A good AI risk assessment is not simply faster to produce — it must meet the same legal standard as one written by hand. That standard, defined in Regulation 3(1) of the Management of Health and Safety at Work Regulations 1999, requires the assessment to be suitable and sufficient: it must identify the significant risks arising from work, be appropriate to the nature of the work, and enable the employer to comply with relevant statutory provisions. Generic AI tools that produce vague, untailored assessments fail this test. Professional AI risk assessment tools that combine sector-specific knowledge, correct legislative references, site-specific context, automated quality assurance, and HSE-standard formatting meet it.
The Problem with Generic AI Risk Assessments
When you paste a risk assessment request into a general-purpose AI chatbot — ChatGPT, Claude, Gemini — you receive a document that superficially looks like a risk assessment but fails the suitable and sufficient test. These tools have three fundamental weaknesses that disqualify their output from UK workplace use without substantial manual rework.
First, they rely on generic hazard lists that could apply to any business. A generic AI might list slips, trips and falls, manual handling, fire, and electrical hazards for a restaurant kitchen — but so too would it list those same hazards for a construction site, a retail shop, or a school. The law requires identification of the actual hazards present in the specific workplace. A deep fryer presents different risks to a washing-up sink; a walk-in freezer presents different risks to a dry storage cupboard. Generic AI does not make these distinctions because it has not been trained on sector-specific hazard taxonomies.
Second, generic AI tools frequently cite incorrect or outdated UK legislation. They may reference regulations that have been repealed, misstate the regulation number, or apply legislation from other jurisdictions (often US OSHA standards). An assessment that cites the wrong regulation is not merely unhelpful — it exposes the employer to criticism from an HSE inspector who will immediately recognise the error. Under the Health and Safety at Work Act 1974 Section 2, the employer has a duty to ensure safety so far as is reasonably practicable. Relying on an AI tool that does not know the difference between COSHH 2002 and the repealed COSHH 1988 does not discharge that duty.
Third, generic AI outputs contain placeholder text and incomplete controls. You will see phrases such as appropriate PPE should be worn or suitable training should be provided — which tell you nothing about what PPE is actually required (gloves? which type? heat-resistant or cut-resistant?), or what training is needed (manual handling? first aid? COSHH awareness?). An HSE inspector reading such an assessment will conclude that no genuine thought has been applied — which is precisely the basis on which enforcement action is taken.
The Five Elements of a Good AI Risk Assessment
1. Sector-Specific Hazard Coverage
A professional AI risk assessment system is trained on hazard taxonomies for each industry sector. For construction groundworks, that means excavation near underground services, manual handling of kerbs and paving slabs, striking utilities, exposure to wet cement (COSHH), vehicle movement on site, and confined space entry (manholes, drainage). For a restaurant kitchen, it means hot oil and fat splatter from fryers, knife cuts, burns from ovens and hobs, slips on greasy floors, manual handling of stock deliveries, and exposure to cleaning chemicals under COSHH. For a nursery outdoor play session, it means trip hazards on uneven surfaces, impact injuries from climbing equipment, supervision ratios under the EYFS Statutory Framework 2024, sun exposure, and choking hazards from small objects.
These are not generic risk categories that could apply anywhere. They are the actual, predictable hazards documented in HSE sector guidance, industry-specific Approved Codes of Practice, and enforced through HSE inspections. A good AI system has been fed hundreds of real risk assessments from each sector and trained to identify which hazards genuinely apply to the described activity. When you describe laying a patio in a domestic back garden, the system knows to include manual handling of paving slabs (weight, lifting technique), use of cement and jointing compound (COSHH assessment for skin contact), and working outdoors (weather, lone working if sole trader). It does not simply output a list of hazards copied from a construction template.
2. Correct UK Legislation by Name and Regulation Number
UK health and safety law is detailed, sector-specific, and constantly updated. A suitable and sufficient risk assessment under MHSWR 1999 Regulation 3(1) must enable the employer to identify the measures needed to comply with relevant statutory provisions. That means the assessment must cite the correct regulations — not vague references to health and safety law, but the actual statutory instruments that impose specific duties.
For manual handling, the relevant regulation is the Manual Handling Operations Regulations 1992. For work at height, it is the Work at Height Regulations 2005. For hazardous substances, it is COSHH 2002. For construction work, it is the Construction (Design and Management) Regulations 2015 (CDM 2015) and the Construction (Health, Safety and Welfare) Regulations 1996. For fire safety in non-domestic premises, it is the Regulatory Reform (Fire Safety) Order 2005. For machinery, it is the Provision and Use of Work Equipment Regulations 1998 (PUWER). For display screen equipment, it is the Health and Safety (Display Screen Equipment) Regulations 1992.
