers (work experience students)

Both the school as employer and the local authority (if maintained school) have duties.

Care homes and healthcare providers

Care settings have extensive risk assessment requirements:

  • General workplace risks for staff
  • Specific assessments for moving and handling residents
  • Risks from challenging behavior or violence
  • Infection control measures
  • Medication handling
  • Individual risk assessments for residents with specific needs
  • Lone working for community care staff
  • Use of medical equipment and substances

The Care Quality Commission expects comprehensive risk assessments as part of safe care provision.

Construction and contractors

Construction industry has specific assessment requirements:

Principal contractors and designers: Must assess risks under the Construction (Design and Management) Regulations 2015, covering design risks, site activities, and coordination between contractors.

All contractors working on construction sites:

  • Must conduct task-specific risk assessments
  • Usually combined with method statements (RAMS)
  • Must coordinate with principal contractor
  • Site-specific assessments required for each project

Domestic employers

If you employ domestic staff (cleaners, gardeners, nannies, carers), you must:

  • Assess risks in your home that could harm them
  • Consider work equipment they use (vacuum cleaners, ladders, chemicals)
  • Assess tasks they perform (cleaning at height, manual handling, lone working)
  • Consider hours worked and fatigue

Even though it's a domestic setting, employment law and health and safety duties still apply.

Common exemptions and misconceptions

Misconceptions about who doesn't need risk assessments

MYTH: "I'm too small to need risk assessments" Reality: All employers must assess risks, regardless of size. Even with one employee, you must conduct assessments.

MYTH: "Office work is low risk, so we don't need formal assessments" Reality: Offices have significant risks: slips and trips, fire, DSE-related ill health, stress, violence from public, manual handling. You must assess them.

MYTH: "We're a charity relying on volunteers, so health and safety doesn't apply" Reality: Charities employing staff have the same duties as any employer. You also owe a duty of care to volunteers.

MYTH: "I work from home by myself, so I need risk assessments" Reality: If you work entirely alone and your work doesn't affect anyone else, you generally don't need formal risk assessments.

MYTH: "As a tenant, the landlord does the risk assessments" Reality: The occupier (tenant) of a workplace is responsible for risk assessments of work activities. The landlord is responsible for building fabric and communal areas.

MYTH: "I've got insurance, so I don't need risk assessments" Reality: Insurance doesn't replace your legal duty to assess and control risks. Many insurers require evidence of risk assessments as a condition of cover.

Warning:

Claiming you didn't know you needed to conduct risk assessments is not a defense. HSE and courts expect duty holders to understand their legal obligations. Ignorance of the law doesn't excuse non-compliance.

Who is exempt from risk assessment duties?

Very few people are genuinely exempt:

Completely exempt:

  • Truly self-employed individuals working entirely alone whose work doesn't affect anyone else
  • Those conducting no work activities (e.g., private homeowners not letting property, not employing anyone, not running a business)

Partially exempt (lighter duties):

  • Domestic employers in private households (duties apply but HSE enforcement is rare unless serious)
  • Extremely low-risk activities with genuinely trivial hazards only

Not exempt (despite common belief):

  • Small businesses with fewer than 5 employees (must assess, just don't need to write it down)
  • Charities and voluntary organizations
  • Start-ups and new businesses
  • Businesses run from home
  • Part-time or hobby businesses that employ people

If there's any doubt about whether you need to conduct risk assessments, the safe answer is: yes, you do.

Consequences of failing to assess risks

Not conducting required risk assessments can result in:

Legal consequences

HSE enforcement action:

  • Improvement notice requiring assessments by specified deadline
  • Prohibition notice stopping work until risks assessed and controlled
  • Prosecution with unlimited fines for serious breaches
  • Personal prosecution of directors and business owners

Civil claims:

  • Employees injured due to unassessed risks can claim compensation
  • Lack of risk assessment is strong evidence of negligence
  • Employers' liability insurance may be compromised

Business consequences

Operational impact:

  • Inability to tender for contracts requiring H&S evidence
  • Client refusal to engage without risk assessments
  • Insurance difficulties or premium increases
  • Reputational damage following prosecutions

Financial costs:

  • Fines, legal fees, and compensation
  • Lost business opportunities
  • Increased insurance premiums
  • Cost of incidents that could have been prevented

