By Jodie Hill
This month marked the first anniversary of the positive legal duty on employers to take “reasonable steps” to prevent sexual harassment in the workplace.
As someone who works at the intersection of employment law, mental health, neuro-inclusion and culture change, I’ve been watching how organisations respond not just legally, but culturally. So here are my three reflections: where progress has been made, where it remains stalled, and what the next phase must look like – with actionable steps for employers. I hope you find it helpful.
1. What have we learned?
The shift from reactive to proactive is real (but patchy).
The duty and the updated guidance from Equality and Human Rights Commission (EHRC) make clear that waiting for a complaint is no longer sufficient. Employers must anticipate where harassment might arise (including third-party risks (which was introduced by this change), remote working, social events, travel) and act in advance.
What we see in practice though: many organisations have rolled out updated policies, delivered new training, and conducted risk assessments (good for those who I have even made it this far). But many aren’t even scraping the surface of whats required,ment. And even fewer are treating this as an ongoing governance challenge rather than a one-off compliance tick-box. These employers would be remiss to think these efforts have ensured compliance with the preventive duty. The key is to remember the proactive duty is ongoing not a once a year job.
TIP: Consider using your risk assessments to create an action plan for the year to help you keep on track with the ongoing element of the duty. Track the efforts you make not just as a tick box to say it’s ‘done’ but also to show the impact its had on the organisation and the team.
Culture matters – senior roles, power imbalances, behavioural norms.
The guidance emphasises that managers and senior leaders must model behaviour, support reporting and push back on norms of silence.
From our work at Thrive Law, we’ve seen this succeed when senior leaders visibly engage, sponsor safe-spaces, and challenge embedded behaviours (for example socialising norms, travel, off-site events). We’ve also seen where it fails: organisations that update a policy but don’t address how power imbalances, remote work or third-party interactions create risk.
In short: policy is necessary but not sufficient alone; leadership behaviour and cultural safeties are critical. They should be role modelling the policies.
TIP: Consider whether your managers do role model the required behaviours. Is this different in different teams? Do you even know? Training in a workshop environment where it’s safe to ask questions and face fears is a great way to challenge any behaviours which don’t align. It’s starts by asking the questions and understanding the data.
C. Legal and operational risks are increasing – but awareness is uneven.
The introduction of the duty, and the accompanying guidance, signal increased enforcement risk. For example:
• The EHRC can take enforcement action even if no incident has yet occurred.
• Employment tribunals will consider whether the duty was met when assessing a sexual harassment claim; failure to take reasonable steps can lead to up to 25% uplift in compensation.
Thus the risk isn’t only “someone will make a claim” but “are we properly prepared so when something happens, we can show what we did, how we addressed root-causes, how we learn”.
What we see though: some employers remain under-invested in the systemic, structural side of this – especially smaller organisations, those in sectors with less regulatory pressure, or where remote working/socialised formats dominate and they think it doesn’t apply to them – when it does.
2. Has It Helped? Where Are the Gaps?
Yes, in important ways:
• The very fact of the duty has increased urgency, board-level conversation and resource allocation to harassment prevention.
• Many employers have created new risk assessment (with our support!) improved their existing risk assessments, refreshed or created training, improved channels for raising concerns, and updated their policies.
• From Thrive Law’s engagements, we see more employers now asking “what might happen if we don’t act proactively? What else can we do to bring these changes to life in some realistic training?” rather than “what do we do if someone complains?”
But the gaps are real:
• Some organisations treat this as “update the policy, run a training, tick the box” and then stop. The guidance warns against this.
• Third-party harassment (clients/customers/
• Remote and hybrid working, travel, off-site events, socialising are still often treated as peripheral, not core risk zones. The EHRC lists these as factors to consider.
• Link to inclusion: for those with neuro-divergence, mental-health vulnerabilities or in more junior roles, the barriers to raising concerns or perceiving risk may be higher. Unless employers deliberately embed inclusive practices (psychological safety, accessible channels, clear roles for allies) then the nominal duty isn’t fully realised.
• Culture change is slow: policy and process alone will not transform lived experience. Without embedding behavioural change, organisations risk continuing patterns of “safe” culture on the surface but unsafe in practice.
3. What’s coming next?
The upcoming Employment Rights Bill (expected later in 2025/early 2026) will raise the standard from “reasonable steps” to “all reasonable steps” required of employers. Employers will be expected to extend their preventative duty more clearly to cover third-party harassment and potentially volunteers/other stakeholders.
This is a much higher threshold. Those who are already working in this space will have to take it up a notch to ensure compliance. The regulatory environment and enforcement will intensify: higher scrutiny, more expectation of measurement, more expectation of leadership accountability.
From a best practice standpoint: the integration of harassment prevention with broader topics such as inclusion, mental-health, neuro-divergence, remote/hybrid work – means the “old-school” harassment policy is not enough; the prevention spectrum must widen.
4. What should employers be doing right now?
Here are practical priorities:
1. Treat the duty as an ongoing governance challenge, not a one-off deliverable.
• Conduct a sexual-harassment specific risk assessment: map key risk-areas (e.g., off-site events, travel, client interactions, remote work, lone working, social events, third parties).
