Workplace sexual harassment legislation explained

Why legislation matters workplace

In this article

Workplace sexual harassment is a serious legal and organisational issue. UK law sets out clear definitions, responsibilities and protections to help employers prevent harm and respond appropriately when it occurs.

This guide outlines the key legal duties and offers practical steps to help organisations build a safe, inclusive culture for employees at work.

Why legislation matters

Legislation governing workplace sexual harassment acts as both a safeguard and a guide.

For employers, it:

  • Establishes clear boundaries of acceptable conduct
  • Outlines obligations to provide a safe work environment
  • Highlights the consequences of non-compliance

For employees, it:

  • Affirms their right to dignity and respect
  • Offers clear pathways to report concerns
  • Shows that harmful, unlawful behaviour will not be tolerated

Behind every policy are people. When employers take their legal duties seriously, they help protect staff from real harm. For someone who’s experienced harassment, knowing there’s a clear process and that they’ll be taken seriously can bring relief, confidence and a sense of safety.

Strong legislation also gives everyone a shared understanding of what’s okay and what isn’t. It makes it easier to call out bad behaviour, support colleagues and build a workplace where respect is part of everyday life – not just a statement on a poster.

When employers ignore their legal duties, the consequences can be serious. They may be held vicariously liable for harassment by staff and face uncapped compensation awards, including injury to feelings and financial loss. Failure to follow the ACAS Code can lead to a 25% uplift in awards. Regulators like the Equality and Human Rights Commission (EHRC) and the Health and Safety Executive (HSE) may also step in with compliance notices or investigations, especially where there are signs of wider failings.

Below are some of the consequences a UK business might face if it fails to comply with legislation around sexual harassment:

  • Employment tribunal claims
  • Financial compensation payouts
  • Legal fees and management time
  • Damage to brand and reputation
  • Loss of staff trust, morale and retention
  • Increased scrutiny from regulators or industry bodies
  • Difficulty attracting new talent

Defining sexual harassment under UK law

Under UK law, sexual harassment is defined as unwanted conduct of a sexual nature that either violates a person’s dignity or creates an intimidating, hostile, degrading, humiliating or offensive environment.

This definition comes from the Equality Act 2010 and applies across the public, private and non-profit sectors. Conduct doesn’t need to be aimed at a specific person – even ongoing behaviour that affects staff more broadly can amount to harassment.

Unwanted conduct encompasses a wide spectrum of behaviours:

  • Verbal remarks, jokes, innuendo
  • Comments about someone’s appearance
  • Non-verbal actions such as leering, gesturing or displaying sexually explicit material
  • Physical acts ranging from deliberately brushing against someone’s body to assault

Harassment occurs when someone reasonably sees the conduct as offensive – regardless of whether the person responsible meant any harm.

The scope of sexual harassment under the Equality Act 2010 can be clarified through two key concepts:

  • The purpose-or-effect test – Behaviour can still count as harassment even if it wasn’t intended that way, as long as it has an unwanted effect on the recipient.
  • The reasonable person standard – Asks whether a reasonable person would see the conduct as meeting the legal threshold.

Together, these tests help capture more subtle forms of harassment – like inappropriate jokes or so-called “harmless” pranks – that might not involve physical contact but still cause real harm.

Overview of the Equality Act 2010

Protected characteristics and harassment

The Equality Act 2010 consolidated previous discrimination legislation into a single statute encompassing nine protected characteristics:

  • Age
  • Disability
  • Gender reassignment
  • Marriage and civil partnership
  • Pregnancy and maternity
  • Race
  • Religion or belief
  • Sex
  • Sexual orientation

Harassment is prohibited where it relates to any one of these characteristics.

Sexual harassment, specifically, is intrinsically linked to the protected characteristic of sex (and may also intersect with sexual orientation or gender reassignment).

Definition and scope

Part 2 of the Equality Act covers discrimination and harassment in employment contexts, including recruitment, terms and conditions, promotions, transfers, dismissals and training.

Sexual harassment is defined in Section 26 as unwanted conduct of a sexual nature. The Act explicitly includes:

  • Quid pro quo harassment, where submission to unwanted behaviour is made a condition of employment
  • Third-party harassment, where an employee is harassed by customers, clients or contractors

This comprehensive coverage means that employers must address harassment from all sources within the workplace ecosystem.

Vicarious liability

One of the most important parts of the Act for employers is vicarious liability under Section 109. This means employers are automatically responsible for unlawful acts carried out by their staff in the course of their work – unless the employer can show they took all reasonable steps to prevent them.

That makes strong policies, regular training and active monitoring essential. Simply being unaware of the behaviour isn’t a defence. To rely on the “all reasonable steps” defence, employers need to show they took proactive measures – things like carrying out risk assessments, putting clear reporting systems in place and responding quickly and thoroughly to complaints.

