From October 2026, a key provision of the Employment Rights Act 2025 (ERA 2025) will come into force, significantly strengthening employers’ legal obligations in relation to workplace sexual harassment.
One little word: from “reasonable” to “all reasonable” steps
Since 26th October 2024, employers have been under a proactive legal duty to take “reasonable steps” to prevent sexual harassment of their employees, following the Worker Protection (Amendment of Equality Act 2010) Act 2023. However, the Employment Rights Act 2025 takes this duty and builds on it. From October 2026:
- employers must take “all reasonable steps” to prevent sexual harassment; and
- a new, explicit duty means that employers will be liable for third-party harassment (e.g. by customers, clients, contractors or visitors).
At first glance, it might be thought that the addition of the word “all” is a semantic nicety but in legal terms, it represents a substantial increase in the threshold that must be met by employers.
As the law stands now, employers can defend claims if they are able to show that they took reasonable preventative measures, proportionate to their organisation. But from October 2026, the question for tribunals looking at claims will be a more demanding one: was there anything more the employer could reasonably have done?
If it is decided that the answer is yes, the employer may find themselves liable.
What does “all reasonable steps” means in practice?
The strengthened duty reflects a shift from a largely policies-based compliance model to a more evidence-driven and outcome-focused approach.
This means that tribunals are likely to look at whether employers have policies in place and whether those policies are:
- effectively implemented
- regularly reviewed
- embedded into workplace culture
- supported by meaningful training and oversight
Rather than taking isolated or “one-off” actions and believing that this will do the job, organisations will need to adopt an ongoing, holistic approach.
Importantly, what constitutes “all reasonable steps” will vary depending on factors such as:
- the size and resources of the employer
- the sector and working environment
- the level of risk (e.g. lone working, alcohol-related events, power imbalances)
These factors notwithstanding, employers need to remember that from October, it will no longer be sufficient to aim for the bare minimum and hope for the best when it comes to compliance.
Extending responsibility: third-party harassment
One of the most significant developments under the Employment Rights Act 2025 is the introduction of explicit liability for third-party harassment.
From October 2026, employers must take all reasonable steps to prevent harassment not only by employees, but also by individuals external to the organisation, including:
- customers and clients
- contractors and agency staff
- service users or patients
- visitors and members of the public
This is particularly relevant for sectors such as retail and hospitality, healthcare and social care, transport and public-facing services.
In the past, third-party harassment was more difficult to pursue legally, but this new duty removes the element of ambiguity and puts a clear responsibility on employers to anticipate and mitigate risks arising from interactions with non-employees.
Beyond the workplace: offsite and social settings
Something else to consider when thinking about the duty is just how far its reach extends. It applies wherever there is a sufficient connection to employment. This can include:
- work-related social events
- conferences or business travel
- client meetings or offsite engagements
Since these settings can often involve factors such as alcohol consumption, informality and blurred professional boundaries, the risk can commensurately increase. Therefore, when drafting and implementing their preventative frameworks, employers will need to ensure they extend beyond what might be thought of as the traditional workplace.
What this means for employers
Post-October 2026, the key implications will include:
1. Increased legal risk
If they are unable to show that they took every reasonable preventative step, employers face a higher likelihood of liability. This will include much more rigorous scrutiny of the actions they took – or did not take – before any incident occurred.
2. Greater evidential burden
After October, employers will no longer be able to just point to policies or training and claim that these are sufficient to discharge their duty. They will now have to document their preventative measures, risk assessments and decision-making processes – and provide evidence if required.
3. Cultural expectations
The legislation underlines the expectation that employers will be actively fostering a workplace culture where harassment is prevented, challenged and addressed early – not simply reacted to when it happens. The employer needs to be proactive rather than reactive.
4. Exposure in customer-facing roles
Although the law applies to all businesses, those where third party interaction is significant will need to look more closely at risk profiles and introduce environment-specific additional safeguards.
Practical action points
Employers need to start thinking about what action needs to be taken so that they will be ready by October. Practical and immediate steps include:
- Carry out a comprehensive risk assessment
Identify where sexual harassment risks may arise; consider the implications and effects of:
- different roles and environments
- offsite work and travel
- interaction with third parties
- previous complaints, grievances, or “known issues”
Rather than a “draft it and forget it” approach to risk assessments, employers will need to review and update them regularly.
- Review and strengthen policies
Make sure that anti-harassment policies:
- clearly define what is meant by unacceptable behaviour
- cover third-party harassment explicitly
- apply to all work-related settings (including social events)
- provide accessible reporting mechanisms
Be sure to communicate these policies effectively and adopt measures to regularly reinforce both awareness and use of them.
- Enhance training programmes
A lot of training programmes (either face-to-face workplace-based or e-learning) can be rather generic. Employers need to transcend the limitations of these by introducing:
- role-specific and scenario-based training
- training for managers on early intervention
- regular refresher sessions
Instead of just awareness-raising, which is all well and good, as far as it goes, training should reflect real workplace risks and encourage behavioural change.
- Address third-party risk
This is a particularly tricky area to address, involving, as it does, the actions of people who are not employees. Therefore, strategies need to be developed to mitigate the risks posed by non-employees, such as:
- clear expectations communicated to clients, suppliers and contractors
- procedures for dealing with incidents involving third parties, should they arise
- contractual clauses or service terms where appropriate and methods for enforcing them
In higher-risk settings, such as have been outlined above, employers should think about practical safeguards such as staffing arrangements or escalation processes.
- Strengthen reporting and whistleblowing channels
Make sure that employees feel secure enough to report their concerns by:
- setting up and promoting confidential reporting routes
- taking steps to reinforce anti-retaliation protections
- ensuring whistleblowing policies are aligned with recent developments (including protection for sexual harassment disclosures)
https://rradar.com/products/whistlebox/
- Monitor, measure and act
It is important that employers should:
- track complaints and trends
- analyse data to identify hotspots or recurring issues
- take proactive steps to address emerging risks
Under the new duty, being able to provide evidence of continuous improvement will be critical should a claim arise.
- Embed a preventative culture
Ultimately, effective compliance with the “all reasonable steps” duty requires a fundamental shift in mindset that will apply at all levels of an organisation:
- Leadership must model the appropriate behaviour they want to see in the business – the credibility of any measures will be undermined if it is seen not to be followed by those at the top
- Managers must be given the tools and training they need to act early
- Employees must understand the expectations required of them and feel that they can speak up if the situation arises
Although policies and procedures are valuable tools in reducing the likelihood of an event occurring, a strong culture will be one of the most effective safeguards against liability.