What are the legal requirements of working from home for UK employers?

Working from home is now a familiar part of working life for many UK businesses, whether roles are fully remote or hybrid. This shift towards flexibility comes with a clear set of legal responsibilities for employers, including contracts, working hours, data protection, and employee wellbeing.

When it comes to health and safety, working from home doesn’t change an employer’s duty of care or other legal requirements that continue to apply wherever work takes place.

This article explains the legal requirements of working from home for UK employers, setting out what the law expects across different areas and how health and safety fits into the wider compliance picture as working patterns continue to evolve.

 

Skip to:

How should employee contracts legally reflect working from home?

What health and safety responsibilities do employers have for home workers?

How do working time, pay, and rest break laws affect working from home?

What are an employer’s legal responsibilities for data protection when staff work from home?

Stay grounded in the legal responsibilities of remote working

FAQs about the legal requirements of working from home

 

How should employee contracts legally reflect working from home?

 

When an employee works from home, either in a fully remote role or a more flexible work pattern, such as hybrid working, their contract needs to reflect the arrangement clearly. Several areas of UK employment law shape what the contract should include.

The Equality Act 2010 protects employees from discrimination and requires employers to consider whether working arrangements disadvantage certain groups. The Employment Rights Act 1996 governs contractual terms and how employers can make changes to them, while Working Time Regulations 1998 apply regardless of where work takes place.

To meet these legal requirements, employers should include the following points in their home working contracts:

• Place of work: State where the employee will normally work, including when their home forms part of the working arrangement, and clarify what happens if the employee moves home. The contract should also state if the employee must attend employer premises or other locations as part of their role, or any role they move into.
  
  

• Working hours: Set out expected working hours, including any core hours, how flexibility works in practice, and how overtime works (as required.)
  
  

• Work-related costs and expenses: Explain which employee expenses the employer will cover and those the employee remains responsible for, such as utilities, internet access, equipment, or travel linked to the role.
  
  

• Tax considerations: Employees may be able to claim tax relief on certain home working costs if it’s part of their employment contract. Employers can signpost official government guidance, so employees understand what applies to them.
  
  

• Right of access: Set out the employer’s right to access the employee’s home where reasonably required, for example, to install, maintain, or retrieve work equipment, while respecting employees’ privacy and providing appropriate notice.
  
  

• Access to benefits: If you offer employee benefits linked to being on-site, such as free canteen meals or access to an on-site gym, explain how these apply to employees who work from home or what you’ll offer instead. Where differences exist, it’s important to explain them clearly and check they work fairly for everyone.
  
  

• Health and safety responsibilities: Confirm that health and safety duties apply wherever work takes place, including when employees work from home, and that employees must follow relevant policies and take reasonable care of their own safety.
  
  

• Confidentiality and data handling: Reinforce the employee’s responsibility to protect confidential information and personal data when working from home, in line with company policies.

Alongside these legal requirements, many employers also use a working from home policy to explain how arrangements work in practice. This can cover communication, availability, performance expectations, and how issues such as health and safety should be raised. A clear policy covers the practical details of working from home that don’t need to be in a contract.

 

What health and safety responsibilities do employers have for home workers?

 

Health and safety often becomes harder to manage as teams become remote or multi-site. While there are differences to bear in mind, employers can stay grounded by understanding the relevant UK laws, starting with the foundational Health and Safety at Work etc. Act 1974 that places a general duty on employers to protect employees’ health, safety, and welfare while at work in any location.

Based on these laws, employers are expected to meet the following responsibilities for home workers:

• Carry out risk assessments: According to the Management of Health and Safety at Work Regulations 1999, employers must assess hazards linked to home working arrangements and take reasonable steps to reduce any risks to mental or physical health. As teams grow or working patterns change, these assessments need regular review to remain effective.
  
  

• Assess Display Screen Equipment (DSE: Employers must complete DSE assessments for employees who use screens regularly and address any issues. Unfortunately, Breathe’s survey* of SME employees found that 50% of remote or hybrid workers had either not completed a DSE assessment, didn’t have the right equipment, or both.
  
  

• Provide suitable equipment or support where needed: Where assessments show that an employee can’t work safely with their current setup, employers are expected to take action. This can include requiring employees to return to the office if they can’t work safely at home. Some businesses choose to offer a home working allowance or stipend to help employees purchase suitable desks, chairs, screens, or other ergonomic equipment.
  
  

• Review arrangements when circumstances change: Employers should review health and safety arrangements if an employee’s role, workload, equipment, physical or mental health, or working pattern changes, including moves between home and other work locations.
  
  

• Report certain work-related incidents: In some cases, employers must report injuries, illnesses, or dangerous occurrences linked to work activities under Reporting of Injuries, Diseases and Dangerous Occurrences Regulations (RIDDOR), even when the incident occurs at home.

 

How do working time, pay, and rest break laws affect working from home?

Working from home doesn’t change how working time, pay, or rest break laws apply. Employers remain responsible for managing hours, pay, and rest in line with UK employment law, even where employees work flexibly or outside traditional working patterns.