A professional AI risk assessment system is trained to apply the correct regulation to each hazard identified. When it identifies manual handling of a heavy load, it cites the Manual Handling Operations Regulations 1992 and references the requirement to avoid manual handling where reasonably practicable, assess unavoidable manual handling tasks, and reduce the risk of injury. When it identifies exposure to a hazardous cleaning chemical, it cites COSHH Regulation 6 (assessment), Regulation 7 (prevention or control of exposure), and Regulation 12 (information, instruction and training). This is not decorative detail — these are the legal duties the employer must comply with, and naming them correctly demonstrates competence.
3. Site-Specific Context from a Structured Intake
The difference between a generic risk assessment and a suitable and sufficient one is specificity. A risk assessment for working at height on a flat roof is materially different depending on whether the roof is 2 metres above ground level (low risk, edge protection may suffice) or 10 metres above a public pavement (high risk, scaffolding or mobile elevated work platform required under Work at Height Regulations 2005 Regulation 6). A risk assessment for a school trip is materially different depending on whether 15 pupils are visiting a museum (low risk, standard supervision ratios) or 30 pupils are visiting a water sports centre (higher risk, specific ratios, swimming ability checks, PFD requirements).
Generic AI cannot know these details unless you tell it — and a single free-text prompt is not sufficient structure. A professional AI risk assessment system uses a structured intake: a series of questions that capture the who, what, where, when, why, and how of the activity. Anyrisks, for example, uses a seven-question intake that asks: (1) what activity or task is being assessed, (2) where will the work take place (specific location, indoor/outdoor, public/private), (3) who will be doing the work and who else might be affected, (4) what equipment, substances or materials will be used, (5) what are the main hazards you are already aware of, (6) what time of day or environmental factors apply (weather, lighting, lone working), and (7) any other relevant detail (access restrictions, vulnerable persons, regulatory requirements).
This structured intake allows the AI to generate an assessment that names the specific location, identifies the specific people at risk (including vulnerable groups such as young workers, pregnant staff, or members of the public), describes the specific equipment involved, and applies the hierarchy of controls in a context-appropriate way. An assessment that states workers will use a diesel plate compactor on a residential driveway, with householders and young children potentially present, requiring hearing protection (85 dB(A) exposure) and a 3-metre exclusion zone while operating is materially more useful than one that states noise may be a hazard, appropriate controls should be applied.
4. Automated Quality Assurance Checks
A professional AI risk assessment system runs automated quality checks on every document before delivery. These checks ensure that the output meets minimum standards for completeness, legislative accuracy, UK spelling, and absence of placeholder text. Generic AI tools provide none of these safeguards — you receive whatever the model generates, errors included.
Anyrisks applies the following QA layer to every risk assessment generated:
- Word count check — a suitable and sufficient risk assessment must contain meaningful content. Anyrisks enforces a minimum 800-word threshold for the complete document. Assessments that fall below this trigger a regeneration with additional detail.
- Hazard count check — each described activity must identify a minimum number of sector-appropriate hazards (typically 4–8 depending on complexity). An assessment that identifies only one or two hazards is insufficiently detailed.
- Control completeness check — for each identified hazard, the assessment must specify control measures at multiple levels of the hierarchy of controls (not only PPE). The QA system verifies that engineering controls and administrative controls are present before PPE is listed.
- UK spelling and terminology check — enforces UK English spelling (organisation not organization, colour not color, minimise not minimize) and UK-specific terminology (employer not company, HSE not OSHA, lorry not truck, pavement not sidewalk). This may seem trivial but HSE inspectors notice Americanisms immediately and infer that the document was copied from a US source.
- Placeholder detection — scans the output for common placeholder phrases such as [insert detail], TBC, as appropriate, suitable measures, relevant training, and regenerates if any are found. Placeholder text is the clearest signal that no genuine assessment has been conducted.
- Legislation citation format check — verifies that all cited regulations follow the correct format (regulation name, year, and regulation number if applicable). For example, COSHH 2002 Regulation 6, not just COSHH or COSHH regulations.
These checks are invisible to the user but are the reason why a professional AI risk assessment looks and reads like a document written by a competent health and safety advisor rather than a chatbot. The document has been programmatically verified for completeness before you receive it.
