Health & Safety Policy (H&S Policy) Requirements in the UK: What to Include

When you’re running a small business, health and safety can feel like “one more admin task” on a long list. But getting your health and safety policy right is one of those legal foundations that protects your people and your business.

A clear H&S policy helps you prevent accidents, set expectations, and show (if anything ever goes wrong) that you’ve taken your duties seriously.

In this guide, we’ll walk you through when a written health and safety policy is legally required in the UK, what you should include, and how to make sure it’s actually usable in day-to-day operations (rather than a document that sits in a folder untouched).

What Is An H&S Policy (And Why Small Businesses Need One)?

An H&S policy (health and safety policy) is your business’s written approach to managing health and safety risks at work.

Practically, it’s a document that explains:

• What you’re committing to (keeping people safe and meeting legal duties)
• Who is responsible for different parts of health and safety
• How you’ll manage risk in practice (risk assessments, training, reporting, emergency procedures, etc.)

Even if you’re a micro-business, having a sensible health and safety policy is often a smart move because:

• It reduces the chance of workplace injuries and illnesses (and the downtime and cost that follows).
• It helps you train new starters consistently.
• It supports a strong safety culture as you grow.
• It can be requested by clients, landlords, insurers, or contractors before they’ll work with you.

And importantly, it ties into your wider “workplace rules” set-up. Many small businesses keep their H&S policy alongside other key policies in a Staff Handbook or broader Workplace Policy pack, so everything is consistent.

When Is A Written H&S Policy Legally Required In The UK?

The starting point is the Health and Safety at Work etc. Act 1974 (often shortened to HSWA). This is the core piece of UK health and safety legislation. It requires employers to take reasonable steps to protect the health, safety, and welfare of employees and others affected by the business (for example, customers, visitors, and contractors).

On top of that, the Management of Health and Safety at Work Regulations 1999 set out more detailed duties around things like risk assessments and arrangements for effective health and safety management.

The “5 Or More Employees” Rule

In the UK, you’re legally required to have a written health and safety policy if you employ five or more people.

That’s the key legal threshold most small business owners are trying to understand when searching for “H&S policy”.

A few practical points (because real life is rarely neat):

• Count your employees (not just full-time staff). Part-time employees are included.
• Depending on your working set-up, you may also want to cover contractors, casual workers, and agency staff in your arrangements (even if they aren’t employees).
• Even if you have fewer than 5 employees, you still have health and safety duties - you’re just not automatically required to have the policy in writing. That said, writing it down is usually the easiest way to show you’re taking it seriously.

What If You’re A Sole Trader Or Don’t Employ Anyone?

If you don’t employ anyone, you generally won’t need a formal written H&S policy purely because of the “5 employees” threshold.

But you may still have duties under health and safety law if your work could affect others (for example, customers in your premises, members of the public, or subcontractors on site). In practice, you may still need documented risk assessments and clear safety procedures depending on what you do.

What Should A Small Business H&S Policy Include?

A good health and safety policy is usually short, clear, and tailored. It’s not about copying a generic template - it’s about making something your team can actually follow.

Most UK H&S policies are structured in three parts:

• Part 1: Statement of Intent
• Part 2: Responsibilities
• Part 3: Arrangements

Here’s what that means in plain English.

1) Statement Of Intent (Your Commitment)

This is a top-level statement (usually signed by the business owner or a director) confirming your commitment to:

• Providing safe and healthy working conditions
• Preventing accidents and work-related ill health
• Complying with health and safety law (and any relevant guidance)
• Consulting with employees on health and safety matters
• Reviewing and improving your approach over time

Keep this practical. It shouldn’t be a vague corporate statement - it should reflect your workplace and the types of risks you actually face.

2) Responsibilities (Who Does What)

This section matters more than people think. If something goes wrong, one of the first questions is often: who was responsible for managing this risk?

Your responsibilities section should cover:

• The business owner / directors: overall responsibility for health and safety
• Managers / supervisors: day-to-day implementation (training, checks, reporting, enforcing rules)
• Employees: duty to take reasonable care, follow safety instructions, report hazards
• First aiders / fire wardens (if you have them): specific duties and training requirements
• Contractors: what you expect from them (e.g. method statements, insurance, site rules)

If you’re a small team, the “who does what” might be one person wearing multiple hats - that’s fine. The key is clarity.

3) Arrangements (How You Manage Safety In Practice)

This is the operational heart of your health and safety policy. It’s where you explain the procedures your business uses to manage risk.

There’s no single “perfect” list, but most small businesses should consider including arrangements for:

• Risk assessments: how they’re carried out, who completes them, how often they’re reviewed (and if you have 5+ employees, you should record the significant findings)
• Training and induction: how you train new starters and refresh training over time
• Accident and near-miss reporting: what gets reported, how, and to whom
• First aid: first aid kit location, appointed person/first aider details
• Fire safety and evacuation: fire exits, drills, meeting point, who checks alarms/extinguishers
• Work equipment safety: maintenance, checks, safe use instructions
• Manual handling: lifting guidance, training, when to use aids
• PPE (personal protective equipment): what’s required, how it’s provided/maintained
• Hazardous substances (if relevant): storage, handling, COSHH assessments
• Display screen equipment (DSE): workstation set-up for office or hybrid teams
• Stress and mental wellbeing: reporting concerns, support routes, workload management
• Lone working: check-in systems, escalation procedures, travel safety
• Remote/hybrid working: home working risk assessments and expectations

If your business has a public-facing premises (like a studio, clinic, shop, café, or warehouse), you’ll also want to include arrangements for visitors and customers, such as:

• slips/trips prevention
• signage and restricted areas
• contractor sign-in procedures

And if you use digital systems day-to-day (which most of us do), it can help to keep expectations consistent across your policies. For many businesses, that means aligning health and safety processes with wider workplace rules (for example, in an Acceptable Use Policy).

