What Risk Assessments Do I Need for My Small Business?

If you run a small business in the UK, you are legally required to carry out certain risk assessments.

It does not matter whether you operate a café, restaurant, takeaway, bar, nightclub, hotel, dental practice, GP surgery, beauty salon, gym, nursery, retail shop, franchise unit or office. It does not matter if you employ one person or twenty. It does not matter if you rent your premises.

If you control the premises or employ staff, legal responsibility sits with you.

At The HSRA, we regularly speak to small business owners who assume compliance only applies to large organisations. It does not. The law applies equally to small, independent businesses.

Below are the core risk assessments most small businesses require, and what can happen if they are not in place.

Fire Risk Assessment

Under the Regulatory Reform Fire Safety Order 2005, every business premises must have a suitable and sufficient fire risk assessment.

There is no exemption for small businesses.

This assessment reviews fire hazards, escape routes, detection systems, emergency lighting, fire doors and control measures. It must be kept up to date and reflect the actual use of the premises.

If you do not have one in place, fire authorities can issue enforcement notices, prohibition notices forcing closure, prosecute the responsible person and impose unlimited fines. In serious cases, custodial sentences are possible.

Insurance claims following a fire may also be refused if no suitable assessment existed.

Legionella Risk Assessment

Under the Health and Safety at Work etc. Act 1974 and the Control of Substances Hazardous to Health Regulations 2002, businesses must assess exposure to hazardous substances, including Legionella bacteria.

If your premises has hot and cold water systems, staff toilets, kitchens, wash basins, showers or boilers, you are likely to require a Legionella risk assessment.

Failure to assess and manage this risk can result in improvement notices, prosecution and unlimited fines. In sectors such as hospitality and healthcare, reputational damage can be immediate and severe.

Health and Safety Risk Assessment

Under the Management of Health and Safety at Work Regulations 1999, employers must assess risks to employees and others affected by their activities.

This is your overarching workplace risk assessment.

It considers hazards such as slips and trips, manual handling, electrical safety, workplace layout and operational risks specific to your business.

If an incident occurs and no documented assessment exists, you may face prosecution, civil compensation claims and insurance complications.

Documentation demonstrates due diligence. Without it, you cannot prove that reasonable steps were taken to manage risk.

Disability Access and Equality Considerations

Under the Equality Act 2010, businesses providing services to the public must make reasonable adjustments for disabled persons.

This is not simply about installing a ramp. It is about assessing how people access and use your premises and whether barriers exist.

Failure to consider accessibility can lead to discrimination complaints, civil claims, tribunal proceedings, compensation payments and reputational harm.

For customer facing businesses, this area is often overlooked until a complaint is made.

Can I Complete These Assessments Myself?

Legally, yes, if you are competent.

However, completing them yourself means you are declaring that you have sufficient knowledge, training and experience to identify hazards and implement appropriate controls.

If something is missed and an incident occurs, you cannot later argue lack of expertise.

In enforcement proceedings, a common question is: on what basis did you consider yourself competent?

Personal Liability for Small Business Owners

In many small businesses, the owner is also the Director, Employer and Responsible Person.

That means enforcement action can target you personally.

Fines for individuals are unlimited. In serious cases, imprisonment is possible.

Risk assessments are not simply paperwork. They are legal protection documents designed to demonstrate that you have taken reasonable steps to protect staff and customers.

Final Summary

If you run a small business open to staff or the public, you will almost certainly require:

A fire risk assessment
A Legionella risk assessment
A health and safety risk assessment
Consideration of disability access and equality compliance

These are not optional add ons. They are core legal duties.

If you are unsure whether your current documentation would stand up to inspection, now is the time to review it.

How The HSRA Can Help

The HSRA provides fixed, transparent pricing for small businesses across England, Scotland and Wales.

We focus on what is legally required. Clear documentation. Practical recommendations. No unnecessary complexity.

You can request a no obligation quote or book your assessment directly using our online booking form.

Protect your business. Protect your staff. Protect yourself.

FAQs

Do I need risk assessments if I only employ one person?

Yes. If you employ staff, you have legal duties under health and safety legislation.

Do small businesses need written risk assessments?

If you employ five or more people, you must record your findings in writing. Even with fewer employees, written documentation is strongly recommended.

What happens if I do not have a fire risk assessment?

Fire authorities can issue enforcement notices, close your premises, prosecute and impose unlimited fines.

Is Legionella really a risk in small premises?

Yes. Any premises with water systems can present Legionella risk if not properly managed.

Can I be personally fined as a Director?

Yes. In small businesses, enforcement action can be taken against individuals where legal duties have not been met.