5. HSE-Standard Formatting and Structure
HSE guidance does not mandate a specific risk assessment template, but common practice — reinforced by HSE model forms and industry standards — has established an expected structure. A good risk assessment document includes: a header identifying the activity assessed, the date, the assessor, and the review date; a section identifying the hazards present; a section identifying who is at risk and how; a risk rating (typically a 5×5 matrix: likelihood × severity) before and after controls; a detailed description of control measures organised by the hierarchy of controls; identification of further actions required, with responsible persons and target dates; and references to the specific UK legislation applicable to each hazard.
Professional AI risk assessment tools format the output to match this structure. Anyrisks outputs include a cover page with the activity title, client name, date of assessment, and unique reference number; a summary section listing all identified hazards and overall risk rating; a detailed hazard-by-hazard breakdown with who is at risk, initial risk rating, control measures (organised as existing controls and additional controls required), and residual risk rating; a section listing further actions with named responsible persons; a section listing applicable legislation by name and regulation number; and a signature/approval section for the competent person reviewing the assessment.
The output is delivered in two formats: PDF (for distribution and printing) and editable Word document (for customisation and updating). Both formats use professional typography, clear section headings, and a layout recognisable to anyone familiar with UK health and safety documentation. This is not an accident of design — it is a deliberate choice to meet the expectations of HSE inspectors, insurance assessors, principal contractors under CDM 2015, and clients who require sight of risk assessments before permitting access to their sites.
What Generic AI Tools Get Wrong
Vague, Universally Applicable Language
A generic AI risk assessment might state: Slips, trips and falls are a common workplace hazard. Floors should be kept clean and dry. Appropriate footwear should be worn. This tells you nothing. What type of floor — tiled, carpeted, outdoor paving, workshop concrete with oil residue? What cleaning regime — daily mopping, periodic deep clean, immediate spillage response? What footwear — slip-resistant soles to SRC standard, steel toecaps, waterproof boots? A suitable and sufficient risk assessment must answer these questions for the specific workplace. Generic AI does not, because it was not designed to.
Incorrect or Missing Legislative References
A generic AI tool asked to assess manual handling might reference the Manual Handling Regulations without stating the year (there have been amendments) or the regulation number. It might state you must comply with manual handling law without naming the Manual Handling Operations Regulations 1992. It might cite OSHA regulations (irrelevant in the UK). It might reference the Health and Safety at Work Act 1974 but fail to cite the specific regulation under MHSWR 1999 or sector-specific regulations such as LOLER 1998 (for lifting equipment). An HSE inspector reading such an assessment knows immediately that the document was generated without competent oversight.
Hierarchy of Controls Applied Incorrectly
Generic AI frequently jumps straight to PPE without demonstrating why higher-order controls are not practicable. A typical generic output might state: Risk: exposure to dust. Control: wear a dust mask. This inverts the legally required hierarchy under MHSWR 1999 Schedule 1. The correct approach is: (1) Can the dusty process be eliminated or substituted with a wet method? (2) If not, can local exhaust ventilation or enclosure (engineering control) be installed? (3) If not, can the work be reorganised to reduce exposure time (administrative control)? (4) Only then: respiratory protective equipment (RPE) to FFP3 standard, face-fit tested, with training under COSHH Regulation 12. A professional AI system works through this hierarchy explicitly.
No Site-Specific Detail
Generic AI does not know whether your work is in a confined space, near underground cables, within 3 metres of a public highway, on a listed building, or in a school during term time. These contextual details change the legal requirements and the appropriate controls. A professional system captures this context through the structured intake and reflects it throughout the assessment. A generic system cannot, because it has no mechanism to gather this information.
How Anyrisks Delivers All Five Elements
Anyrisks is not a general-purpose chatbot repurposed for risk assessment. It is a purpose-built AI system trained exclusively on UK health and safety regulation, HSE guidance, sector-specific Approved Codes of Practice, and thousands of real UK risk assessments across 47 industry sectors. The system architecture combines five AI subsystems that work together to deliver a professional, compliant output in under two minutes.
The first subsystem is the sector classifier. When you describe the activity you want to assess — laying a patio, running a nursery outdoor play session, servicing a boiler, organising a village fete — the classifier identifies which of 47 sector-specific hazard libraries apply. This determines which hazards the system will check for (manual handling of paving slabs for construction, safeguarding and supervision ratios for childcare, gas safety and confined space entry for boiler servicing, public liability and fire safety for events).
