Managing off-site risks for remote employees

An employee develops chronic back pain after months of working from a dining table. A data breach occurs because a staff member connects to an unsecured public Wi-Fi network. A remote worker, increasingly isolated, takes extended sick leave for anxiety. These are not hypothetical scenarios. They reflect the kinds of risks that arise when work moves beyond the employer's direct line of sight.

The Health and Safety Executive is clear: employers have the same health and safety responsibilities for home workers as for those in a workplace [1]. Yet many businesses, particularly smaller ones, treat remote working as inherently low-risk and overlook the practical steps needed to protect both their people and themselves.

According to the Office for National Statistics, around 40% of UK workers now work remotely at least some of the time, with 14% doing so full-time and 26% following a hybrid pattern [2]. Since April 2024, employees have had a statutory right to request flexible working from their first day of employment [3]. Remote and hybrid arrangements are now a structural feature of the UK labour market, not a temporary accommodation.

Summary

• Employers owe the same duty of care to remote workers as to on-site staff, including health and safety risk assessments [1].
• The HSE confirms that home workers should be included in workplace risk assessments, with a balanced and proportionate approach [4].
• Key risk areas include workstation ergonomics, mental health and isolation, data security, and blurred working-time boundaries.
• Self-assessment checklists, regular check-ins, and clear policies form the foundation of effective off-site risk management.
• Data protection obligations apply equally to remote settings; employers must ensure secure devices, encrypted connections, and staff training [5].
• The financial and legal consequences of inaction can be significant: employers' liability insurance must cover remote workers, and tribunal claims can arise from injuries or stress caused by inadequate working conditions.

Your legal obligations

The Health and Safety at Work Act 1974 places a general duty on employers to ensure, so far as is reasonably practicable, the health, safety, and welfare of all employees. This applies regardless of where the work takes place. The Management of Health and Safety at Work Regulations 1999 reinforce this by requiring employers to carry out suitable and sufficient risk assessments covering all workers, including those based at home. The HSE's risk assessment guidance for home workers confirms that these assessments should be balanced and proportionate to the level of risk involved [4].

For employees who regularly use display screen equipment (DSE), such as laptops and monitors, the Health and Safety (Display Screen Equipment) Regulations 1992 also apply. The HSE states that where these regulations apply, employers should carry out a DSE assessment for individual workers, and that in most cases a visit to the employee's home is not required [7]. Workers may complete a self-assessment provided they have been given suitable training on how to set up their workstations safely and apply good ergonomic principles.

Employers' liability insurance, which is a legal requirement under the Employers' Liability (Compulsory Insurance) Act 1969, must cover employees working from home. Standard policies typically do, but it is worth confirming with your insurer that remote and hybrid arrangements are included in the scope of cover.

Physical risks: Workstation setup and ergonomics

A significant proportion of remote workers do not have ideal working environments. Research indicates that as many as seven in ten home workers feel they lack the right equipment to do their job properly [8]. Some work from sofas, kitchen tables, or bedrooms - none of which are designed for prolonged desk-based work. Over time, poor posture and inadequate equipment contribute to musculoskeletal problems including back, neck, and shoulder pain.

Practical steps to address this include:

• providing a self-assessment checklist that employees complete for their home workstation, covering chair height, screen position, lighting, and cable management
• following up on completed assessments to identify where adjustments or equipment are needed
• supplying or funding appropriate equipment where the assessment identifies a risk, such as an external monitor, keyboard, or ergonomic chair
• reminding employees to take regular breaks from screen work and to vary their posture throughout the day.

The HSE emphasises that where a DSE workstation assessment identifies the need for action, workers must not be charged for any equipment provided [7]. Many of these adjustments are low-cost, particularly when compared with the expense of sickness absence or an injury claim.

Mental health and isolation

Remote work can amplify what health and safety professionals refer to as psychosocial risks - the social and organisational factors that affect mental health at work, including workload pressure, lack of control over how work is done, limited peer support, and unclear expectations around roles and availability. The scale of the problem is significant: according to the HSE, 1.9 million workers in the UK are currently suffering from a work-related illness, with 964,000 of those cases involving stress, depression, or anxiety [13].

Remote workers face particular exposure to these risks. A UK survey of over 2,000 employees found that 49% of remote workers feel isolated, and 57% regularly work outside their designated hours. Hybrid workers reported lower isolation rates, with only 27% experiencing similar feelings, suggesting that some in-person contact makes a meaningful difference. [9]

The HSE's Management Standards for work-related stress provide a structured framework for identifying these risks, and employers should ensure remote workers are fully included in that process [10]. For remote employees, this means actively monitoring for signs of overwork, disconnection, or declining wellbeing - rather than assuming that a lack of visible distress means everything is fine.

Effective approaches include:

• scheduling regular one-to-one check-ins that cover wellbeing as well as work progress
• establishing team routines that create informal connection, such as weekly video catch-ups or virtual coffee breaks
• setting clear expectations around working hours and availability, including encouraging employees to log off at a reasonable time
• ensuring remote workers have access to the same support resources as office-based staff, including employee assistance programmes where available.

Managers play a central role. Regular, genuine contact helps identify problems early, before they escalate into prolonged absence or formal grievances.

Data security and GDPR compliance

Employers' data protection obligations under UK GDPR and the Data Protection Act 2018 do not change when employees work remotely. The ICO provides specific guidance for organisations with home-working staff, emphasising the need for appropriate technical and organisational measures to protect personal data [5].

