Are Risk Assessments A Legal Requirement?

Are risk assessments a legal requirement? If you are looking for a simple yes or no answer here, the answer is yes - risk assessments are a legal requirement.

At least, they are a legal requirement at work.

You might not realise it, but you assess risk every day. Is it safe to cross the road? Is that plate hot? Is it going to rain? Do I need to put sun cream on? It becomes second nature. Half the time, you might not realise you are doing it.

At home and in your personal life, no law tells you to assess risk. It is just self-protection. It's a skill you have been developing since you were a child. You don't want to get hurt or face the consequences of a bad decision.

At work, risk assessments are a legal requirement. So there needs to be a little more formality and structure around the risk assessment procedure. But it still follows the same idea - preventing you (and others) from getting hurt.

Risk assessment laws and regulations

At work, employers have responsibilities under health and safety laws to protect their workers and anyone who may be harmed by their work.

1. It shall be the duty of every employer to ensure, so far as is reasonably practicable, the health, safety and welfare at work of all his employees

But the regulations that specifically make risk assessments a legal requirement are the Management of Health and Safety at Work Regulations (MHSWR).

It is the law under the Management of Health and Safety at Work Regulations (MHSWR) that every employer and self-employed shall carry out a risk assessment of any risks to the health and safety of employees or other persons.

Risk assessment is so important it has its own section under the MHSWR - section 3.

1. Every employer shall make a suitable and sufficient assessment of—
   1. the risks to the health and safety of his employees to which they are exposed whilst they are at work; and
   2. the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking...
2. Every self-employed person shall make a suitable and sufficient assessment of—
   1. the risks to his own health and safety to which he is exposed whilst he is at work; and
   2. the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking...

The Management of Health and Safety at Work Regulation is the main regulation for risk assessments. It applies to all workplaces.

Depending on your activities, other regulations may also apply to specific risk assessments. See the "Additional laws" section at the end of this blog post for more information.

Risk assessment responsibilities

As you can see from the regulations, risk assessments are the responsibility of both employers and the self-employed.

Employers are responsible for assessing the risk to:

• Employees
• Anyone else who might be affected

And the self-employed are responsible for assessing the risk to:

• Themselves
• Anyone else who might be affected

Anyone else could be occupants, other workers (working in the same area), visitors, clients or even members of the public.

So, risk assessments are a legal requirement for every employer and self-employed person, and they must assess the risks not only to those they employ but also the risks to anyone else who may be affected by the work activities.

This doesn't mean the employer needs to be the one to carry out the risk assessment. Just that they are responsible for making sure risk assessments are done. They may have a competent person, or a health and safety manager with the knowledge and skills to do a suitable and sufficient risk assessment.

The legal requirement for a written risk assessment

The regulations go further in that any employer employing over 5 or more employees must record "the significant findings of the assessment". In other words, you need to have it written down.

(6) Where the employer employs five or more employees, he shall record—

1. the significant findings of the assessment; and
2. any group of his employees identified by it as being especially at risk. -- The Management of Health and Safety at Work Regulations 1999 - Risk assessment

Need help writing your risk assessments? Get access to over 200 risk assessment templates for your business activities.

What if you have less than 5 employees?

Even if you employ less than 5 employees you might need to have a written record of your risk assessment. Even though the law doesn't say you must write it down, you may need to supply it to clients or other stakeholders. And you may also need to communicate the findings to employees.

Having the risk assessment written down is the only way you can show you have done one (and remember, it's a legal requirement - even if you have no employees).

You will often get asked to provide evidence of your risk assessments for health and safety accreditations and pre-qualification questionnaires, especially in higher-risk industries.

The legal requirements of a risk assessment

Now you know when you need a risk assessment, by law. But what should your risk assessment contain? What format does your risk assessment need to follow to comply with the MHSWR?

While risk assessments are required by law, the MHSWR does not necessarily specify how to carry one out - just that the assessment of risks must be done, and it must be suitable and sufficient.

It is a good idea to follow the 5 steps to risk assessment to make sure your risk assessment is sufficient.

There are different ways to record your risk assessments and even different types of risk assessment. It doesn't have to look pretty, but your assessment should be clear, easy to read and understandable. After all, your team need to be able to read, understand, and follow it.

Don't know where to start? Here's how to complete a risk assessment in 5 minutes.

Additional Laws

We already mentioned that the MHSWR isn't the only set of regulations that require risk assessments - it is the main regulation and the basis of the law surrounding risk assessments. But there are other legal requirements to consider in certain circumstances.

For example, under the Control of Substances Hazardous to Health (COSHH) Regulations, a COSHH assessment is required. This is a risk assessment produced specifically for hazardous substances.

Under the Display Screen Regulations, employers are required to "perform a suitable and sufficient analysis" of workstations. Also referred to as a DSE assessment.

An employer who carries out work which is liable to expose any of his employees to risk from vibration shall make a suitable and sufficient assessment of the risk created by that work to the health and safety of those employees and the risk assessment shall identify the measures that need to be taken to meet the requirements of these Regulations.

The Control of Vibration at Work Regulations require employers to assess the risk from vibration and the measures needed to control them and puts legal limits on vibration exposure.

So while the Management of Health and Safety at Work Regulations contain the fundamental requirement for all businesses to carry out risk assessments, other regulations also add additional legal requirements for specific hazards. These can specify some extra things that need to be included in your risk assessment, or legal limits that apply.

Need help with your risk assessments? We have a large library of risk assessment templates you can edit and use for your business activities.