Risk Assessment Guide UK: Legal Requirements, HSE 5 Steps & Review Rules (2026)

Updated: March 2026 • Based on UK Law

This guide covers UK risk assessment law, the HSE 5-step process, types of assessment, review requirements, and penalties for non-compliance.

An employer without a documented risk assessment is already breaking the law. The Health and Safety Executive (HSE) can issue improvement notices, prohibition notices, or prosecute — with unlimited fines and up to two years’ imprisonment for serious breaches.

---

What Is a Risk Assessment in the UK?

A risk assessment is a careful examination of what could cause harm in your workplace, so you can decide whether you’ve taken enough precautions or need to do more.

The Health and Safety Executive (HSE) defines it as a structured process that answers three questions:

• What could go wrong? — identifying hazards in the workplace
• How likely is it, and how bad could it be? — evaluating the level of risk
• What are you doing about it? — deciding on control measures to reduce or eliminate the risk

The law does not expect you to eliminate every risk. It expects you to take “reasonably practicable” steps to protect people from harm — balancing the level of risk against the difficulty, time, and cost of reducing it.

A hazard is anything that could cause harm — a wet floor, faulty electrical equipment, manual lifting, or exposure to chemicals. A risk is the chance that someone will actually be harmed by that hazard, and how serious the harm could be.

---

Are Risk Assessments a Legal Requirement in the UK?

Yes. Risk assessments are a legal requirement for all UK employers.

Two key pieces of legislation create this obligation:

The Health and Safety at Work Act 1974 is the UK’s main workplace safety law. Section 2 places a duty on employers to ensure, so far as reasonably practicable, the health, safety, and welfare of employees. Section 3 extends this to non-employees affected by the business — contractors, visitors, and the public.

The Management of Health and Safety at Work Regulations 1999 (Regulation 3) makes it explicit. Every employer must make a “suitable and sufficient assessment” of the risks to employees and others arising from work activities.

If you employ five or more people, you must record the significant findings of your risk assessment in writing. This includes the hazards identified, the people at risk, and the control measures in place.

Even if you employ fewer than five people, the HSE recommends documenting your assessment — it provides evidence of due diligence if anything goes wrong.

---

What Are the 5 Steps to Risk Assessment?

The Health and Safety Executive (HSE) recommends a five-step process for carrying out a workplace risk assessment. This is the standard approach used across UK businesses:

Step 1: Identify the hazards.

Walk around your workplace and look at what could cause harm. Check equipment, processes, substances, and working conditions. Talk to employees — they often spot hazards that management overlooks. Review accident records and near-miss reports.

Step 2: Decide who might be harmed and how.

Consider everyone — employees, contractors, visitors, members of the public. Pay special attention to groups with specific needs: new or young workers, pregnant employees, disabled workers, and lone workers.

Step 3: Evaluate the risks and decide on control measures.

For each hazard, assess how likely harm is and how serious it could be. Then decide what you’re already doing to control the risk and whether you need to do more. The goal is to reduce risk to the lowest reasonably practicable level.

Step 4: Record your findings and implement them.

Write down the significant hazards, who is at risk, and what controls are in place. This is a legal requirement if you employ five or more people. Prioritise actions — deal with the highest risks first.

Step 5: Review and update regularly.

Your risk assessment is not a one-off exercise. Review it whenever there are significant changes — new equipment, new processes, new staff, an accident, or a near miss. Even without changes, review at least annually.

---

What Are the Types of Risk Assessment?

UK businesses may need to carry out different types of risk assessment depending on their activities and workplace hazards:

General workplace risk assessment. This is the standard assessment required under the Management of Health and Safety at Work Regulations 1999. It covers all workplace hazards — slips, trips, falls, manual handling, workstation setup, electrical safety, and general working conditions. Every employer needs one.

Fire risk assessment. Required under the Regulatory Reform (Fire Safety) Order 2005 for all non-domestic premises. This covers ignition sources, fuel sources, escape routes, fire detection, and the safety of people on the premises. The “responsible person” (usually the employer or building owner) must ensure this is carried out.

COSHH assessment. Required under the Control of Substances Hazardous to Health Regulations 2002. If your workplace uses or produces chemicals, dust, fumes, or biological agents, you need a specific COSHH assessment covering exposure levels and control measures.

Display screen equipment (DSE) assessment. Required under the Health and Safety (Display Screen Equipment) Regulations 1992. If employees use computers or screens as a significant part of their work, you must assess their workstation setup, posture, and screen breaks.

