Health And Safety At Work Act 2015 In NZ: Compliance And Obligations

When you’re running a small business, you’re juggling everything at once - customers, cashflow, staff, suppliers, and the day-to-day work that keeps the doors open.

Health and safety can feel like “one more thing” to add to the list. But under New Zealand’s Health and Safety at Work Act 2015 (HSWA), it’s not optional, and it’s not just for big corporations or high-risk industries.

The good news is: compliance doesn’t need to be complicated. If you understand what the HSWA expects and you put a few practical systems in place, you can protect your team, protect your customers, and protect your business from expensive problems down the track.

This guide is general information only (not legal advice). Because your obligations can vary depending on your industry, worksite and arrangements, you should get advice for your specific situation.

In this guide, we’ll break down what small businesses in New Zealand need to know about the Health and Safety at Work Act 2015, including your duties, what “reasonably practicable” means, and what compliance looks like in real life.

What Is The Health And Safety At Work Act 2015 And Who Does It Apply To?

The Health and Safety at Work Act 2015 is New Zealand’s main workplace health and safety law. It sets out who is responsible for health and safety at work, what they must do, and how WorkSafe and the courts can enforce the rules.

If you operate a business - even if it’s small, home-based, or you only have one worker - the HSWA is likely to apply to you.

Most Small Businesses Are A “PCBU”

Under the HSWA, the key duty-holder is a PCBU, which stands for Person Conducting a Business or Undertaking. In plain English, that usually means the business itself (and in some cases, the individual running it).

You’re likely a PCBU if you:

• run a company, sole trader business, or partnership
• employ staff (full-time, part-time, or casual)
• engage contractors
• run a shop, café, office, studio, workshop, or operate mobile/on-site services

Even if you don’t have employees, you may still have duties if you direct or influence work (for example, through contractors), have customers coming to your premises, or if your work could affect others.

HSWA vs Regulations: What’s The Difference?

You’ll often see the terms:

• Health and Safety at Work Act 2015 (the Act)
• Health and Safety at Work Regulations (the Regulations)

The Act sets out the overall framework and broad duties (like the duty to ensure health and safety “so far as is reasonably practicable”).

The Regulations sit underneath and give more detailed rules for certain risks and industries. For example, there are regulations covering general risk and workplace management, worker engagement and participation, and specific hazards in some sectors.

For many small businesses, practical compliance comes down to doing the basics well: identifying risks, controlling them, training people properly, and keeping the right records.

What Are Your Core Duties As A PCBU?

The HSWA is built around one big idea: as the business owner/operator, you must take reasonably practicable steps to keep people safe.

Your duties under the HSWA can cover:

• your workers (including employees and, in many cases, contractors)
• customers and visitors (for example, people who enter your premises)
• anyone else who could be put at risk by your work (for example, neighbouring businesses or the public)

Duty To Ensure Health And Safety “So Far As Is Reasonably Practicable”

This phrase is everywhere in the HSWA. It doesn’t mean you must eliminate all risk (that’s often impossible), but it does mean you need to take sensible, proactive steps that are proportionate to the risk.

When deciding what’s “reasonably practicable”, factors can include:

• how likely the hazard is to cause harm
• how serious the harm could be
• what you know (or should know) about the risk and ways to control it
• what control measures are available and suitable
• cost - but cost alone usually won’t justify doing nothing if the risk is serious

For a small business, this usually means having simple, workable systems - not a 200-page manual no one reads.

Providing A Safe Work Environment (Including Systems Of Work)

Your HSWA duties generally include ensuring, so far as reasonably practicable:

• safe premises (for example, safe layout, exits, lighting, and cleanliness)
• safe plant and equipment (for example, maintained tools and machinery)
• safe systems of work (how work is done day-to-day)
• safe handling and storage of substances (for example, cleaning chemicals)
• adequate facilities (for example, toilets, wash facilities, rest areas where appropriate)
• information, training, instruction, and supervision

If you employ staff, your health and safety expectations should align with your overall people management approach, including having clear written rules in a Workplace Policy and role-specific obligations in an Employment Contract.

