Health and Safety for Software Companies | Expert Guide

Software and technology companies often assume that health and safety is a concern for other industries. The reality is very different. Every software employer carries the same legal duties as any other UK business, with specific obligations around display screen equipment, remote and hybrid working, stress and mental health, and multi-site international compliance. With 470,000 UK workers suffering work-related musculoskeletal disorders annually, burnout affecting 84% of cybersecurity professionals globally, and DSE compliance extending explicitly to home working environments, health and safety is a live and material risk for the tech sector. This guide explains what software and technology companies need to do, and how Health and Safety Consultants help them get it right.

Why Health and Safety Matters for Software Companies

The perception that health and safety is primarily a concern for construction sites, factories, or logistics operations is one of the most persistent and costly misconceptions in business. Software companies face a distinct but equally significant set of obligations and risks that, if unmanaged, carry the same legal, financial, and human consequences as those in more obviously physical industries.

The Health and Safety at Work Act 1974 applies to every employer in the UK, regardless of sector. A software company with ten developers working from home carries precisely the same duty of care as a manufacturer with a factory floor. The risks differ in character, but the duty is identical.

For software and technology businesses, the relevant hazards cluster around several well-defined areas: prolonged display screen equipment use, sedentary working patterns, remote and hybrid working environments, high-pressure delivery culture, stress and burnout, and for those with international offices, the complexity of multi-jurisdiction compliance.

Health and Safety Consultants who understand the technology sector help businesses address these risks proportionately, practically, and without unnecessary bureaucracy.

The Legal Foundation: What the Law Requires of Tech Employers

Software companies must comply with the same core legislation as all UK employers, plus specific regulations that are particularly relevant to desk-based and screen-using workforces.

Health and Safety at Work Act 1974

The foundational duty requires every employer to ensure, so far as is reasonably practicable, the health, safety, and welfare of all employees. This encompasses physical and psychological health, and applies wherever employees work, including home offices and client sites.

Management of Health and Safety at Work Regulations 1999

Regulation 3 requires a suitable and sufficient risk assessment of all significant risks. For a software company, this must cover workstation conditions, psychosocial risks, lone working, fire safety, and the working environment of remote employees. The Regulations also require appointment of a competent person to assist with health and safety management.

Health and Safety (Display Screen Equipment) Regulations 1992

The DSE Regulations are perhaps the most directly relevant legislation for software businesses. They apply to any employee who uses display screen equipment as a significant part of their normal work, typically defined as continuous or near-continuous use for one hour or more per day.

For software developers, data analysts, UX designers, product managers, support engineers, and most other technology roles, virtually all employees will be DSE users. The Regulations require employers to:

Analyse workstations to assess and reduce risks
Ensure requirements for workstations are met
Plan work activities to provide breaks or changes of activity
Provide eye and eyesight tests on request and, where necessary, special corrective appliances
Provide health and safety training related to DSE use
Provide information about the risks and the measures taken to reduce them

Crucially, in 2025 the HSE has made explicit that DSE risk assessments must extend to all screen users wherever they work, including spare rooms, kitchen tables, and home office setups. Remote and hybrid workers are not exempt.

Workplace (Health, Safety and Welfare) Regulations 1992

These Regulations set minimum standards for the physical working environment, including temperature, ventilation, lighting, floors, workstations, and welfare facilities. They apply to office environments where software teams are based.

Working Time Regulations 1998

Software development culture frequently involves extended hours, particularly around release cycles and product launches. The Working Time Regulations limit working time to 48 hours per week on average (unless workers have individually opted out), require minimum daily and weekly rest periods, and mandate paid annual leave. Employers must monitor and manage working time, not merely accept worker self-reporting.

Equality Act 2010

The Equality Act reinforces DSE and wellbeing obligations by requiring reasonable adjustments for employees with disabilities or health conditions. In a technology workplace, this may include specialist ergonomic equipment, assistive software, flexible working arrangements, or modified workstation setups.

