Sexual harassment at work has been in the headlines for years. And yet, for many small businesses, the response has been the same: update the policy, run a training session, tick the box, move on.
The Employment Rights Act 2025 has changed what that response needs to look like. Not because the headlines have changed, but because the law has. The duty on employers to prevent sexual harassment is now stronger, the liability is broader, and the financial consequences of getting it wrong are more significant than before.
More importantly, and this is the part that matters most for businesses that want to do more than just stay out of trouble, a policy alone has never been enough to create a workplace where people feel genuinely safe. The ERA changes are an opportunity to take both seriously at once.
This post explains what has changed, what it means in practice, and why the businesses that treat this as a culture opportunity will be better protected legally and better places to work.
|
What Has Actually Changed Under the ERA 2025?
Two specific changes in the Employment Rights Act 2025 affect how employers must approach sexual harassment prevention.
Third-party harassment liability has been reinstated
Employer liability for harassment by third parties has been reinstated. This means that if one of your employees is harassed by a customer, client, audience member, contractor, supplier or member of the public, and you have not taken reasonable steps to prevent it, your business can be held liable.
This is not a new concept in employment law. It existed before, was removed, and has now been brought back with stronger effect. For businesses in client-facing sectors including hospitality, retail, healthcare, creative industries, education and performing arts, this is a significant change that requires a specific, documented response.
The compensation uplift
Where a tribunal finds that an employer has failed to take all reasonable preventative steps, it can now apply a compensation uplift of up to 25% on top of any harassment award.
To put that in context: a harassment award of £40,000 could become £50,000 if the tribunal concludes that reasonable steps were not taken. A £80,000 award could become £100,000. The uplift is not automatic, but it is available whenever a tribunal finds that the employer did not take the steps a reasonable employer would have taken.
These two changes together mean that the standard of what it looks like to take ‘reasonable steps’ is now higher, broader and more consequential than it was before.
What Does ‘Reasonable Steps’ Actually Mean?
This is the question most employers are asking, and it is the right one to focus on.
Reasonable steps is not defined precisely in legislation, which means tribunals assess it based on the specific facts and context of each case. However, the Equality and Human Rights Commission guidance and early tribunal decisions give a clear picture of what is expected. It is more than a policy. It is a combination of active measures that together demonstrate a genuine commitment to prevention.
Reasonable step | What it looks like in practice |
A written anti-harassment policy | Necessary but not sufficient on its own. Must be up to date, cover third-party harassment, and be communicated to staff, not just filed away. |
A documented risk assessment | This is the piece most businesses are missing. A risk assessment specific to your workplace and workforce, covering the environments in which harassment could occur, including interactions with third parties. |
Training for managers and staff | Not a one-off e-learning module completed years ago. Regular, meaningful training that covers what harassment looks like, how to report it, how managers should respond, and third-party scenarios relevant to your sector. |
A clear reporting and response process | Staff need to know how to report harassment, who to report it to, and what will happen when they do. The process needs to be accessible and trusted. |
Documentation of all steps taken | Everything above needs to be recorded. If a claim is ever brought, the question will be whether you can evidence that reasonable steps were taken. Records are your evidence. |
Why a Policy Update Alone Is Not Enough
Many businesses responded to the 2024 Worker Protection Act by updating their harassment policy. That was the right thing to do, and it is a necessary starting point. But a policy that sits in a handbook and is never actively communicated, trained on or tested against real scenarios does very little to prevent harassment from occurring.
Tribunals are increasingly looking at whether prevention steps were substantive, not just whether they existed on paper. A policy written three years ago that does not mention third-party harassment, or that has not been reviewed since the ERA came into force, is unlikely to meet the current standard.
The other limitation of a policy-only approach is that it treats harassment as something to be dealt with after it happens. The duty to prevent requires thinking about the conditions in which harassment is more likely to occur, and actively reducing those conditions. That is a culture question, not just a compliance one.
|
The Culture Dimension: Why This Matters Beyond the Law
The sectors most exposed to third-party harassment liability are also some of the most people-dependent sectors in the economy. Hospitality, social care, performing arts, creative agencies, healthcare and retail all rely on attracting and retaining people who genuinely want to work there.
The data on this is consistent. Workplaces where people feel safe and respected have lower absence rates, higher retention, and stronger performance. Workplaces where harassment concerns are dismissed or ignored tend to lose their best people first, because those individuals have the most options.
There is also a reputational dimension that is particularly significant for smaller businesses. For a 20-person company, a harassment case that becomes public is not a news story that disappears in a news cycle. It can affect relationships with clients, partners and future hires for years.