Remote working introduces particular vulnerabilities. Employees may connect to unsecured home or public Wi-Fi networks, use personal devices without adequate security controls, or handle sensitive documents in shared household spaces. Practical measures to address these risks include:

• providing company devices with up-to-date security software, encryption, and automatic updates
• requiring the use of a VPN for accessing company systems remotely
• training employees on recognising phishing attempts, securing their home network, and handling confidential information
• establishing clear policies on the use of personal devices, including whether a bring-your-own-device (BYOD) approach is permitted and what security requirements apply
• setting procedures for reporting data breaches or lost devices promptly.

These measures protect both the organisation and the individuals whose data is being processed. A data breach caused by inadequate remote working security can result in regulatory action from the ICO, financial penalties, and reputational damage.

Working time and boundaries

The Working Time Regulations 1998 continue to apply to remote workers. Employers must ensure that staff are not exceeding the 48-hour weekly maximum (unless they have opted out), that they receive adequate daily and weekly rest periods, and that statutory breaks are being taken [11].

Remote work can make it harder to monitor these boundaries. When work is always accessible from a device in the next room, the temptation to check emails or finish tasks outside of agreed hours increases. Over time, this pattern contributes to fatigue and burnout.

Employers can help by requiring accurate time recording for remote workers, training managers not to contact staff outside working hours except in genuine emergencies, and building a culture where switching off is not only permitted but expected. Clear policies, communicated during onboarding and reinforced through regular practice, are more effective than relying on individual discipline.A practical framework for managing off-site risk

Managing remote working risks does not require complex systems. A structured, proportionate approach covers most situations.

1. Assess. Include remote and hybrid workers in your workplace risk assessment. Use self-assessment tools for home workstations and follow up where issues are flagged. Review assessments regularly, particularly when an employee's circumstances change.
2. Equip. Provide or fund the equipment needed to work safely, whether that is an ergonomic chair, a second monitor, or a secure laptop. Where your DSE assessment identifies a need, the cost falls to the employer [7].
3. Communicate. Set clear expectations around working hours, availability, data handling, and incident reporting. Document these in a remote working policy and ensure all relevant staff have read and understood it.
4. Connect. Maintain regular contact with remote employees through structured check-ins and informal interaction. Isolation builds gradually, and early intervention is significantly more effective than responding to a crisis.
5. Review. Revisit your arrangements periodically. Working patterns, personal circumstances, and regulatory requirements all change over time. Annual reviews of remote working risk assessments, policies, and support mechanisms help ensure your approach remains current.

Helpful resources

• HSE: Home working - employer guidance - overview of your health and safety duties for home workers.
• HSE: Home working - risk assessment - guidance on including home workers in your risk assessments.
• HSE: Display screen equipment at home - DSE assessment requirements for home-based workers.
• HSE: DSE workstation checklist - practical checklist for workstation self-assessments.
• HSE: Lone working - guidance on managing risks for those who work alone, including home workers.
• HSE: Work-related stress - guidance on assessing and managing stress risks in the workplace.
• ICO: Working from home - data protection guidance for organisations with remote-working staff.
• GOV.UK: Flexible working - guidance on handling statutory flexible working requests.
• GOV.UK: Employers' liability insurance - legal requirements for employer insurance cover.
• GOV.UK: Access to Work - government-funded support for employees with disabilities or health conditions, including equipment and workplace assessments.

While the above resources are a solid starting point, every business is different. Where the situation involves specific circumstances - an employee raising a concern about their home setup, or uncertainty about how health and safety law applies to a particular role - it is worth getting professional advice.

Employment law and health and safety interact in ways that are not always obvious, and the cost of getting it wrong, whether through a tribunal claim, an HSE investigation, or simply losing a good employee, tends to exceed the cost of asking someone who deals with these issues every day. Services like Mentor and independent health and safety consultants can all help businesses navigate this area.

Conclusions

Remote and hybrid working are now a permanent part of the UK employment landscape. The legal obligations that apply are not new; they are the same duties of care that have always existed, extended to wherever the work happens. Most of the practical steps involved are low-cost, straightforward, and beneficial not only for compliance but for employee wellbeing and productivity.

Clear policies, appropriate equipment, regular contact, and a culture that values outcomes over visibility create environments where people can do their best work - wherever they happen to be located.

This article is intended for informational purposes only and does not constitute legal advice. The information is accurate at the time of writing but may be subject to change. For advice specific to your situation, please consult a qualified professional.

[1] HSE, Home working: employer guidance, 2024.

[2] Office for National Statistics, Who are the hybrid workers?, November 2024.

[3] GOV.UK, Flexible working; Employment Relations (Flexible Working) Act 2023, in force from 6 April 2024.

[4] HSE, Home working: risk assessment, 2024.

[5] ICO, Working from home guidance, 2025.

[6] Acas, Employment Rights Act 2025, December 2025.

[7] HSE, Working with display screen equipment at home, 2024.

[8] StandOut CV, Remote working statistics UK, 2025.

[9] BizSpace / Workplace Wellbeing Professional, Survey reveals remote work hidden mental health challenges, November 2024.

[10] HSE, Work-related stress, 2024.

[11] Acas, Working time rules: employer guidance, 2024.

[12] GOV.UK, Plan to Make Work Pay and Employment Rights Act: timeline update, February 2026.

[13] HSE, Key figures for Great Britain 2024 to 2025, 2025.