Manual handling assessment. Required under the Manual Handling Operations Regulations 1992. If employees lift, carry, push, or pull loads, you must assess the risk of musculoskeletal injury and take steps to reduce it.

Other specialist assessments include noise assessments, vibration assessments, working at height assessments, and assessments for new or expectant mothers.

---

What Must a Risk Assessment Include?

A “suitable and sufficient” risk assessment under UK law must include:

• The hazards identified — what could cause harm in your workplace
• Who is at risk — employees, contractors, visitors, members of the public, and any groups with specific needs
• The level of risk — how likely harm is and how serious it could be
• Existing control measures — what you’re already doing to reduce the risk
• Further actions needed — what additional steps are required, who is responsible, and by when
• A review date — when the assessment will next be checked

The assessment must be “suitable” — meaning it covers all significant risks. And it must be “sufficient” — meaning it’s thorough enough to identify the measures needed to protect people.

It does not need to be perfect or academic. The HSE expects a practical, proportionate approach — not a doctoral thesis.

---

How Often Do Risk Assessments Need to Be Reviewed in the UK?

There is no fixed legal timeframe for reviewing a risk assessment. However, the Management of Health and Safety at Work Regulations 1999 require employers to keep their assessments up to date.

In practice, this means you should review your risk assessment:

• At least annually — as a minimum standard, even if nothing has changed
• After any accident, incident, or near miss — to understand what went wrong and whether controls need strengthening
• When processes or equipment change — new machinery, new substances, new working methods
• When staff change — new employees, young workers, pregnant workers, or changes in working patterns
• When legislation changes — new regulations or updated guidance from the HSE
• When the premises change — office moves, refurbishments, or changes to layout

The HSE recommends setting a fixed annual review date so you don’t let standards slip — even in workplaces where nothing obvious has changed.

---

Is There a UK Version of OSHA?

Yes. The UK equivalent of OSHA (the US Occupational Safety and Health Administration) is the Health and Safety Executive (HSE).

The HSE was created by the Health and Safety at Work Act 1974. It is the UK’s national workplace safety regulator — responsible for enforcing health and safety law, conducting inspections, investigating accidents, and prosecuting businesses that fail to protect their workers.

In Northern Ireland, the equivalent body is the Health and Safety Executive for Northern Ireland (HSENI).

The key difference between the two systems is approach. OSHA tends to set detailed, prescriptive standards for specific industries. The HSE takes a risk-based approach — employers must assess their own risks and take “reasonably practicable” steps to control them, with flexibility in how they achieve that.

Both systems share the same goal: preventing workplace injuries, illnesses, and fatalities.

---

What Happens If You Don’t Have a Risk Assessment?

Failing to carry out a risk assessment is a criminal offence under UK health and safety law. The consequences can be severe:

• Improvement notices: the HSE orders you to fix specific problems within a set timeframe
• Prohibition notices: the HSE shuts down a process or workplace immediately if there’s a risk of serious harm
• Prosecution: unlimited fines in the magistrates’ court or Crown Court, plus up to two years’ imprisonment for the most serious offences
• Civil claims: injured employees or members of the public can sue for compensation — and the absence of a risk assessment makes it very difficult to defend

Beyond the legal consequences, an inadequate risk assessment damages your reputation, increases insurance premiums, and destroys employee trust.

---

Frequently Asked Questions

Who is responsible for carrying out a risk assessment?

The employer holds ultimate legal responsibility. However, they can delegate the practical task to a “competent person” — an employee with the right knowledge and training, a health and safety officer, or an external consultant. The legal accountability always stays with the employer.

Can I do my own risk assessment or do I need a professional?

Most small businesses can do their own risk assessment. The HSE is clear that you don’t need to be a health and safety expert — if you understand your workplace and can identify obvious hazards, you can do it yourself. For higher-risk environments (construction, chemicals, manufacturing), consider professional help. Our Risk Assessment Template provides a structured framework to guide you through the process.

Do I need a risk assessment if I’m self-employed?

Yes, if your work activities could pose a risk to yourself or others. The Management of Health and Safety at Work Regulations 1999 apply to self-employed individuals as well as employers. If you work on client sites, you may also be asked to provide evidence of your risk assessment.

What is the British Standard for risk management?