Remedies and enforcement

Where harassment has taken place, remedies may include compensation for injury to feelings, financial loss and aggravated damages if the employer’s conduct exacerbated the harm.

Employment tribunals have discretion to award unlimited compensation, subject to the Vento bands for injury to feelings. In some cases, individuals can also apply for interim relief, like protective injunctions, through the tribunal process. The EHRC, empowered by the Act, can pursue compliance orders and, in certain cases, initiate judicial reviews or non-compliance notices against employers who don’t fulfil their duties.

Remedies and enforcement

Employer duties and the “all reasonable steps” defence

Due diligence and risk assessment

To mitigate the risk of liability, employers must show due diligence in actively preventing harassment.

This process starts with a comprehensive risk assessment to identify situations where harassment is most likely to occur – for example, during recruitment, in open-plan offices, at social events or in customer interactions.

The assessment should involve listening to staff, reviewing past incidents and examining workplace structures that might allow imbalances of power to go unchecked.

Developing and communicating policies

Based on the risk assessment, employers must enact clear, accessible anti-harassment policies. These documents should:

  • Define prohibited conduct
  • Outline reporting procedures
  • Specify potential sanctions

Having a policy isn’t enough on its own. It needs to be shared in ways that everyone can understand – through staff handbooks, the company intranet and during induction sessions. Leadership endorsement and visible commitment reinforce the message that harassment will not be tolerated.

Training and awareness

Regular training programmes are essential for preventing sexual harassment at work.

All staff should receive basic training on the following:

  • What harassment is and what it looks like
  • How to step in as a bystander
  • How to report sexual harassment

Managers and HR personnel should receive specialist training on the following:

  • How to handle complaints
  • How to conduct investigations
  • How to apply disciplinary measures fairly

Refresher courses help keep the message front of mind and give space to cover new challenges, like online harassment through social media or professional platforms.

Responding to incidents

Prompt, proportionate responses to complaints show that the organisation takes sexual harassment seriously.

Employers should acknowledge reports within a defined timeframe, typically two working days, and carry out an initial assessment to determine the best path forward, whether that’s an informal resolution, mediation or formal investigation.

Each stage should be clearly documented, including actions taken, outcome letters and follow-up reviews. This demonstrates a transparent process and supports the “all reasonable steps” defence if challenged.

The ACAS Code of Practice on Disciplinary and Grievance Procedures

Scope and purpose

The ACAS Code of Practice on Disciplinary and Grievance Procedures is not legislation, but it carries statutory weight.

Employment tribunals are expected to consider the Code when judging the reasonableness of an employer’s actions. If an employer fails to follow its guidance, compensation awards may rise by up to 25%.

The Code sets out minimum standards for dealing with grievances and disciplinary matters, including how harassment complaints should be handled.

Key principles

The Code emphasises fairness, transparency and timeliness.

Grievance procedures should encourage open dialogue and early resolution, while disciplinary processes must afford employees the right to be accompanied by a colleague or trade union representative.

Investigations should be thorough and impartial, with all relevant evidence reviewed before any decisions are made.

Both processes require clear written statements of allegations, opportunities for the employee to respond and clear communication of outcomes.

Implications for harassment cases

Applying the Code to harassment complaints means that organisations must handle them with consistency, fairness and without unnecessary delay.

Informal approaches – such as facilitated discussions or mediation – should be offered where appropriate, but not at the expense of robust fact-finding. If formal action is taken, the employee must receive written details of the complaint, be given enough time to prepare a response and have the chance to appeal.

When an employer fails to adhere to these principles, it undermines procedural fairness and weakens their position if the matter ends up before a tribunal.

Reporting obligations and time limits

Internal reporting requirements

Employees who are experiencing or have experienced harassment are encouraged to use internal reporting channels first. It’s important that they have multiple reporting options available – line managers, HR, designated safeguarding leads or external helplines. This ensures confidentiality and accessibility. What might be best in one case might not be appropriate in another.

Statutory time limits

For tribunal claims, strict time limits apply.

Under the Employment Rights Act 1996, claims must be presented within three months less one day from the date of the last act of discrimination or harassment.

In cases of ongoing harassment, the “continuing act” doctrine may allow the time limit to reset for each incident, provided the claimant can demonstrate a pattern of behaviour. Missing these deadlines usually results in the claim being dismissed – unless the tribunal exercises discretion to extend time “in the interests of justice”.

External reporting and whistleblowing

Employees may report criminal offences, including sexual assault, to the police. For whistleblowing disclosures concerning harassment, which are protected under the Public Interest Disclosure Act 1998, the report must show a reasonable belief of wrongdoing in the public interest.

Reporting serious breaches to external bodies like the EHRC can trigger investigations and compliance notices. Employers should ensure staff are aware of these routes and that policies explicitly protect whistleblowers from retaliation.

