Risk Inventory and Evaluation: Understanding International Risk Assessment Requirements

A comprehensive guide to workplace risk assessment obligations across the UK, Netherlands, EU, and beyond

Risk assessment is the foundation of workplace health and safety management in virtually every developed country. However, the specific requirements, terminology, and approaches vary significantly across jurisdictions. For UK businesses operating internationally, or for global health and safety consultants supporting multinational organisations, understanding these differences is essential for compliance.

In the Netherlands, the process is known as RI&E (Risico-Inventarisatie en -Evaluatie, or Risk Inventory and Evaluation). In Italy, organisations must produce a DVR (Documento di Valutazione dei Rischi). In France, the DUERP (Document Unique d'Évaluation des Risques Professionnels) is mandatory. In the UK, the Management of Health and Safety at Work Regulations 1999 require a "suitable and sufficient" risk assessment. While the underlying principle is the same, the specific requirements for each differ in important ways.

This guide examines international risk assessment requirements, with particular focus on the Dutch RI&E system and how it compares to UK and other European approaches. For international health and safety consultants supporting organisations across multiple jurisdictions, and for businesses seeking to understand their obligations, this comparison provides essential knowledge.

What Is Risk Assessment? The Universal Principle

Risk assessment is the systematic process of identifying hazards in the workplace, evaluating the risks they present, and determining appropriate control measures. It answers three fundamental questions: What could go wrong? How likely is it, and how serious would the consequences be? What should we do about it?

The concept originates from the EU Framework Directive 89/391/EEC, which requires employers to evaluate risks to the safety and health of workers and, on the basis of that evaluation, take measures to ensure improvement. This directive has been implemented through national legislation across EU member states, as well as influencing approaches in the UK (pre and post Brexit), Switzerland, and beyond.

Regardless of jurisdiction, effective risk assessment typically involves:

• Identifying all significant hazards in the workplace
• Evaluating the level of risk based on likelihood and severity
• Identifying who might be harmed and how
• Determining existing control measures and their adequacy
• Deciding on additional measures needed to reduce risk
• Recording findings and implementing actions
• Reviewing and updating as circumstances change

The Netherlands: RI&E (Risico-Inventarisatie en -Evaluatie)

In the Netherlands, the Arbeidsomstandighedenwet (Working Conditions Act) requires all employers to carry out a RI&E (Risk Inventory and Evaluation) and develop a Plan van Aanpak (Plan of Action) to address the identified risks. This is not optional; it is a legal obligation for every employer with even one employee.

What Must the RI&E Include?

The RI&E must provide a comprehensive inventory of all risks present in the workplace. This includes physical hazards such as machinery, noise, and hazardous substances, as well as psychosocial risks including work pressure, aggression, and harassment. Ergonomic risks, fire hazards, and any other factors that could affect worker health and safety must also be covered.

The Dutch RI&E must address:

• All hazards present in the working environment
• Risks related to work processes and equipment
• Working hours and work organisation
• Psychosocial workload (stress, bullying, harassment, aggression)
• Specific risks for vulnerable groups (young workers, pregnant employees)
• Safety measures and personal protective equipment

The Plan van Aanpak (Plan of Action)

A distinctive feature of the Dutch system is the mandatory Plan van Aanpak. This is not simply a list of recommendations but a formal action plan that must accompany the RI&E. It sets out specific measures to address the identified risks, including who is responsible for implementation, timescales for completion, and the resources allocated. The Plan van Aanpak must be kept up to date and progress must be monitored.

Testing and Approval Requirements

For most organisations, the RI&E must be reviewed and approved (getoetst) by a certified occupational health and safety expert, typically through the company's arbodienst (occupational health service). This external validation ensures the RI&E is complete and of adequate quality. Some smaller organisations using approved sector-specific RI&E tools may be exempt from this testing requirement, but the obligation to conduct the RI&E itself remains.

United Kingdom: Risk Assessment Requirements

In the UK, the Management of Health and Safety at Work Regulations 1999 (Regulation 3) requires every employer to make a "suitable and sufficient assessment" of the risks to the health and safety of employees and others who may be affected by their work activities. Where five or more people are employed, the significant findings must be recorded in writing.

The UK approach emphasises proportionality. The HSE guidance states that risk assessment should be "appropriate to the nature of the work" and focus on significant risks rather than attempting to document every conceivable hazard. The five-step approach recommended by the HSE involves identifying hazards, deciding who might be harmed and how, evaluating risks and deciding on precautions, recording findings and implementing them, and reviewing and updating as necessary.

Unlike the Dutch system, UK law does not mandate external testing or approval of risk assessments. The employer is responsible for ensuring assessments are suitable and sufficient, and this is typically verified through health and safety audits rather than mandatory external certification. However, the assessment must be carried out by a competent person with adequate knowledge and experience.

