Last updated: 25.05.23

What Are the Legal Requirements of Risk Assessments

Risk assessments are the backbone of any thorough health and safety policy. They allow everyone in a workplace to be aware of all the potential hazards in the environment, provide an easy way of prioritising how risks should be managed, and create a record of the procedures in place that control risks at work.

If you’re an employer or a health and safety professional then it’s likely you’ll have to carry out a risk assessment at some point in your career. But even if you’re not responsible, risk assessment regulations also apply to employees and the general public, so you may still be required to read one or respond to the actions it outlines.

Risk assessments are not only an important procedure in health and safety; they’re also a legal requirement when it comes to keeping a working environment safe. In this article, we will take a look at the legal requirements of risk assessments and cover what needs to be considered when carrying out a risk assessment, to help you to understand what you need to do in order to meet the Health and Safety Executive’s rigorous safety standards.

What is a Risk Assessment?

A risk assessment is a formal analysis of any potential hazards in the workplace. This could include anything from heavy machinery, narrow fire escapes or biological hazards, right through to tripping hazards or loud noises, depending on your industry or your workplace.

The purpose of a risk assessment is to identify the hazards that are present in a workplace, determine how much of a risk they pose to employees and the general public, and then take action to remove or reduce the likelihood of these risks occurring.

Risk assessments must be recorded, and it’s important to note that most risk assessments include four distinct sections:

  • A record of the risk or hazard
  • A record of the people that could be harmed by the risk or hazard
  • An evaluation of the risk, drawing on 3rd party documentation to establish how dangerous it is, and how likely an accident could be
  • A clear plan of action that’s designed to help employees mitigate, manage or avoid the risk

Are Risk Assessments a Legal Requirement?

Risk assessments are a legal requirement for all UK businesses. This legal requirement is outlined by several different pieces of legislation.

The Health and Safety at Work Act 1974 is the main piece of workplace health and safety legislation in the UK. It makes it the legal responsibility of employers and self-employed people to ensure that their workplaces are safe, which will likely include completing some form of risk assessment. So whilst completing a risk assessment isn’t a specific requirement of this law, it’s a key piece of health and safety legislation that risk assessments fall into.

Another key piece of risk assessment legislation is The Management of Health and Safety at Work Regulations 1999 which offers a thorough breakdown of all the different aspects of risk assessment and the different situations where a risk assessment is required. According to the terms in this legal framework, business owners and employers must “make a suitable and sufficient assessment” of:

  • (a) the risks to the health and safety of employees to which they are exposed whilst they are at work; and
  • (b) the risks to the health and safety of persons not in employment arising out of or in connection with the conduct by him of his undertaking

The Management of Health and Safety at Work Regulations also sets out specific rules for the way these assessments need to be recorded and reviewed by other members of staff, to ensure that all workplace hazards are assessed correctly.

The Workplace (Health, Safety and Welfare) Regulations 1992 doesn’t directly mention risk assessments, but does outline a lot of legal requirements for the majority of workplaces that ensure the safety of employees. Within this is the requirement for employees to be made aware of the presence of hazards, which a risk assessment will help you to do.

Other industry-specific pieces of legislation, such as the Control of Substances Hazardous to Health Regulations or The Control of Vibration at Work Regulations 2005 will give guidance on how to assess and manage specific risks. They can be useful when you’re completing risk assessments, and again place a responsibility on the employer or employees to take appropriate measures to reduce risk.

What Should Be Included in a Risk Assessment?

Guidance from the Health and Safety Executive outlines five necessary actions that need to be included in a risk assessment. If you are following risk assessment laws and regulations, you need to complete these steps in order to have sufficiently carried out a risk assessment.

