Working From Home: UK Employer Obligations And Legal Checklist

Working from home has gone from a “nice perk” to a standard way of operating for a lot of UK SMEs and startups.

But once you allow home working (even informally), you’re still an employer - and that means your legal duties don’t stop at the office door.

If you’re trying to get your policies, contracts and systems right from day one, this guide walks you through the core working from home employer obligations in the UK, plus a practical checklist you can actually use.

Do Employer Obligations Change When Staff Work From Home?

In most cases, your employer obligations are the same whether someone works in your office, a co-working space, or their spare room.

The difference is how you meet those obligations when you can’t physically see the working environment or monitor day-to-day practices as easily.

For SMEs and startups, the main risk is often that home working arrangements start casually (e.g. “work from home Fridays”) and then become the norm without updating documentation. That’s where disputes and compliance issues can creep in - usually at the worst possible time (like during a grievance, performance issue, data breach or redundancy process).

As a starting point, it helps to separate:

• Legal duties you must comply with (health and safety, data protection, working time rules, discrimination risks)
• Contractual terms you should clarify (place of work, hours, equipment, expenses, monitoring, confidentiality)
• Operational “proof” that you’ve taken reasonable steps (risk assessments, training, written policies and records)

Putting this structure in place early is one of the simplest ways to reduce risk while keeping flexibility for your team.

Health And Safety: Your Duties Don’t Stop At The Front Door

One of the biggest misconceptions about remote work is that home = employee’s responsibility. In reality, you still owe duties under UK health and safety law to take reasonable care of employees’ health, safety and welfare.

For home working, that usually means thinking about workstation safety, stress and mental health, and accident reporting.

1) Home Working Risk Assessments (Practical Approach For SMEs)

You don’t necessarily need to visit every home (and in many cases, that would be impractical and intrusive). But you should take reasonable steps to assess risks.

A common SME-friendly approach is:

• a home working self-assessment checklist (covering chair, desk, lighting, trip hazards, ventilation, etc.)
• a Display Screen Equipment (DSE) assessment for screen-based roles (where required under the Health and Safety (Display Screen Equipment) Regulations 1992)
• guidance for setting up a safe workstation and taking breaks
• a process for flagging issues (e.g. pain, discomfort, unsafe setup)

If you’ve got higher-risk roles (e.g. electrical equipment you provide, confidential paperwork, home visits, or vulnerable customers), your assessment needs to go further.

2) Work-Related Stress And Working In Isolation

Stress and burnout risks can be higher with home working, especially in startups where boundaries blur and people feel pressure to “always be on”.

Reasonable steps can include:

• clear expectations around working hours and responsiveness
• regular check-ins and supervision
• a route for raising wellbeing concerns
• training managers on spotting issues early

This matters legally because stress can feed into sickness absence, grievances and, in some cases, disability-related issues under the Equality Act 2010.

3) Accidents At Home: Reporting And Records

Make it clear that accidents during working hours (and arising out of work) must be reported. You’ll also want to maintain an internal record, investigate where appropriate, and take steps to reduce the risk of repeats. Depending on the circumstances, you may also have reporting obligations under RIDDOR.

Home working is a great option - but only if you treat it as a real workplace from a compliance perspective.

Working Time, Breaks And Overtime: Staying Compliant When You Can’t “See” The Hours

Another major area of working from home employer obligations is managing time: hours worked, rest breaks, and burnout risk.

Remote work can make it harder to tell whether someone is working late, skipping breaks, or quietly exceeding limits. But your duties under the Working Time Regulations don’t disappear.

In practice, you’ll want:

• clear working hours (and what “flexible” really means in your business)
• a reliable method for recording hours (where relevant)
• rules around overtime approval
• expectations around rest breaks and daily/weekly rest

It’s also worth deciding how you handle opt-outs from the 48-hour average working week (if applicable) and documenting this properly. The rules can be easy to trip over when your team is remote and highly autonomous, so it’s worth grounding your approach in the Working Time Regulations.

Remote Work And Performance: Avoiding “Always On” Culture

Startups often move fast, and home working can unintentionally reward the people who are online late - even if that’s not your intention.

From an employer-risk perspective, the safest path is to:

• set output-based goals (what “good” looks like)
• discourage unnecessary late-night messaging
• train managers to focus on results, not constant online presence

This isn’t just cultural - it’s part of reducing legal exposure tied to stress, sickness absence and employee relations issues.

Data Protection, Confidentiality And Monitoring: The Big Remote-Work Risk Area

When your team works from home, your data is no longer protected by office controls alone. That doesn’t mean home working is unsafe - but it does mean you need rules, training and (in some cases) technical controls.

Common risk areas include:

• confidential client data being viewed by others in the household
• lost or stolen devices
• employees using personal devices for work
• working on public Wi-Fi
• printing documents at home with no secure disposal

1) Personal Devices (BYOD) And GDPR

If your team uses personal mobiles or laptops for work, you’ll want a clear Bring Your Own Device (BYOD) approach - including security expectations and what happens if a device is lost or the employee leaves.

This is a classic GDPR “grey area” for smaller businesses, so it’s worth aligning your approach with GDPR in the workplace principles (especially minimisation, access controls, and secure handling).

2) Monitoring Remote Workers (Be Careful)

Many employers ask: can we monitor productivity, device use, or activity when someone is at home?

