HR Compliance Checklist UK 2026: The Complete Audit Guide for Small Businesses

Employment tribunals awarded a record £1.7 million in a single unfair dismissal case in 2025. The average cost of defending an employment tribunal claim — even if you win — is £8,500 in legal fees alone. For small businesses, a single compliance failure can be financially devastating. Yet most UK SMBs don't have a dedicated HR team, and employment law changes every year. This guide gives you a complete, practical HR compliance checklist covering every area of UK employment law that small businesses need to get right in 2026.

Why HR compliance matters for small businesses

HR compliance isn't just about avoiding fines — although the fines are significant. It's about protecting your business, your employees, and your reputation. Here's what's at stake:

Financial penalties — HMRC, the Health and Safety Executive, and the Information Commissioner's Office all have the power to impose substantial fines. Right to work violations alone carry penalties of up to £60,000 per illegal worker.
Tribunal claims — employees can bring claims for unfair dismissal, discrimination, unpaid wages, holiday pay, and more. Tribunal awards are uncapped for discrimination claims.
Reputational damage — tribunal judgments are published publicly. A discrimination or unfair dismissal ruling can damage your employer brand and make it harder to recruit.
Operational disruption — responding to tribunal claims, investigations, and enforcement actions consumes management time that should be spent running the business.
Employee morale — inconsistent or unfair treatment erodes trust. Compliance isn't the ceiling — it's the floor. Get it right, and you build a foundation for a positive workplace culture.

The good news is that most compliance failures are preventable. They happen because small businesses don't know the rules, not because they deliberately break them. This checklist closes that knowledge gap.

The essential HR compliance checklist

We've organised this checklist into ten categories. Work through each section and tick off every item. If you find gaps, prioritise them by risk — areas with the highest penalties or the greatest likelihood of a claim should be addressed first.

1. Employment contracts and written statements

Since April 2020, all employees and workers are legally entitled to a written statement of their main employment terms on or before their first day of work. This is not optional — it's a day-one right.

☐ Every employee has a written statement of terms — issued on or before day one of employment.
☐ Statement includes all required particulars — employer name, employee name, start date, job title, pay, hours, holiday entitlement, notice periods, probation period, place of work, and any collective agreements.
☐ Wider written statement provided within two months — covering sick leave procedures, pension details, disciplinary and grievance procedures, and any training requirements.
☐ Contracts are up to date — any changes to terms have been agreed in writing with the employee and documented.
☐ Contracts reflect current legislation — reviewed annually to ensure they comply with any changes in employment law.

Risk: If you don't provide a written statement, an employee can bring a claim to an employment tribunal. The tribunal can award two to four weeks' pay as compensation, and this can be added on top of any other successful claim.

2. Right to work checks

Every employer must verify that every employee has the legal right to work in the UK before they start work. This applies to British citizens, EU nationals, and everyone else. No exceptions.

☐ Right to work checks completed for every employee — before their first day of work, not on it.
☐ Original documents verified — passport, biometric residence permit, or share code checked via the Home Office online service.
☐ Dated copies retained — clear copies of documents stored securely, with the date of check recorded.
☐ Follow-up checks scheduled — for employees with time-limited permission to work, follow-up checks are diarised before the expiry date.
☐ Consistent process for all — the same check is applied to every candidate, regardless of nationality, to avoid discrimination claims.

Risk: Civil penalties of up to £60,000 per illegal worker (increased from £45,000 in 2024). Criminal prosecution is possible for repeat offenders, with unlimited fines and up to five years' imprisonment.

3. Leave and absence management

UK employees have statutory rights to various types of leave. Getting this wrong is one of the most common areas of non-compliance — and one of the easiest to fix with the right systems.

☐ Annual leave meets statutory minimum — 5.6 weeks (28 days for full-time) including bank holidays. Pro-rated for part-time workers.
☐ Leave records are accurate and up to date — accrual, usage, and remaining balance tracked for every employee.
☐ Sick leave procedures documented — employees know how and when to report absence, and you have a clear return-to-work process.
☐ Statutory Sick Pay (SSP) paid correctly — currently £116.75 per week for up to 28 weeks, from day four of absence.
☐ Maternity, paternity, and shared parental leave policies in place — statutory entitlements communicated to all employees.
☐ Parental bereavement leave compliant — two weeks' statutory leave for employees who lose a child under 18.
☐ Time off for dependants honoured — reasonable unpaid time off for emergencies involving dependants.
☐ Holiday pay calculated correctly — based on normal remuneration including regular overtime and commission, not just basic pay.

