UK employers taking a ‘targeted’ approach to third party harassment risk

Employers are reassessing where third party harassment risk sits ahead of new duties due in the Autumn, focusing effort where exposure is highest. The change, expected to take effect in October under the Employment Rights Act 2025, will require employers to take reasonable steps to prevent harassment by third parties, including customers, contractors and members of the public. The challenge is deciding where that risk sits within the business and then taking the necessary steps to address it. We’ll speak to a D&I expert who is advising on that issue.

For HR teams, this means shifting the focus away from one-size-fits-all approaches towards a much more targeted risk assessment. So, looking at which roles involve the greatest level of third party interaction, where employees may be working alone or in public-facing environments, and where behaviour may be harder to challenge or escalate.

For many employers the shift is a significant one recognising that applying the same measures across an entire organisation can become both inefficient and ineffective, potentially resulting in the real areas of risk being missed altogether. Instead, a more proportionate and tiered approach is needed, focusing effort where exposure is genuinely higher and adapting measures accordingly. And that is the message that HR Directors are taking to the board ahead of the October changes, showing clearly why certain areas require greater focus, and where investment and support are likely to have the greatest impact.

So, let’s hear more on that. Kieron O’Reilly is a D&I consultant with Pinsent Masons’ consultancy Brook Graham and earlier he joined me by video-link to discuss how employers should be approaching this in practice:

Kieron O’Reilly: “I think in practice, a one size fits all is potentially a waste of time and you can end up missing risk. By taking one size fits all and applying the same risk concerns across an entire organisation where they're different means a lot of time is wasted and also there was a serious danger of missing where the real risk sits, so we could end up missing risk. So, the one size fits all doesn't actually tackle the problem, or tackle the challenge, in a way that makes sense to make any changes or difference and deal with the risk.”

Joe Glavina: “So if a one-size-fits all approach is wrong, what does the right approach look like?”

Kieron O’Reilly: “So in reality, when we have a look at this, we have a look where risk sits. So, to give you an example, if you've got a lone worker at nighttime in a public facing role compared to someone who works in the office during the daytime in a fully populated office, clearly there are differences of risk there. Now I make quite an exaggeration with that description, but it makes the point. If you think about third party harassment and where those interactions happen, you can look at large retail environments, for example, and it would be fair to say, well, they're very much a public facing business model and, of course, that is true so they do have a high level risk but that doesn't apply across the entire organisation – there are functional logistics and many other parts of it. So, when we take a tiered approach, if you look at an organisation that is very public focused that's where you'd focus the risk considerations. It'll be less so in the office environment, and potentially less so in environments that have no public facing situations at all. So, there's no point doing all the work you would do with your frontline staff across the board for those who don't have the same responsibilities.”

Joe Glavina: “So from a leadership perspective, what’s the message you want HR Directors to take to the board before October?”

Kieron O’Reilly: “I think the approach we've seen working is quite effective because, essentially, you're taking a measured approach to the different levels of risk, looking and identifying what those risks are and, essentially, it creates a narrative and it's that narrative that really makes sense to the board. They can see what the level of risk is, what the proportionate responses would be, and also what the benefit to doing those would be and I think those things together make it much easier for boards to understand the reasons for it, and the benefits, and are much more comfortable with sanctioning budgets and putting in practices that the HR director’s team are going to suggest are made. So, I think it gives the good narrative, it gives a clear explanation, and it's easy to see where the benefits come from.”

Joe Glavina: “Finally Kieron, what’s your key message to HR professionals watching this?”

Kieron O’Reilly: “I think take that step back and consider your tiered approach. I think the three levels, if you look at, say, low, medium and high. It doesn't need a huge sort of set of definitions. A quite simple approach is just looking at things like your locations of operation, the roles, responsibilities and level of third party engagement and we're talking contractors, it could be customers, members of the public, depending on what industry you're in. Having a look at it from that point of view, and considering what you've already got in place, and, from that you'll probably find the are some easy steps to take forward that can make sure that not only you're meeting this new obligation as it's coming through, but using it to your advantage so that it benefits everyone involved and I think that approach, with a clear narrative, makes it a very specific, focused, and effective way of meeting these measures and gaining the best from them.”

So, the key takeaway for HR is that a one-size-fits-all approach is unlikely to be effective when managing third party harassment risk. The focus instead is on understanding where exposure is genuinely higher, taking a proportionate approach, and making sure effort is directed where it is most needed.

For many organisations, that will mean building on measures already in place, while giving HR Directors a clearer narrative to take to the board around risk, priorities and investment. If you’d like help reviewing your approach or assessing where risk sits within your organisation, please do contact Kieron – his details are there on the screen for you.