Good Business Travel
Contact Us

Guides

Duty of Care Business Travel

In This Article

Duty of care in business travel: a complete guide for UK employers

Every time an employee boards a flight, checks into a hotel, or hires a car on your behalf, your legal and moral responsibility travels with them.

That responsibility is called duty of care. It does not pause when someone leaves the office. It does not shrink because a trip is short or the destination feels routine. And it does not disappear because you have a travel insurance policy somewhere in a filing cabinet.

This guide covers what duty of care means in the context of business travel, what UK law requires of you, and what a genuinely useful programme looks like in practice.

What is duty of care?

Duty of care is the legal and moral obligation employers have to protect employees from foreseeable harm. In the context of work, this spans physical safety, mental health, and general wellbeing.

The concept is not new. The landmark case of Donoghue v Stevenson (1932) established what became known as the “neighbour test”: you must take reasonable care to avoid acts or omissions that could foreseeably harm others. When an employee travels at your request, they sit firmly within that circle of responsibility.

It is important to understand that duty of care is not a single piece of legislation. There is no specific law that defines it. Instead, courts use several different tests to establish whether a duty of care exists, and the obligation extends to both physical and mental health.

Several pieces of legislation shape an employer’s duty of care when it comes to business travel.

The Health and Safety at Work Act 1974 sets the baseline. Employers must protect employees’ health and safety “so far as is reasonably practicable.” This does not require perfection, but it does require action unless the cost or effort would be grossly disproportionate to the risk involved.

The Corporate Manslaughter and Corporate Homicide Act 2007 raised the stakes further. Where an employer’s gross failure in the management of health and safety causes death, the organisation itself can face prosecution. This is not a theoretical risk.

Beyond statute, under UK common law, employers have a duty to take reasonable care of their employees. Within the context of travel, this means implementing all reasonably practical steps to reduce the risks involved, no matter where employees are.

As a minimum, employers must:

  1. Have a written policy outlining their approach to health and safety
  2. Carry out risk assessments before travel takes place
  3. Provide employees with relevant information and training

Note that these are minimum requirements, not a complete programme.

Why business travel creates specific risk

The risks that apply in a fixed workplace do not disappear when someone travels. They change, and in many cases they increase.

At the office, you control the environment. A travelling employee is exposed to conditions you did not design and cannot directly monitor. The list of genuine risks is longer than most employers acknowledge:

  • Visiting and driving in unfamiliar places, often under time pressure
  • Standing out from the local population, which can make travellers targets
  • Fatigue and jet lag impairing judgement on decisions that matter
  • Health threats specific to certain regions, including vaccination requirements
  • Natural disasters, political instability, and civil unrest
  • Terrorist incidents in what were previously considered safe destinations
  • Working alone in remote or isolated locations
  • Cybercrime, particularly when using hotel wi-fi or public networks

 

Cyber attacks tripled in the early part of 2024. Travellers use hotel wi-fi and check emails at airports. They are targets. If hackers compromise client data because you did not require VPNs, you have failed your duty of care twice: to your employee and to your clients.

Mental health is not a footnote. Research indicates that mental health problems affect a significant proportion of frequent business travellers. Burnout, stress, and isolation are foreseeable harms that must be addressed. Frequent travel is genuinely hard on people. A good duty of care programme accounts for that.

Beyond the impact on individual employees, any of these risks can affect a company’s productivity, profitability, and reputation. The case for proactive risk management is not just ethical. It is commercial.

What a good programme looks like

Duty of care in business travel is not a box-ticking exercise. It is an ongoing programme that operates before, during, and after each trip.

Risk assessments

A travel risk assessment is integral to achieving duty of care obligations. The goal is to identify threats an employee could face whilst travelling, making it possible to identify and manage potential risks before they happen. Travel risks are constantly changing, and the assessment needs to cover everything from missing a flight to a global pandemic.

Each trip presents its own profile. A risk assessment should look at:

  • The destination: security situation, healthcare access, legal and regulatory environment, visa requirements
  • The traveller: pre-existing medical conditions, disabilities, previous experience of the destination, any factors that increase personal risk
  • Environmental factors: weather, infrastructure, local transport standards
  • The nature of the work: whether the employee will be meeting clients, attending public events, travelling alone, or working in isolated areas

This step needs to happen before the booking is confirmed, not the day before departure.

Travel insurance and vaccinations

Travel insurance is not optional. The policy must be in place before the trip begins and must cover the specific destination and type of activity involved. At a minimum, it should provide for emergency medical treatment, medical evacuation, trip cancellation, and lost or stolen equipment.

Other considerations worth including in the policy are personal liability coverage, work equipment coverage, and cybercrime protection.

Once the policy is confirmed, a copy should be sent to the traveller, both digitally and in print. They should know exactly who to call and what to do if something goes wrong.

On vaccinations: some destinations require specific jabs, typically arranged four to eight weeks ahead of the trip. These are not the employee’s personal expense. Arranging them is part of the employer’s obligation, and covering the cost is part of fulfilling it.

A written business travel policy

A business travel policy is the document that holds everything together. It is not a legal requirement in the strictest sense, but it is the most practical way to demonstrate that you have thought about your obligations and communicated them clearly.

A good policy covers:

  • How travel is booked, and which platforms or suppliers are approved
  • Pre-trip requirements, including risk assessment sign-off and insurance confirmation
  • Expense and reimbursement rules
  • Code of conduct and any relevant legal compliance considerations for specific destinations
  • Cultural context for high-frequency destinations
  • What to do in an emergency: contacts, escalation process, what the company will do and when

The policy should be a live document, updated after each trip cycle or following any incident that reveals a gap.