Risk: Underpaying holiday pay or denying statutory leave entitlements can result in tribunal claims for unlawful deduction from wages. In 2025, the average holiday pay tribunal award was £3,200, but claims can be much higher for systematic underpayments.

4. Pay and payroll compliance

Getting pay wrong exposes you to HMRC enforcement, employee claims, and reputational damage. Payroll compliance goes beyond simply paying the right amount — it covers how you pay, what you report, and what you provide to employees.

☐ National Minimum Wage / National Living Wage paid correctly — verified for every employee based on their age bracket. 2026/27 NLW rate for 21+: £12.50/hour.
☐ Payslips provided on or before payday — itemised payslips are a legal requirement for all employees and workers, including variable-hours staff.
☐ Payslips include hours for hourly-paid workers — since April 2019, payslips for variable-hours employees must show the number of hours worked.
☐ Pension auto-enrolment in place — eligible employees enrolled within the required timeframe with minimum contributions (5% employee, 3% employer).
☐ Gender pay gap reported (if applicable) — employers with 250+ employees must publish gender pay gap data annually.
☐ RTI submissions made on time — Real Time Information reports submitted to HMRC on or before each payday.
☐ No unlawful deductions from wages — deductions only made where authorised by statute, contract, or written employee consent.

Risk: HMRC can issue penalties of up to 200% of arrears for National Minimum Wage underpayments, plus £20,000 per worker. Employers who underpay are also named and shamed publicly.

5. Health and safety

Every employer has a legal duty to ensure the health, safety, and welfare of their employees at work. The Health and Safety at Work etc. Act 1974 is the cornerstone legislation, supported by numerous regulations covering specific risks.

☐ Risk assessments completed and documented — covering all significant workplace hazards. Reviewed regularly and after any incident.
☐ Written health and safety policy — required if you employ five or more people. Must be brought to employees' attention.
☐ Display Screen Equipment (DSE) assessments — for employees who use computers regularly. Includes provision of eye tests and corrective lenses if needed for DSE work.
☐ First aid provisions in place — adequate first aid equipment, facilities, and trained first aiders. All employees informed of arrangements.
☐ Fire safety measures — fire risk assessment completed, fire exits clearly marked, extinguishers maintained, evacuation drills conducted.
☐ Accident and incident reporting — accident book maintained. RIDDOR-reportable incidents reported to the HSE within the required timeframe.
☐ Remote/home worker assessments — DSE and workstation assessments for employees working from home regularly.

Risk: HSE can issue improvement and prohibition notices, and prosecute for serious breaches. Fines for health and safety offences are based on the organisation's turnover and can reach millions of pounds. Directors can face personal liability including imprisonment for the most serious failures.

6. Data protection and GDPR

You hold significant amounts of personal data about your employees — names, addresses, bank details, health information, performance data, and more. The UK GDPR and Data Protection Act 2018 require you to handle this data lawfully, fairly, and transparently.

☐ Employee privacy notice issued — explains what personal data you collect, why, the legal basis, who you share it with, how long you keep it, and employees' rights.
☐ Lawful basis identified for all processing — most employment data processing relies on contract, legal obligation, or legitimate interest — not consent.
☐ Special category data handled correctly — health data, trade union membership, and similar require additional safeguards and a specific condition for processing.
☐ Data retention schedule in place — you know how long you keep employee records and delete them when no longer needed. HMRC requires payroll records for 6 years.
☐ Subject access requests (SARs) handled within one month — employees have the right to request copies of their personal data. You must respond within 30 days.
☐ ICO registration current — most organisations that process personal data must register with the Information Commissioner's Office (annual fee from £40).
☐ Data breach procedure in place — reportable breaches must be notified to the ICO within 72 hours.

Risk: The ICO can impose fines of up to £17.5 million or 4% of annual global turnover (whichever is higher) for serious breaches. In practice, SMB fines are much lower, but enforcement actions are increasing and the reputational damage from a data breach can be severe.

7. Discrimination and equality

The Equality Act 2010 protects employees from discrimination based on nine protected characteristics: age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation. Compliance isn't just about avoiding obvious discrimination — it covers indirect discrimination, harassment, victimisation, and the duty to make reasonable adjustments.

