Management of Health and Safety at Work Regulations 1999 — Employer Guide

The Management of Health and Safety at Work Regulations 1999 (MHSWR 1999) are the cornerstone of UK workplace health and safety law. They apply to every employer and self-employed person in Great Britain and set out the fundamental duty to assess and manage workplace risks. Regulation 3 of MHSWR 1999 is the direct legal requirement that makes written risk assessments mandatory — every Anyrisks customer is legally required to comply with this regulation.

If you employ anyone, run a business, or operate as a self-employed contractor or landlord, MHSWR 1999 applies to you. This guide explains what the regulations require, who they apply to, and what you must do to comply.

What MHSWR 1999 Requires

The Management of Health and Safety at Work Regulations 1999 came into force on 29 December 1999 and implement the European Framework Directive (89/391/EEC) into UK law. Post-Brexit, MHSWR 1999 remains in force under the Health and Safety at Work etc. Act 1974. The regulations set out general duties that apply across all workplaces and work activities, regardless of sector.

Regulation 3(1) states: "Every employer shall make a suitable and sufficient assessment of the risks to the health and safety of his employees to which they are exposed whilst they are at work; and the risks to the health and safety of persons not in his employment arising out of or in connection with the conduct by him of his undertaking." This is the legal basis requiring employers to carry out risk assessments.

A suitable and sufficient risk assessment must identify the hazards present, identify who might be harmed and how, evaluate whether existing precautions are adequate or whether more should be done, and record the significant findings if the employer has five or more employees. The assessment must be proportionate to the nature of the work and the level of risk.

Regulation 3(3) requires the assessment to be reviewed if there is reason to suspect it is no longer valid, or if there has been a significant change in the matters to which it relates. Regulation 3(6) requires that where an employer has five or more employees, the significant findings of the assessment must be recorded in writing.

MHSWR 1999 also requires employers to: implement preventive and protective measures based on risk assessment findings (Regulation 4); provide appropriate health surveillance (Regulation 6); appoint competent persons to assist with health and safety duties (Regulation 7); establish emergency procedures (Regulation 8); provide employees with comprehensible and relevant information (Regulation 10); cooperate and coordinate with other employers sharing the same workplace (Regulation 11); and ensure temporary workers receive adequate health and safety information (Regulation 15).

Who MHSWR 1999 Applies To

The Management of Health and Safety at Work Regulations 1999 apply to:

• All employers — regardless of size, turnover, or number of employees. A sole director employing one part-time administrator is subject to the same legal duties as a multinational employer.
• Self-employed individuals — to the extent that their work activities affect the health and safety of others, or if they employ others. A self-employed plumber working alone in domestic properties has duties under MHSWR 1999, but is exempt from the written record requirement under Regulation 3(6) unless they share a workplace or employ others.
• Partnerships and limited companies — including micro-businesses, startups, and family-run businesses. Legal structure does not affect compliance obligations.
• Public sector organisations — including councils, NHS trusts, schools, police forces, and government departments. MHSWR 1999 applies equally to public and private sector employers.
• Charities and voluntary organisations — if they employ staff or engage volunteers in work activities, they are subject to MHSWR 1999.
• Landlords — where letting residential or commercial property creates health and safety risks (e.g. maintenance work, fire safety, gas safety). Landlords have duties under MHSWR 1999 in respect of common areas, maintenance contractors, and any employees.
• Domestic households employing staff — such as nannies, cleaners, or carers. Private households that employ staff are subject to MHSWR 1999, though enforcement is rare.

There are no exemptions based on business size, turnover, or sector. MHSWR 1999 applies in every workplace in Great Britain where work is carried out — offices, shops, warehouses, construction sites, farms, care homes, schools, and domestic properties where trades or services are provided.

Key Duties at a Glance

Here are the core legal obligations under MHSWR 1999:

• Regulation 3 — Risk assessment: Carry out a suitable and sufficient assessment of workplace risks. Record significant findings in writing if you employ five or more people. Review when no longer valid or after significant change.
• Regulation 4 — Principles of prevention: Implement measures identified in the risk assessment, following the hierarchy of control: avoid risk, evaluate unavoidable risk, combat risk at source, adapt work to the individual, replace dangerous substances, prioritise collective protective measures over individual measures, and provide adequate training.
• Regulation 6 — Health surveillance: Provide appropriate health surveillance where the risk assessment identifies a significant risk to health (e.g. noise-induced hearing loss, hand-arm vibration syndrome, occupational asthma).
• Regulation 7 — Competent person: Appoint one or more competent persons to assist in undertaking the measures needed to comply with health and safety law. The competent person may be the employer themselves if they have the necessary skills, knowledge and experience.
• Regulation 8 — Emergency procedures: Establish and give effect to appropriate procedures to be followed in the event of serious and imminent danger. Nominate sufficient competent persons to implement evacuation procedures. Ensure employees cannot resume work where serious danger remains.
• Regulation 10 — Information for employees: Provide employees with comprehensible and relevant information on workplace risks, preventive measures, emergency procedures, and the identity of competent persons and persons nominated under Regulation 8.
• Regulation 11 — Cooperation and coordination: Where two or more employers share a workplace, cooperate to enable all employers to comply with their legal duties. Coordinate implementation of health and safety measures and inform each other of relevant risks.
• Regulation 16 — Risk assessment for new or expectant mothers: Where employees include women of childbearing age, the risk assessment must include specific consideration of risks to new or expectant mothers and their babies. Where a significant risk is identified, the employer must alter working conditions or hours, offer suitable alternative work, or suspend the employee on full pay.

Penalties for Non-Compliance

Failure to comply with MHSWR 1999 is a criminal offence under Section 33 of the Health and Safety at Work etc. Act 1974. The Health and Safety Executive (HSE) and local authorities enforce the regulations through workplace inspections, investigations following accidents or complaints, and prosecution in the criminal courts.