How Do You Make Your H&S Policy Practical (Not Just Paperwork)?

A policy only works if it’s implemented. For a small business, the goal is to build a simple system your team can follow without needing a compliance department.

Step 1: Match The Policy To Your Actual Risks

A desk-based consultancy and a light industrial workshop shouldn’t have the same health and safety policy.

Start by listing:

• Where your team works (office, site, home, on the road)
• What equipment you use (vehicles, machinery, chemicals, computers)
• Who comes into contact with your business (customers, patients, vulnerable people, children)

Then build your arrangements around those risks.

Step 2: Assign Owners For Key Tasks

Small business tip: if everybody is responsible, nobody is responsible.

Make it specific. For example:

• “Alex checks the fire exits weekly.”
• “Sam reviews accident reports monthly.”
• “Taylor runs inductions for new starters.”

Step 3: Train Your Team (And Keep Evidence)

Training doesn’t need to be complicated, but it does need to be consistent. Inductions, refreshers, and role-specific training should be recorded.

This is also where your employment paperwork should line up. For example, your Employment Contract often includes obligations to follow workplace policies and reasonable management instructions, which can help you enforce health and safety rules fairly.

Step 4: Communicate It Properly

If you have a written H&S policy, you should make sure it’s accessible and brought to employees’ attention (and, where appropriate, to others who may be affected, like contractors working on site). That could mean:

• adding it to your onboarding pack
• keeping it in a shared drive (with a clear link)
• posting key emergency steps on a noticeboard in the workplace

For growing teams, it’s common to keep health and safety rules as part of a central Staff Handbook so policies don’t get lost in email threads.

Step 5: Review And Update It

Set a schedule to review your policy (for example, every 12 months), and also review it when something changes, such as:

• you move premises
• you introduce new equipment or processes
• you hire new roles
• you have an accident or near miss

Updating your policy as you grow is one of the simplest ways to stay compliant and reduce risk.

Common Mistakes Small Businesses Make With Their H&S Policy

Most health and safety issues we see with small businesses aren’t caused by bad intentions - they happen when you’re busy and making decisions quickly.

Here are some common mistakes to watch out for.

Using A Generic Template That Doesn’t Fit Your Business

A template can be a starting point, but if your health and safety policy doesn’t reflect the real risks of your workplace, it can create problems. For example, it may:

• miss key hazards (meaning you’re not actually controlling the risk)
• create procedures you don’t follow (which looks worse if investigated)
• assign responsibilities to roles you don’t even have

Not Doing (Or Not Documenting) Risk Assessments

Your policy should explain your approach, but you’ll also typically need the supporting risk assessments in the background. Under the Management of Health and Safety at Work Regulations, employers must carry out a suitable and sufficient risk assessment, and if you have five or more employees you need to record the significant findings (and any groups of employees identified as being especially at risk).

If an incident happens, being able to show “we assessed the risk and put controls in place” is crucial.

Forgetting About Contractors And Third Parties

If contractors work in your premises (or on your site), your duties don’t disappear. Your policy should cover how you:

• check contractors are competent
• manage access and sign-in procedures
• share relevant site risks
• deal with overlaps (for example, fire safety and emergency evacuation)

Not Aligning Policies With The Rest Of Your Legal Set-Up

Health and safety doesn’t sit in isolation. It usually overlaps with employment law, data protection, and broader workplace management.

For example, if you monitor workplace systems for safety or compliance reasons, you’ll want internal rules that support that. Depending on what you do, that might mean putting clear boundaries into an employee monitoring approach and ensuring policies are consistent across the board.

Likewise, if your business holds personal data as part of incident reporting (for example, medical details from an accident report), you may also need to think about your UK GDPR compliance and whether a GDPR package is appropriate for your operations.

Key Takeaways

• A written health and safety policy is legally required in the UK if you employ five or more employees, but it’s often a good idea even if you have fewer.
• Your H&S policy should usually cover a statement of intent, responsibilities, and arrangements (how you manage safety day-to-day).
• As an employer, you generally need to carry out risk assessments, and if you have five or more employees you must record the significant findings.
• If you have a written policy, make sure it’s brought to employees’ attention and easy to access in practice (not just filed away).
• Small businesses should tailor their policy to their real-world risks - generic templates can create gaps, confusion, or unrealistic procedures.
• Your policy should be supported by practical systems, including training, reporting processes, and regular reviews.
• It’s smart to align health and safety rules with your broader workplace documents (like an Employment Contract and a staff handbook) so expectations are clear and enforceable.

If you’d like help putting together a clear, compliant health and safety policy and workplace documentation that fits how your business actually runs, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.