PCBU Obligations in Australia

What Every CEO and Board Member Must Know Before It’s Too Late

Listen to this edition of the Diversity Australia – Optimal Workplace Podcast:
“PCBU Responsibilities in Australia” for a 5min overview discussion:

I’ll never forget the phone call I received at 11:17 PM on a Tuesday night three months ago. The voice on the other end belonged to a CEO whose company had just experienced a serious workplace incident. “They’re saying I could face criminal charges,” he whispered into the phone. “How is that possible? I wasn’t even at the site.”

That’s the brutal reality of PCBU obligations in Australia – they don’t care where you were when something went wrong. They care about what you did (or didn’t do) before it happened.

Most executives I work with assume their legal exposure is limited to corporate liability. Wrong. Dead wrong. 

Under the current Work Health and Safety framework, you’re not just responsible for your organization’s compliance – you’re personally, criminally liable if you fail to meet your officer due diligence obligations. And unlike civil penalties, this exposure can’t be delegated or insured away.

I’ve spent the last fifteen plus years helping Australian businesses navigate WHS compliance, and I can tell you this: the executives who sleep soundly at night are the ones who truly understand what they’re facing. The ones who don’t? Well, some of them aren’t executives anymore.

The fundamental shift: why “PCBU” changes everything

Here’s what catches most senior leaders off-guard about the PCBU framework. It’s not just an evolution of traditional employer obligations – it’s a complete paradigm shift that makes the old “employer” concept look quaint by comparison.

A Person Conducting a Business or Undertaking can be an individual or a corporate entity. But here’s the kicker that floors most of my clients: you don’t have to be the primary business owner to attract PCBU obligations. I’ve seen consultants, project managers, and even contractors suddenly discover they’re PCBUs / or responsible officers within a PCBU, when they thought they were just providing services.

The legislation deliberately casts a wide net. Are you directing or influencing work? Do you have control over a workplace? Are you arranging for work to be done? Congratulations – you might be a responsible officer for a PCBU, with all the legal responsibilities that entails.

I remember explaining this to a client who ran a boutique marketing agency. She genuinely believed that because her team worked remotely and she only rented office space occasionally, the traditional WHS rules didn’t apply to her. The look on her face when I walked her through Section 5 of the WHS Act was unforgettable. “You mean I’m responsible for their home office setups too?”

Yes. Yes, she was.

The old employer-employee relationship was relatively straightforward – you hired people, you were responsible for their safety at your workplace, end of story. PCBU obligations in Australia smash through those neat boundaries. If you influence workplace decisions and conditions, you own the safety outcomes. Period.

The five critical obligations that keep CEO’s up at night

After fifteen years in this field, there are five specific areas where I consistently see executives failing. These aren’t minor compliance gaps – these are the failures that end careers and land people in courtrooms.

First: Due diligence at officer level. This isn’t delegable. You can’t hand WHS responsibility to your safety manager and walk away. 

Section 27 of the WHS Act requires officers to exercise due diligence to ensure the PCBU complies with its duties. What does that actually mean? It means you need to acquire and maintain knowledge about WHS matters. It means understanding the operations of your business and the associated hazards and risks. It means ensuring appropriate resources and processes exist.

Most executives think this means attending an annual briefing and signing off on policies they’ve never read. That’s not due diligence – that’s negligence with a paper trail.

Second: Consultation that actually means something. The WHS legislation doesn’t just require you to consult with workers – it requires meaningful consultation. I’ve seen too many organization’s tick this box with perfunctory safety meetings where management talks and workers nod. Real consultation means workers have genuine input into health and safety decisions. It means their concerns are taken seriously and acted upon.

I audited one company where the safety committee hadn’t met in eight months, but they were still reporting “regular consultation” in their compliance documentation. When WorkSafe investigated a subsequent incident, that gap became Exhibit A in the prosecution case.

Third: Risk management systems you can actually demonstrate. It’s not enough to have a risk register sitting in someone’s computer. You need systematic processes for identifying hazards, assessing risks, implementing controls, and reviewing effectiveness. And here’s the part that trips up most executives: you need to be able to prove these systems are working, not just existing.

One of my clients learned this the hard way when an inspector asked to see evidence of their risk review process. They had a beautiful policy document outlining quarterly reviews. They had a perfectly formatted risk register. What they didn’t have was any evidence that anyone had actually conducted those reviews for the past eighteen months.