Other European Approaches

France: DUERP

In France, the Document Unique d'Évaluation des Risques Professionnels (DUERP) is mandatory for all employers from the first employee. The DUERP must be updated at least annually, or whenever significant changes occur. Since 2022, organisations with 50 or more employees must also produce a PAPRIPACT (annual prevention programme) setting out specific improvement actions. The DUERP must be retained for 40 years and, since 2023/2024, must be filed digitally on a national portal.

Italy: DVR

Italy requires all employers to produce a Documento di Valutazione dei Rischi (DVR) under Legislative Decree 81/08. The DVR must be prepared by the employer in collaboration with the RSPP (Head of the Prevention and Protection Service) and the company physician. It must identify all risks, evaluate them, and specify prevention and protection measures. The DVR must have a certain date (data certa) to prove when it was prepared.

Germany: Gefährdungsbeurteilung

Germany's Arbeitsschutzgesetz (Occupational Safety and Health Act) requires employers to carry out a Gefährdungsbeurteilung (hazard assessment). This must cover all work activities and all types of hazards, including psychological stress, which was explicitly added to the law in 2013. The assessment must be documented, and measures must be derived and implemented based on the findings.

Conducting Effective Risk Assessment: A Universal Approach

While specific requirements vary, the fundamental process for effective risk assessment is consistent across jurisdictions. The following approach meets requirements in the UK, Netherlands, and other European countries while providing a sound basis for ISO 45001 compliance.

Step 1: Inventory the work environment. Provide a detailed overview of all work activities, processes, equipment, substances, and working conditions. Consider machine hazards, exposure to hazardous substances, noise, fire hazards, ergonomic problems, psychosocial factors, and any other relevant risks.

Step 2: Identify potential hazards. Based on the inventory, identify all hazards that could cause harm. Involve employees in this process, as they can provide valuable insights into daily operations and risks that may not be obvious to management.

Step 3: Evaluate the risks. Assess the severity and likelihood of each risk. Consider who might be harmed and how. Use risk matrices or other evaluation tools to quantify and prioritise risks, focusing attention on the most significant areas of concern.

Step 4: Determine control measures. For each significant risk, identify appropriate preventive and protective measures following the hierarchy of controls: elimination, substitution, engineering controls, administrative controls, and personal protective equipment.

Step 5: Develop an action plan. Document the measures to be implemented, assign responsibilities, set timescales, and allocate resources. This is mandatory in the Netherlands (Plan van Aanpak) and France (PAPRIPACT for larger organisations) and represents good practice everywhere.

Step 6: Monitor and review. Implement the measures, monitor their effectiveness, and review the assessment regularly or when circumstances change. Schedule regular checks and health and safety audits to ensure risks remain adequately controlled.

Health and Safety Consultants and Software: Managing International Risk Assessment

Managing risk assessment requirements across multiple jurisdictions creates significant administrative complexity. Health and safety consultants and software platforms work together to provide integrated systems that can accommodate different national requirements while maintaining consistency.

Digital risk assessment platforms offer significant advantages:

• Central database storing all risk assessment information across locations
• Configurable templates meeting different national requirements (RI&E, DVR, DUERP)
• Automated reminders for review dates and action deadlines
• Built-in risk matrices and evaluation tools for consistent assessment
• Action plan tracking with responsibility assignment and progress monitoring
• Reporting tools for health and safety audits and regulatory compliance
• Multi-language support for international operations

For global health and safety consultants supporting organisations across multiple countries, integrated software platforms enable consistent risk assessment approaches while accommodating local regulatory requirements.

How Arinite Can Help

At Arinite, we are experienced international health and safety consultants who help organisations conduct effective risk assessments meeting the requirements of multiple jurisdictions. Our team of Chartered (CMIOSH) consultants provides practical, proportionate advice that ensures compliance while driving genuine improvement in workplace safety.

Our services include:

• Risk assessments meeting UK, Dutch (RI&E), French (DUERP), Italian (DVR), and other national requirements
• Development of action plans (Plan van Aanpak, PAPRIPACT) with clear responsibilities and timescales
• Health and safety audits to verify risk assessment quality and implementation
• Support with arbodienst testing requirements for Dutch operations
• ISO 45001 implementation including risk assessment requirements
• Training for managers and employees on risk assessment methodology
• Coordination of risk assessment across global operations

With experience supporting over 1,500 UK businesses and operations in more than 50 countries, we understand the challenges of managing risk assessment across different regulatory frameworks. Whether you need RI&E support for Dutch operations, comprehensive risk assessments across multiple European countries, or a unified approach for your global portfolio, our approach is practical, proportionate, and focused on protecting people. We call it "Keeping It Simple."