Key Hazards in Software and Technology Companies

Understanding the specific risk profile of a technology business enables proportionate and effective management.

Display Screen Equipment and Musculoskeletal Disorders

Prolonged screen use without adequate workstation design, postural support, or break patterns causes musculoskeletal disorders (MSDs) affecting muscles, tendons, ligaments, nerves, and joints of the neck, upper limbs, back, and lower limbs. In 2022/23, an estimated 470,000 UK workers suffered from work-related musculoskeletal disorders, accounting for 27% of all workplace ill health cases.

Common conditions among screen workers include:

Neck and shoulder pain from poor monitor positioning
Back pain from inadequate chair support or prolonged sitting
Repetitive strain injury (RSI) from keyboard and mouse use
Carpal tunnel syndrome from sustained wrist posture
Eye strain and headaches from screen glare, poor lighting, or incorrect focal distance

UK businesses lose approximately 6.9 million working days annually to work-related musculoskeletal disorders. In a software company where individual productivity is high and knowledge is concentrated, extended absences carry disproportionate operational impact.

Remote and Home Working Environments

The shift to remote and hybrid working has created a widespread DSE compliance gap. Research by Breathe found that 50% of hybrid and remote workers either had not completed a DSE assessment, did not have the right equipment, or both. Sixty percent had never, or only once, had their home electrical equipment safety tested.

Home working introduces risks that do not exist in a managed office environment:

Improvised workstations on kitchen tables, sofas, or beds
Inadequate chairs lacking lumbar support
Poor lighting causing eye strain
Monitors at incorrect height or distance
Shared domestic electrical circuits with insufficient capacity
Lack of fire safety awareness in the home environment
Isolation and difficulty separating work from personal life

The law is unambiguous: employers retain the same duty of care for remote workers as for office-based staff. The inability to physically inspect a home workstation does not remove the obligation; it requires a different approach to assessment, typically combining self-assessment tools with manager review and follow-up on identified issues.

Stress, Burnout, and Mental Health

Mental health and work-related stress represent one of the most significant and fastest-growing risks for technology companies. The characteristics of software development and technology work create several potent stress factors:

Deadline pressure and sprint culture: Agile development cycles, product launches, and client deliveries generate recurring periods of intense pressure that, without adequate recovery, compound into chronic stress.

On-call and out-of-hours demands: Infrastructure, security, and support roles frequently involve out-of-hours incident response that disrupts rest and recovery.

Rapid change and skills obsolescence: The pace of technological change creates persistent anxiety about skills relevance, particularly in development and architecture roles.

Remote working isolation: Distributed teams lose informal social contact that supports mental health, creating vulnerability to isolation, particularly for employees who live alone.

Cybersecurity burnout: This is an acute and well-documented problem. Research by Hack The Box found burnout affects 84% of cybersecurity professionals globally, with 68% of cybersecurity professionals across Europe facing burnout. In the UK specifically, 59% of security professionals report burnout directly affecting their ability to perform their jobs effectively. Nearly two-thirds of security operations centre professionals have considered quitting due to stress.

The employer's legal duty to manage work-related stress is not discretionary. The Management of Health and Safety at Work Regulations 1999 require stress risk assessments that identify psychosocial hazards and implement control measures. The HSE Management Standards framework provides a practical methodology.

Beyond direct legal obligation, the business case is compelling. Burnout in a cybersecurity team directly increases organisational vulnerability. IBM reports that 95% of data breaches are attributable to human error, with cyberattacks frequently timed for periods when employees are most susceptible to stress-related lapses.

Sedentary Working and Physical Inactivity

Sustained sedentary working patterns create health risks independent of workstation ergonomics. Prolonged sitting is associated with cardiovascular disease, metabolic conditions, and musculoskeletal problems. Encouraging movement through break policies, standing desk provision, and active travel to and from work forms part of a comprehensive approach to employee health.

