5 compliance areas HR leaders can’t afford to ignore

Article by Jaylene Trovato, Legal and Compliance Officer, Safetrac

For Australian HR leaders, the regulatory landscape has shifted from a series of routine updates to a fundamental transformation in how we define a safe and compliant workplace. 

With the Privacy and Other Legislation Amendment Act 2024 now passed and the Respect@Work reforms in full swing, the cost of an oversight has never been higher. To protect your organisation and your brand, here are five critical compliance areas that require your immediate focus. Here are 5 compliance areas HR leaders can’t afford to ignore.

1.   The Respect@Work “Positive Duty”

The most significant shift in Australian employment law is the move to a “Positive Duty.” Employers are are now legally required to take proactive, reasonable and proportionate steps to eliminate sexual harassment, sex discrimination, sex-based harassment, hostile workplace environments on the ground of sex, and victimisation, as far as possible. It is no longer enough to have a reactive policy; organisations must demonstrate that they are actively preventing harmful behaviour through continuous, tailored education and risk management. Failure to meet this obligation may result in non-compliance with the Sex Discrimination Act, with the Australian Human Rights Commission empowered to issue compliance notices or conduct workplace inquiries. 

• Legal & Reputational Risk: Failure to comply may result in non-compliance with the Sex Discrimination Act, giving the Australian Human Rights Commission (AHRC) the power to issue compliance notices or initiate workplace inquiries. Beyond the courtroom, “hostile work environment” claims are high-profile; public findings of a failure in positive duty can lead to irreversible brand damage and a total loss of trust from current and future talent. 
• Fines & Penalties: While the AHRC focuses on compliance notices, failure to comply with a court-ordered notice can lead to significant legal costs and secondary penalties. Furthermore, related claims under the Sex Discrimination Act can result in uncapped compensatory damages. 
• Key Date: Enforcement powers for the AHRC commenced 12 December 2023. 2025 and 2026 marks the first full period of active compliance monitoring and audits.

2.   Psychosocial Hazards and Work Health Safety

One of the most critical links for HR to understand is how a toxic work environment feeds directly into Work Health and Safety (WHS) breaches. Regulations now explicitly include “psychological health” in the definition of a safe workplace. Factors such as bullying, harassment, and poor role clarity are now classified as psychosocial hazards. Managing these risks requires a verifiable, ongoing training framework that proves you are identifying and mitigating these hazards before they cause harm. 

• Legal & Reputational Risk: If a culture of sexual harassment exists, your organisation may also be in breach of WHS laws due to the psychological harm being caused. In 2025, we saw the first criminal convictions for Commonwealth entities failing to manage psychosocial risks. A conviction under WHS law requires a public “adverse publicity” statement, effectively branding the company as an unsafe employer. 
• Fines & Penalties: Maximum penalties for a “Category 1” breach (reckless conduct) can exceed $3.8 million for corporations and $760,000 for individuals, with potential jail time for officers. Even “Category 2” breaches (failure to comply with a duty) carry fines of up to $1.9 million. 
• Key Date: As of 1 December 2025, all Australian jurisdictions have active regulations governing the management of psychological hazards.

3.   The 2026 privacy compliance sweep

Privacy compliance is entering a high-stakes era. The OAIC (Office of the Australian Information Commissioner) has signalled an increased regulatory focus on privacy compliance in 2026, including reviews of business privacy policies. Their priorities include high-impact technologies, online tracking, and the handling of biometric information. HR leaders must ensure that staff training specifically addresses how the organisation handles sensitive employee data in line with these new, stricter standards. 

• Legal & Reputational Risk: The 2026 sweep is a proactive audit, not a response to a complaint. If your policy is found to be non-compliant or “incomplete,” the regulator may take enforcement action, including investigations and infringement notices. Reputational risks include being publicly named in the OAIC’s quarterly reports, which often triggers media scrutiny of your broader data-handling practices. 
• Fines & Penalties: Under the new tiered system, “low-level” breaches (like an incomplete privacy policy) carry fines of up to $330,000 for corporations. For “serious or repeated” interferences with privacy, fines can reach the greater of $50 million, 3x the benefit obtained, or 30% of adjusted turnover. 
• Key Dates: The OAIC Compliance Sweep begins January 2026. Automated decision-making transparency rules start December 2026.

4.   The Right to Disconnect

The “Right to Disconnect” requires a shift in how we manage modern workforces. Employees now have the legal right to refuse work-related contact outside of their designated hours unless the contact is deemed “reasonable.” HR must ensure managers are trained on what constitutes “reasonable” contact to avoid Fair Work disputes. Without clear, trackable training, organisations risk significant friction and potential litigation as employees begin to exercise these new rights. 

