Policy Pros
Written by Joanne Hughes, Policy & Compliance SpecialistLast reviewed Published

Written by Joanne Hughes, Policy & Compliance Specialist at Policy Pros | Last reviewed: April 2026

Recommended Company Policies for 2026 and 2027

These are the policies every UK business should have in place during 2026 and 2027.

This guide has been updated in line with current requirements, reflecting the provisions of the Employment Rights Act 2025 now taking effect, the launch of the Fair Work Agency, the Health and Safety Executive's 2026 enforcement priorities around psychosocial risks, and the rapid expansion of AI use at work.

Understanding which policies your business is legally required to have, and which are strongly recommended, can seem daunting.

Questions such as "What policies does my business need?" and "How do new laws affect my existing documentation?" are among the most common enquiries we receive from UK employers.

This updated guide covers mandatory policy requirements, the new and revised policies driven by employment law reform, the AI governance framework every employer now needs, and a practical review checklist for HR managers and business owners.

For supporting context, see our briefings on the Employment Rights Act April 2026 employer checklist and the Fair Work Agency April 2026 employer guide.

Mandatory Policies Under Current UK Law

Several UK statutes impose direct or indirect obligations on employers to maintain specific written policies. While no single piece of legislation provides a complete list, the combined effect of the following laws means certain policies are essential:

Under the Employment Rights Act 1996 (as amended by the Employment Rights Act 2025): All employees are entitled to a written statement of employment particulars from day one of employment.

This must include details of pay, hours, holiday entitlement, notice periods, disciplinary and grievance procedures, and pension arrangements. In practice, every employer must have documented disciplinary and grievance procedures at a minimum.

Under the Health and Safety at Work Act 1974: Any employer with five or more employees must have a written health and safety policy.

This must include a general statement of intent, the organisation and arrangements for carrying out that policy, and details of specific risk assessments required by the Management of Health and Safety at Work Regulations 1999.

From 2026 the Health and Safety Executive has made stress and psychosocial risk assessment an explicit enforcement priority, so stress risk assessments should be documented alongside physical risk assessments.

Under the Equality Act 2010: The Act does not explicitly mandate a written equal opportunities policy, but employers who lack one face significant difficulty defending discrimination and harassment claims.

The Equality and Human Rights Commission (EHRC) recommends that all employers have a written policy covering their commitment to equality and the steps they take to prevent discrimination, harassment, and victimisation.

The Worker Protection (Amendment of Equality Act 2010) Act 2023 duty to take reasonable steps to prevent sexual harassment at work reinforces the need for a documented anti-harassment policy.

Under the UK GDPR and Data Protection Act 2018: Organisations that process personal data, which includes virtually every employer, must have appropriate policies and procedures in place to demonstrate compliance with data protection principles.

The Information Commissioner's Office (ICO) expects to see documented data protection policies, privacy notices for employees, and data breach response procedures.

The use of AI tools in employment decisions has sharpened ICO expectations around data protection impact assessments, transparency, and human oversight.

Under the Bribery Act 2010: Commercial organisations must have "adequate procedures" in place to prevent bribery. The Ministry of Justice guidance makes clear that a written anti-bribery policy, supported by risk assessments and training, is central to establishing this defence.

Employment Rights Act 2025: What Must Change for 2026 and 2027

The Employment Rights Act 2025 introduces the most significant package of employment law reforms in a generation. The following provisions are in force from 6 April 2026 or will be in force by January 2027, and every employer should review and update their policies accordingly:

Day-one paternity leave and unpaid parental leave (6 April 2026): The 26-week qualifying period for paternity leave and the 12-month qualifying period for unpaid parental leave are both removed.

Employment contracts, employee handbooks, and family-friendly policies must be updated to remove references to qualifying periods.

Statutory Sick Pay reform (6 April 2026): The three waiting days are abolished and the lower earnings limit is removed, meaning SSP is payable from day one of illness for all employees regardless of earnings. The weekly rate rises to £123.25.

SSP policies, sickness absence policies, payroll configuration, and manager guidance all need updating.

Collective redundancy protective award doubled (6 April 2026): The maximum protective award for failure to collectively consult rises from 90 days to 180 days' pay per affected employee.

Redundancy consultation procedures and change management policies must be reviewed to ensure robust consultation is documented at every stage.

Statutory family pay rates (6 April 2026): Statutory maternity, paternity, adoption, and shared parental pay all rise to £194.32 per week. Payroll configuration, offer letters, and any enhanced pay calculations that reference the statutory rate need to be updated.

Holiday pay record-keeping (6 April 2026): Employers must now maintain records of annual leave taken and holiday pay paid.

Holiday policies and HR systems should be reviewed to confirm the right data is captured, and the record-keeping obligation should be written into the holiday policy.

