Run Worker Protection Act risk assessments for UK SMEs
An SME-priced compliance bundle for the Worker Protection Act 2023
Executive Summary
In a nutshell
The Worker Protection (Amendment of Equality Act 2010) Act 2023 has been live since October 2024. It puts a positive, anticipatory duty on every UK employer to take reasonable steps to prevent sexual harassment, including by third parties. The EHRC has said employers are unlikely to comply without a documented risk assessment. Tribunals can uplift compensation by up to 25%. Yet 26% of SMEs offer no harassment training, the existing software market is split between £8 microlearning courses and enterprise platforms with sales-led pricing, and the first wave of tribunal cases testing the duty is landing right now. The opportunity is a single SME-priced bundle: an EHRC-shaped risk assessment generator (with third-party harassment included), a microcourse with certificates, an anonymous reporting widget for the company website, and a tribunal-ready evidence pack export. Sold on a flat per-site annual fee to hospitality, retail, construction, care, and leisure SMEs.
The Story
Meet the user
Aisha runs a 22-cover bistro in Chorlton. Two chefs, four front-of-house, a couple of agency dishwashers on weekends. Last Tuesday a regular slipped a hand round her youngest waitress's waist on the way to the loo. The waitress stayed professional for the rest of service then cried in the walk-in for ten minutes after. Aisha apologised, comped the table's drinks (which she now hates herself for), and went home replaying the staff-handbook page she wrote in 2019 that says "we take harassment seriously." She knows, vaguely, about a new law. She does not have a risk assessment. She does not have a third-party harassment policy. Her training certificate folder is the WhatsApp chat where everyone confirms they read the food hygiene PDF. She googles "do I need a sexual harassment risk assessment small business UK" and bounces between ten law firm articles, an EHRC PDF that runs to 78 pages, a Vinciworks course aimed at corporates, and a £450 quote from a consultant.
She sees a Facebook ad on Wednesday morning. £290 a year. Answer 24 questions about her venue, get an EHRC-shaped risk assessment generated and dated. Send everyone a 25-minute course, certificates land in her dashboard. Drop one line of code into her Squarespace site and there's an anonymous reporting button. If anything ever goes to tribunal, one click downloads a dated evidence pack of every step she took. She buys it before the 11am prep meeting.
Scores
How does this idea stack up?
7.7/10
5.7M UK SMEs, 1.6M of them in priority verticals, with no SME-priced bundled product on the market.
25% tribunal uplift, EHRC enforcement powers, first case law landing now, board-level employer dread.
Standard stack, no special infra, no regulated data, solo MVP in 4 to 6 weeks.
Act in force October 2024, EHRC and ACAS guidance hardened April 2026, tribunal claims testing the duty Q1 to Q2 2026.
Recurring obligation (re-assessments, new starters, case law tightening), but a 5 to 7 year window before incumbents commoditise.
Low capital, but trust-led category, you have to earn the SME's signature.
Strongest
Timing
There is a precise regulatory before/after moment with 18 months of accumulated employer anxiety not yet absorbed by the market.
Watch out
Durability
Assume a 5 to 7 year acute window then commodity pricing pressure as VinciWorks and BrightHR price down to meet you.
Pain Point
The problem
“The new duty is an anticipatory duty designed to transform workplace cultures. Employers are unlikely to be able to comply if they do not carry out a risk assessment.”
— EHRC technical guidance (paraphrased across legal commentary, 2025)
The Worker Protection (Amendment of Equality Act 2010) Act 2023 came into force on 26 October 2024. It introduces a positive, anticipatory duty on every UK employer (regardless of size) to take reasonable steps to prevent sexual harassment of workers in the course of their employment, including harassment by third parties (customers, contractors, members of the public). In April 2026 the standard hardened: ACAS updated its guidance, the EHRC made the documented risk assessment effectively mandatory in its updated technical guidance, and the Employment Rights Act 2025 elevates the standard from "reasonable" to "all reasonable steps".
The 25% uplift is a number leaders understand. A successful sexual harassment claim already carries uncapped compensation. The tribunal can uplift the entire award (including for any other discrimination claims joined to it) by up to 25% if the duty is breached. A £40,000 award becomes £50,000. A £200,000 award becomes £250,000. Insurers are starting to ask the question at renewal.
The EHRC has independent enforcement teeth. The regulator can act regardless of whether an incident has occurred. It has already entered legally binding agreements with named major employers. Their stated 2025 priority is the hospitality sector.
SMEs are visibly underprepared. Industry surveys put the share of SMEs offering no sexual harassment training at 26% (vs 15% of large employers); only 9% provide bystander intervention training (vs 25% of large). The existing market is bifurcated: £8 individual microlearning courses on the low end (no risk-assessment, no audit trail, not a system), or enterprise platforms (imabi, VinciWorks, WorkNest, Vault Platform, Safecall) with bespoke quotes and corporate sales motions. Nothing fits a 22-cover bistro, an eight-shop retail group, or a six-van plumbing firm.
The under-served wedge: the SME owner who knows enough to be worried, has £200 to £500 to spend, and needs the artefact in a tribunal bundle, not a 78-page guidance PDF.
Want reports like this every Thursday?
One validated UK business opportunity per week. Free.