Fourth: Resource allocation that matches your risk profile. This is where the “reasonably practicable” standard gets interesting. Courts don’t accept “we couldn’t afford it” as a defense unless you can demonstrate the cost would be grossly disproportionate to the risk. I’ve seen executives try to justify cutting safety training budgets while approving expensive corporate retreats. That doesn’t play well in legal proceedings.

Fifth: Emergency preparedness that goes beyond having a plan. You need procedures, training, equipment, and regular testing. More importantly, you need to ensure these elements work together when crisis hits. I’ve investigated incidents where companies had excellent emergency plans that no one knew how to implement because they’d never been properly tested.

Each of these obligations creates personal liability exposure for officers. When I explain this to board members, the typical response is shock, followed quickly by “How do we fix this immediately?”

What “reasonably practicable” actually means in the boardroom

Let me share something a Federal Court judge told me over coffee last year: “The most dangerous phrase in WHS law is ‘reasonably practicable,’ because executives think they understand what it means.”

Here’s what most senior leaders get wrong about this standard. They assume it’s a cost-benefit analysis where they can weigh safety investments against business priorities. That’s not how courts interpret it.

“Reasonably practicable” means you do everything that’s reasonably able to be done in the circumstances. The legislation provides five specific factors courts must consider when determining what’s reasonably practicable:

1. The likelihood of the hazard or risk occurring – not just whether it’s probable, but whether it’s possible.
2. The degree of harm that might result – courts consistently consider worst-case scenarios, not average outcomes.
3. Knowledge about the hazard and ways of minimizing risk – this includes knowledge you should have acquired through due diligence, not just what you happened to know.
4. The availability and suitability of control measures – if a control exists, you’d better have a compelling reason for not implementing it.
5. The cost of control measures – but only after considering whether the cost is grossly disproportionate to the risk.

That last factor is crucial. Cost can be a defense, but the bar is extraordinarily high. I’ve seen companies try to argue that spending $50,000 on safety equipment was unreasonable to prevent a risk that could result in serious injury or death. Courts don’t buy it.

The standard isn’t about perfection – it’s about demonstrating you’ve systematically considered all reasonably available options and implemented everything that makes sense given your specific circumstances. If you can’t articulate that process and support it with evidence, you’re in trouble.

I always tell my clients: “Reasonably practicable” isn’t a shield – it’s a spotlight that illuminates every corner of your decision-making process.

The personal liability trap: officer due diligence

This is where things get genuinely frightening for senior executives. Under Section 27 of the WHS Act, if you’re an officer of a PCBU, you have a personal duty to exercise due diligence to ensure the organization complies with its WHS duties.

Officer liability isn’t some theoretical possibility – it’s being actively prosecuted. I’ve worked on cases where CEOs, managing directors, and board members faced individual criminal charges carrying potential jail time and personal fines reaching into the hundreds of thousands of dollars.

The legislation defines “officer” broadly. If you’re a director, you’re caught. If you’re the CEO or managing director, you’re caught. If you make decisions affecting the whole or a substantial part of the business, you’re probably caught. And your personal liability isn’t covered by directors’ and officers’ insurance when it comes to criminal prosecutions.

What does due diligence actually require? The legislation is specific: you must acquire and maintain knowledge of WHS matters, understand your business operations and associated risks, ensure appropriate resources and processes exist for WHS compliance, and verify the provision and use of those resources and processes.

Let me break this down practically. “Acquiring and maintaining knowledge” doesn’t mean attending a one-day course five years ago. It means staying current with WHS developments, understanding how they apply to your industry, and being able to demonstrate ongoing learning. I keep detailed records of every WHS publication I read, every course I attend, every consultation I have with experts. Why? Because if I’m ever required to demonstrate my knowledge as part of due diligence, I can.

“Understanding business operations and risks” means you can’t plead ignorance about what happens in your workplace. I once reviewed a managing director’s diary as part of a due diligence assessment. In twelve months, he’d spent less than four hours at operational sites and couldn’t name three significant hazards in his business. That’s not due diligence – that’s wilful blindness.

“Ensuring appropriate resources and processes exist” means you’re actively involved in WHS resource allocation and system design. It’s not enough to rubber-stamp the safety manager’s budget request. You need to understand what resources are required and why.