The steps included in a risk assessment are:

  • Identify Hazards - This involves going around a workplace and working out all the different potential hazards that exist there. These hazards might come from the environment itself, the equipment in the workplace or the procedures that employees follow at work.
  • Assess Risks - Once you are aware of all the potential risks in a workplace, you need to determine how likely each of them is to happen. Alongside this, you need to estimate the level of damage that would be done if the risk occurred. Combined with the likelihood of the risk happening, this lets you know how much of a priority removing it should be.
  • Control Risks - After identifying the risks and deciding which ones pose the biggest and most imminent threat to employee health and safety, you need to take action to control all of the possible risks. You should ideally be able to remove some of them completely, but if not, you should focus on reducing the risk as much as possible.
  • Record the Risk Assessment - If you have more than five employees in your workplace, one of the legal requirements of risk assessments is that you record all of your findings. This creates a document that employees and inspectors can consult and provides proof of your efforts to protect your employees.
  • Review the Risk Assessment - The final stage of completing a risk assessment is that it must be regularly reviewed. Risk assessments are only effective at keeping people safe if they are up to date, so you should make sure that yours is reviewed and updated when necessary so it remains a useful piece of health and safety guidance.

When Is a Risk Assessment Necessary?

Risk assessments are the best way to identify potential hazards in a workplace, implement safety measures and demonstrate compliance with risk assessment laws and regulations. A risk assessment is necessary if you are an employer with a legal responsibility to ensure the safety of your staff, even if you think you work in a very safe environment.

As well as carrying out initial risk assessments, you also need to review and update them regularly so that they offer the best possible analysis of the risks in your workplace. According to the HSE, risk assessments should be reviewed in the following situations:

  • A risk assessment is deemed to no longer be effective
  • There are changes in the workplace to staff, an internal process, or the substances or equipment used in a workplace
  • Employees spot a problem with something in the workplace
  • There is an accident or a near miss at work

Why Are Risk Assessments Important?

Risk assessments are, in short, essential for ensuring the safety and wellbeing of your employees.

Regardless of the industry you work in, risk assessments are a vital part of your health and safety plan. A thorough risk assessment will allow you to spot potential hazards before they can injure your staff, and they often inform the safety procedures responsible for safeguarding the health of your workforce. This means you can remove or reduce hazards in your workplace, making it safe for all employees and visitors.

Having a safe workplace is important because it prevents injuries and accidents and keeps your workforce healthy. A healthy and capable workforce means that everyone can work productively and efficiently, which is important because it means that you can meet the demands of your clients or customers. You also don’t have to find replacements for staff, lose money due to staff being off work or give employees more work to cover a colleague that is off with an injury, which is better for overall business stability.

As mentioned above, all employers are also legally mandated to carry out regular risk assessments for all workplace hazards under the Management of Health and Safety at Work Regulations (1999). Failure to carry out adequate risk assessments can open you up to legal actions and fines. If the fine is large, this could have a significant impact on your business’s finances, which can be very hard to come back from.

Being reprimanded for failing to carry out a risk assessment may also give your business a bad reputation, both from a customer perspective and an employee perspective. The latter can make it hard for you to hire new staff and retain existing employees, as they are unlikely to want to work for an employer that doesn’t care about their health and safety.


Who is responsible for carrying out risk assessments?

Employers are legally responsible for making sure that risk assessments are carried out when legally required. However, the employer doesn’t have to be the one to complete the risk assessment themselves - they can nominate a ’competent person’ to do this instead.

Which regulation places a duty on employers to carry out risk assessments?

The Management of Health and Safety at Work Regulations 1999 outline the legal requirements of risk assessments and makes it the minimum duty of an employer to identify workplace hazards, decide how likely they are and take action to prevent them from happening. The Health and Safety at Work Act 1974 also makes it the responsibility of employers to keep their employees safe, which often involves completing a risk assessment.

How many employees do you need for a risk assessment?

The Management of Health and Safety at Work Regulations state that, if a business has five or more employees, the findings of a risk assessment must be recorded. You don’t need a minimum number of employees to complete a risk assessment and should conduct one even if you’re self-employed, but you only need to officially record this if your workforce has five or more employees.


The collection of legislation for risk assessment specification is quite small, so it’s easy to learn what you need to do in order to remain compliant and ensure you’re taking the necessary measures to keep employees safe. Whilst initially completing a risk assessment can be time-consuming, it’s an essential document for keeping everyone aware of the risks they face at work and providing proof that you have taken action to make your workplace as safe as possible.

If you’d like to learn more about the legal requirements associated with risk assessments, you might be interested in our ‘Risk Assessment in the Workplace’ online training course, which is designed for anyone that needs to carry out a risk assessment.