What About Officers (Directors) And Due Diligence?

If your business is a company, the HSWA also imposes duties on “officers” (often directors). Officers must exercise due diligence to ensure the PCBU meets its health and safety obligations.

In practice, “due diligence” often looks like:

• keeping up to date with health and safety matters
• understanding the business’ risks (not just assuming someone else has it covered)
• ensuring resources and processes exist to manage risks
• checking there are reporting and incident-response processes

Even if you’re a one-director company, it’s still important to be able to show that health and safety is actively managed.

How Do You Comply In Practice As A Small Business?

Most small businesses don’t fail HSWA compliance because they don’t care. They fail because health and safety isn’t clearly assigned, documented, or reviewed until something goes wrong.

Here’s a practical compliance approach you can actually maintain (even when you’re busy).

Step 1: Identify Your Real-World Risks (Not Just The Obvious Ones)

Start with a basic risk assessment of your workplace and services. The risks will vary depending on your industry, but common small business hazards include:

• slips, trips, and falls (wet floors, uneven surfaces, cluttered storage)
• manual handling injuries (lifting stock, moving equipment)
• fatigue and burnout (especially in hospitality and seasonal businesses)
• bullying, harassment, and psychosocial risks (these are health and safety issues too)
• driving risks (for mobile services, deliveries, tradies)
• hazardous substances (cleaning products, fumes, dust)
• electrical hazards and faulty equipment

Tip: risks aren’t just physical. If work practices are causing serious stress, excessive hours, or unsafe behaviour under pressure, that can create HSWA exposure for your business.

Step 2: Put Controls In Place (And Make Them Easy To Follow)

Once you’ve identified hazards, decide what controls you’ll use. A simple way to think about controls is the hierarchy of control:

• Eliminate the risk (best option where possible)
• Substitute with something safer
• Isolate the hazard from people
• Engineering controls (physical changes like guards or ventilation)
• Administrative controls (procedures, rosters, signage, training)
• PPE (gloves, masks, hearing protection - usually last line of defence)

Small business owners often jump straight to “tell people to be careful” (administrative control) or “wear PPE”. If elimination or safer substitution is possible, it’s usually better (and often cheaper long-term).

Step 3: Train People Properly (And Refresh Training)

Under the HSWA, you must provide the information, training, instruction, and supervision necessary to protect people from risks.

Training doesn’t need to be fancy. It does need to be:

• relevant to the role and risks
• understood by the worker (including language and literacy considerations)
• updated when processes change
• documented (so you can prove it happened)

If your business uses monitoring tools, devices, cameras, or collects employee information as part of safety processes, you’ll also want to make sure your approach is consistent with privacy rules and your internal expectations, often set out in an Employee Privacy Handbook.

Step 4: Create An Incident Response Plan (Before You Need It)

If an incident happens, your next steps matter - both for your people and your legal exposure.

At a minimum, have a clear process for:

• first aid and emergency response
• who to contact (internal and external)
• when to call emergency services
• how to preserve the scene where required
• how and when to notify WorkSafe (for notifiable events like deaths, notifiable injuries/illnesses, and notifiable incidents)
• recording and investigating what happened

Even if you don’t have an HR team, you can still document these steps in a simple internal policy and train your team on it.

What About Workers, Contractors, And Other Businesses You Work With?

Small businesses often rely heavily on contractors - bookkeepers, builders, IT support, cleaners, couriers, marketing consultants, and more.

Under the HSWA, you can’t treat health and safety as “someone else’s problem” just because a person is not an employee.

Contractors: You Still Need To Manage The Risk

Contractors are often “workers” for HSWA purposes, and you may owe them duties (and they owe duties too). Exactly how duties apply can depend on who directs the work, the level of control, and the worksite arrangements.

This is where it helps to have the relationship documented properly, including safety expectations, responsibilities, and reporting. Many businesses do this alongside a properly drafted Contractors Agreement.

