Entry D3 v1 — H&S baseline (HSWA 2015)

What to watch for

Six things that change how the H&S baseline actually applies to an SMB — most of which the compliance-content frames as a static checklist rather than as the proportional framework the Act actually establishes.

1. PCBU is broader than "employer." You're probably one even if you don't have employees. Section 17 of HSWA defines a PCBU as a person who conducts a business or undertaking, whether alone or with others, whether or not for profit or gain. This catches sole traders, self-employed contractors, partnerships, companies, trusts running businesses, and most non-profit organisations.¹ The "employer" framing from older H&S content doesn't capture the scope. The implication for small operators: if you're running a business, you're a PCBU, and the primary duty under section 36 applies even if you have no employees. The duty includes your own health and safety as a self-employed person (section 36(2)), and the health and safety of contractors you engage, visitors to your workplace, and members of the public affected by your work. The trap is the "I'm just one person, the Act doesn't apply to me" assumption; it does.

2. "Reasonably practicable" is the framework, not "reasonable" and not "best practice." Section 22 of HSWA defines reasonably practicable as what is reasonably able to be done having weighed up: the likelihood of the hazard occurring, the degree of harm that might result, what the person knows or ought to know about the hazard and the ways of eliminating or minimising it, the availability and suitability of control measures, and the costs (though cost is only one factor, weighed against the risk).² For an SMB, this scales the obligation: you're not expected to run the same H&S management system as Fonterra. You are expected to identify your hazards, assess your risks, apply control measures appropriate to the risk, and have evidence that you've done so. The phrase "reasonably practicable" is interpreted contextually — a high-risk activity (construction, heavy machinery) demands more rigorous controls than a low-risk one (office-based services). Match the discipline to the risk, document the reasoning, review periodically.

3. Officer due diligence is a personal duty. Insurance can't cover the fines. Section 44 imposes a separate due-diligence duty on Officers — directors, partners, chief executives, anyone with significant influence over the management of the PCBU. The duty has six elements: acquire and update H&S knowledge; understand the operations and hazards; ensure appropriate resources and processes; ensure processes for receiving and responding to incident information; ensure processes for compliance with H&S duties; and verify that all of the above is actually happening.³ For sole-director SMBs, you're both the PCBU and the Officer — the duties stack rather than substitute. Personal liability for officer due-diligence breach operates on a three-tier penalty structure under HSWA sections 47–49: reckless conduct in respect of a health and safety duty (section 47) carries up to 5 years imprisonment and/or up to $600,000 fine; conduct that fails a duty and exposes an individual to risk of death or serious harm (section 48) carries up to $300,000; and failure to comply with a health and safety duty (section 49) carries up to $100,000. Insurance cannot pay these fines. The "I didn't know" defence doesn't work because the duty explicitly requires you to acquire and update H&S knowledge. See the entry on director duties for sole-director companies for how the H&S officer duty stacks with the Companies Act director duties.

4. Worker engagement isn't optional. Even with one worker. Section 56 of HSWA requires PCBUs to engage with workers on H&S matters and have practices for ongoing worker participation in H&S.⁴ The Act doesn't prescribe specific mechanisms — for small businesses, monthly informal conversations with workers about H&S concerns can satisfy the duty; larger businesses typically need formal H&S committees and elected H&S representatives. The trap for SMBs is "we don't need a formal H&S system because we only have two staff" — the duty applies regardless of size, just at a proportional level. The proportional version for an SMB is: ask workers about hazards they see, take their concerns seriously, document the conversations briefly, act on what's surfaced. The discipline doesn't have to be elaborate; it has to exist and be visible.

5. Notifiable events have specific reporting obligations. Know what counts and what doesn't. Sections 23-25 of HSWA define notifiable events that must be reported to WorkSafe immediately and the site preserved until WorkSafe instructs otherwise. Three categories: notifiable injury or illness (serious injury requiring medical treatment, hospitalisation, etc — section 23); notifiable incident (incident that could have caused serious injury, even if no actual harm — section 24); death.⁵ The reporting obligation is on the PCBU, not on individuals. Failure to notify is a separate offence. For SMBs the practical implications: minor cuts and bruises aren't notifiable; broken bones, serious burns, anything requiring hospitalisation usually are; near-misses with potential for serious harm (forklift incident with no one hurt, scaffolding collapse with no one on it) are notifiable as incidents. When in doubt, call WorkSafe's notification line; under-notifying is more exposure than over-notifying. Notification records must be kept for at least 5 years.

6. The H&S system doesn't have to be elaborate. It has to be real, visible, and proportionate. For most SMBs, a defensible H&S baseline includes: a written H&S policy (one page; what the business commits to); a hazard register listing the hazards in your workplace and the controls in place; a worker-engagement process (regular conversations, documented); incident reporting procedure; training records for any H&S-relevant training; PPE provision and use records where applicable; notification records for any reportable events. None of this needs to be in a specialist H&S management software; spreadsheets and shared documents are fine for small operations. What matters is that the components exist, that they're actually used, and that there's contemporaneous evidence of use. The trap is the operator who downloads an H&S policy template, files it in a folder, and considers H&S handled — that's visible compliance without substantive compliance. The substantive compliance is the use of the system: regularly reviewing the hazard register when work changes, actually having the worker conversations, actually filling in the incident report when something happens, actually updating training records when training is delivered.

A separate point on what the H&S framework accomplishes operationally. The substantive purpose of HSWA isn't compliance; it's the prevention of work-related harm. A workplace where the PCBU and Officer take their duties seriously is materially safer than one where compliance is a paperwork exercise, and the productivity and morale effects are real. For SMBs, the bonus is that the same operational discipline that produces compliance also produces a workplace where workers feel valued, conversations happen openly, and problems get surfaced before they become incidents. Treating H&S as substantive — proportional to the actual risks, calibrated to the actual operation, owned at the operator level — usually produces both better safety outcomes and a better workplace. The compliance flows from the operational practice rather than the other way around.

For operators who tender for work or go on others' sites — trades, construction, subcontractors — H&S prequalification (SiteWise, Tōtika, Impac-type) has become a hard gate to bidding at all: no prequal, no work. The H&S system you build for compliance is the same credential that opens the tender. For a non-site SMB the equation is different and H&S stays honest-about-cost — the return is operational rather than financial: fewer incidents, cleaner responses, less business disruption when something goes wrong.

Where this entry stops

This entry covers the H&S baseline framework as it applies to typical NZ SMBs under HSWA 2015. It doesn't cover:

• Industry-specific H&S regulations — construction, asbestos, hazardous substances, mining, agriculture all have additional regulations under HSWA. Sector-specific territory.
• Health monitoring and biological monitoring — specific requirements for workers exposed to hazardous substances or processes. Specialist territory.
• Workplace mental health and psychosocial risks — these are increasingly recognised as H&S obligations; emerging area of regulator focus.
• Worksite safety for residential construction — Brownlee's review and the Building Act intersect with HSWA; specialist territory.
• WorkSafe enforcement procedures and the appeals process — engage specialists if a WorkSafe investigation begins.

For sector-specific guidance, WorkSafe's industry pages cover the major industries with specific operational advice. For SMB-specific tools, the WorkSafe small-business hub carries proportional resources.

Last verified 9 June 2026. Full source list: references.