☐ Equal opportunities policy in place — covering recruitment, promotion, training, pay, and dismissal.
☐ Anti-harassment and bullying policy — clear definitions, reporting procedures, and consequences. Communicated to all staff.
☐ Reasonable adjustments made for disabled employees — duty to make adjustments that remove or reduce disadvantages. This is an ongoing obligation, not a one-off assessment.
☐ Recruitment process is non-discriminatory — job adverts, shortlisting criteria, and interview questions don't directly or indirectly discriminate.
☐ Equal pay audit conducted — men and women doing equal work receive equal pay. Review pay structures for any unjustified differences.
☐ Managers trained on equality obligations — line managers understand what constitutes discrimination, harassment, and victimisation.

Risk: Discrimination claims have no cap on compensation. Tribunal awards regularly exceed £100,000 for serious cases, and the highest awards run into millions. The employer is vicariously liable for acts of discrimination by employees unless they can show they took all reasonable steps to prevent it.

8. Disciplinary and grievance procedures

The ACAS Code of Practice on disciplinary and grievance procedures isn't legally binding, but tribunals are required to take it into account. Failing to follow it can result in a 25% uplift to any tribunal award.

☐ Written disciplinary procedure in place — following the ACAS Code: investigation, notification, hearing, decision, appeal.
☐ Written grievance procedure in place — employees know how to raise a formal grievance, and you have a process for investigating and responding.
☐ Right to be accompanied — employees are informed of their right to be accompanied by a trade union representative or colleague at disciplinary and grievance hearings.
☐ Investigations conducted fairly — gather evidence objectively before making any decisions. Don't pre-judge the outcome.
☐ Decisions documented and communicated in writing — including the reasons for the decision and the employee's right of appeal.
☐ Records retained — disciplinary and grievance records kept on file for the appropriate retention period.

Risk: An unreasonable failure to follow the ACAS Code can result in a 25% increase to any tribunal compensation. Poor disciplinary processes are also the most common cause of unfair dismissal claims.

9. Working time compliance

The Working Time Regulations 1998 set limits on working hours and establish rights to rest breaks, daily rest, and weekly rest. These rules protect employee wellbeing and health.

☐ 48-hour weekly limit observed — average working time must not exceed 48 hours per week, calculated over a 17-week reference period.
☐ Opt-out agreements in place where needed — if any employee works more than 48 hours per week, they must have signed a voluntary written opt-out. They can withdraw it with notice.
☐ Rest breaks provided — 20 minutes uninterrupted break when the working day exceeds 6 hours.
☐ Daily rest period of 11 hours — between finishing work one day and starting the next.
☐ Weekly rest period of 24 hours — an uninterrupted 24-hour period in each 7-day period (or 48 hours in 14 days).
☐ Night worker limits observed — night workers must not work more than 8 hours in any 24-hour period on average. Free health assessments must be offered.
☐ Working time records maintained — you must keep records sufficient to show compliance with the regulations for at least two years.

Risk: Failure to comply with working time regulations is a criminal offence. Employers can be fined, and individual managers can face personal prosecution. Employees can also bring tribunal claims for denied rest breaks.

10. Termination and redundancy

How you end the employment relationship matters as much as how you start it. Getting termination wrong is the most common trigger for employment tribunal claims.

☐ Correct notice periods given — statutory minimum is one week per year of service (up to 12 weeks). Contract may specify longer.
☐ Fair dismissal process followed — valid reason (conduct, capability, redundancy, statutory illegality, or SOSR) plus fair procedure. Employees with 2+ years' service have full unfair dismissal protection.
☐ Redundancy procedure is lawful — genuine business reason, fair selection criteria, individual consultation, consideration of alternatives, and right of appeal.
☐ Collective consultation for 20+ redundancies — if making 20 or more employees redundant within 90 days, you must consult with employee representatives for a minimum of 30 days (45 days for 100+ redundancies).
☐ Statutory redundancy pay calculated correctly — half a week's pay per year of service under 22, one week's pay per year aged 22–40, one and a half weeks' pay per year aged 41+. Weekly pay capped at £700 (2026/27).
☐ Final pay and accrued holiday paid — untaken statutory holiday must be paid on termination. Overpayments can only be deducted if contractually authorised.
☐ References handled carefully — no legal obligation to provide a reference (except in regulated industries), but any reference given must be accurate and fair.

Risk: The maximum compensatory award for unfair dismissal is the lower of one year's salary or £115,115 (2026/27), plus a basic award of up to £21,000. Discrimination-related dismissals have no cap. Failure to collectively consult can result in a protective award of up to 90 days' pay per employee.

