NZ Regulatory Framework

New Zealand’s workplace health and safety system is built on a hierarchy of legislation and regulations. Understanding which rules apply to your organisation — and how they relate to each other — helps you use SteadyOn more effectively.

This page is not legal advice. For specific compliance questions, consult a qualified health and safety advisor or lawyer.

The legislation at a glance

Legislation	What it covers	Who it applies to
HSWA 2015	Primary duty of care, officer due diligence, notifiable events	All PCBUs with workers
GRWM Regulations 2016	Risk management, emergency plans, workplace facilities, remote work	All PCBUs
Worker Engagement Regulations 2016	Health and safety representatives, committees, worker participation	PCBUs with workers
First Aid Regulations 2016	First aid equipment, trained first aiders, minimum provision	All PCBUs
FENZ Act 2017 + Evacuation Regulations 2018	Evacuation schemes, fire safety, warden training	Most workplaces with buildings
Privacy Act 2020	Handling incident data, health records, employee personal information	All organisations handling personal data

How the layers fit together

The Health and Safety at Work Act 2015 (HSWA) is the foundation. It sets the overarching duty of care — that every PCBU must ensure, so far as is reasonably practicable, the health and safety of its workers and others affected by its work.

Below the Act sit a series of regulations — these translate the broad duties in the HSWA into specific requirements. The most significant for most workplaces are:

GRWM Regulations — the day-to-day operational requirements: how to manage risk, what to do in an emergency, what facilities workers must have access to
Worker Engagement Regulations — how to involve workers in health and safety decisions through representatives, committees, and participation practices
First Aid Regulations — the minimum first aid provision every workplace must have

Alongside these, two further laws apply in specific contexts:

FENZ Act and Evacuation Regulations — apply when you occupy a building and must maintain an evacuation scheme; managed in cooperation with Fire and Emergency New Zealand
Privacy Act 2020 — applies whenever you collect, store, or use personal information about workers or incident parties, including health and wellbeing data

How SteadyOn addresses each area

Area	SteadyOn module
Identifying and managing hazards	Hazard Register
Documenting risk controls	Hazard Register — Controls field
Emergency procedures (documented)	Documents module
Incident recording and investigation	Incident Register
Notifiable event tracking	Incident Register — Notifiable flag
Worker hazard reporting	Hazard and Incident reporting (all roles)
Public / contractor incident reporting	Public Incident Reporting link
Corrective actions and follow-up	Corrective Actions module
Workplace inspections	Inspections module
First aid training records	Training module — First Aid category
Evacuation warden certification	Training module — Fire Safety category
Audit trail for due diligence	Audit Log
Board / officer compliance visibility	Dashboard and Reports

A note on “so far as is reasonably practicable”

The HSWA and its regulations use this phrase extensively. It means you are required to take precautions that a reasonable person in your position, with knowledge of the risks, would take — balancing the likelihood and severity of harm against the cost and difficulty of the precaution.

SteadyOn’s risk assessment tools (the 5×5 risk matrix, BRAG status, and corrective action priority levels) are designed to help you make and document these judgements consistently. A documented risk assessment is evidence that you considered the risk and made a reasoned decision about how to manage it.

See Risk Assessment for full detail on how the risk matrix works.