Lone Working

Remote workers, particularly those working alone at home, are lone workers in the legal sense. Employers must assess the risks of lone working and implement appropriate measures, including regular check-ins, clear emergency procedures, and communication protocols.

Fire Safety in Home Workplaces

While the Regulatory Reform (Fire Safety) Order 2005 does not apply to domestic premises, employers retain duties under the Health and Safety at Work Act for employees working at home. Electrical equipment provided by the employer should be safe and appropriately tested. Home working risk assessments should include basic fire safety considerations.

Event and Travel Safety

Technology companies frequently involve employees in conferences, client visits, off-site events, and international travel. Risk assessment of these activities, including travel risk management and event safety planning, forms part of the employer's duty.

DSE Compliance in Practice: A Systematic Approach

Given the scale and centrality of DSE obligations for software companies, a systematic approach is essential.

Step 1: Identify All DSE Users

Map the workforce to identify every employee who uses screens for one hour or more per day as a significant part of their normal work. In a software company, this will typically encompass nearly all employees regardless of role.

Step 2: Conduct Workstation Assessments for All Locations

For each DSE user, assess their primary workstation, and any secondary locations where they regularly work, including home offices for remote and hybrid workers. Assessments should cover:

Screen position, height, and distance
Chair height, lumbar support, and adjustability
Keyboard and mouse positioning
Lighting adequacy and glare control
Temperature and ventilation
Space for posture changes and movement
Break and activity patterns
Work software usability

Step 3: Act on Assessment Findings

Where assessments identify deficiencies, employers must take action. This may include providing ergonomic chairs, monitor stands, external keyboards, footrests, or improved lighting. For home workers, employers may need to provide or fund appropriate equipment.

Step 4: Train All DSE Users

Provide information and training on workstation setup, posture, eye care, break-taking, and how to report concerns. Training should be proportionate and accessible, not burdensome.

Step 5: Provide Eye Tests on Request

DSE Regulations require employers to offer and fund eye tests for DSE users who request them, and to provide corrective appliances (spectacles) where the eye test finds these are necessary specifically for DSE work and the user's existing prescription does not meet this need.

Step 6: Review Regularly and on Material Change

DSE assessments are not one-time events. They require review when:

An employee moves to a different location (including moving from office to home or vice versa)
Significant new equipment is introduced
An employee reports discomfort, pain, or related symptoms
The nature of the work changes materially

Health and Safety Consultants and Software solutions support efficient management of DSE assessment records, action tracking, review scheduling, and compliance reporting across a distributed workforce.

Managing Stress and Mental Health: The Legal and Practical Framework

For technology employers, managing mental health and work-related stress is not a soft HR preference but a core legal compliance obligation.

Stress Risk Assessment

Under the Management of Health and Safety at Work Regulations 1999, employers must assess psychosocial risks and implement appropriate controls. The HSE Management Standards provide a structured framework identifying six key work design factors that, if poorly managed, are associated with work-related stress:

Demands: Workload, work patterns, and the work environment
Control: How much say employees have in the way they work
Support: Encouragement, sponsorship, and resources provided by the organisation, management, and colleagues
Relationships: Promoting positive working to avoid conflict and managing unacceptable behaviour
Role: Whether employees understand their role and whether the organisation ensures that they do not have conflicting roles
Change: How organisational change is managed and communicated

Software companies should conduct stress risk assessments that systematically evaluate these six areas and implement evidence-based controls.

Practical Controls for Technology Environments

Workload management: Realistic sprint planning, sustainable velocity targets, and explicit norms around overtime and on-call frequency. Release managers and project leads must have authority to push back on unrealistic delivery timelines.

Autonomy and mastery: Software professionals frequently cite autonomy, mastery, and purpose as core motivators. Job design that undermines these creates stress and disengagement.

Psychological safety: Teams that cannot raise concerns, flag blockers, or report incidents without fear of blame face systemic stress. Building psychological safety requires deliberate leadership attention.