Monitoring can be lawful in the right circumstances, but it’s a high-risk area because it intersects with privacy expectations and data protection rules. In practice, you’ll usually need a clear lawful basis under UK GDPR, an ICO-aligned assessment of necessity and proportionality (often including a DPIA), and transparent communications so staff understand what is monitored, why, and how. Covert monitoring is rarely justified and should only be considered in exceptional circumstances.

If monitoring is on your radar, it’s worth sense-checking your plans against the considerations around monitoring employees’ computers.

3) Policies You’ll Want In Writing

For most SMEs, the “sweet spot” is a clear set of written rules that match how your business actually operates - not a generic template that looks good but doesn’t get followed.

Depending on your setup, you might want:

• a remote working policy (security, confidentiality, expected setup, reporting issues)
• an Acceptable Use Policy for devices, systems and internet use
• clear confidentiality obligations and document-handling rules
• a process for reporting suspected data breaches quickly

These policies matter because if something goes wrong (like a breach or misconduct issue), your written rules and training records are often what show you took reasonable steps.

Contracts And Policies: What Should You Update For Home Working?

If you allow home working regularly, you should check whether your contractual documents actually support it.

This is especially important for SMEs and startups because early-stage hiring is often fast - and contract details can lag behind reality.

1) Employment Contracts: Place Of Work And Flexibility

A well-drafted contract should reflect:

• the employee’s normal place of work (home, office, hybrid)
• whether you can require office attendance on notice
• mobility (if relevant)
• working hours and expectations
• confidentiality and IP provisions (particularly for tech and creative startups)

If your contracts are silent or outdated, you can end up with disputes about whether you can “call people back” to the office or change patterns later.

In many cases, the cleanest fix is issuing updated Employment Contract terms (or an agreed variation) that matches your operating model.

2) Staff Handbook And Day-To-Day Rules

Contracts set the legal foundation, but your handbook and policies are what make remote work run smoothly.

A solid Staff Handbook can cover things like:

• remote working eligibility and approval
• core hours / availability expectations
• communication standards (meetings, response times)
• expense claims and equipment rules
• data security and confidentiality
• disciplinary expectations (including misconduct involving systems/data)

The goal isn’t to over-control people - it’s to reduce ambiguity. Ambiguity is what leads to inconsistent treatment and legal risk.

3) Equipment, Expenses And Insurance

There isn’t one “perfect” legal answer on whether you must pay for every home working cost, but you should be clear and consistent about what you will provide and what you won’t.

SMEs commonly cover:

• laptop, monitor, keyboard/mouse (especially for DSE needs)
• headset for calls
• security tools (e.g. password manager, VPN where appropriate)

And you may want to set rules for:

• who owns equipment
• returning equipment on exit
• damage/loss reporting
• approval requirements for purchasing equipment

Also consider whether your business insurance (and the employee’s home insurance) aligns with home working equipment and liability. This is often overlooked until something is damaged, stolen, or a claim arises.

Hiring, Equality And Flexible Working Requests: Remote Work Without The Legal Headaches

Remote work also intersects with hiring decisions and employee rights - and this is where startups can accidentally create risk by being inconsistent.

1) Consistency And Discrimination Risk

If you allow some employees to work from home but not others, you’ll want clear, role-based reasons for the difference.

This matters because inconsistent decisions can trigger allegations of unfair treatment or discrimination, particularly if the person refused home working has a protected characteristic (e.g. disability, pregnancy/maternity, caring responsibilities, religion).

The best risk-control strategy is to document:

• which roles are eligible for home working and why
• what the business needs are (client-facing requirements, data/security, supervision)
• how decisions are made and who approves them

2) Flexible Working Requests

Many SMEs now treat home working as a default, but you may still receive formal flexible working requests (for example, someone asking to move from hybrid to fully remote, or to compress hours).

The key is to respond through a fair process, within required timeframes, and based on genuine business reasons. Even when you want to say “yes”, documenting the process helps you stay consistent and reduces future disputes.

3) Remote Onboarding And Training

Onboarding is often where remote work succeeds or fails. From a legal perspective, onboarding is also when you should be delivering policies (and keeping records that you did so).

Consider including:

• security training (passwords, phishing, device handling)
• confidentiality reminders
• how to report incidents and near misses (safety and data)
• working hours and breaks guidance

This kind of “paper trail” can be invaluable if you ever need to defend your approach later.

Key Takeaways: Working From Home Employer Obligations Checklist

• Working from home employer obligations largely mirror office-based obligations, but you need practical systems to meet them remotely.
• Put in place a reasonable home working and DSE risk assessment process, plus a clear route for employees to report safety concerns.
• Stay on top of working time rules, breaks and overtime expectations - remote work can hide excessive hours and increase burnout risk.
• Reduce data protection risk with clear rules on confidentiality, secure device use, and a practical approach to BYOD and breach reporting.
• Ensure your Employment Contracts reflect the reality of remote or hybrid work, including place of work, required office attendance (if any), and clear expectations.
• Support your contracts with policies in a Staff Handbook, covering remote working standards, expenses/equipment, acceptable use, and misconduct rules.
• Apply remote work decisions consistently across the business to reduce discrimination risk and handle flexible working requests through a fair process.

General information only - not legal advice. If you’d like advice for your specific circumstances, get in touch.

If you’d like help updating your contracts and policies to match how your team actually works (without overcomplicating things), you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.