In practical terms, this can include:

• confirming the contractor is competent/qualified for the work
• providing site induction where needed
• making sure your hazards are communicated (and their hazards are communicated to you)
• ensuring incidents and near-misses are reported

Overlapping Duties: When More Than One Business Is Involved

HSWA recognises that modern work often involves multiple PCBUs at once (for example, a landlord and tenant, a head contractor and subcontractors, or a host business and labour hire).

Where duties overlap, businesses must (so far as reasonably practicable):

• consult with each other
• co-operate with each other
• co-ordinate activities so everyone can meet their obligations

For a small business, this might look like agreeing who manages site safety, who provides PPE, and who is responsible for emergency procedures - and then putting it in writing.

Worker Engagement And Participation (Yes, Even In Small Teams)

The HSWA expects worker engagement - meaning you should involve workers in health and safety matters that affect them.

In a small business, engagement can be simple and effective, like:

• a short safety check-in at the start of each week
• a hazards/near-misses log that workers can update
• encouraging workers to speak up (and responding constructively when they do)

The point is to make health and safety part of “how we do things here”, rather than a once-a-year compliance exercise.

What Documents And Records Should Small Businesses Keep?

A lot of HSWA compliance is about action - spotting risks, fixing issues, training people. But documentation matters too, because if something goes wrong, you’ll want to show what you did to meet your duties under the HSWA.

There’s no one-size-fits-all list, but here are documents many small businesses should consider having (and actually using).

Core Health And Safety Documents

• Health and safety policy (your overall commitment and approach)
• Hazard register / risk assessment (what the hazards are and how you control them)
• Incident and near-miss register (and investigation notes)
• Training records (induction, toolbox talks, equipment training)
• Emergency plan (evacuation, first aid, key contacts)
• Equipment maintenance logs (where relevant)

Employment And Contractor Documentation

Some of your day-to-day compliance is supported by getting your people documents right from the start. For example:

• Clear role expectations and safety-related obligations in an Employment Contract
• Clear contractor scope and responsibility allocation in a Contractors Agreement
• Practical behavioural and safety rules in a Workplace Policy

These documents won’t replace real health and safety systems - but they can support them, reduce confusion, and help set expectations from day one.

Privacy And Safety: Don’t Overlook Data

Some health and safety processes involve collecting personal information. Common examples include CCTV, visitor logs, incident reports, GPS tracking for vehicles, and records of medical events in the workplace.

If you collect personal information, you’ll usually want a properly drafted Privacy Policy (and internal guidance for staff) so you’re balancing safety needs with your obligations under the Privacy Act 2020.

This is especially important because poorly managed incident records or workplace monitoring can create a second legal problem while you’re trying to manage the first.

Do You Need To Draft Everything Yourself?

It’s tempting to grab free templates online and patch something together. But health and safety and employment documentation needs to match how your business actually operates - your team size, your industry risks, your working hours, your site setup, and your contractor arrangements.

Getting the foundations right early can save you a lot of time (and cost) later, especially if you ever have a serious incident, a complaint, or an investigation.

Key Takeaways

• The Health and Safety at Work Act 2015 applies to most small businesses, including those that use contractors or have people visiting their premises.
• As a PCBU, you must ensure health and safety so far as is reasonably practicable, which usually means identifying hazards, controlling risks, and training your people.
• The Health and Safety at Work Regulations sit under the Act and add practical detail - but most compliance comes down to consistent, real-world risk management.
• Health and safety obligations often overlap with employment and contractor management, so it helps to have the right documents in place (like an Employment Contract, Contractors Agreement, and Workplace Policy).
• Keep clear records (risk assessments, incidents, training) so you can show what you did to manage safety, not just what you intended to do.
• If your safety processes involve personal information (like incident reports or CCTV), make sure your approach aligns with privacy compliance and you have a Privacy Policy that fits your business.

If you’d like help getting your health and safety foundations right - including workplace policies, contractor documentation, and privacy compliance that actually fits how your business runs - you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.