Remote working boundaries: Clear norms about working hours, availability expectations, and the right to disconnect. Monitoring software that tracks keystrokes or screen time can increase stress and reduce trust.

Mental health support: Employee Assistance Programmes, mental health first aiders, access to counselling, and manager training in mental health awareness form a practical support infrastructure.

Cybersecurity team protection: The documented severity of burnout in security roles warrants specific attention. Adequate staffing of security operations teams, rotation of on-call duties, and explicit recognition of the psychological demands of incident response are all relevant control measures.

Remote and Hybrid Working: Building a Compliant Policy

Most software companies now operate hybrid or fully distributed models. A compliant and effective approach requires more than informal flexibility.

Written Remote Working Policy

A documented remote working policy should address:

Who is eligible to work remotely and under what conditions
Equipment provision: what the employer provides and what employees are expected to source themselves
DSE assessment requirements and process for home offices
Electrical safety requirements for home working equipment
Working hours expectations and the right to disconnect
Lone working procedures and check-in requirements
Data security and physical document handling at home
Expenses and reimbursement for home working costs

Equipment Provision

Where employees are required to work from home, employers bear greater responsibility for ensuring the home working environment is safe. In practice, many software companies provide laptop computers but expect employees to source their own peripherals and furniture. Where a risk assessment identifies that the home setup is inadequate, the employer must act, which may mean funding or providing appropriate equipment.

Regular Review

Hybrid arrangements evolve as individuals' circumstances change. Employees who move home, have children, develop health conditions, or change their working pattern require their home working risk assessment to be reviewed.

International Compliance for Global Software Companies

Software companies frequently grow internationally before their health and safety arrangements scale with them. A startup that opens its first European office, or a scale-up acquiring a team in another jurisdiction, must understand that UK health and safety arrangements do not automatically apply or transfer.

The Challenge of Multi-Jurisdiction Compliance

Each country where a software company employs people carries its own occupational health and safety framework. These differ not only in technical requirements but in enforcement approach, documentation language, and employee representative rights.

Key considerations for software companies expanding internationally:

European offices: EU Framework Directive 89/391/EEC provides a shared foundation, but national implementation varies significantly.

Netherlands: Every employer must produce a RI&E risk assessment with certified review for companies with 25 or more employees, and must contract a certified occupational health service (arbodienst)
France: Mandatory DUERP risk assessment document from the first employee, annual PAPRIPACT prevention programme for organisations with 50 or more employees, and compulsory affiliation with a health prevention service (SPST)
Germany: DGUV regulations through the Berufsgenossenschaften system, with sector-specific requirements
Italy: RSPP responsible safety officer requirements, mandatory for all employers

North American offices: US OSHA regulations apply across most states, with state plan variations adding complexity. Canada has provincial frameworks.

Asia-Pacific: Singapore, Australia, and Japan each have distinct frameworks with specific reporting and documentation requirements.

Global Health and Safety Consultants help software companies manage this complexity by applying consistent standards while meeting each jurisdiction's specific requirements.

Common International Compliance Mistakes for Tech Companies

Applying UK documentation globally: Sending a UK risk assessment to a French subsidiary does not satisfy the DUERP requirement. Each jurisdiction needs compliant local documentation.

Assuming low physical risk means low compliance burden: A software office in Amsterdam carries identical arbodienst and RI&E obligations to a construction company of the same size. The risk profile differs; the legal obligation does not.

Neglecting language requirements: Key documents, whether a Dutch RI&E or a French DUERP, must be accessible to local employees, works councils, and regulators, typically in the local language.

Missing employee representation obligations: French CSEs, Dutch works councils, and German Betriebsrat all have statutory rights over health and safety arrangements. These are not optional consultation processes.