The main legal framework here is the Working Time Regulations 1998, which apply regardless of where work takes place. These regulations set clear limits on working time and rest, including:

• A maximum average working week of 48 hours, usually averaged over a 17-week period

• The right for workers to opt out of the 48-hour limit voluntarily, in writing

• A minimum of 11 consecutive hours’ rest in each 24-hour period

• At least one day off each week, or two days off over a two-week period

• A 20-minute minimum rest break for employees who work more than six hours a day

• A maximum of 8 hours per day, 40 hours per week, 12 hours’ daily rest, and two days’ weekly rest for young workers (those over the compulsory school leaving age but under 18)

These limits apply equally to employees who work from home, work across multiple locations, or follow hybrid or flexible working patterns.

Employers still need to monitor hours and avoid situations where long or irregular working days become the norm without oversight. The aim is always to prevent excessive working hours and protect work life balance, which plays a key role in employees’ mental health support.

What are an employer’s legal responsibilities for data protection when staff work from home?

Working from home doesn’t reduce an employer’s responsibility for protecting personal and confidential data. The same data protection laws apply wherever work takes place, including when employees handle information from home or other locations.

UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 require employers to process personal data lawfully, fairly, and securely, and to take appropriate technical and organisational measures to protect it. Employers remain accountable for how data is handled, even when employees work outside employer premises.

Under UK GDPR, employers must:

• Assess data protection risks: Employers should assess how home working affects the confidentiality, integrity, and availability of personal data. This includes considering how employees access data, where it’s stored, and how it could be lost, accessed, or disclosed unintentionally.
  
  

• Limit access to personal data: Employees should only have access to the data they need to do their job. Employers should review permissions regularly and remove access where it is no longer required.
  
  

• Secure devices and systems: Employers must take reasonable steps to secure devices used for work. This often includes encryption, strong passwords, and up-to-date security software on laptops, phones, and other devices used to access work systems.
  
  

• Set clear rules for handling data: Employers should clearly explain how employees must handle personal and confidential data when working from home. This includes guidance on storing documents, using removable media, sharing information, and reporting lost or stolen devices promptly.
  
  

• Protect employee privacy: While employers may monitor systems to protect data, they must do so lawfully and proportionately. Monitoring must respect employees’ right to privacy and comply with data protection law. Covert or excessive monitoring can breach UK GDPR and employment law.
  
  

• Control access to systems: Employers should consider technical controls, such as secure networks or VPNs where employees access sensitive data remotely, particularly if employees work from public locations or shared networks.

The Information Commissioner’s Office (ICO) expects employers to build data protection into their home working arrangements. ICO offers work from home security checklists to help employers develop proportionate security measures and meet their legal obligations.

Stay grounded in the legal responsibilities of remote working

Knowing how the law applies to home working employees is an important first step - the next is to sense-check your current setup. That might mean reviewing contracts to see whether they reflect how people actually work, checking whether risk and DSE assessments are up to date, or confirming how working time and data protection rules operate.

These small checks can highlight gaps that are easy to overlook when remote working becomes routine.

In Breathe’s on-demand webinar, ‘How safe are you, really? SME health and safety risks in 2026’, we take a look at where health and safety gaps start to appear in growing organisations and discuss practical steps to make sure your business is meeting legal responsibilities. Watch it here to dig into real SME health and safety data and expert insights.

FAQs about the legal requirements of working from home

What are the safety considerations when working from home?

When employees work from home, employers still have a legal duty to protect their health and safety. This includes considering physical risks, such as workstation setup and prolonged screen use, as well as risks linked to workload, stress, or isolation.

The law expects employers to identify risks, take reasonable steps to reduce them, and review arrangements if circumstances change. Employees are also responsible for following guidance and raising health and safety concerns if something no longer feels safe.

What are the laws around working from home?

Several areas of UK law apply regardless of where work takes place, including when employees work from home. These include:

• Health and Safety at Work etc. Act 1974, which sets out employers’ general duty of care

• Management of Health and Safety at Work Regulations 1999, which require risk assessments

• Working Time Regulations 1998, which govern hours, rest, and breaks

• Employment Rights Act 1996, which covers contractual terms and changes

• Equality Act 2010, which protects employees from discrimination

• UK GDPR and the Data Protection Act 2018, which govern how personal data is handled

Do employers need to conduct risk assessments for remote workers?

Yes, employers must carry out risk assessments for employees who work from home in the same way they would for employees working in any other location. Guidance from the Health and Safety Executive (HSE) confirms that this duty applies even where employers don’t have direct control over the home environment.

Assessments include:

• General home working risk assessments, which look at the wider working environment, how work is carried out, and any safety risks linked to workload, isolation, or stress

• Display Screen Equipment (DSE) assessments for employees who regularly use screens, covering workstation setup, seating, screen height, and input devices

• Individual risk assessments, such as pregnancy and maternity risk assessments or assessments linked to a disability or long-term health conditions

Employers must act on the findings of these assessments and review them if circumstances change. Employees must also flag any risks they notice and provide updates about any changes since the last assessment.