Skip to content

HSE inspections up 47% - HSE carried out over 13,200 workplace inspections in 2024/25.

Blog

Management of Health and Safety at Work Regulations: 15 Essential Duties for UK and Global Businesses

A
Arinite Team
May 12, 2026
10 min read
Management of Health and Safety at Work Regulations: 15 Essential Duties for UK and Global Businesses

If you employ a single person in Great Britain, the Management of Health and Safety at Work Regulations 1999 apply to you. They sit directly underneath the Health and Safety at Work etc. Act 1974 and convert its broad duties into 15 specific, enforceable obligations. They are also the closest UK equivalent to the EU's Framework Directive 89/391/EEC, which means understanding them is the fastest way to make sense of comparable regimes in France (Code du travail), Germany (Arbeitsschutzgesetz), Spain (Ley de Prevención de Riesgos Laborales), Italy (D.Lgs. 81/2008), and the Netherlands (Arbowet).

Below is a practical, 15-point breakdown of what the regulations require, why each duty matters, and how UK-headquartered international businesses meet them across multiple countries without duplicating effort. Each item links to the operational support most teams need to discharge that duty in practice.

For the official text, see the Management of Health and Safety at Work Regulations 1999 on legislation.gov.uk. For practical guidance, see HSE's "Managing for health and safety" and the EU Framework Directive 89/391/EEC on EU-OSHA.

1. Conduct Suitable and Sufficient Risk Assessments (Regulation 3)

Regulation 3 is the heart of the regulations. Every employer must carry out a "suitable and sufficient" assessment of the risks to employees and to anyone else affected by their work. "Suitable and sufficient" is a legal test: the assessment must identify significant hazards, evaluate who is at risk, and record the findings if you employ five or more people.

This is where most enforcement notices begin. Generic, downloaded templates almost never pass the test. Experienced Health and Safety Consultants produce role-specific and site-specific assessments that hold up to scrutiny, and confirm them with Health and Safety Audits. For HSE's plain-language overview, see Managing risks and risk assessment at work.

2. Apply the Principles of Prevention (Regulation 4)

Regulation 4 imposes a hierarchy: avoid the risk, evaluate unavoidable risks, combat at source, adapt work to the worker, take account of technical progress, replace dangerous with non-dangerous, develop a coherent prevention policy, prioritise collective over individual measures, and give appropriate instructions.

PPE sits at the bottom of that hierarchy, not the top. If your default response to a hazard is to issue gloves and a sign, you have inverted the principles. A good health and safety policy and a properly configured health and safety software platform make the hierarchy visible in every assessment so managers stop reaching for PPE first.

3. Make and Document Health and Safety Arrangements (Regulation 5)

Regulation 5 requires effective arrangements for the planning, organisation, control, monitoring, and review of preventive and protective measures. Employers with five or more staff must record these arrangements.

"Arrangements" means the operating system, not the policy document: who does what, by when, with what evidence. This is the single biggest reason businesses combine Health and Safety Consultants and Software: the consultant writes the arrangement, the platform proves it is running.

4. Provide Health Surveillance Where Needed (Regulation 6)

Where a risk assessment shows it is appropriate, employers must provide health surveillance. Common triggers include noise, vibration, hazardous substances, and (increasingly) work-related stress and musculoskeletal disorders. The surveillance regime must match the hazard and the worker, and findings should feed back into the next round of risk assessment.

5. Appoint One or More Competent Persons (Regulation 7)

Regulation 7 requires every employer to appoint one or more "competent persons" to assist in undertaking the measures needed to comply with the law. Competence means the right combination of training, knowledge, qualifications, and experience.

For most SMEs, appointing an external chartered consultant as the competent person is both cheaper and more defensible than designating an untrained internal manager. International groups should note that almost every European jurisdiction has its own version of this duty (RSST in France, PRL service in Spain, Sicherheitsfachkraft in Germany), and Global Health and Safety Consultants can hold the role across countries.

6. Establish Procedures for Serious and Imminent Danger (Regulation 8)

Employers must put procedures in place for serious and imminent danger and for danger areas. In practice this means evacuation plans, fire procedures, lockdown protocols, and the named individuals who execute them. These procedures should be tested, not just drafted, and the evidence of testing should be retrievable on demand.

7. Maintain Contacts with External Services (Regulation 9)

Regulation 9 requires arrangements for any necessary contacts with external services, particularly first aid, emergency medical care, and rescue work. For international businesses this is more nuanced than it sounds: the local emergency number, the nearest occupational health provider, and the regulator vary by country. A central directory inside your health and safety software keeps these contacts current at every site.

8. Provide Comprehensible Information to Employees (Regulation 10)

Employers must give employees comprehensible and relevant information on the risks to their health and safety identified by the assessment, the preventive and protective measures in place, and the procedures for serious and imminent danger.

"Comprehensible" matters: information delivered only in English to a workforce whose first languages include Polish, Portuguese, Romanian, French, or Spanish is unlikely to meet the test. International Health and Safety Consultants routinely produce multi-language briefings as a default deliverable.

9. Co-operate and Co-ordinate with Other Employers (Regulation 11)

Where two or more employers share a workplace, each must co-operate with the others on health and safety, co-ordinate measures, and inform the others of risks. This is critical in serviced offices, shared warehousing, retail concessions, construction sites, and any building with a managing agent. The practical answer is a shared register of risks and controls that all parties sign off on, which is something a properly configured platform makes routine.

10. Manage Host Employer and Self-Employed Arrangements (Regulation 12)

Regulation 12 sets out duties when people work in the undertaking of another employer or self-employed person. Hosts must give visiting workers the same risk information their own staff receive. For UK businesses with international contractors, or international businesses with UK contractors, this duty is usually where compliance falls apart unless a Health and Safety Audit is scoped explicitly to cover contractor management.