The second subsystem is the legislative mapper. Once hazards have been identified, the mapper applies the specific UK regulations that govern each hazard. This is not a lookup table — it is a rules engine trained on the relationships between hazards, activities, and statutory duties. For example, if the activity involves working at height (identified hazard), the mapper applies the Work at Height Regulations 2005. If it involves exposure to silica dust (identified hazard), the mapper applies COSHH 2002 and cites Regulation 6 (assessment of health risks), Regulation 7 (prevention or adequate control of exposure), and Regulation 12 (information, instruction and training). This ensures that every control measure is linked to a specific legal duty.
The third subsystem is the context integrator. This subsystem processes the structured intake responses and injects site-specific detail throughout the document. If you stated that work will take place on a residential property with young children present, the integrator ensures that control measures include exclusion zones, signage, and supervision of the public. If you stated work will take place outdoors in winter, the integrator ensures that weather-related hazards (cold stress, reduced daylight, slippery surfaces) are addressed. If you stated that workers are inexperienced or newly trained, the integrator adjusts supervision requirements and training emphasis accordingly.
The fourth subsystem is the hierarchy enforcer. This subsystem ensures that control measures are presented in the correct order: elimination first, substitution second, engineering controls third, administrative controls fourth, and PPE last. For each hazard, the system generates multiple control levels and explains why higher-order controls are or are not practicable. For example, for manual handling of heavy paving slabs: Elimination — not practicable (paving is the contracted work). Substitution — consider smaller, lighter slabs where design permits. Engineering controls — mechanical lifting equipment (sack truck, paving lifter) for slabs over 20 kg. Administrative controls — two-person lift for slabs over 25 kg, training in safe lifting technique, task rotation to reduce repetitive strain. PPE — steel toecap boots, gloves for grip and cut protection. This demonstrates compliance with the legal duty to reduce risk so far as is reasonably practicable.
The fifth subsystem is the QA validator described above. Every generated document passes through automated checks for word count, hazard count, control completeness, UK spelling, placeholder text, and legislative citation format. Documents that fail any check are regenerated with additional detail or correction before delivery. The user never sees a failed QA check — they receive only the final, validated output.
Real Risk Assessment vs Chatbot Output: A Worked Comparison
Consider a simple activity: a self-employed gardener strimming overgrown grass on a domestic property. Here is what a generic AI chatbot produces when asked to generate a risk assessment for this activity:
Hazards: Slips, trips and falls. Flying debris. Noise. Vibration. Manual handling. Electrical hazards. Controls: Wear appropriate PPE including gloves, safety glasses, ear defenders and steel toe boots. Inspect the strimmer before use. Keep the public at a safe distance. Take regular breaks to avoid fatigue.
This output is generic, vague, and legally insufficient. It does not specify what type of strimmer (petrol, electric, battery), what debris hazards are specific to strimming (stone projection, plant sap, ticks and bites from disturbed vegetation), what noise level to expect (petrol strimmers typically exceed 85 dB(A), triggering duties under the Control of Noise at Work Regulations 2005), or what manual handling risks arise (starting a petrol strimmer with a pull cord, prolonged holding of the machine). The phrase appropriate PPE is a placeholder — it tells the user nothing about what PPE is actually required.
Here is what Anyrisks generates for the same activity, after processing a structured intake that specifies: self-employed gardener, domestic property, overgrown grass and brambles, petrol strimmer, householder and children may be present, working alone, outdoor work in summer:
Activity: Strimming overgrown grass and brambles on a residential property using a petrol strimmer. Persons at risk: Self-employed gardener (operator), householder, children, members of the public. Hazard 1: Ejected debris (stones, sticks, plant material) causing eye injury or lacerations. Legislation: Personal Protective Equipment at Work Regulations 1992. Existing controls: Full-face visor or safety glasses to EN166 (Grade F — high-speed particle impact). Long-sleeved top and trousers to prevent cuts from brambles. Pre-start inspection of strimming area to remove obvious stones and solid objects. Residual risk: Low. Hazard 2: Noise exposure from petrol strimmer (typically 90–95 dB(A) at operator position). Legislation: Control of Noise at Work Regulations 2005. Existing controls: Hearing protection (ear defenders or ear plugs) to reduce exposure below 85 dB(A) lower exposure action value. Limit continuous use to 2-hour sessions with breaks to reduce total daily exposure. Consider low-noise strimmer models for future purchase. Residual risk: Medium. Hazard 3: Hand-arm vibration from prolonged strimming. Legislation: Control of Vibration at Work Regulations 2005. Existing controls: Anti-vibration gloves. Limit strimming to 2-hour sessions. Maintain strimmer (sharp blades reduce vibration). Daily exposure unlikely to exceed EAV (2.5 m/s²) for typical domestic garden work. Residual risk: Low. Hazard 4: Manual handling — starting petrol strimmer with pull cord (risk of back strain or shoulder injury). Legislation: Manual Handling Operations Regulations 1992. Existing controls: Use correct starting technique (strimmer on ground, pull cord with controlled motion, avoid jerking). Warm up shoulder and back muscles before starting. Consider electric-start models for future purchase. Residual risk: Low. Hazard 5: Exclusion zone — householder and children present. Risk of injury from contact with strimmer head or ejected debris. Legislation: Health and Safety at Work Act 1974 Section 3 (duty to non-employees). Existing controls: Establish 5-metre exclusion zone around operator while strimming. Inform householder before starting work. If children present, request supervision or delay work until they are indoors. Stop immediately if anyone enters exclusion zone. Residual risk: Low. Further actions required: Measure actual noise output using sound level meter to confirm hearing protection adequacy (target completion: within 1 month, responsible: operator). Record hand-arm vibration exposure if strimming becomes a daily activity (HSE HAVS calculator tool).