Common penalties at a glance

Here's a summary of the key penalties UK employers face for non-compliance:

Compliance area	Maximum penalty	Enforced by
No written statement of terms	2–4 weeks' pay (tribunal award)	Employment Tribunal
Illegal worker (no right to work check)	£60,000 per worker	Home Office
National Minimum Wage underpayment	200% of arrears + £20,000 per worker	HMRC
Pension auto-enrolment failure	£50,000/day (escalating penalties)	The Pensions Regulator
GDPR / data protection breach	£17.5 million or 4% of turnover	ICO
Discrimination (tribunal award)	Uncapped	Employment Tribunal
Unfair dismissal (compensatory award)	£115,115 or one year's salary	Employment Tribunal
Health and safety breach	Unlimited fine + imprisonment	HSE / local authority
Failure to collectively consult (redundancy)	90 days' pay per employee	Employment Tribunal
Working time breach	Criminal prosecution + fines	HSE

How to conduct your own HR compliance audit

Use this checklist as the basis for a self-audit. Here's a practical approach:

Schedule it — block out half a day. HR compliance audits should be done at least annually, and ideally every six months.
Gather your documents — employment contracts, policies, payroll records, right to work copies, risk assessments, training records, and any disciplinary or grievance files.
Work through each section — use the checklist above. For each item, mark it as compliant, partially compliant, or non-compliant.
Prioritise by risk — address non-compliant items first. Focus on areas with the highest penalties (right to work, NMW, health and safety) and the highest likelihood of a claim (contracts, disciplinary procedures, leave).
Create an action plan — for each gap, assign someone to fix it, set a deadline, and track progress.
Document everything — keep a record of your audit, findings, and actions taken. This demonstrates due diligence if you're ever investigated or face a tribunal claim.
Review and repeat — employment law changes regularly. Set a calendar reminder to repeat the audit at your chosen frequency.

How Leavely helps with leave compliance

Leave and absence management is one of the most common areas of HR non-compliance. Mistakes happen when businesses track leave on spreadsheets, manually calculate pro-rata entitlements, or lose track of who's taken what. Leavely eliminates these risks by automating the entire process:

Accurate entitlement calculation — Leavely automatically calculates annual leave entitlement including pro-rata for part-time and mid-year starters. No manual maths, no errors.
Real-time leave balances — employees and managers can see up-to-date leave balances at any time. No more guessing or waiting for HR to check a spreadsheet.
Statutory leave tracking — track all leave types including annual leave, sick leave, maternity, paternity, compassionate leave, and time off for dependants.
Bank holiday management — automatically account for UK bank holidays in leave calculations so entitlements are always correct.
Audit trail — every leave request, approval, and cancellation is logged with timestamps. If you're ever audited or face a tribunal claim, you have a complete record.
Policy enforcement — set up your leave policies once and Leavely enforces them consistently. No more ad-hoc decisions that create inconsistency and risk.
Absence monitoring — track absence patterns to identify issues early, including Bradford Factor scoring for sickness absence.

At £8 per user per month with a 14-day free trial, Leavely costs less than a single hour of employment law advice — and it works 24/7.

Frequently asked questions

How often should I conduct an HR compliance audit?

At minimum, once a year. Ideally every six months, and always after significant changes — new legislation, business restructuring, or rapid headcount growth. An annual audit aligned with the start of the tax year (April) is a good default.

Do I need an HR department to be compliant?

No. Many small businesses with fewer than 50 employees manage HR compliance without a dedicated HR person. What you need are the right policies, procedures, and systems. Tools like Leavely handle leave compliance automatically, and resources like the ACAS website provide free guidance on employment law.

What's the most common compliance failure for small businesses?

Missing or incomplete employment contracts. Many small businesses issue an offer letter but never follow up with a full written statement of terms. This is a legal requirement from day one and is often the first thing a tribunal checks when a claim is brought.

Can I use this checklist as evidence of compliance?

A completed checklist demonstrates that you've reviewed your obligations and taken steps to comply. It's not a substitute for legal advice, but it shows due diligence. Keep dated copies of completed audits in your HR records.

What changed in UK employment law in 2026?

Key changes for 2026 include increased National Minimum Wage rates, higher right to work penalties, updates to the statutory redundancy pay cap, and continued enforcement focus on holiday pay calculations following the landmark Supreme Court rulings on regular overtime and commission. Always check the latest rates and thresholds at the start of each tax year.

Where can I get free HR compliance advice?

ACAS (Advisory, Conciliation and Arbitration Service) provides free, impartial advice on all aspects of employment law. Their website has template policies, guidance notes, and a helpline. The HSE website covers health and safety obligations. GOV.UK has the latest rates for NMW, SSP, and statutory redundancy pay.