The Case for International Health and Safety Audits

International Health and Safety Audits provide software companies with a consistent view of compliance across all their global locations. Regular audit enables:

Verification that local documentation meets jurisdiction-specific requirements
Identification of gaps before regulators find them
Benchmarking of safety culture and performance across offices
Evidence of governance for group boards and insurers
Consistent methodology enabling meaningful cross-site comparison

Health and Safety Audits for Software Companies

Even where health and safety appears well managed, independent Health and Safety Audits add value that internal assessment cannot provide.

What a Tech-Sector Audit Covers

An audit tailored to a software company examines:

DSE assessment coverage and quality across all locations and home workers
Stress risk assessment completeness and control effectiveness
Remote and hybrid working policy adequacy
Working time monitoring and compliance
Mental health support infrastructure
Incident and near-miss reporting systems
Management of contractor and visitor safety
International office compliance where applicable
Health and safety policy currency and accessibility
Training records and competence verification

Frequency and Triggers

Annual Health and Safety Audits are standard practice. Additional audits may be warranted following:

Significant headcount growth
Office moves or new location openings
Acquisition of another business
A reported incident or cluster of reported symptoms
Expansion into a new international market

Health and Safety Software: Enabling Efficient Compliance

Health and Safety Consultants and Software solutions are particularly well-suited to the needs of software companies, which typically have dispersed workforces, high digital literacy, and a preference for systematic, scalable solutions over manual paper-based processes.

What Software Solutions Enable

DSE assessment management: Digital self-assessment workflows, action tracking, review scheduling, and compliance dashboards that provide management visibility across a distributed workforce.

Risk assessment management: Centralised documentation, version control, review scheduling, and sharing with relevant parties including employee representatives and regulators.

Incident and near-miss reporting: Mobile-first reporting tools that encourage prompt reporting and systematic root cause analysis.

Training record management: Tracking of mandatory training completion, automated reminders for refresher requirements, and evidence for regulatory purposes.

Audit management: Scheduling, conduct, finding management, and action tracking for internal and external audits across all locations.

Multi-site compliance visibility: Dashboards providing group-level visibility of compliance status across all offices and jurisdictions, enabling management to prioritise resources.

ISO 45001 alignment: Where software companies seek ISO 45001 certification as a demonstration of systematic OHS management, software solutions support the documentation, audit, and continuous improvement requirements of the standard.

Arinite: Health and Safety Support for Software and Technology Companies

Arinite provides specialist health and safety support to software and technology companies across the UK and internationally.

Why Technology Companies Choose Arinite

Sector understanding: Arinite's consultants understand the technology sector: agile working, distributed teams, high-pressure delivery culture, and the particular mental health challenges of cybersecurity and support roles.

Practical, proportionate approach: Technology companies need health and safety support that is efficient, scalable, and free from unnecessary complexity. Arinite's philosophy of keeping it simple delivers compliance without bureaucratic burden.

International capability: Global Health and Safety Consultants supporting businesses across 50+ countries, with expertise in EU member state requirements, US OSHA frameworks, and Asia-Pacific jurisdictions.

Technology-enabled delivery: Health and Safety Consultants and Software solutions that integrate with existing workflows and provide management visibility across distributed teams.

Proven track record: Supporting over 1,500 global businesses including recognised technology brands such as Figma, Nikon, Shutterstock, Akamai, and SUSE, with a 95%+ client retention rate.

Services for Software Companies

Competent person service: Fulfilling the legal requirement for competent health and safety assistance, acting as your appointed competent person under Regulation 7 of the Management of Health and Safety at Work Regulations 1999.

DSE programme management: Systematic DSE assessment for office and home workers, action management, and compliance reporting.

Stress risk assessment: Structured assessment of psychosocial risks using the HSE Management Standards approach, with practical control recommendations.

Health and safety policy development: Tailored policies appropriate to the technology sector, remote working arrangements, and international operations.

Health and Safety Audits: Independent audit of UK and international operations, providing objective compliance assessment and improvement recommendations.

Training: Targeted health and safety training for managers and employees, covering DSE, stress awareness, remote working, and emergency response.

