Are Risk Assessments A Legal Requirement? header image

10th June, 2019

Are Risk Assessments A Legal Requirement?

Are risk assessments a legal requirement? If you are looking for a simple yes or no answer here, the answer is yes, risk assessments are a legal requirement.

At least, they are a legal requirement at work.

We assess risk all day every day. Is it safe to cross the road? Is that plate hot? Is it going to rain? Do I need to put sun cream on? It becomes second nature, and half the time, we might not realise we are doing it. There is no law that tells us to do it. It is just second nature, and self-protection. We don't want to get hurt or face the consequences of a bad decision.

At work, employers have responsibilities under health and safety laws to protect their workers and anyone who may be harmed by their work.

  1. It shall be the duty of every employer to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all his employees

The regulations that specifically make risk assessments a legal requirement are the Management of Health and Safety at Work Regulations (MHSWR). In fact, risk assessment is so important it has its own section under the MHSWR. Section 3.

It is the law under the Management of Health and Safety at Work Regulations (MHSWR) that every employer and self-employed shall carry out a risk assessment of any risks to the health and safety of employees or other persons.

  1. Every employer shall make a suitable and sufficient assessment of—
    1. the risks to the health and safety of his employees to which they are exposed whilst they are at work; and
    2. the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking...
  2. Every self-employed person shall make a suitable and sufficient assessment of—
    1. the risks to his own health and safety to which he is exposed whilst he is at work; and
    2. the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking...
The Management of Health and Safety at Work Regulations 1999 Risk assessment

So, risk assessments are a legal requirement for every employer and self-employed person, and they must assess the risks not only to those they employ, but also the risks to anyone else who may be affected by the work activities.

The regulations go further in that any employer employing over 5 or more employees must record (a)the significant findings of the assessment; and (b)any group of his employees identified by it as being especially at risk.

Even if you employ less than 5 employees you may be required to have a written record of your risk assessment since, you may need to supply it to clients or other stakeholders, and communicate the finding to employees.

Having the risk assessment written down is really the only way you can show you have done one, and will often be required for health and safety accreditations and pre-qualification questionnaires, especially in higher-risk industries.

risk assessment paperwork
Risk assessments are a legal requirement for every employer and self-employed person

So what format does a risk assessment need to follow to comply with the MHSWR?

While risk assessments are required by law, the MHSWR does not necessarily specify how to carry one out, just that the assessment of risks must be done. It is a good idea to follow the 5 steps to risk assessment, to make sure your risk assessment is sufficient.

There are different ways to record your risks assessments and even different types of risk assessment. It doesn't have to look pretty, but your assessment should be clear, easy to read and understandable. After all, your team need to be able to check and follow it.

Additional Laws

It's worth mentioning that the MHSWR isn't the only set of regulations that require risk assessments. It is the main regulation, and the basis of the law surround risk assessments. But, there are other legal requirements to consider.

For example, under the Control of Substances Hazardous to Health (COSHH) Regulations, a COSHH assessment is required. This is a risk assessment produced specifically for hazardous substances.

Under the Display Screen Regulations, employers are required to "perform a suitable and sufficient analysis" of workstations. Also referred to as a DSE assessment.

An employer who carries out work which is liable to expose any of his employees to risk from vibration shall make a suitable and sufficient assessment of the risk created by that work to the health and safety of those employees and the risk assessment shall identify the measures that need to be taken to meet the requirements of these Regulations.

The Control of Vibration at Work Regulations 2005 Regulation 5

The Control of Vibration at Work Regulations require employers to assess the risk from vibration and the measures needed to control them, again, this requirement is to carry out a risk assessment.

So while the Management of Health and Safety at Work Regulations contain the fundamental requirement for all businesses to carry out risk assessments, other regulations also add additional legal requirements for specific hazards. These can specify some extra things that need to be included in your risk assessment, or legal limits that apply.


Need help with your risk assessments? We have a large library of risk assessment templates you can edit and use for your business activities.

share on twitter share on facebook share on linked in share by email
This article was written by Emma at HASpod. Emma has over 10 years experience in health and safety and BSc (Hons) Construction Management. She is NEBOSH qualified and Tech IOSH.

Need Health and Safety Documents?

Search hundreds of health and safety documents ready to edit and download for your business.

Health & Safety Documents

Recent posts like this...

RIDDOR Reporting Timescales Explained (When To Report)

Knowing RIDDOR means understanding not only what to report but also when to report. Under (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations) there are duties to report certain types of injuries, diseases and dangerous occurrences. What are the RIDDOR reporting timescales?

Read Post

Are Method Statements A Legal Requirement?

Most businesses will have been required to provide a method statement at some stage, but why do we need these documents and are they a legal requirement? Under what regulations are they required? In this post we ask, what does the law say about method statements?

Read Post

What Is A Risk Assessment And Why Do You Need One?

Do you need a risk assessment? Yes. If in doubt, the answer is yes. You almost always need a risk assessment. At work, risk assessments are a legal requirement. Forget to do one, and you could be breaking the law, and putting peoples lives, safety and health at risk.

Read Post

HASpod makes health and safety simple.

Learn More