What Is a Critical Risk Under the Health and Safety at Work Amendment Bill 2026?
A critical risk under the Health and Safety at Work Amendment Bill 2026 is a risk that could result in death, serious injury, or serious ill health if not effectively controlled. It requires deliberate identification, strong direct controls, active monitoring, and clear officer oversight. It cannot be managed through paperwork alone.
If your board cannot clearly articulate your organisation’s critical risks and how they are controlled, you likely have a governance exposure.
What Is a Critical Risk Under the Health and Safety at Work Amendment Bill 2026?
The 2026 Amendment strengthens clarity around serious risk and officer expectations.
A critical risk is not simply a “high” risk on a generic matrix.
It is a risk that:
Has the potential for fatal or life-altering harm
Can overwhelm existing controls
Requires deliberate and layered management
Demands officer visibility and assurance
This aligns with the energy-based view of serious harm, including the CHASNZ definition of high-energy hazards where exposure to approximately 1,500 joules or more can result in serious or fatal harm.
In simple terms:
Critical risks are the risks that can kill people.
Everything else is secondary.
Why Most Organisations Misunderstand Critical Risk
In board workshops I regularly see three patterns:
1. Inconsistent director interpretation
One director rates a hazard high.
Another calls it moderate.
Another focuses on reputational risk instead of physical harm.
Until language is aligned, priorities are fragmented.
2. Administrative distraction
I have seen inspection reports filled with:
Test and tag issues
Sign-in breaches
Minor housekeeping
While contractors were performing unsafe work at height directly above reception.
Policy creation does not compensate for uncontrolled fatal risk.
3. Risk delegation drift
Risk is quietly pushed:
Down the management chain
Across to contractors
Into “that department’s problem”
But legal duty does not delegate that easily.
Critical risk requires governance ownership.
What Is a Critical Risk? The Energy Perspective
The CHASNZ High Energy Hazard guidance provides a practical lens.
It identifies ten energy sources commonly associated with fatal harm:
Gravity
Mechanical
Motion
Sound
Pressure
Radiation
Temperature
Chemical
Biological
Electrical
This energy wheel approach reframes the conversation.
Instead of asking:
“What hazards do we have?”
We ask:
“Where are we exposed to uncontrolled high energy?”
That shift changes board thinking.
Critical Risk Is About Direct Controls, Not Paper Controls
The CHASNZ guidance distinguishes between:
Direct controls – targeted at the energy source and effective even if human error occurs, and
Alternate controls – training, PPE, signage, procedures.
Most organisations rely heavily on alternate controls.
Critical risk management demands direct controls.
For example:
Work at height is not controlled because you wrote a policy.
It is controlled when:
Physical edge protection is installed
Fall prevention systems are engineered
Exclusion zones exist
Verification occurs
Paper does not stop gravity.
Engineering does.
What Critical Risk Looks Like in Practice
From experience across manufacturing, construction, and multi-site operations, critical risks often include:
Work at height
Driving exposure
Mobile plant interaction
Excavation
Confined spaces
Hot works
Fatigue
Psychosocial harm in high-pressure environments
Notice something important.
Driving is almost always present.
It is almost always underestimated.
Because it is normal.
Familiarity reduces perceived risk. It does not reduce consequence.
The Governance Blind Spot Around Critical Risk
I have seen:
Boards set all tolerances to “low” without understanding operational feasibility
Other boards set all tolerances “very high” and create false confidence
New H&S managers introduce critical risk language without onboarding alignment
Executive reports polished before reaching decision makers
The result?
Disconnection.
Once officers properly understand their six due diligence duties and how they intersect with critical risk, the conversation changes.
It becomes:
What does good look like for us?
Where are we most exposed?
Do we have direct controls?
How do we know?
That is governance maturity.
Critical Risk and Officer Due Diligence
Under HSWA, officers must:
Acquire and keep up-to-date knowledge
Understand operations and associated risks
Ensure appropriate resources and processes
Verify implementation
Critical risk sits at the centre of these duties.
If officers cannot:
Name their critical risks
Explain the control strategy
Describe verification processes
Show evidence of review
They are not meeting the spirit of due diligence.
The Cost of Getting Critical Risk Wrong
I have worked with organisations that appeared to be “performing well”.
Lag indicators were stable.
Budgets were tight.
Audit requests were declined because “everything is sorted”.
It took a significant event for the illusion to collapse.
They were not prepared.
Since then:
Annual internal audits exist
External ISO 45001 certification is in place
The H&S function is resourced properly
The board receives a redesigned critical risk report
Critical risk clarity changed the organisation.
What Good Critical Risk Management Looks Like
Good practice includes:
Clear definition aligned to the Amendment Bill
Identification of fatal and life-altering risks
Direct control mapping
Critical risk registers separate from general hazards
Officer-level reporting
Independent verification
Continuous review
It is focused.
Not cluttered.
Not reactive.
FAQ – Critical Risk Under the Health and Safety at Work Amendment Bill 2026
What is a critical risk under HSWA?
A critical risk is a risk that could cause death, serious injury, or serious ill health if not effectively controlled.
How is critical risk different from general risk?
General risks may cause minor harm. Critical risks involve potentially catastrophic consequences and require direct controls and governance oversight.
Does risk appetite override legal duty?
No. Risk appetite cannot override the requirement to do what is reasonably practicable.
Are policies enough to manage critical risk?
No. Direct engineering or system controls are required. Policies and training alone are insufficient.
How often should critical risks be reviewed?
At least annually and after any significant change, incident, or operational shift.
If you are an officer or director, the question is not whether critical risk exists in your organisation.
The question is whether you can clearly articulate it.
Can you name your critical risks?
Can you explain your control strategy?
Can you demonstrate verification?
Can you show evidence of review?
If not, you are relying on optimism.
The Compliance Compass™ provides independent clarity on your governance exposure, control maturity, and verification strength.
Because critical risk does not wait for board alignment.
About the Author
Matt Jones is a HASANZ-registered health and safety consultant and founder of Advanced Safety. He works with directors, executives and senior leadership teams to strengthen governance accountability, clarify risk appetite and design safety systems that remain stable under operational pressure.
Matt specialises in critical risk governance, officer due diligence, and organisational risk maturity. He helps boards move beyond paper-based assurance toward visible control of fatal and life-altering risk exposure.
He is the creator of the S.A.F.E.T.Y.™, F.E.E.D.™, and G.A.P.E.™ frameworks - structured models that integrate strategy, accountability, feedback, execution and leadership alignment into practical safety architecture.
Because safety is not paperwork.
It is leadership under pressure.








