Health and safety isn't a sector — it's a duty every UK employer carries, and the HSE enforces it hard. The rules are stable and sensible; the businesses that get caught are usually the ones who never wrote things down. Here's what the law actually asks of you and how to evidence it.
- The Health and Safety at Work etc. Act 1974 places a duty on you to protect employees and anyone affected by your work.
- You must assess risks (Management of Health and Safety at Work Regulations 1999) and, if you employ 5 or more people, have a written health & safety policy.
- The HSE enforces via Improvement Notices, Prohibition Notices and prosecution — fines are unlimited and individuals can be imprisoned.
- Penalties scale with turnover and harm: HSE fines exceeded £35.7 million in 2025.
Your core legal duties
Under the Health and Safety at Work etc. Act 1974, you must ensure, so far as is reasonably practicable, the health, safety and welfare of your employees — and protect others (customers, contractors, the public) affected by your activities. In practice that means:
- Assess the risks to employees and anyone else affected, and act on them.
- Plan, organise, control, monitor and review your preventive and protective measures.
- Have a written health & safety policy if you employ 5 or more people.
- Have access to competent health & safety advice.
- Consult employees on the risks and the measures you've put in place.
Risk assessment — the legal heart of it
The Management of Health and Safety at Work Regulations 1999 require you to assess workplace risks and put preventative measures in place. A risk assessment isn't a form you file once — it's a living record you review when things change (new equipment, new tasks, an incident). If you have 5+ employees, the significant findings must be written down.
How the HSE enforces
HSE inspectors can:
- Issue an Improvement Notice — fix a breach within a set timeframe.
- Issue a Prohibition Notice — stop a dangerous activity immediately.
- Prosecute — leading to unlimited fines and, for individuals, imprisonment.
Where an inspector finds a material breach, the HSE can also recover its costs from you under Fee for Intervention. Fines are set by sentencing guidelines that scale with the size of the business and the seriousness of the harm — which is how totals reach into the millions. HSE fines exceeded £35.7 million in 2025.
Where businesses get caught
- No written policy (or one that's years out of date) despite having 5+ staff.
- Generic, copied risk assessments that don't match the actual workplace.
- No record of training, maintenance or checks — so good practice can't be evidenced.
- Accidents not reported under RIDDOR, or no system to learn from near-misses.
A simple plan to get compliant
Start by seeing where you stand: our free 2-minute health & safety self-check flags your gaps in minutes. Then put the essentials in place — a current written policy, real risk assessments, a training and maintenance log, and a way to record and learn from incidents (our own-forever document suites cover all of this), and get a compliance review if you want expert eyes.
Frequently asked questions
Do I need a written health & safety policy?
If you employ 5 or more people, yes — it's a legal requirement, and the significant findings of your risk assessments must be recorded too.
What's the difference between an Improvement and a Prohibition Notice?
An Improvement Notice gives you time to fix a breach; a Prohibition Notice stops a dangerous activity immediately because of serious injury risk.
What is Fee for Intervention?
If the HSE finds a material breach, it can recover the cost of its time investigating and putting it right — so non-compliance has a direct bill attached.
How big can fines get?
Unlimited. Sentencing guidelines scale fines with turnover and harm; HSE fines exceeded £35.7 million across 2025, with custodial sentences for individuals.