The hidden risks of outsourcing – contractor safety regulations SMEs shouldn’t ignore

By Jeff Swales on Small Business UK - Advice and Ideas for UK Small Businesses and SMEs

Outsourcing work to contractors is often the quickest and most cost-effective way for SMEs to get things done, whether that is a repair, a deep clean, a small demolition, or ongoing maintenance. However, many SMEs still assume that safety is the contractor’s problem, but under UK laws, the hiring company bears the legal duty of care. That misunderstanding can be expensive.

This is not a theoretical risk. It is the kind of misconception that has contributed to serious enforcement action that’s seen organisations like Tata Steel fined £1.5m for contractor-related incidents. If something goes wrong, regulators will not accept ‘they were an external contractor’ as a defence. Businesses cannot outsource or contract out of their health and safety responsibilities.

An increasing number of smaller firms unintentionally fall foul of these rules when bringing in third-party contractors, exposing themselves to fines and reputational damage. Below is everything UK SMEs need to know when outsourcing work and most importantly what to do to protect themselves from liabilities.

What the law says: ​​your statutory responsibilities as a client

Under UK health and safety law, the company engaging contractors still carries legal responsibility for the safety of those contractors and anyone affected by the work. If you are the client, or if you take on responsibilities that fall within the client role, you must be able to demonstrate that you have made suitable arrangements to manage health and safety risks. It’s also important for businesses to familiarise themselves with the relevant HSE guidance and Approved Codes of Practice (ACOPS.)

How the Construction (Design and Management) Regulations 2015 apply

A common trap for SMEs is not realising when the Construction (Design and Management) Regulations 2015, known as the CDM Regulations, apply.

The CDM regulations apply to all ‘construction work’, defined as “the carrying out of any building, civil engineering or engineering construction work”. That definition is broad and covers work such as renovation, demolition, minor repairs, cleaning, upkeep and redecoration, etc.

The aim of CDM is to maintain and improve health and safety standards in construction projects, clarify the duties of each relevant party by placing specific legal duties on those involved, and uphold the standards of the work done. The important message for SMEs is that CDM does not just apply to major building sites. If you commission work that falls within the definition, you can become a duty holder with legal duties, even for something relatively small.

Who is responsible: duty holders and legal liability

Specific legal duties are placed on five key parties, known as duty holders.

They are the:

• Client
• Principal designer
• Designer
• Principal contractor
• Contractor

If a duty holder breaches their legal duty under CDM as a result of a serious health and safety incident, they may be guilty of a criminal offence. Failure to comply with CDM can result in prosecution, an unlimited fine, imprisonment, or both.

That is why ‘we outsourced it’ is not a risk transfer strategy. Legal liability can remain with you, even when the work is being carried out by someone else.

Client duties: domestic clients versus commercial clients

CDM distinguishes between domestic and commercial clients. Most SMEs commissioning work for business premises are commercial clients, which means client duties remain with the business and must be actively managed.

Common mistakes SMEs are making

We are seeing many SMEs fall foul of CDM when getting contractors in, often because the work looks ‘minor’ or because paperwork is treated as the contractor’s job. A typical issue we see is inadequate due diligence. If you are the client or principal contractor, you should have completed due diligence on the contractor and satisfied yourself that they are competent, including reviewing documentation such as Safe Systems of Work (SSoW).

Proactive steps you can take to protect your business

Vet contractors properly

Before work starts, vet contractors and ask for evidence such as:

1. Their health and safety policy
2. Risk assessments and method statements relevant to the work
3. Proof of qualifications or membership of professional or trade associations
4. References from previous clients
5. Accident history information
6. Proof of health and safety training they have undertaken or delivered to their staff
7. Any enforcement, improvement, or prohibition notices received in the last three years

You can also check online reviews and, if they are a limited company, review their Companies House filings on the GOV.UK website.

Put it in writing

Have a written contract in place for any work done by contractors. This supports clarity on responsibilities, supervision, and expectations, and it helps demonstrate that you are managing known risks.

Treat contractors like employees for safety purposes

Under the Health and Safety at Work etc. Act 1974, employers have a duty to ensure the health and safety of employees and others affected by the work, so far as is reasonably practicable. This includes managing risks to contractors. You and the contractor are jointly responsible for their health and safety when working on your site, and you should treat contractors and their employees as you would employees in your approach to health and safety.

Make sure your risk assessments cover contractor activity

Your risk assessments should cover contractors and the work they do. That might mean including them in your general risk assessment or creating a separate contractor-specific assessment.

Build and maintain a proper due diligence pack

Due diligence should cover competence and practical delivery, including:

• Experience
• Training
• Qualifications and accreditation
• Health and safety history
• Safety standards and culture
• Plant and equipment responsibilities
• Monitoring and supervision arrangements
• How job specific and site-specific information will be conveyed
• Site plans
• Hazard locations
• Fire evacuation procedures
• Traffic management (where relevant)

This information needs to be recorded appropriately because if an incident occurs, you will be seeking to rely on it. You need to be certain the contractor is competent for the particular job.

Get legal input early

It is never too early to consult a lawyer about your duties and responsibilities, especially given how vast health and safety obligations can be.

For SMEs, the safest position is to assume that if you brought the contractor in, you will be expected to demonstrate how you selected them, what you told them about the site and the job, and how you checked that safe systems were followed. Taking a structured approach, vetting properly, documenting decisions, and keeping risk assessments contractor-ready won’t just help you stay compliant, it can prevent serious incidents, protect your reputation, and keep your business operating without costly disruption.

Jeff Swales is senior associate at rradar.

Read more

Public liability insurance for building contractors – For building contractors and the construction industry, taking out public liability insurance is critical

The benefits of public liability insurance for IT contractors – Why do IT contractors need public liability insurance, what exclusions do you need to know about and how do you find the right policy?

The post The hidden risks of outsourcing – contractor safety regulations SMEs shouldn’t ignore appeared first on Small Business UK.