Reduced unfair dismissal qualifying period (January 2027): The current two-year qualifying period for unfair dismissal claims reduces to six months, moving towards full day-one protection.

Employers must review and update their disciplinary, capability, and probationary period policies to ensure fair procedures apply from the start of employment.

Fire-and-rehire ban (January 2027): It becomes automatically unfair to dismiss an employee for refusing to agree to a variation of their contract.

Change management and restructuring policies must be updated to remove any reliance on fire-and-rehire practices and to set out a lawful process for contract variation.

Zero-hours and low-hours contract rights: Workers on zero-hours or low-hours contracts gain the right to a guaranteed-hours contract reflecting their normal working pattern.

Employers using variable-hours arrangements must introduce new policies covering how guaranteed-hours offers are calculated, communicated, and administered.

Strengthened trade union rights: New provisions around trade union access, information, and consultation require employers to review their trade union recognition and employee relations policies.

For a full breakdown of the April 2026 wave, see our Employment Rights Act April 2026 employer checklist.

The Fair Work Agency and Enforcement in 2026

From April 2026 the new Fair Work Agency brings together enforcement of the National Minimum Wage, statutory sick pay, agency worker rules, holiday pay, and modern slavery obligations under a single body.

This means a single inspection can now look across the whole of an employer's compliance with wages, leave, and labour standards.

In line with current requirements, employers should make sure the following policies and records are in order: minimum wage calculations and deductions, holiday pay calculations, statutory sick pay procedures, agency worker terms, and modern slavery due diligence.

AI Governance and AI Usage Policies

AI use at work has become a frontline compliance issue.

Every employer that uses, procures, or permits AI tools in recruitment, performance management, monitoring, content generation, customer service, or decision-making needs a documented AI governance framework in line with current requirements.

A 2026 and 2027 AI usage policy should cover:

  • Permitted and prohibited AI tools and use cases, including generative AI and AI-assisted decision-making
  • Transparency and disclosure to employees and customers when AI is used, in line with UK GDPR Article 22 on automated decision-making and ICO guidance
  • Data protection, confidentiality, and intellectual property rules covering what staff may and may not input into public or third-party AI tools
  • Bias prevention, human oversight, and review of AI-assisted decisions in recruitment, performance management, and disciplinary processes
  • Information security, accuracy, and verification of AI output, with clear accountability for errors
  • Training for staff who use AI tools and for managers who rely on AI-assisted outputs
  • Supplier and procurement due diligence for AI tools, covering model risk, data residency, and sub-processors
  • Alignment with ICO guidance on AI and data protection, NCSC guidance on secure AI use, and the EU AI Act where products are supplied into the EU market

An AI governance policy should be read alongside the acceptable use policy, data protection policy, information security policy, and disciplinary policy. For specialist support, see our AI governance policies service.

Minimum Policy Set by Company Size

The policies your business needs depend in part on your size and structure. Below is a practical guide to the minimum recommended policy set at each level:

Sole traders and micro-businesses (1 to 4 employees):

  • Written statement of employment particulars (legally required for all employees)
  • Health and safety arrangements (a written policy is not legally required below 5 employees, but documented risk assessments are still necessary)
  • Data protection policy and privacy notice
  • Disciplinary and grievance procedures
  • Equal opportunities statement
  • AI usage statement covering any generative AI tools in use

SMEs (5 to 49 employees): All of the above, plus:

  • Written health and safety policy (legally required at 5+ employees) including a stress and psychosocial risk assessment
  • Absence management and sickness policy reflecting the 2026 SSP reforms
  • Flexible working policy reflecting the day-one right to request
  • Maternity, paternity, and parental leave policies reflecting the 2026 day-one rights
  • Anti-bribery policy (if any commercial activities)
  • Whistleblowing policy
  • IT and acceptable use policy
  • Social media policy
  • AI governance and usage policy
  • Anti-harassment and sexual harassment prevention policy (reflecting the Worker Protection Act 2023 duty)
  • Employee handbook consolidating all of the above

Medium and large organisations (50+ employees): All of the above, plus:

  • Modern slavery statement (legally required for organisations with turnover of £36 million or more)
  • Gender pay gap reporting procedures (legally required at 250+ employees)
  • Trade union recognition and collective bargaining procedures
  • Redundancy policy and procedure reflecting the 180-day protective award
  • Change management and contract variation policy (with fire-and-rehire restrictions)
  • Learning and development policy
  • Environmental and sustainability policy
  • Corporate social responsibility policy
  • AI governance, AI risk assessment, and AI supplier due diligence framework

Policies Newly Relevant in 2026 and 2027

Beyond the Employment Rights Act 2025, several policy areas have become increasingly important due to technological, social, and regulatory developments:

AI governance and AI usage policy: Covered in detail above. No employer using AI at work should be without a documented framework in 2026 and 2027.