“Verifying provision and use” means you have systems to confirm that resources and processes are actually being implemented, not just approved. This requires regular reporting, site visits, and direct engagement with WHS activities.

The trap most executives fall into is treating due diligence as a compliance checklist rather than an ongoing responsibility. Due diligence isn’t something you achieve – it’s something you demonstrate every day through your decisions, priorities, and actions.

Building your defense: practical compliance framework

After watching too many executives discover their exposure the hard way, I’ve developed a framework that actually works. It’s not about creating perfect safety systems – it’s about creating demonstrable evidence that you’re taking your obligations seriously.

Documentation that matters. Courts don’t care about policy documents that gather dust on servers. They care about evidence of implementation, review, and continuous improvement. Your documentation should tell the story of your WHS journey: what you knew, when you knew it, what you did about it, and how you verified it worked.

I recommend maintaining three types of records: knowledge development (training, reading, consultation), decision-making (why you allocated resources the way you did, how you prioritized risks), and verification (how you confirmed systems were working). These records shouldn’t be perfect – they should be honest. Courts can spot manufactured documentation from a mile away.

Regular review processes that demonstrate commitment. You need scheduled, systematic reviews of your WHS performance, and you need to be personally involved. I suggest monthly executive briefings on WHS matters, quarterly deep dives into specific risk areas, and annual comprehensive reviews of your entire WHS framework.

But here’s the crucial point: these reviews must result in action. I’ve seen companies conduct elaborate reviews that never led to any changes. That’s worse than not reviewing at all – it suggests you’re aware of problems but choosing not to address them.

Training that includes you. Most executives assume WHS training is for workers, not management. That’s backwards. As an officer with due diligence obligations, you need more training than anyone else. You need to understand not just your legal obligations, but how WHS systems work, how to evaluate their effectiveness, and how to make informed decisions about resource allocation.

I’ve seen executives try to delegate their learning responsibilities to others. “My safety manager handles all that,” they say. That might work for operational matters, but it doesn’t satisfy your personal due diligence obligations. You can’t outsource your own knowledge requirements.

The framework I use with clients isn’t complicated, but it is comprehensive. It recognizes that PCBU obligations in Australia require both systematic approaches and personal accountability. Most importantly, it creates evidence that demonstrates genuine commitment rather than mere compliance.

The bottom line: your exposure vs. your options

Let me put this in terms every executive understands: risk versus return. On one side, you have the potential consequences of failing to meet your PCBU obligations. On the other, you have the cost of comprehensive compliance.

The downside exposure is genuinely catastrophic. Individual fines for officers can eye-watering levels – see the table below:

Offence Type	Officer/PCBU (Individual)	Imprisonment	Body Corporate
Industrial Manslaughter	$5,000,000	20-25 years	$10,000,000–$20,000,000
Category 1 – Reckless Conduct	$3,000,000	5–10 years	$15,000,000
Category 2 – Exposes to Risk	$798,383	N/A	$3,992,492
Category 3 – Fails Duty	$155,000–$100,000	N/A	$776,000–$500,000

Reference: here 

Criminal conviction means a permanent record that follows you for life. Professional registration and directorships can be lost. Reputational damage can end careers permanently. And remember – this isn’t corporate liability that insurance covers. This is personal.

I know executives who’ve lost everything because they thought WHS compliance was someone else’s job. I know others who’ve spent hundreds of thousands of dollars on legal fees defending prosecutions that proper due diligence could have prevented.

The upside? Comprehensive compliance typically costs a fraction of annual executive compensation. Proper training, systematic risk management, and regular reviews represent insignificant investments compared to the potential losses from failure.

But here’s what really motivates the executives I work with: peace of mind. When you truly understand your obligations and have systems in place to meet them, you sleep better. You make decisions with confidence. You focus on running your business instead of worrying about legal exposure.

The choice isn’t between compliance and profitability – it’s between proactive management and reactive crisis response. I’ve never seen proper WHS compliance damage a business. I’ve seen the lack of it destroy them.

PCBU obligations in Australia aren’t going away. If anything, they’re becoming more stringent as regulators become more sophisticated and courts become less tolerant of executive ignorance. The executives who thrive in this environment are those who get ahead of their obligations rather than trailing behind them.

You can wait until you receive that late-night phone call about a workplace incident, or you can act now to ensure it never comes. The choice, like the liability, is personal.