Compliance vs Non-Compliance

Conducting Risk Assessments

Recommended
  • Legal compliance with Management Regulations
  • Protection for your workers and others
  • Evidence of systematic approach to safety
  • Meets client and insurance requirements
  • Reduces incident likelihood and costs
  • Demonstrates professional operation

Not Assessing Risks

  • Breach of legal duty (criminal offence)
  • Workers exposed to uncontrolled hazards
  • No defense if incident occurs
  • Cannot win contracts requiring H&S evidence
  • Vulnerable to enforcement action
  • Potential unlimited fines and prosecution

Bottom line: The cost and effort of conducting risk assessments is minimal compared to the consequences of not doing them. It's not a bureaucratic burden—it's a practical and legal necessity.

Frequently asked questions

You must conduct risk assessments before your first employee starts work. The duty to assess risks begins the moment you become an employer. Don't wait until after they've started—assess the risks in advance so you can implement necessary controls and provide proper induction and training.

If the organization employs anyone (even one person), it must conduct risk assessments. Even if there are no employees, you owe a duty of care to volunteers and should assess risks they face, particularly if working with vulnerable people or conducting potentially hazardous activities.

If you work entirely alone and your work doesn't create risks for anyone else, you don't generally need formal risk assessments. However, if you visit client premises, use hazardous materials, or if your work could affect others (including family in your home), you should assess risks. Many clients will also require documented assessments before engaging you.

It depends. For HMOs and flats with communal areas, you must conduct fire risk assessments of those common parts. You're also responsible for assessing risks from the building's condition (structural safety, damp, asbestos, Legionella). The tenant as occupier is responsible for assessing risks from their work activities in the premises they rent.

No. Risk assessments must be specific to your workplace. You can use templates or refer to examples for structure and ideas, but you must identify the actual hazards in your workplace and the real controls you have in place. Generic copied assessments don't meet the legal requirement for 'suitable and sufficient' assessment.

Yes, you should assess risks for homeworkers. Conduct DSE assessments of their home workstations, consider lone working risks, and ensure they have adequate workspace. However, you're not responsible for general domestic risks in their homes—focus on risks created by or related to their work.

You still must conduct risk assessments. There's no minimum hours threshold—if someone is your employee, even for one hour per week, you must assess the risks they face. Part-time employees have the same health and safety protections as full-time staff.

Both you and the agency have responsibilities. The agency should assess general risks relating to the type of work. As the host employer, you must assess specific risks in your workplace and communicate these to the agency and the worker. You must ensure agency workers receive the same protection as your direct employees.

Yes. Risk assessments are workplace-specific. You must assess the new premises before moving in. The hazards will differ—different layout, different escape routes, different electrical systems, different access arrangements. Don't assume your old assessments still apply.

Yes. Directors and senior managers can be prosecuted personally under Section 37 of the Health and Safety at Work etc. Act 1974 if the company's failures are due to their consent, connivance, or neglect. Failing to ensure risk assessments are conducted could constitute such neglect, particularly if you've been made aware of the duty and ignored it.

Not sure whether your specific situation requires risk assessments, or need help understanding your obligations? A health and safety consultant can assess your circumstances, explain your duties, and help you implement compliant risk assessment processes.

Speak to a professional

Summary: Who must conduct risk assessments

RoleRisk Assessment DutyKey Points
All employersMust assess risks to employees and others affectedApplies regardless of size, sector, or business type
Self-employedMust assess if work could affect othersExemption only if working alone with no risk to others
Landlords (HMOs, flats)Must conduct fire risk assessments of common areasAlso assess building condition risks (asbestos, Legionella, structural)
Charities with employeesSame duties as any employerAlso assess risks to volunteers as part of duty of care
Trustees and directorsEnsure organization meets dutiesPersonal liability if failures due to neglect
SchoolsExtensive assessment dutiesCover staff, pupils, activities, trips, work experience
Care providersComprehensive assessments requiredInclude moving and handling, challenging behavior, individual resident needs
Domestic employersMust assess risks in homeApplies to cleaners, nannies, gardeners employed in domestic settings
Key Point

The presumption should be that you need to conduct risk assessments unless you're certain you fall within a very narrow exemption. When in doubt, assess the risks. The process is beneficial regardless of strict legal obligation.

Related articles:

Useful tools: