When lines are crossed: are you prepared for third-party harassment liability?

The Employment Rights Act reintroduces third-party harassment liability for employers, making your business potentially liable where staff are on the receiving end of an angry tirade from a frustrated client, or an inappropriate comment from a customer. This is a significant new risk – particularly for businesses in “high contact” industries, such as retail, hospitality, healthcare or the service sector. 

This article takes you through the essentials – what does the new liability regime look like, what are the risks, and what can you do to prepare your organisation?

What is the current position?

Staff are protected from harassment in the workplace: if a worker is harassed by a colleague or someone acting on their employer’s behalf, they can bring a claim against both the harasser and their employer. 

Harassment in this context is a technical term referring, broadly, to acts or comments related to a protected characteristic (such as age, race, religion or belief or sex) with the purpose or effect of violating a person’s dignity or creating an offensive environment for them. It is a wide concept, and conduct may amount to harassment even if no offence is intended.

Example: Dave regularly makes sexist jokes to his colleague Diana, suggesting that women are less competent than men. Dave regards this as “office banter” and means no harm – however, Diana is offended and stressed by the comments. She may have a claim for harassment related to sex based on the effect the comments are having on her.

Importantly, conduct may amount to harassment even where it is a one-off, and even where it is not directed at a worker and/or the worker does not share the protected characteristic to which the conduct relates. 

Example: Dave overhears Diana making a homophobic joke to a colleague in the staff kitchen – both laugh. Dave, who is straight, feels deeply offended. Dave may have a claim for harassment relating to the protected characteristic of sexual orientation.

An employer will have a defence against a harassment claim where it can show it took all reasonable steps to prevent the harassment from occurring – if the employer shows it has done so, the individual committing the act of harassment will face liability alone.

What is changing?

The circumstances in which employers can be held liable for the harassment of their employees are expanding. Currently, an employer is only liable if their staff are harassed by a colleague or somebody acting on the employer’s behalf. In future, employers will be liable where their staff are harassed by any third party in the course of their employment. A third party is  anyone who is not the employer’s employee, including clients, customers and suppliers.

The employer will not be liable if they have taken all reasonable steps to prevent the third-party harassment from occurring.

When are the changes coming into effect?

The changes are expected to come into force in October 2026.

What does that mean for employers?

This is a significant new source of risk for all employers, but particularly if the nature of your business means that workers will have regular contact with clients or customers. Employers in hospitality and accommodation, retail, healthcare and professional services, for example, can expect to be particularly impacted.

The most tangible risk is of Employment Tribunal claims, creating exposure to compensation awards, legal costs (unrecoverable in the Employment Tribunal) and operational disruption. Besides the legal risk, incidents of third-party harassment can heavily impact staff morale and retention if mishandled, and may give rise to reputational risk depending on the circumstances.

What should you be doing to prepare?

On the principle that prevention is better than cure (particularly where it comes with a statutory defence), you should take action to put protective measures in place. You will of course have much less influence over the behaviour of third parties than the behaviour of your own workforce – however, there will be steps you can meaningfully take to protect staff, and the limitations of the exercise do not provide an excuse for inaction.

You should begin with a risk assessment and consider where staff touchpoints with third parties are, review any issues raised in the past and survey or consult with staff on where they see the potential for conflict or inappropriate conduct. Based on that risk assessment, you can then consider what measures to introduce to address risks. What will be appropriate and effective will depend on your business and the risks you have identified, so there is no one-size-fits-all. However, areas to think about include the following:

  • Engaging with third parties to mitigate risk. What this will look like will depend on the nature of your business and your relationship, but you may want to look at codes of conduct and policies for third parties or, for particularly close working relationships, consider rolling out joint anti-harassment measures.
  • Contractual protections. Depending on the nature of your client, customer and supplier relationships, you may wish to include provisions in contracts to manage how incidents of cross-workforce harassment will be addressed and how liability will be apportioned. There may be commercial sensitivities here, so it is important to handle these discussions thoughtfully.
  • Signage and communications. Depending on the nature of your business, you may wish to introduce signage or other, subtler statements indicating a zero-tolerance stance in relation to harassment. Think about what works for you.
  • Bystander training. The reality is that you have limited control over third-party behaviour. If you cannot prevent an incident, you may still be able to avoid a claim (and a wider impact on the workforce) if managers witnessing the incident intervene sensitively in the moment and offer the proper support.
  • Reporting mechanisms and incident management. Where issues do arise and need to be dealt with more formally, you need to ensure that you have the mechanisms in place to manage them. There should be clear reporting channels and an effective process to ensure that concerns are addressed swiftly.  

These are examples of areas to consider. Where your risks are and how best you can manage them will depend very much on your business, so it is important to give real thought to what is going to work for your organisation. It is important to emphasise that this cannot and should not be treated as a one-off compliance exercise – to be effective, preventative measures will need to be kept under review and embedded and reinforced throughout your organisation and in all your relationships on an ongoing basis.

How can we help?

We advise businesses of all sizes across a range of sectors on managing risks arising from these changes. Our practical, commercially focused approach helps organisations put robust preventative frameworks in place before issues arise.

Get in touch to discuss how we can help protect your business and stay ahead of the changes.

Subcribe to news and views

Related page