The HSE can issue improvement notices requiring compliance within a specified timeframe (typically 21 days), or prohibition notices stopping dangerous work immediately. Breach of a notice is a separate criminal offence carrying higher penalties than the underlying breach. The HSE's Fee for Intervention (FFI) scheme means that where a material breach is identified, the employer is charged £163 per hour for the time inspectors spend investigating and securing compliance — even if no prosecution follows.

In the magistrates court, the maximum fine for breaching MHSWR 1999 is £20,000 per offence. In the Crown Court, fines are unlimited. In 2022/23, the average fine handed down following HSE prosecution was £73,326 according to published HSE enforcement data. Fines for large organisations can exceed £1 million. In addition to fines, courts can order the employer to pay prosecution costs, which in complex cases can exceed the fine itself.

In 2022/23, there were 135 fatal injuries to workers in Great Britain according to HSE statistics. Many of these fatalities occurred in sectors where basic risk assessment and management failures were identified — construction, agriculture, and logistics. Where a workplace death results from gross negligence or serious management failure, directors and senior managers can be prosecuted individually for gross negligence manslaughter or under the Corporate Manslaughter and Corporate Homicide Act 2007. MHSWR 1999 compliance is not a paperwork exercise: it exists because poor risk management kills people.

How MHSWR 1999 Relates to Risk Assessments

Regulation 3 of MHSWR 1999 is the direct legal requirement that makes workplace risk assessments mandatory. Every other piece of UK health and safety regulation — the Construction (Design and Management) Regulations 2015, the Control of Substances Hazardous to Health Regulations 2002, the Manual Handling Operations Regulations 1992, the Work at Height Regulations 2005 — sits on top of the MHSWR 1999 foundation.

When an employer carries out a risk assessment, they must consider all significant hazards arising from the work — not just those covered by sector-specific regulations. A small contractor carrying out kitchen fitting work must assess: manual handling (lifting cabinets, worktops, appliances); use of power tools (circular saws, drills); work at height (fitting wall units); electrical safety (installing appliances); COSHH (adhesives, sealants, dust); slips and trips; and lone working. Each of these hazards may be covered by its own specific regulations, but Regulation 3 requires them all to be assessed together in the context of the actual work being done.

The written risk assessment is the legal evidence that the employer has complied with Regulation 3. In the event of an HSE investigation following an accident, complaint or inspection, the first document the inspector will request is the risk assessment. If no assessment exists, or if the assessment is a generic template that does not reflect the actual workplace, the employer has failed to comply with Regulation 3(1) and will face enforcement action.

Anyrisks generates compliant, site-specific risk assessments that meet the Regulation 3 requirement in under 2 minutes. The assessment is tailored to your actual work activities, identifies the significant hazards specific to your business, and provides the written record required by law. Generate your compliant risk assessment now — £29, delivered as PDF + editable Word document.

MHSWR 1999 and Small Businesses

Many small business owners and sole traders assume that health and safety regulations are designed for large companies with dedicated safety teams. That assumption is wrong and costly. MHSWR 1999 applies to every employer regardless of size. A 2-person window cleaning business, a 3-person beauty salon, and a sole trader electrician employing an apprentice are all subject to the same Regulation 3 duty to assess and manage workplace risks.

The regulations are proportionate: the level of detail and formality required must be appropriate to the nature of the work and the level of risk. A low-hazard office with five employees does not require the same level of documentation as a construction site with 50 workers. But the legal duty to carry out the assessment, record the findings, and implement control measures applies equally.

In practice, a compliant risk assessment for a small business must: identify who does what work; identify the significant hazards involved (manual handling, use of equipment, lone working, driving, client premises, etc.); identify any vulnerable workers (young workers, new or expectant mothers, workers with disabilities); evaluate whether existing controls are adequate; decide what additional controls are needed; record the findings in writing; communicate the findings to employees; and review the assessment when circumstances change.

For small businesses, the most practical approach is to use a structured risk assessment template that covers the common hazards specific to the business sector, and then adapt it to the actual work carried out. Generic templates downloaded from the internet rarely meet the suitable and sufficient test under Regulation 3 because they do not reflect the specific circumstances of the business. Anyrisks solves this by generating a bespoke risk assessment based on your specific business type, work activities, location, and workforce — delivered in under 2 minutes as a professional PDF and editable Word document.

Related Regulations and Legal Requirements

MHSWR 1999 works alongside several other key regulations. Understanding how they fit together is essential for compliance:

The general duty to carry out risk assessments under Regulation 3 applies to all work activities. Where specific regulations apply to particular hazards, those regulations set out additional requirements. For example, the COSHH Regulations 2002 require a specific COSHH risk assessment for hazardous substances; the Manual Handling Operations Regulations 1992 require assessment of manual handling tasks; and the Work at Height Regulations 2005 require specific control measures for work above ground level. But all of these specific assessments must feed into the overall MHSWR 1999 Regulation 3 risk assessment for the business.

For early years settings, EYFS risk assessment requirements sit on top of MHSWR 1999 — nurseries and childminders must comply with both the Management Regs and the EYFS welfare requirements. Similarly, construction contractors must comply with MHSWR 1999 and the CDM Regulations 2015. The CDM construction phase plan required under Regulation 12 of CDM 2015 must incorporate the MHSWR 1999 risk assessment required under Regulation 3.

Fire safety is covered by the Regulatory Reform (Fire Safety) Order 2005, which requires a separate fire risk assessment. But the duty to carry out that assessment arises because of the general Regulation 3 duty under MHSWR 1999 to assess all significant workplace risks — and fire is a significant risk in every workplace.