Work Health and Safety law is the biggest legal exposure on a construction site — and as soon as you run a business with workers (even subbies) you are a "PCBU" carrying a primary, non-delegable duty. Here is who is covered, what the duty actually requires, the officer due-diligence duty, and what a breach costs.
Which law applies where
Most of the country runs a version of the model WHS Act — the Commonwealth (Comcare), NSW, QLD, SA, TAS, ACT and NT. Two outliers: Victoria still uses its own OHS Act 2004 ("employer", not "PCBU", and no Category 1–3 structure), and WA has a hybrid WHS Act 2020. The core concepts travel across the model states; VIC is a separate lens.
You are a PCBU — the primary duty
A Person Conducting a Business or Undertaking must ensure, so far as reasonably practicable, the health and safety of its workers and anyone else affected — visitors, neighbours, the public. On a site that means a safe environment, safe plant and structures, safe systems of work, safe handling of substances, welfare facilities, and information, training and supervision — plus the psychosocial risks (fatigue, isolated work). It is a non-delegable duty: you cannot contract it away to a subbie.
Managing risk — the hierarchy of control
The method is to eliminate the risk so far as reasonably practicable; if you cannot, minimise it. Four steps — identify hazards, assess, control, review — and the control hierarchy: eliminate, substitute, isolate, engineer, administrative, PPE (PPE last, not first).
Consult — it is a legal duty, not a nicety
You must consult the workers affected (employees, labour-hire, apprentices, the subbies' workers you influence), and consult, co-operate and co-ordinate with the other duty holders — the principal contractor, the other subbies, the client. Toolbox talks, pre-starts and health-and-safety reps are how you do it.
Officers and due diligence
If you are an "officer" (a director, or someone making decisions for the business) you owe a personal due-diligence duty with six elements: keep your WHS knowledge current; understand the operations and their hazards; ensure resources and processes to control risk; ensure processes to receive and act on incident and hazard information; ensure compliance processes (notifiable-incident reporting, consultation, licences); and verify all of that is actually happening (site walks, reviewing reports — not just signing a policy). You can be personally liable even if the business is not prosecuted.
What a breach costs
Three categories:
- Category 1 — reckless conduct exposing someone to death or serious injury (the worst).
- Category 2 — a duty failure exposing someone to that risk (no recklessness).
- Category 3 — a duty failure (no need to prove exposure to serious-injury risk).
Maximum penalties are large and indexed every year — under the model maxima a Category 1 offence runs into the millions for a body corporate, with imprisonment available for individuals (Comcare's are higher again). The exact figures differ by state and change annually, so treat these as indicative and check your regulator's current table. The point stands: a serious WHS breach is a business-ending event, and for an officer a personal one.
Common mistakes
- Assuming WHS is the principal contractor's problem — the duty is non-delegable.
- PPE first instead of eliminate-first.
- An officer "signing the policy" without verifying anything happens.
Know someone who needs this?
Keep reading
Was this guide useful?
Didn't find what you were looking for?
Spotted something wrong or out of date? Email us at hello@kilnguides.co.uk.
In crisis? Lifeline 13 11 14 ·