Why this case matters

A recent HSE prosecution is a strong reminder that workplace health risks are not always sudden, visible or dramatic.

Sometimes the harm builds slowly.

Cardiff University was fined £280,000 after two employees developed occupational asthma following prolonged exposure to animal allergens in the workplace. HSE found that the university failed, over a long period, to identify and implement suitable controls to prevent exposure.

Both employees were left with lifelong conditions. One was unable to continue in their employment. One affected employee said their lung function had permanently decreased by 33%, and described serious daily breathing difficulties.

This is not only a university issue.

It matters to any workplace where people may be exposed to dust, fumes, chemicals, biological agents, cleaning substances, animal allergens, laboratory materials, wood dust, flour dust, welding fumes, vapours, sprays or other hazardous substances.

The message is simple:

If exposure risks are not properly assessed, controlled, monitored and reviewed, people can suffer life-changing harm.

What went wrong?

HSE found that Cardiff University failed to put in place adequate measures to protect workers from animal allergen exposure, despite the relevant COSHH legislation being in place since 1989 and specific guidance for laboratory animal workers being available since 2011.

This is important because COSHH compliance is not just about having a risk assessment in a folder.

It is about proving that exposure is actually controlled.

That means:

• Substances and allergens must be identified.
• Exposure routes must be understood.
• Controls must be suitable and used properly.
• Workers must be trained and supervised.
• Health surveillance must be in place where required.
• Controls must be reviewed when work changes.
• Evidence must be retained and easy to produce.

Where this is missing, the organisation is exposed.

Who is affected?

SMEs

Small businesses often assume COSHH only applies to factories or laboratories.

That is incorrect.

COSHH can apply to cleaning chemicals, dusts, fumes, sprays, adhesives, oils, solvents, biological agents and everyday substances used during work.

SMEs should check whether their COSHH assessments are current, whether workers understand the controls and whether PPE is being used as a last line of defence, not the first and only control.

Medium Businesses

Medium sized organisations often grow faster than their health and safety systems.

They may introduce new substances, new processes, new cleaning routines, new suppliers or new sites without reviewing exposure risks properly.

Medium businesses should review COSHH assessments, health surveillance needs, training records, ventilation, storage, labelling and incident reporting.

Large Businesses

Large businesses need consistency across departments, sites and contractors.

One site may have strong controls while another relies on old assessments and informal habits.

Large organisations should use internal audits, exposure control checks and digital action tracking to ensure COSHH controls are working across all locations.

Multinationals

Multinationals face added risk because standards must be consistent across countries, sites, suppliers and business units.

A work-related disease case can affect ESG reporting, insurance, brand trust, staff confidence and board-level risk reporting.

Multinationals should treat occupational health controls as part of governance, not only site safety.

Contractors

Contractors often enter environments where substances are already present.

Before work starts, contractors should understand what substances are on site, what exposure risks exist, what controls apply and whether any permits, RAMS or specialist PPE are required.

Contractors should never rely on verbal reassurance where hazardous substances are involved.

Subcontractors

Subcontractors may be exposed to dust, chemicals, fumes or biological agents without having designed the work themselves.

They need clear instructions, site-specific RAMS, access to COSHH information, training and the authority to stop work if exposure controls are missing.

Public Sector Bodies

Public sector organisations often manage buildings, labs, estates, schools, healthcare environments, waste operations and contracted services.

They must ensure both employees and suppliers are protected from exposure risks.

For public bodies, COSHH compliance is also about public trust, audit readiness and evidence-led contractor management.

Practical Actions Organisations Should Take Now

1. Review COSHH assessments

Check whether assessments are current, specific and based on the actual work being carried out.

2. Identify hidden exposure risks

Look beyond obvious chemicals. Include dust, vapours, fumes, biological agents, allergens, cleaning agents, sprays and by-products from work activities.

3. Check control effectiveness

Do not assume controls are working. Check ventilation, containment, substitution, safe systems, cleaning routines, PPE and supervision.

4. Review training and understanding

Workers should know what they are exposed to, what controls are required and what symptoms or concerns they must report.

5. Assess health surveillance needs

Where exposure can cause occupational asthma, dermatitis or other work related disease, health surveillance may be required.

6. Audit contractors and suppliers

If contractors bring substances onto site or work in exposure-risk areas, their COSHH information, RAMS and competence must be checked.

7. Keep evidence clear and retrievable

Inspection records, COSHH assessments, training logs, maintenance records, monitoring results and health surveillance arrangements should be easy to find.

8. Close actions properly

If exposure control gaps are found, assign an owner, set a deadline and check the action has actually been completed.

How TPMG Can Help

TPMG helps organisations move from “we have COSHH paperwork” to “we can prove exposure is controlled”.

Relevant TPMG services include:

• COSHH compliance reviews.
• ISO 45001 internal audits.
• Operational health and safety assurance.
• RAMS and safe system reviews.
• Contractor and subcontractor compliance checks.
• Policy Shop documentation support.
• E-learning and in-person training.
• Health and safety audit evidence packs.
• Incident recovery and corrective action planning.
• Digital dashboards for actions, training and compliance evidence.
• Public-sector supplier assurance.

This support is especially valuable where organisations manage laboratories, cleaning teams, FM estates, manufacturing sites, workshops, construction projects, healthcare environments, education settings or contracted services.

TPMG helps you find the gaps before they become enforcement action, illness or long term harm.

Need confidence that your COSHH assessments, exposure controls, training records and contractor evidence are strong enough?

Speak to TPMG about COSHH compliance reviews, ISO 45001 internal audits, RAMS, training, contractor assurance or digital compliance dashboards.