Treating the ERA changes as a compliance exercise is the floor, not the ceiling. The ceiling is building the kind of workplace where harassment is genuinely less likely to happen, where people feel confident reporting concerns, and where managers know how to respond when they do.
That requires a combination of good policy, meaningful training, and honest conversations about the culture that exists day to day, not just the culture described in the handbook.
What Does This Mean for Different Sectors?
Third-party harassment liability is most significant for businesses whose staff regularly interact with people outside the organisation. Here is how the duty applies across some of the sectors Sleek HR works with:
Sector | Key considerations |
Performing arts and education | Audience members, visiting artists, venue staff and other third parties create a specific risk environment. Risk assessments need to reflect the realities of these interactions, including touring, evening events and informal settings. |
Social care | Care workers are frequently exposed to challenging behaviour from clients, residents and family members. This sector has high rates of third-party harassment and needs specific, documented prevention measures. |
Tech and creative agencies | Client relationships, freelancer networks and informal work cultures can all create risk. The expectation of a relaxed or informal environment does not reduce the legal obligation. |
Hospitality and retail | Customer-facing roles carry inherent risk. Staff need clear guidance on how to handle and report incidents, and managers need to be equipped to act when reports are made. |
Publishing and media | Freelance relationships, industry events and the blurred boundaries between professional and social settings require specific attention in risk assessments. |
Energy and professional services | Site-based and field-based roles create risk environments that are harder to monitor and manage. Risk assessments need to account for locations outside the main office. |
What Small Businesses Need to Do Now
The good news for small businesses is that the reasonable steps standard is proportionate to the size and resources of the organisation. A 15-person business is not expected to have the same infrastructure as a FTSE 250 company. But it is expected to have taken the steps that a reasonable employer of its size would take.
Here is a practical checklist:
Sexual Harassment Prevention Checklist
|
The Inclusion Connection
At Sleek HR, the work we do on sexual harassment prevention sits alongside our broader DEI advisory services because the two are fundamentally connected.
Sexual harassment disproportionately affects women, younger workers, LGBTQ+ employees and workers from minority backgrounds. A workplace that takes harassment prevention seriously is, by definition, taking inclusion seriously. The culture that prevents harassment is the same culture that makes people from different backgrounds feel that they belong, that their concerns will be taken seriously, and that they are equally protected.
The businesses that approach this as a people and culture issue, not just a legal obligation, tend to do it better and benefit more from it. Better retention, stronger employer brand, more diverse teams, and a more resilient organisation overall.
The ERA 2025 changes create a legal requirement to act. The question is whether that action is the minimum needed to satisfy a tribunal, or the foundation for something genuinely better.
Not sure where your business stands?
Download our free ERA Compliance Health Check. 12 questions, under 10 minutes, no jargon.
Or book a free 20-minute call to talk through your specific situation.
hello@sleekhr.co.uk | 0330 133 6377 | sleekhr.co.uk
Frequently Asked Questions
Does the sexual harassment duty apply to businesses with fewer than 10 employees?
Yes. The duty to take reasonable steps to prevent sexual harassment applies to all employers regardless of size. What counts as reasonable is proportionate to the resources and context of the organisation, but there is no lower limit below which the duty does not apply.
What is third-party harassment and does it apply to my business?
Third-party harassment means harassment carried out by someone who is not employed by your organisation, such as a customer, client, contractor, supplier, audience member or member of the public. It applies to any business whose employees interact with people outside the organisation in the course of their work. If any of your staff have client-facing, public-facing or site-based roles, it almost certainly applies to you.
We already have a harassment policy. Is that enough?
A policy is a necessary starting point, but it is not sufficient on its own under the ERA 2025. A tribunal assessing whether reasonable steps were taken will look at whether the policy specifically covers third-party harassment, whether it has been communicated to staff, whether training has been delivered, whether a risk assessment has been carried out, and whether there is documentation of all of the above. A policy that exists on paper but has not been actively implemented is unlikely to meet the standard.
How often does training need to be delivered?
There is no prescribed frequency in legislation. The expectation is that training is regular and meaningful. Annual training, refreshed when your workforce or working environment changes, is a reasonable minimum. One-off e-learning completed at induction several years ago is unlikely to satisfy a tribunal that the employer took its prevention duty seriously.
What should a harassment risk assessment cover?
A harassment risk assessment should be specific to your workplace and workforce rather than a generic template. It should cover the environments in which staff work, including any locations outside the main office, the types of interactions staff have with colleagues, clients and third parties, the sectors and roles most exposed to risk, and any previous incidents or concerns. The assessment should be documented and reviewed regularly.