• Legal & Reputational Risk: While a single phone call isn’t a fineable offence, a pattern of contact can lead to a “stop order” from the Fair Work Commission (FWC). Reputational risk is centered on employee burnout and “Glassdoor” culture; organisations known for ignoring disconnect rights struggle with retention and are increasingly viewed as out of touch with modern workplace standards. 
• Fines & Penalties: Breaching an FWC order to stop unreasonable contact carries heavy penalties: up to $93,900 for corporations and $18,780 for individuals per contravention. 
• Key Dates: Commenced 26 August 2024 for non-small businesses. Commences 26 August 2025 for small businesses.

5.   Wage Theft and Payroll Integrity

With the criminalisation of intentional wage theft at a federal level, deliberate underpayments now carry significant criminal risk, and organisations must be able to demonstrate that robust systems are in place to prevent payroll errors. Furthermore, from July 2026, the “Payday Super” reform will require employers to pay superannuation at the same time as wages. HR must ensure every manager understands the importance of accurate time-tracking and record-keeping. Providing your team with role-specific training on payroll obligations is the only way to safeguard the business against the Fair Work Ombudsman’s strengthened enforcement approach. 

• Legal & Reputational Risk: The “Wage Theft” label is toxic. Media coverage of back-payment scandals can wipe millions off a company’s valuation and lead to consumer boycotts. Legally, the Fair Work Ombudsman is increasingly targeting “high managerial agents” personally, meaning HR leaders and Directors can be held individually liable for systemic failures. 
• Fines & Penalties: For intentional wage theft, corporations face fines of up to $8.25 million (or 3x the underpayment amount). Individuals face up to 10 years in prison and fines of up to $1.65 million. 
• Key Dates: Federal criminalisation of intentional wage theft started 1 January 2025. “Payday Super” reforms commence 1 July 2026. 

Additional extras you might want to know about

6.   Casual Employment and Conversion Changes

The rules around casual employment have fundamentally shifted, creating new compliance risks for organisations that rely on flexible workforces. Updated definitions of casual employment and strengthened employee rights to convert to permanent roles mean HR teams must actively monitor working patterns and entitlements. 

It is no longer sufficient to rely on contract labels alone. If a casual employee is working regular, systematic hours, they may be legally entitled to conversion – and disputes are increasingly being escalated to the Fair Work Commission for resolution. 

• Legal & Reputational Risk: Misclassifying employees or failing to properly assess conversion requests can lead to backpay claims, disputes, and regulatory scrutiny. These cases often attract attention as examples of insecure work practices, impacting employer brand and retention. 
• Fines & Penalties: Breaches of the Fair Work Act can result in civil penalties of up to $93,900 per contravention for corporations, with additional liability for individuals involved in serious or repeated breaches.
• Key Dates: New casual employment definition commenced 26 August 2024. The “Employee Choice Pathway” allowing eligible employees to request conversion commenced 26 February 2025 for most employers, and 26 August 2025 for small businesses. These provisions remain a key compliance focus in 2026.

7.   Industrial Manslaughter and WHS Enforcement

Work Health and Safety enforcement is entering a more aggressive phase, with regulators increasingly willing to pursue serious breaches through industrial manslaughter provisions and other high-penalty offences. While traditionally associated with physical safety incidents, there is growing focus on how systemic failures (including unmanaged psychosocial risks) contribute to serious harm. 

HR leaders play a critical role in ensuring that workplace culture, reporting mechanisms, and training frameworks support a safe system of work. Failure to identify and address known risks can expose both organisations and officers to significant legal consequences. 

• Legal & Reputational Risk: Industrial manslaughter offences apply where negligent conduct leads to the death of a worker. Even where this threshold is not met, serious WHS breaches can result in prosecutions, enforceable undertakings, and adverse publicity orders — requiring organisations to publicly acknowledge their failures. 
• Fines & Penalties: Penalties for industrial manslaughter are severe, including multi-million dollar fines for corporations and potential imprisonment for officers. Category 1 WHS offences (reckless conduct) also carry significant fines and possible jail time. 
• Key Dates: Industrial manslaughter provisions are now in force across all Australian jurisdictions, with enforcement activity continuing to increase through 2025 and 2026. 

The Bottom Line 

It’s hard to prioritise initiatives especially when you have your compliance training schedule already in play (or you might not have one at all). To get your gears in order, remember that in 2026, compliance is about more than just avoiding fines; it is about having a permanent, verifiable record of training. By focusing on ongoing, relevant content that can be tracked in real-time, you move from administrative guesswork to total regulatory confidence. 

Is your team ready for a 2026 compliance sweep? The best time to close your training gaps was yesterday; the second best time is today. Speak to our team of experts to review or develop a best practice compliance training program for your organisation. Experience compliance training solutions that works for your team. Connect with us today for expert guidance.