The Control of Substances Hazardous to Health Regulations 2002 (COSHH) apply to virtually every UK business that uses chemicals, biological agents, or other hazardous substances in the course of its work. Yet surveys consistently show that a significant proportion of small and medium-sized enterprises either do not have COSHH assessments in place or have assessments that do not meet the required standard.

What Is COSHH?

COSHH is the legal framework that requires employers to control exposure to hazardous substances in the workplace. The Regulations apply to a wide range of substances, including cleaning products, paints, adhesives, biological agents, dusts, and fumes. If a substance could harm health through inhalation, skin contact, ingestion, or injection, COSHH is likely to apply.

The Eight Steps of COSHH Compliance

The HSE sets out eight steps to COSHH compliance:

  1. Assess the risks — Identify which substances are used, how they are used, and who might be harmed
  2. Decide what precautions are needed — Based on the assessment, determine appropriate control measures
  3. Prevent or adequately control exposure — Apply the hierarchy of controls, from elimination to personal protective equipment
  4. Ensure control measures are used and maintained — Controls only work if they are actually used and kept in good condition
  5. Monitor exposure — For some substances, workplace exposure monitoring is required
  6. Carry out appropriate health surveillance — Where there is a risk of specific health effects, health surveillance may be required
  7. Prepare plans and procedures to deal with accidents, incidents, and emergencies
  8. Ensure employees are properly informed, trained, and supervised

Common COSHH Mistakes Made by SMEs

The most common COSHH compliance failures identified by HSE inspectors in SMEs include: relying on generic assessments that do not reflect actual workplace conditions; failing to update assessments when substances or processes change; not communicating assessment findings to workers; and treating COSHH as a paperwork exercise rather than a genuine risk management tool.

A COSHH assessment that sits in a filing cabinet and is never reviewed is not just useless — it creates a false sense of security that can be more dangerous than having no assessment at all.