Earlier this week, we hosted the second session in our Employment Rights Act webinar series, joined by Kate Dodd, Partner and employment law specialist at Pinsent Masons. The session attracted one of our largest audiences to date, and the questions that came in – more than we could get through in the time – reflected just how much uncertainty still exists around what the all reasonable steps duty will mean in practice.
This is our summary of the key themes. The full recording is available if you would like to watch it in full.
Start with what you already know
We opened with a poll on readiness. Most attendees had made a start but knew gaps remained. A handful, though, were still waiting for statutory guidance before acting.
Kate’s view on that was clear: waiting is not an option. Statutory guidance is not expected until 2027, after the duty will go live in – but that does not mean organisations are working in the dark. The EHRC’s existing technical guidance, combined with what tribunals have consistently told us over the last few years, already gives a clear picture of what will be scrutinised.
Kate also made a point that reframed how many people in the room were thinking about preparation. Rather than looking at what other organisations are doing, look at your own history. Your grievances, your tribunal record, your reporting data – that is your best guide to where your real risks lie. Most organisations, Kate noted, have what she described as ‘known secrets’: issues, individuals or team cultures that everyone is aware of but that have never been formally addressed. Those are the things most likely to cause problems if they are not tackled before October.
You cannot close gaps you have not identified
That brings us to the risk assessment – a theme that ran through the entire session. Kate was emphatic: a risk assessment is not a one-off exercise, it is a living document that organisations need to return to regularly.
The problem Kate sees repeatedly with clients is that they jump straight to solutions – updating a policy, buying a training course – without first taking stock of where their real gaps are. The result is activity that may not be addressing the right problems. A proper risk assessment will typically surface two or three areas of genuine concern specific to that organisation: a particular team culture, a pattern of third-party interactions, a reporting channel that exists on paper but is not used. The action plan should flow from those gaps, not from what everyone else appears to be doing.
At a conference Kate attended the same week as our session, a third of attendees had not yet completed their risk assessment. With October approaching, that is a significant gap to close.
Training: delivery is not the same as effectiveness
Once gaps are identified, training is usually one of the first areas that needs attention. But as both Kate and Jo made clear – and as our own data supports – the question is not just whether training has been delivered. It is whether it has worked.
Jo spoke about a tribunal in 2021 that found an employer’s diversity training had become so stale it had, in the words of the judgement, lost its effect. The boxes had been ticked, but harassment had still occurred and the training counted for nothing as a defence. Kate pointed out that there have been many cases since then focused specifically on the effectiveness of training – and tribunals are not going to see a completion record and consider the matter closed. They will look at what happened after the training, whether behaviour changed, and whether organisations can demonstrate that hearts and minds were genuinely engaged.
eLearning has a role to play – particularly in reaching large numbers of people – but Kate was direct about its limitations in tribunal. It rarely establishes the all reasonable steps defence on its own. Organisations need to go further: scenario-based sessions, toolbox talks, safety moments at the start of team meetings, and the kinds of techniques that help people know what to actually do when something happens in front of them.
One practical approach raised in the session: measure confidence before and after training. Ask people at the start how confident they feel about recognising unacceptable behaviour, stepping in, and reporting. Ask the same questions at the end. That before-and-after data becomes evidence of impact – and that is exactly what organisations need to be building.
The line manager gap
Within the broader training discussion, line managers emerged as the critical and often overlooked group. Our research shows that 50% of employees who experience sexual harassment go to their line manager first – before HR is involved, before anything is formally recorded. Kate reinforced this from her own experience: it is line managers who are most often at the sharp end, present in the moments and environments where these situations arise.
Yet only 31% of line managers have received any training on how to respond to concerns, and 70% of HR teams do not believe their managers are fully prepared.
Jo drew a useful distinction between employee awareness training and manager training. They are different things and need to be treated as such. Employees need to understand what sexual harassment looks like, what their rights are, and how to report. Managers need all of that – but they also need specific skills: how to respond in the moment, what to say and what not to say, how to handle a disclosure, and how to escalate and document correctly.
A manager who responds badly – not through bad intent but through uncertainty – can inadvertently make things significantly worse. Kate used a memorable analogy: you want your manager to call the fire brigade, not to throw an old blanket on the flames and hope for the best. And as Kate pointed out, the EHRC is particularly alert to situations where a line manager has been alerted and has not done the right thing. That is often what prompts their involvement – and that is not a position any organisation wants to be in.
The session also acknowledged the reality of training fatigue. Kate and Jo’s response to that was to separate harassment training from the rest of the compliance stack – make it scenario-based, make it relevant to the actual environments people work in, and make it something managers come away from feeling better equipped rather than just compliant.
Reporting routes: visibility and trust
Moving on to reporting, Kate echoed something we have long believed at Safecall: a reporting channel that exists on paper but is not used offers little protection. Kate recalled being in tribunal as far back as the year 2000 and being told by a judge that a policy sitting in a drawer was not worth the paper it was written on. Nothing has changed in that regard.
Our Benchmark Report shows that reporting through independent external channels has risen consistently, with bullying and harassment among the fastest-growing categories. For many employees – particularly where a concern is personal or emotionally charged – an independent route feels safer. That is not a reflection on the organisation; it is a reflection on the nature of the concern. And our data shows that 62% of employees would trust an independent reporting channel over an internal team.
Something that came through strongly in the session is the continuing importance of the phone. Digital channels now account for 71% of reports overall – but for the most serious concerns, the phone remains critical. More than half of victimisation reports came in via phone last year, along with 30% of harassment reports. People want to speak to a human being. They want to understand where their report is going before they commit to making it.
Jo’s practical point on this was simple: make your channels visible. QR codes in communal areas, links on mobile devices for field-based teams, regular reminders through internal communications. The evidence of promotion is itself part of demonstrating all reasonable steps.
We also looked at reporting volumes. Our Benchmark data shows an overall average of one report per 365 employees – but that varies enormously by sector. Airports and airlines report at one in 125; professional services at around one in 750. Kate made the point that low reporting is often a sign of problems, not the absence of them. When organisations invest in awareness, they should expect a spike in reporting. That spike is evidence the system is working, and it is evidence an HR team can point to.
Joining the dots on case management
The final theme we explored was case management – specifically the question of how organisations track everything that comes in across all routes.
Most organisations have reports arriving through multiple channels: to line managers, to HR, to external services. In many cases those sit in separate places and nobody is looking at the full picture. Kate’s point here was direct: one person needs to own this. They need to be empowered by the board or senior leadership to hold all of that data, identify patterns, and act on them. Sexual harassment is a workplace safety risk, and organisations would not dream of allowing accident reports to sit unconnected in different parts of the business.
What comes next
We touched briefly on investigations and board oversight and will be dedicating full sessions to both.
On investigations, Kate highlighted the importance of suitably trained investigators – including training in trauma-informed techniques – clear terms of reference, and a structured investigation report. Quality of investigation is one of the first things a tribunal will look at.
On board oversight, boards need data rather than reassurance – themes, trends, volumes and outcomes – and they need to be empowered to act on it.
Both topics deserve more time than we had, and we will be covering them in detail in the coming sessions.
Resources from the session
If you would like to talk through where your organisation stands ahead of October, get in touch now.