• Use the EHRC’s 8-step guide as your checklist.
• Document what you found, what you are doing about it, and embed review (at least annually or when business-changes occur).
• Engage workers and representative groups (including ERGs, neuro-inclusion networks, mental-health champions) in design and review.
2. Refresh and tailor training, but make it meaningful.
• Ensure training is not generic “everyone watches a module online”. Design differentiated content: senior leaders (behaviour, culture, accountability), managers (recognising signs, bystander, escalation), all staff (behaviour, micro-behaviour, bystander) – think about new starters and onboarding too!
• Link training into broader inclusion-spaces: e.g., neuro-divergent inclusion, mental-health safe space, psychological safety.
• Embed scenarios reflective of your business: third-party interactions, remote work, events, travel.
• Monitor: track participation, get qualitative/quantitative feedback (e.g., via surveys), log incident-data and trends, hold “lessons learnt” sessions after incidents. The EHRC emphasises monitoring and evaluation.
3. Policies and procedures must be current, accessible and genuinely followed.
• Update your anti-harassment policy: reflect the new duty, include third-party harassment, remote/hybrid work risks, social events – all policies should be updated to reflect the changes ands to align.
• Ensure reporting channels are accessible, well-advertised and trusted (including anonymous options, safe-spaces).
• Make sure investigations are fair, timely, and support complainants; confidentiality must not be a barrier, and confidentiality clauses (NDAs) are under greater scrutiny.
• Tie data-collection into HR/people metrics: track complaints, near misses, culture-survey indicators, exit interview feedback.
4. Leadership, culture and inclusion must be front and centre.
• Senior leadership must visibly sign-up to zero-tolerance, champion cultural norms, allocate resource, set the tone.
• Embed harassment prevention into wider inclusion, neuro-inclusion, mental-health, wellbeing strategies. For example: someone with ADHD or neuro-divergent might experience micro-behaviours or dismissal of their concerns – which magnifies risk.
• Build psychological safety: ensure people feel able to speak up, challenge behaviour, escalate concerns without fear of reprisal.
• Encourage bystander practice: make ‘safe challenge’ a norm, train managers and peers in recognising and intervening early. Measure this over time.
5. Review your third-party and external-interaction risks.
• Risk assess settings where employees engage with clients/customers/contractors – are there rules of behaviour, expectations, ramifications?
• Include clauses in supplier/contractor agreements about behaviour, harassment, reporting obligations.
• For remote and hybrid models: ensure policies extend to home‐working, client visits, travel, off-site meetings/social events.
6. Measure progress and embed continuous improvement.
• Don’t just measure “training completed” – measure: incidence of issues, nature of issues, trend lines, staff-survey perceptions of safety, bystander interventions, exit-interview feedback.
• Use the results to refine your approach: update risk-assessments, policies, training modules, communication. The duty is ongoing.
• Benchmark against peers and sector standards: what are best-in-class organisations doing? Use that insight to drive improvement.
TIP – sounds like a lot? Well we are here to help! We can help with as much or as little of the above as you need. Whether you’re a HR team who just needs some guidance on the outcomes of your risk assessment or you need the risk assessment drafting and completing from scratch, with a full action plan creating for you. Or whether you’ve already delivered in house training and wants to take it up a level, or want to bring external providers in to support you with the delivery or a train the trainer programme. Maybe you aren’t sure where to start or how to measure? We’re here to help. Book a free consultation with our dedicated team to explore how we can support.
Email: enquiries@thrivelaw.co.uk
Final Thoughts
One year on from the implementation of the duty, we can say: yes – things are moving in the right direction, but we’re not yet at the place where “this issue is solved.” The legal duty has driven much needed progress, but the harder work of cultural change, inclusion, and accountability continues.
For employers, the question is not just “Have we done it?” but “Are we doing it, reviewing it, embedding it, evolving it?”
For Thrive Law clients and partners, I would encourage you to ask yourselves:
• When did we last review our sexual-harassment risk assessment?
• Are our training, policies and systems still aligned with how people work today (hybrid, remote, travel, social events)?
• Have we engaged our improvement networks (neuro-inclusion, mental-health, ERGs) in co-design of prevention?
• What data do we capture to tell us not just “we carried out the steps” but “we are making the culture safer, we are reducing risk, we are evolving”?
• How is our leadership behaviour showing up in lived experience – are people safe, confident, willing to speak up?
We must move from “duty done” to “duty lived”. Because human dignity, psychological safety and inclusive culture are not boxed-off items on a checklist – they are embedded, lived experiences. And from a business perspective, they are also central to talent retention, performance, reputation and growth.
I look forward to seeing the next phase of this journey – one where prevention is as much about inclusion, belonging and dignity as it is about legal compliance.
At Thrive Law, we support employers to go beyond compliance: creating psychologically safe, inclusive workplaces where dignity and respect are the norm.
Click here to learn more about how we can help you embed prevention and culture change