The main international standard is ISO 31000:2018 (Risk Management — Guidelines), which provides principles and a framework for managing risk across any organisation. For occupational health and safety specifically, ISO 45001:2018 sets out the requirements for a management system that includes risk assessment as a core element. Neither standard is a legal requirement in the UK, but many businesses use them alongside their statutory obligations under the Health and Safety at Work Act 1974.

Do I need a separate fire risk assessment?

Yes. Fire risk assessments are a separate legal requirement under the Regulatory Reform (Fire Safety) Order 2005. Every non-domestic premises in England and Wales must have one. It can be done alongside your general workplace risk assessment, but it must specifically cover fire hazards, escape routes, fire detection equipment, and the safety of people on the premises.

---

---

The Truth About “Free” Legal Template Sites (What You’re Really Signing Up For)

Most websites offering a “free legal template” follow the same pattern:

• You click because it’s advertised as free
• You spend 10–15 minutes answering questions
• At the very end, you must create an account or start a “free trial”
• Your card is required upfront
• The subscription auto-renews at £29–£39 per month

This isn’t a free template – it’s a subscription service. Many people only realise after being charged £300–£400 over the year.

Why These “Free” Templates Are a Legal Risk

• Outdated wording: not aligned with current UK law
• Missing mandatory clauses: required for legal validity
• No compliance guidance: leaving users without legal context
• No structured checklist: no way to verify the document works
• Not kept updated: often unchanged when legislation changes

One incorrect clause can weaken or invalidate the entire document.

Hidden Problem: Many “Free Template” Sites Aren’t Even UK-Based

Another major issue is that many free or auto-subscription template sites operate outside the UK and use documents originally drafted for the US legal system. These are then loosely adapted for “international use,” which creates serious problems:

• Incorrect terminology: taken from US contract law
• Missing UK statutory references: essential legal requirements omitted
• Non-applicable clauses: terms that don’t apply under UK legislation
• Legal conflicts: risks breaching UK consumer, employment, or GDPR rules

Why Templates UK Does the Opposite

• Drafted by UK professionals: written by experienced business & legal experts
• UK-law only: no US crossover or generic “international” templates
• One-time price from £10: no subscriptions, no renewals
• Full preview: see the exact document before buying
• Lifetime access: free lifetime updates included

My Templates Dashboard

All purchased templates are stored in your personal My Templates page, organised by category.

When we update a template for UK law changes, the new version appears automatically in your dashboard — free, forever.

Build a growing library of UK legal documents across every area of your business and personal life.

Transparent Pricing

From £10 per template — with free lifetime usage and free lifetime updates. No subscriptions. No renewals. No auto-billing.

Not ready to buy? Use our free interactive checklists to guide your own document — no payment required.

No tricks. No trials. No hidden fees. Just the exact UK-specific legal document you came for — at the price we told you upfront.

Build your own bespoke document with our Risk Assessment Template. Preview the full contract before buying — only pay when you’re happy with it.

---

Get Every Template in One Bundle

The UK Legal Templates Ultimate Bundle includes 91 templates across every category — one purchase, lifetime updates, no subscriptions.

---

Explore Template Bundles by Category

One purchase, lifetime updates, no subscriptions.

• Business Complete Suite — 37 templates, £120 (smaller packs available)
• Landlord Ultimate Bundle — 28 templates, £99 (smaller packs available)
• Complete Family Pack — 18 templates, £65 (smaller packs available)
• Complete Estate Pack — 8 templates, £38 (smaller packs available)

Browse all bundles →

---

Explore the Master Business Legal Templates Pillar Guide

The complete overview of 37 essential UK business templates.

UK Business Legal Templates — Complete Master Guide

---

Explore All Templates UK Pillar Guides

• Family Law Documents Guide UK
• Wills & Estate Planning Guide UK
• Residential Landlord Documents Guide UK
• Employment Documents Guide UK
• How to Set Up a Business in the UK — Legal Guide
• Website Legal Documents UK — Compliance Guide
• Financial & Commercial Contracts UK — Protection Guide
• Commercial Office Lease Guide UK
• Digital & IP Agreements Guide UK

---

Related Guides

• Employment Documents Guide UK
• How to Set Up a Business in the UK — Legal Guide
• UK Business Legal Templates — Complete Master Guide
• Website Legal Documents UK — Compliance Guide

---

Free Legal Templates & Interactive Checklists

Access all our free UK legal templates, checklists and downloadable PDFs.

Browse Free Templates →

Last updated: March 2026

Disclaimer: This guide provides general UK legal information, not legal advice. Laws are current as of March 2026.