Reporting obligations and time limits

Investigation protocols and disciplinary action

Planning the investigation

A robust investigation begins with appointing an independent investigator – either an internal HR professional with no prior involvement or an external consultant.

Their remit should be clearly defined in terms of scope, methodology and timelines. They must gather documentary evidence, secure digital communications and identify witnesses who can help verify what happened.

Conducting interviews and evidence gathering

Here are the practices the investigator should follow:

  • Interviews should be structured.
  • There should be separate sessions for the complainant, respondent and witnesses.
  • Careful note-taking or audio recording (with consent) ensures that information is captured accurately.
  • Both parties should be given the opportunity to be accompanied and have a reasonable amount of time to prepare their statements.
  • Leading or closed questions must be avoided.
  • Objective evidence (e.g. emails, CCTV footage or social media posts) should be gathered to strengthen the factual basis.

Determining outcomes and sanctions

Once the investigation is complete, employers must apply disciplinary frameworks consistently.

Any action taken should reflect the seriousness of the behaviour – ranging from formal warnings and mandatory training to demotion or dismissal for gross misconduct.

Written outcome letters must explain how the decision was reached, which policies were applied and how to appeal.

Appeals and post-investigation support

An appeal mechanism, consistent with the ACAS Code, should allow both parties to challenge findings or sanctions. To keep things fair, a different decision-maker should handle the appeal.

Regardless of the outcome, employers should offer support – such as counselling through employee assistance programmes – to both the complainant and respondent. Regular check-ins help restore working relationships and prevent similar incidents from happening again.

Liability: Employer vs. individual responsibility

Employer vicarious liability

Employers face vicarious liability for harassment by employees in the course of their work. This strict liability demonstrates why preventive measures and swift responses to allegations are so important.

To qualify for the “all reasonable steps” defence, employers will need to prove (with documentation) that they have implemented proactive policies, training and risk assessments.

Individual accountability

While it’s less common, complainants can choose to bring claims against the perpetrator directly, meaning harassers may face personal liability. For instance, criminal sanctions may apply for assault or stalking under the Protection from Harassment Act 1997 or Sexual Offences Act 2003.

Holding individuals accountable – through disciplinary or legal means – reaffirms the organisation’s commitment to a safe and respectful workplace.

Directors and officers

Senior leaders may incur personal liability if they turn a blind eye to harassment or fail to address it properly.

Under corporate governance codes and tort law, directors have a duty of care to employees. Ignoring or minimising the seriousness of complaints can lead to:

  • Shareholder action
  • Regulatory scrutiny
  • Reputational damage
  • Disqualification proceedings

Role of the EHRC and HSE enforcement

Equality and Human Rights Commission (EHRC)

The EHRC enforces the Equality Act 2010 through compliance notices, investigations and legal action.

After receiving a complaint, the EHRC can issue a statutory inquiry, requiring employers to produce documents and witness evidence. Failure to comply with compliance notices may result in injunctions and unlimited fines.

The EHRC also publishes guidance, codes of practice and case summaries to help employers understand their obligations.

Health and Safety Executive (HSE)

Although traditionally focused on physical safety, the HSE’s remit includes psychosocial risks under the Management of Health and Safety at Work Regulations. Workplace harassment is recognised as a threat to mental health and well-being.

The HSE may inspect organisations with signs of concern, such as high staff absence or turnover rates. They will require the employer to prove they have conducted risk assessments and implemented control measures.

If standards are not met, the HSE can issue improvement notices, pursue prosecutions and impose substantial fines.

Collaborative enforcement

The EHRC and HSE sometimes collaborate on enforcement campaigns, particularly in high-risk sectors (such as retail, hospitality and healthcare).

Employers should keep up to date with guidance from both regulators and make sure their anti-harassment efforts reflect health and safety and equality duties. Taking an integrated approach helps meet the expectations of dual oversight.

GDPR and data responsibilities in investigations

Confidentiality and data security

Due to their nature, harassment investigations generate sensitive personal data – details of allegations, witness statements and even medical information.

The UK GDPR and Data Protection Act 2018 require employers to handle this kind of data lawfully, transparently and securely. It should be limited to what’s needed for the investigation and kept only for as long as necessary to meet legal duties and manage any related risks.

Organisations should put strong technical and organisational measures in place to protect investigation data. This includes using encrypted case-management systems, applying strict access controls, maintaining audit logs and ensuring secure disposal of sensitive information.

Training HR and managers on data protection responsibilities is just as important. It helps prevent unauthorised disclosures and accidental breaches, which can result in significant fines and damage to the organisation’s reputation.

Lawful bases and employee rights

Employers typically rely on the lawful bases of legal obligation and legitimate interests when they process data from the investigation. Employees have rights of access, correction and erasure in certain circumstances, though these rights can be limited if exercising them would interfere with an ongoing investigation or legal process.

