Businesses move fast – scaling, expanding and pivoting at pace. However, as the employment law landscape changes, employers must review whether their people governance is keeping up.
With the government working its way through the long list of reforms introduced under the Employment Rights Act 2025 (ERA 25), we asked more than 300 employers in our Workforce 2026 survey what changes they were most concerned about. 41% of tech businesses surveyed identified the new duty to prevent sexual harassment as their biggest concern, compared with 29% across all respondents.
So, what is the duty to prevent sexual harassment, and what can employers do to address those concerns?
‘All’ reasonable steps and third parties
Since October 2024, employers have had to take reasonable steps to prevent sexual harassment at work. However, under ERA 25, this duty will be extended so that employers must take ‘all’ reasonable steps to prevent sexual harassment of employees. This will include harassment from third parties such as clients, customers and suppliers. These changes will take effect from October 2026.
Employers who fail to comply risk facing sexual harassment claims from employees, a 25% increase in any damages awarded, enforcement action from the Equality and Human Rights Commission (EHRC) and reputational damage.
Why are tech businesses at risk?
There are a variety of risk factors within the tech industry:
- Fast growth usually means culture develops informally before governance catches up.
- Start-up and scale-up environments can blur the boundaries between work, socialising and personal relationships. Businesses may rely heavily on informal networking, industry events, client entertainment, investor meetings, conferences, off-sites and online collaboration tools – all of which expose employers to risks of sexual harassment.
- Historically, the industry has been dominated by male leadership teams, which can sometimes lead to exclusive environments that tolerate inappropriate comments or behaviour.
- Many tech workforces are hybrid, international and heavily reliant on digital communication channels such as Slack, Teams, WhatsApp and project management platforms – all of which can foster inappropriate behaviour without the right controls in place.
Employees in the tech industry are also usually highly paid, meaning that compensation awarded in tribunal cases can be hundreds of thousands of pounds. In a recent employment tribunal case, an employer was found to have harassed and victimised an employee and ordered to pay over £350,000 in compensation. In cases where employers have failed to take any steps to protect employees from harassment, the EHRC can step in and issue a section 23 agreement, which requires the employer to commit to upholding equality laws.
What is the duty to prevent sexual harassment?
Sexual harassment is when a worker is subjected to unwanted conduct of a sexual nature. It doesn’t need to be motivated by one employee’s sexual desire for another – for example, sending sexually graphic pictures digitally on a group chat is also sexual harassment.
The legal duty for employers to prevent sexual harassment introduced in October 2024 applies to all employers and requires them to introduce processes and controls to prevent workers from being sexually harassed at work. Campaigners have criticised the legislation for not going far enough, and those criticisms are being addressed by the enhanced duties that take effect this October.
What are employers expected to do?
Employers – some of whom are yet to comply with the existing duty to prevent sexual harassment – must take urgent action. The EHRC has set out eight key processes for employers to put in place to make sure they comply with their duties:
- Effective anti-harassment policy
- Staff engagement
- Risk assessment
- Anonymised reporting system
- Training
- Complaints process
- Dealing with third-party harassment
- Monitor and evaluate actions.
Risk assessment
All employers must look at whether their working culture creates or tolerates environments that enable sexual harassment. This may include asking difficult questions, such as:
- Is inappropriate conduct dismissed as banter?
- Are complaints handled informally because the alleged perpetrator is senior, commercially important or difficult to replace?
- Are junior employees expected to attend late-night networking events where boundaries are unclear?
- Are female employees, or employees from underrepresented groups, less likely to feel safe raising concerns?
- Are founders, senior developers or high-performing sales staff treated differently when complaints are made?
Employers must also consider how harassment risks may arise in the real working environment, not just formal office settings. For example, what risks do instant messaging channels pose, and how could remote working foster sexual harassment risks?
Third-party risks must now also be reviewed. This will be particularly important for businesses whose employees attend client sites, investor meetings, industry events or networking functions. Employers should consider what they would do if a third party were to harass one of their employees. Responses may include escalation, contractual protections and clear authority for managers to remove employees from unsafe situations.
Effective policies
Policies must be reviewed and updated to make sure they are clear and accessible. Employees should know what sexual harassment means, how to raise a concern, who to speak to, what will happen after a complaint is made and what protections are in place against victimisation. These policies will now also need to deal expressly with third-party harassment.
Training
Training should be targeted. A short, annual e-learning module is unlikely to be enough on its own. Managers, founders and senior leaders need to understand their responsibilities, how to respond to complaints and why informal resolution may be inappropriate in serious cases. Employees need to be given practical examples of sexual harassment in online messages, social events, client interactions and in the blurred boundaries in informal workplace cultures so that they understand what it means and are aware of the risks.
Anonymised reporting
Employees must have trust in reporting channels – they will not report concerns if they believe nothing will happen, or if the alleged harasser is seen as too powerful to challenge. Businesses should consider giving employees more than one route to raise concerns, so that allegations that relate to a senior leader or founder can be heard independently.
Culture is now a business-critical risk
ERA 2025 will raise the bar for all employers. For tech businesses, the challenge is not simply to update policies before October 2026, it is to show that they understand the specific risks within their working environment and have taken meaningful steps to prevent harassment before it happens.
In a sector where skilled talent is hard to attract, salary expectations remain high and employment claims are expected to increase, culture is a legal, commercial and strategic risk.
If you’d like to understand how these changes could impact your organisation, or need support reviewing your policies and approach, please get in touch with Charlie Barnes to start the conversation.