This is a suitable and sufficient risk assessment. It identifies the specific hazards arising from the described activity (not a generic list). It names the specific people at risk, including vulnerable groups (children). It cites the correct UK legislation for each hazard by name, year, and where relevant, regulation number. It applies the hierarchy of controls — noting where elimination or substitution is not practicable (petrol strimmer is the owned equipment, but quieter models are recommended for future), specifying engineering controls (sharp blades, anti-vibration gloves), administrative controls (session limits, exclusion zone, pre-start area inspection), and PPE (visor to EN166 Grade F, hearing protection to achieve less than 85 dB(A) exposure). It includes numerical thresholds (85 dB(A), 2.5 m/s², 5-metre exclusion zone, 2-hour session limit) rather than vague terms like appropriate or suitable. And it identifies further actions with named responsible persons and target dates.
An HSE inspector reviewing the first assessment would dismiss it as inadequate. An inspector reviewing the second would recognise it as compliant.
When AI Risk Assessment Is Not Appropriate
AI risk assessment is not suitable for every situation. There are four scenarios where a human competent person must conduct the assessment from first principles, and AI can at most provide a starting template requiring substantial rework.
First, novel or unusual hazards not well-documented in UK guidance. If you are working with a new chemical substance not yet covered by a COSHH assessment template, or using a new type of machinery without established sector guidance, or operating in an environment where no comparable risk assessment exists (such as a one-off deep excavation in contaminated ground), AI cannot generate a suitable assessment because it has not been trained on comparable examples. You need a competent person with expertise in the specific hazard.
Second, high-risk or legally complex activities requiring professional certification. Asbestos surveys and management plans must be conducted by analysts holding BOHS P400–P405 qualifications. Legionella risk assessments must be conducted by competent persons as defined in ACOP L8 (typically holding City & Guilds or equivalent water hygiene certification). Fire risk assessments for complex premises (hospitals, high-rise residential, large public venues) must be conducted by certificated fire risk assessors. Electrical installation testing must be conducted by qualified electricians to BS 7671. These activities have professional standards that AI cannot meet.
Third, activities requiring on-site inspection and measurement. A manual handling assessment under the Manual Handling Operations Regulations 1992 should include observation of the actual task, measurement of load weights and carrying distances, assessment of floor surfaces and obstacles, and employee consultation. A noise assessment under the Control of Noise at Work Regulations 2005 requires actual sound level measurements using calibrated equipment. A hand-arm vibration assessment under the Control of Vibration at Work Regulations 2005 requires vibration magnitude data for the specific tools in use. AI can describe what should be measured and what thresholds apply, but it cannot conduct the measurements.
Fourth, activities where the risk assessment is a live document requiring regular updating by on-site supervisors. Construction site risk assessments under CDM 2015 are often updated daily as work progresses and site conditions change. Event risk assessments for outdoor festivals are updated in response to weather forecasts and crowd numbers. In these scenarios, the initial risk assessment may be AI-generated, but the competent person on site must own and update the document in real time.
The Role of the Competent Person
Under MHSWR 1999 Regulation 7, every employer must appoint one or more competent persons to assist in complying with health and safety duties. A competent person is defined as someone with sufficient training, experience, knowledge, and other qualities to enable them to properly assist. For risk assessment, this means the person must understand the work being assessed, the hazards that may arise, the legal requirements that apply, and the control measures available.