Privacy notices must inform employees of how their data will be used, who will have access and how long it will be kept.

Best practices for policy development

Core policy elements

A robust anti-harassment policy should include:

  • A clear prohibition statement
  • Definitions with concrete examples
  • Reporting channels
  • Assurances of confidentiality
  • An overview of the investigatory procedure
  • Details of disciplinary sanctions
  • Information about appeal rights

The language in the policy must be jargon-free, and it must be published in multiple formats to reach all staff, including shift workers and remote employees.

Policy review and stakeholder engagement

Periodic review – at least annually or after each substantiated incident – ensures policies stay aligned with legal changes and organisational needs.

Involving stakeholders, including employees, trade unions, legal advisors and external experts, gives the policy legitimacy and identifies practical gaps. Meaningful consultation builds a sense of shared ownership and supports stronger, lasting commitment to compliance.

Integration with wider HR frameworks

Anti-harassment policies should align with other HR frameworks, including:

  • Codes of conduct
  • Diversity and inclusion strategies
  • Health and safety procedures
  • Staff well-being programmes

A cohesive approach prevents siloed implementation and makes better use of resources, while embedding harassment prevention into broader culture and values initiatives reinforces that respect is central to the organisation’s identity.

Training requirements and record-keeping

Mandatory training modules

Training should cover the following:

  • Legal definitions
  • Bystander interventions
  • Reporting procedures
  • Manager responsibilities

Delivery methods – e-learning, classroom sessions and interactive workshops – cater to diverse learning preferences.

For high-risk roles or senior staff, enhanced modules on investigation techniques and trauma-informed approaches are recommended.

Training frequency and evaluation

Training should be delivered at induction and refreshed annually to support retention and keep pace with emerging risks.

Post-training assessments gauge understanding, while feedback surveys inform improvements.

Tracking completion rates and assessment scores is an important part of ongoing compliance.

Documentation and audit trails

Maintaining accurate records demonstrates due diligence. Employers should record the following:

  • Training attendance logs
  • Policy acknowledgements
  • Risk assessments
  • Investigation files
  • Disciplinary outcomes

Document retention schedules should align with legal requirements and organisational risk appetites (willingness to accept risk in pursuit of organisational objectives). Secure, centralised storage facilitates audit processes and supports the “all reasonable steps” defence.

Training requirements and record-keeping

Monitoring compliance and auditing procedures

Key performance indicators

Effective monitoring uses quantitative and qualitative metrics. Employers might track:

  • Number of complaints
  • Resolution times
  • Training completion rates
  • Employee survey scores on workplace culture

Benchmarking against industry averages and historical data identifies trends and hotspots requiring intervention.

Internal and external audits

Regular internal audits help check how well policies are working, whether case files are handled properly and if data protection rules are being followed.

Bringing in external auditors or consultants can offer a fresh perspective and independent reassurance.

The findings should lead to clear action plans, with responsibilities and timelines set out to support follow-through.

Continuous improvement cycles

Adopting a Plan-Do-Check-Act methodology helps drive ongoing improvement. Following each audit cycle, corrective actions are planned, implemented, evaluated and refined. Sharing success stories – such as reduced complaint volumes – reinforces progress and encourages everyone to stay engaged.

Conclusion and further resources

Workplace sexual harassment legislation in the UK forms a strong framework that aims to protect employees while ensuring fair processes for all.

From the Equality Act 2010’s definitions and employer duties to the practical guidance of the ACAS Code and the enforcement powers of the EHRC and HSE, understanding the legal landscape is essential to creating a respectful, compliant workplace.

Employers should prioritise clear policies, regular training, robust reporting and investigation protocols, and diligent record-keeping. Integrating legislative requirements with best practice enables organisations to reduce legal risk and, importantly, cultivate a culture of dignity and inclusion.

Staying connected with industry forums and legal experts can help keep policies up to date and legally sound. A proactive, well-informed approach not only protects staff but also strengthens organisational resilience and trust.

The following resources offer further guidance:

business cpd courses

Looking for Business courses?

Complete your next CPD course with us in just a few hours.

Learn more

About the author

Photo of author

Harriet Davies

Harriet Davies is a writer and former occupational health specialist currently living in London. After spending years ensuring safe working environments, she now crafts practical health & safety and safeguarding guidance for organisations across many industries. Outside of work she volunteers with a local youth mentorship scheme and loves to travel.

Similar posts

Food safety audits explained

Food safety audits explained

Complex PTSD explained

C-PTSD explained

Pressure Ulcer Grading Explained

Pressure Ulcer Grading Explained

Anti-bullying policy guide

Anti-bullying policy guide

© CPD Online College Ltd 2025