11. Ensure Capabilities and Training (Regulation 13)

Employers must take employees' capabilities into account when entrusting tasks, and must provide adequate health and safety training on recruitment and when risks change (new equipment, new technology, new systems of work, transfers, or new responsibilities). Training must be repeated periodically where appropriate.

A reliable approach is to map training to the actual hazards each role faces and record completion in your health and safety training system, so that evidence of capability is available on demand for every employee at every site.

12. Define Employees' Duties (Regulation 14)

Regulation 14 imposes duties on employees: use equipment in accordance with training, follow systems of work, and report dangers and shortcomings. Employers should make these duties explicit in induction, contracts, and the employee handbook so they are enforceable rather than aspirational.

13. Protect Temporary and Fixed-Term Workers (Regulation 15)

Before any temporary, agency, or fixed-term worker begins, the employer must provide them and (where relevant) the agency with information on the special occupational qualifications or skills required, and on any specific features of the job that may affect health and safety. The same standard applies whether the worker is on-site for a day or a year.

14. Protect New and Expectant Mothers (Regulations 16 to 18)

Where work is of a kind that could involve risk to a new or expectant mother or her baby, the risk assessment must address that risk and the employer must alter working conditions or hours, offer suitable alternative work, or (as a last resort) suspend on full pay. This is a high-enforcement area and one that mainstream risk assessments routinely miss. See Arinite's factsheets for the practical checklist.

15. Protect Young Persons (Regulation 19)

Employers must ensure that young persons (under 18) are protected from any risks consequent on their lack of experience, absence of awareness of existing or potential risks, or incomplete maturity. Apprentices, work-experience placements, and part-time student workers all fall in scope. The risk assessment must explicitly consider this group rather than assuming the adult assessment covers it.

How the UK Regulations Map to International Compliance

For UK-headquartered businesses operating abroad, the practical question is: does meeting MHSWR 1999 mean we are compliant everywhere else? The honest answer is "almost, but not quite". Every EU member state has implemented the same Framework Directive 89/391/EEC, so the architecture is similar, but each country adds local documents and named roles:

  • France: the DUERP (Document Unique d'Évaluation des Risques Professionnels) is a non-negotiable, dated, signed risk register. The PAPRIPACT action plan sits alongside it for organisations of 50+ employees.
  • Spain: the Ley de Prevención de Riesgos Laborales (LPRL) requires a designated prevention service, internal or external, with prescribed qualifications.
  • Germany: the Arbeitsschutzgesetz and the DGUV regulations require an appointed Sicherheitsfachkraft (safety expert) and Betriebsarzt (occupational physician) above set thresholds.
  • Italy: D.Lgs. 81/2008 requires the DVR (Documento di Valutazione dei Rischi) and an appointed RSPP.
  • Netherlands: the Arbowet requires a written RI&E (Risico-Inventarisatie en Evaluatie) certified by a qualified expert in many sectors.

For wider context on global frameworks, see the ILO's safety and health at work overview and the ISO 45001 management system standard, which is the international common denominator increasingly required in tenders and investor diligence.

The most efficient operating model for a multi-country group is a single set of corporate standards (built around MHSWR 1999 and ISO 45001), with local appendices for each jurisdiction, all managed inside one health and safety software platform and reviewed annually through structured Health and Safety Audits.

Frequently Asked Questions

Who do the Management of Health and Safety at Work Regulations apply to?

Every employer in Great Britain, regardless of size or sector, and every self-employed person whose work could affect others. Northern Ireland operates a parallel regime with materially similar duties.

What is the difference between the Health and Safety at Work Act 1974 and MHSWR 1999?

The 1974 Act sets out broad duties (so far as is reasonably practicable). The 1999 Regulations are the detailed delivery layer, specifying the 15 duties covered above. Most enforcement actions reference both.

Do we need to record our risk assessments?

If you employ five or more people, yes. Even if you employ fewer, recording is strongly recommended because it is the only practical way to show "suitable and sufficient" assessment to an inspector, insurer, or buyer.

Can we discharge the competent person duty internally?

Yes, if the individual genuinely has the right training, knowledge, qualifications, and experience. In practice, most SMEs and many mid-market groups find it more defensible to engage external Health and Safety Consultants for the competent person role.

How do we evidence compliance during a tender or audit?

A current policy, dated risk assessments, completed training records, a named competent person, tested emergency procedures, and a documented annual audit. Buyers and insurers increasingly expect this to be available in a single platform rather than a folder of PDFs.

What about international subsidiaries?

Use UK standards as the corporate floor, add country-specific appendices for the local documents (DUERP, RI&E, DVR, LPRL records, DGUV), and engage International Health and Safety Consultants who already operate in those jurisdictions.

Make the Regulations Work for Your Business

The Management of Health and Safety at Work Regulations are not a paperwork exercise. They are the operating manual for protecting your people and defending your business against enforcement, civil claims, and contract loss. Arinite combines chartered Health and Safety Consultants, purpose-built Health and Safety Consultants and Software, independent Health and Safety Audits, and proven Global Health and Safety Consultants capability across 50+ countries and 1,500+ businesses, with 15+ years of UK and international experience and 100,000+ employees protected.

Speak to our team to scope a compliance review against MHSWR 1999 and its international equivalents.

Share this article
More Articles
Free Resources

Health & Safety Factsheets

Download our comprehensive library of expert guides, checklists, and templates.

Browse Library
Get Professional Help

Need Expert H&S Advice?

Our qualified consultants are ready to support your specific business needs.

020 7947 9581Contact Us