AI does not replace the competent person. The legal duty under Regulation 3(1) is on the employer to make a suitable and sufficient assessment — not on a software tool. What AI does is enable a competent person to discharge that duty faster and more consistently. Instead of spending two hours writing a risk assessment from a blank form or adapting a poorly matched template, the competent person spends five minutes answering the structured intake, receives a complete draft assessment in two minutes, spends fifteen minutes reviewing and customising it to reflect site-specific detail not captured in the intake, and approves the final document. The total time is reduced from two hours to twenty-five minutes — but the competent person is still accountable for the final output.
The competent person reviewing an AI-generated risk assessment must check: that all identified hazards are actually present in the workplace (and add any that are missing), that all identified control measures are actually in place or can be implemented, that the risk ratings (likelihood and severity) reflect the actual workplace conditions, that any further actions identified are realistic and have been assigned to named individuals with target dates, and that the cited legislation is correct and up to date. If the competent person does not have the knowledge to verify these points, they are not competent to approve the assessment — and should seek specialist advice or training.
What Customers Say About Anyrisks Quality
Anyrisks has been used by thousands of UK businesses, sole traders, landlords, contractors, and event organisers since launch. Common feedback themes from customers who have used both generic AI tools and Anyrisks include: relief at receiving a document that actually references UK law rather than vague best practice, confidence that the hazards identified are specific to their industry rather than a generic list, appreciation for the detailed control measures that go beyond wear appropriate PPE, and surprise at the speed — most customers expect a professional document to take hours, not minutes.
One self-employed electrician who used Anyrisks to generate a risk assessment for rewiring a domestic property stated: I tried ChatGPT first and it gave me an American-style document that mentioned OSHA and circuit breakers instead of consumer units. Anyrisks gave me something I could actually hand to the building control officer — it cited BS 7671, the Electricity at Work Regulations 1989, and CDM 2015. I added a couple of site-specific notes about the age of the property and approved it. Fifteen minutes total.
A facilities manager for a chain of restaurants who previously used a consultant to write COSHH assessments stated: We were paying £150 per assessment and waiting a week. Anyrisks gave us the same quality for £29 and we had it in two minutes. The chemical-specific detail was all there — the WEL limits, the PPE requirements, the first aid measures. We still get them reviewed by our H&S advisor before use, but the drafting time has gone from seven days to seven minutes.
How to Use an AI Risk Assessment Correctly
If you choose to use an AI-generated risk assessment — whether from Anyrisks or another professional tool — follow this four-step process to ensure the output is suitable and sufficient for legal and insurance purposes.
Step one: provide complete and accurate information in the intake. Do not rush the intake questions. If the system asks where the work will take place, state the specific location (residential property, commercial kitchen, school playground, construction site) and relevant environmental factors (outdoor, weather-dependent, public access, confined space). If it asks who will be affected, list all groups including vulnerable persons (young workers, pregnant staff, members of the public, children). The quality of the output is directly proportional to the quality of the input.
Step two: review the generated assessment line by line. Check that every identified hazard is actually present in your workplace. Check that every control measure is either already in place or can be implemented before work starts. Check that the risk ratings (low, medium, high) reflect your judgment of the actual risk. If the assessment identifies a hazard you do not recognise, research it — it may be a regulatory requirement you were unaware of. If the assessment omits a hazard you know is present, add it manually.
Step three: customise the assessment with site-specific detail. Add the names of responsible persons for each action. Add target dates for implementation of further controls. Add any site-specific procedures not captured in the intake (such as a particular access route, a specific piece of equipment, or a local environmental constraint). Update the assessment date and version number. Sign or initial the document to indicate you have reviewed and approved it as the competent person.
Step four: implement the control measures and communicate the assessment to those at risk. Under MHSWR 1999 Regulation 10, employers must provide employees with comprehensible and relevant information on the risks to their health and safety and the preventive and protective measures. This means the risk assessment must be shared with the workers doing the job, explained in a toolbox talk or induction, and made available for reference on site. A risk assessment filed in a drawer and never communicated is legally worthless.
Further Reading
For a comprehensive overview of UK risk assessment law, process, and best practice, see our ultimate guide to risk assessment. For the specific legal requirements and penalties, see our risk assessment legal requirements guide. For guidance on whether your specific activity requires a risk assessment, see do I need a risk assessment?
