Sexual harassment in tech: why culture is a business risk

Businesses move fast – scaling, expanding and pivoting at pace. However, as the employment law landscape changes, employers must review whether their people governance is keeping up.

With the government working its way through the long list of reforms introduced under the Employment Rights Act 2025 (ERA 25), we asked more than 300 employers in our Workforce 2026 survey what changes they were most concerned about. 41% of tech businesses surveyed identified the new duty to prevent sexual harassment as their biggest concern, compared with 29% across all respondents.

So, what is the duty to prevent sexual harassment, and what can employers do to address those concerns?

‘All’ reasonable steps and third parties

Since October 2024, employers have had to take reasonable steps to prevent sexual harassment at work. However, under ERA 25, this duty will be extended so that employers must take ‘all’ reasonable steps to prevent sexual harassment of employees. This will include harassment from third parties such as clients, customers and suppliers. These changes will take effect from October 2026.

Employers who fail to comply risk facing sexual harassment claims from employees, a 25% increase in any damages awarded, enforcement action from the Equality and Human Rights Commission (EHRC) and reputational damage.

Why are tech businesses at risk?

There are a variety of risk factors within the tech industry:

Employees in the tech industry are also usually highly paid, meaning that compensation awarded in tribunal cases can be hundreds of thousands of pounds. In a recent employment tribunal case, an employer was found to have harassed and victimised an employee and ordered to pay over £350,000 in compensation. In cases where employers have failed to take any steps to protect employees from harassment, the EHRC can step in and issue a section 23 agreement, which requires the employer to commit to upholding equality laws.

What is the duty to prevent sexual harassment?

Sexual harassment is when a worker is subjected to unwanted conduct of a sexual nature. It doesn’t need to be motivated by one employee’s sexual desire for another – for example, sending sexually graphic pictures digitally on a group chat is also sexual harassment.

The legal duty for employers to prevent sexual harassment introduced in October 2024 applies to all employers and requires them to introduce processes and controls to prevent workers from being sexually harassed at work. Campaigners have criticised the legislation for not going far enough, and those criticisms are being addressed by the enhanced duties that take effect this October.

What are employers expected to do?

Employers – some of whom are yet to comply with the existing duty to prevent sexual harassment – must take urgent action. The EHRC has set out eight key processes for employers to put in place to make sure they comply with their duties:

Risk assessment

All employers must look at whether their working culture creates or tolerates environments that enable sexual harassment. This may include asking difficult questions, such as:

Employers must also consider how harassment risks may arise in the real working environment, not just formal office settings. For example, what risks do instant messaging channels pose, and how could remote working foster sexual harassment risks?

Third-party risks must now also be reviewed. This will be particularly important for businesses whose employees attend client sites, investor meetings, industry events or networking functions. Employers should consider what they would do if a third party were to harass one of their employees. Responses may include escalation, contractual protections and clear authority for managers to remove employees from unsafe situations.

Effective policies

Policies must be reviewed and updated to make sure they are clear and accessible. Employees should know what sexual harassment means, how to raise a concern, who to speak to, what will happen after a complaint is made and what protections are in place against victimisation. These policies will now also need to deal expressly with third-party harassment.

Training

Training should be targeted. A short, annual e-learning module is unlikely to be enough on its own. Managers, founders and senior leaders need to understand their responsibilities, how to respond to complaints and why informal resolution may be inappropriate in serious cases. Employees need to be given practical examples of sexual harassment in online messages, social events, client interactions and in the blurred boundaries in informal workplace cultures so that they understand what it means and are aware of the risks.

Anonymised reporting

Employees must have trust in reporting channels – they will not report concerns if they believe nothing will happen, or if the alleged harasser is seen as too powerful to challenge. Businesses should consider giving employees more than one route to raise concerns, so that allegations that relate to a senior leader or founder can be heard independently.

Culture is now a business-critical risk

ERA 2025 will raise the bar for all employers. For tech businesses, the challenge is not simply to update policies before October 2026, it is to show that they understand the specific risks within their working environment and have taken meaningful steps to prevent harassment before it happens.

In a sector where skilled talent is hard to attract, salary expectations remain high and employment claims are expected to increase, culture is a legal, commercial and strategic risk.

If you’d like to understand how these changes could impact your organisation, or need support reviewing your policies and approach, please get in touch with Charlie Barnes to start the conversation.

authors:charlie-barnes