Real-time support and traveller communication

Employers must prioritise duty of care by creating a policy that uses technology and human touchpoints to ensure employees are supported while on a trip. The technology side matters, but communication channels matter just as much.

Keeping travellers informed requires more than a pre-trip briefing. Effective ongoing communication uses multiple channels:

  • Email for booking confirmations and pre-departure advisory notices
  • SMS for time-sensitive alerts, which travellers are more likely to open quickly than email
  • Direct phone contact when something serious happens. Every traveller should be reachable by mobile and should know exactly who to call
  • An online booking tool configured to surface travel alerts and warnings during the booking process
  • A travel portal or intranet section where risk processes, emergency contacts, and traveller guidance are documented

ISO 31030, the international travel risk management standard, expands the concept of duty of care to cover a traveller’s full wellbeing, both physical and mental. Aligning your programme with this framework strengthens your duty of care obligation, improves employee safety, and supports business continuity.

Traveller tracking

Knowing where your people are is not surveillance. It is basic risk management.

If an incident occurs in a city, you need to know within minutes whether any of your travellers are in that location. Without a tracking system, you are relying on the traveller to contact you. In a genuine emergency, that is not a reliable process.

At a minimum, keep accurate records of who is travelling, where, and when. If you work with a travel management company, ask about their tracking capabilities. The best TMCs offer real-time visibility of itineraries, GPS-enabled location tracking, and the ability to contact travellers directly through the tracking platform.

Choosing safe transport and accommodation

The booking process itself is a risk management activity. Approved airline carriers, pre-booked airport transfers through verified suppliers, and accommodation in safe, central areas all reduce exposure.

When selecting hotels, properties with CCTV, secure key card access, and a visible security presence are the safer choice. Accommodation in an unfamiliar city centre offers better transport connections and reduces the likelihood of an employee navigating alone in an unfamiliar area late at night.

Where possible, involve the traveller in planning. They may have relevant knowledge of the destination, preferences that affect comfort and efficiency, or concerns worth addressing before the trip.

Emergency planning

The company travel policy must outline what employees should do in the event of an incident. This should include contact details for the provider nominated on the company travel insurance programme.

The plan should not assume all emergencies are the same. A medical incident requires a different response from a natural disaster or a security situation. For each scenario, the process should be clear: who is notified, what actions follow, how additional support is arranged, and what post-incident care looks like.

Everyone with responsibility for a travelling employee should know this process before it is needed.

The debrief

Duty of care does not end when the traveller lands. A post-trip debrief captures what worked and what did not.

This can be as simple as a structured conversation or a short survey. The questions worth asking cover the traveller’s general experience of safety and comfort, whether the pre-trip information was accurate and useful, any incidents or near-misses, and how expenses compared to the pre-planned budget.

The answers should feed directly into the travel policy. Patterns across multiple trips reveal gaps. A single incident that is documented and acted upon is one that does not happen again.

SMEs and the duty of care gap

Large organisations typically have travel risk management embedded in their programmes. They have dedicated travel managers, relationships with risk intelligence providers, and technology that surfaces alerts automatically.

Smaller businesses often do not. The risks are the same. The obligation is the same. The gap is simply that nobody has built the programme yet.

If your business has employees who travel regularly and you do not have a formal risk assessment process, a written travel policy, and a clear communication plan in place, that gap needs closing.

A travel management company can accelerate this significantly. The right TMC will help you build your first traveller safety programme, implement tracking technology, and provide 24/7 support for travellers in any time zone. That relationship does not replace your obligation as an employer. But it provides the infrastructure to meet it.

ISO 31030: the international standard for travel risk management

The International Organization for Standardization published ISO 31030 as a comprehensive standard for managing travel risk. It is based on the general risk management principles of ISO 31000 and provides a framework for travel risk managers responsible for the safety, security, and wellbeing of their employees.

ISO 31030:2021 outlines how to implement a comprehensive travel risk management programme. It provides a clear framework covering threat identification and risk assessments, security arrangements, medical assistance, emergency procedures, traveller tracking, real-time alerts, two-way communications, and the creation and maintenance of a corporate travel safety policy.

ISO 31030 is not a mandatory requirement, but it is increasingly used as a benchmark for demonstrating due diligence to insurance providers and for ensuring coverage and mitigating liability risks. If your business is ever subject to legal challenge following a travel-related incident, demonstrating alignment with ISO 31030 is evidence that you took the standard seriously.

What good looks like in practice

A business that takes duty of care seriously does not wait for something to go wrong before building a programme. It treats travel risk management as part of normal operations, not as a response to a crisis.

The basics are not complicated. A written policy. Risk assessments that are specific to each trip and traveller. Travel insurance that actually covers the destination and the activity. A communication plan that works in an emergency. Clear escalation contacts. A debrief process that improves the policy over time.

What separates good from poor is consistency and ownership. Duty of care fails when it is treated as a checklist completed once and forgotten. It works when it is part of how travel is managed every time.

If you are unsure where your programme currently stands, start with the basics. A risk assessment template, a written policy, and a clear emergency contact process will do more for your travellers’ safety than any amount of sophisticated technology implemented inconsistently.

Lets have a chat

Your business travel is about to get a whole lot easier.

Just leave a few details about your business travel needs and our expert team will be in touch.

Your information is secure. View our Privacy Policy

Download Now
Back