International compliance: Support with jurisdiction-specific requirements including RI&E, PAPRIPACT, DGUV, and RSPP across global office locations.

Frequently Asked Questions

Does a small software startup need health and safety support?

Yes. The Health and Safety at Work Act applies from the first employee. While proportionality matters — a two-person startup does not need the same arrangements as a 500-person company — every employer must conduct risk assessments, appoint a competent person, and address known hazards including DSE and stress.

Are remote workers covered by DSE Regulations?

Yes. The HSE has confirmed that DSE Regulations extend to all screen users wherever they work. Employers must assess home workstations and act on identified deficiencies. Fifty percent of remote workers have not had adequate DSE assessments, creating widespread compliance gaps.

What should a software company's health and safety risk assessment cover?

The risk assessment should cover all significant hazards, including: DSE and workstation conditions for all employees; psychosocial risks and work-related stress; remote and home working arrangements; fire safety in office and home environments; lone working; manual handling for any physical activity; electrical safety; and any activity-specific risks from events, travel, or specialist equipment.

How do we manage health and safety across offices in multiple countries?

Each country requires compliance with its own framework. International Health and Safety Consultants provide coordinated support, ensuring locally compliant documentation and practices while maintaining consistent standards across the group. Health and Safety Audits of international offices provide management visibility.

Is cybersecurity team burnout a health and safety issue?

Yes. Burnout is a recognised form of work-related stress and falls within the employer's duty to manage psychosocial risks. A stress risk assessment for cybersecurity teams should specifically address on-call demands, incident response pressure, understaffing, and the high-consequence nature of the role.

What is the competent person requirement and how does it apply to software companies?

Every UK employer must appoint a competent person to assist with health and safety compliance under Regulation 7 of the Management of Health and Safety at Work Regulations 1999. For software companies without in-house expertise, an external consultancy such as Arinite can fulfil this role on an outsourced basis.

Can we use software to manage our health and safety compliance?

Yes, and technology companies are particularly well-positioned to benefit from digital Health and Safety Consultants and Software solutions. These enable efficient DSE assessment management, risk assessment documentation, training tracking, audit scheduling, and multi-site compliance reporting.

How often should a software company review its health and safety arrangements?

Risk assessments should be reviewed at least annually and whenever significant changes occur. Health and Safety Audits are typically annual. DSE assessments for individual employees should be reviewed when their working arrangements, location, or health circumstances change materially.

Does ISO 45001 apply to software companies?

ISO 45001 applies to any organisation that wishes to implement a systematic occupational health and safety management system. For software companies with international operations, multiple locations, or enterprise customers who require OHS governance evidence, ISO 45001 certification provides recognised assurance.

What happens if a software company fails to meet its health and safety obligations?

The consequences are the same as for any employer: enforcement action by the HSE, improvement or prohibition notices, Fee for Intervention charges at £174 per hour for material breaches, and potential prosecution leading to unlimited fines and personal criminal liability for directors. Civil claims from employees suffering harm through inadequate DSE provision or failure to manage stress add further exposure.

Taking the Next Step

Health and safety is not a discretionary extra for software companies. It is a legal obligation that applies on the first day of employment and scales with every new hire, every new office, and every new country. Getting it right protects your people, your business, and your ability to attract and retain the talent that technology companies depend on.

Assess your current position: Take our Health and Safety Quiz to evaluate your compliance across key areas including DSE, remote working, and stress management.

Talk to a specialist: Book a free Gap Analysis Call to discuss your specific situation and identify the priority actions for your business.

Get expert support: Contact Arinite to learn how our Health and Safety Consultants support software and technology companies across the UK and internationally.

Arinite provides specialist Health and Safety Consultants services to the software and technology sector. Supporting recognised technology brands including Figma, Shutterstock, Akamai, SUSE, and Nikon, Arinite delivers practical, proportionate health and safety support for over 1,500 global businesses across 50+ countries, with a 95%+ client retention rate.