Stress and psychosocial risk policy: The Health and Safety Executive's 2026 enforcement focus on psychosocial risks, including work-related stress, bullying, and excessive workloads, means employers should have a documented stress risk assessment and wellbeing policy in line with HSE's management standards.

Remote and hybrid working policy: A robust policy should cover expectations around working hours, communication, data security when working remotely, equipment provision, health and safety obligations for home workers, and the process for requesting or varying remote working arrangements.

Right to disconnect policy: The Employment Rights Act 2025 emphasis on work-life balance, together with growing case law on working time, means forward-thinking employers should consider implementing a policy that sets expectations around out-of-hours contact and availability.

Menopause policy: Following recommendations from the Women and Equalities Committee and increasing awareness of menopause as a workplace issue, many employers are now introducing standalone menopause policies.

These should address reasonable adjustments, absence management, and manager training.

Neurodiversity and inclusion policy: Recognising the needs of neurodivergent employees, including those with autism, ADHD, dyslexia, and dyspraxia, is increasingly seen as both a legal obligation under the Equality Act 2010 and a matter of good practice.

Sexual harassment prevention policy: The Worker Protection (Amendment of Equality Act 2010) Act 2023 requires employers to take reasonable steps to prevent sexual harassment of employees.

A standalone policy, supported by training and risk assessment, is now an expectation rather than a nice-to-have.

Why Policies Must Be Reviewed Every Year

UK legislation, regulator guidance, and workplace technology all move too fast for a set-and-forget approach. Every policy should carry a review date and be formally reviewed at least once a year.

An annual review should confirm that statutory references, rates, thresholds, and procedures are still accurate, that new legislation has been reflected, and that the policy still matches how the business actually operates.

Policy Pros offers a dedicated policy document reviewing service to help you keep your documentation current. We will review your existing policies against the latest UK law, flag anything that is out of date or missing, and return updated drafts on a fixed-price basis.

Policy Review Checklist for 2026 and 2027

Use the following checklist to assess whether your organisation's policy suite is current and compliant:

  • Have all policies been reviewed within the last 12 months?
  • Do disciplinary and grievance procedures reference the current ACAS Code of Practice?
  • Has the impact of the Employment Rights Act 2025 (April 2026 and January 2027 waves) been assessed against each relevant policy?
  • Do employment contracts and written statements comply with day-one documentation requirements under the Employment Rights Act 1996?
  • Is there a written health and safety policy (if 5+ employees), supported by a documented stress and psychosocial risk assessment?
  • Are data protection policies aligned with current ICO guidance and UK GDPR requirements, including guidance on AI and automated decision-making?
  • Does the SSP and sickness absence policy reflect the April 2026 reforms (no waiting days, no lower earnings limit, £123.25 weekly rate)?
  • Do family-friendly policies reflect the day-one rights to paternity leave and unpaid parental leave and the updated statutory pay rate of £194.32?
  • Do flexible working policies reflect the day-one right to request flexible working?
  • Is there a policy addressing zero-hours and variable-hours contract arrangements?
  • Does the redundancy policy reflect the 180-day protective award and include robust consultation procedures?
  • Is there an AI governance and AI usage policy in place?
  • Is there a sexual harassment prevention policy in line with the Worker Protection Act 2023?
  • Are records of working time, annual leave, and holiday pay maintained in line with the April 2026 record-keeping obligation?
  • Has the organisation considered a right to disconnect policy?
  • Are all policies accessible to employees in a format they can read and retain?

For a full audit of your HR policies and procedures, or to discuss your organisation's specific requirements, contact our team. We also offer pre-configured policy document bundles for businesses looking for a comprehensive, cost-effective solution.

How Policy Pros Can Help

Keeping up with the latest policy and compliance requirements is essential. Here is how we can support your organisation:

  1. Tailored consultations: Our specialists provide bespoke consultations to understand your unique business needs, identifying the specific policies you need to stay compliant with current and incoming legislation.
  2. Custom policy creation: We develop tailored policies covering Human Resources, Health and Safety, Data Protection, IT Security, and AI governance, ensuring they comply with 2026 and 2027 regulations including the Employment Rights Act 2025 and the Fair Work Agency enforcement regime.
  3. Compliance assurance: We ensure your business aligns with the latest UK regulations, including the Equality Act 2010, UK GDPR, Health and Safety at Work Act 1974, and the Bribery Act 2010, keeping your policies current.
  4. Annual policy review: Our policy document reviewing service checks your existing policies against current law and returns updated drafts, so you never fall out of date.
  5. Implementation and training: Beyond creating policies, we support their rollout, offering guidance for your team and strategies for seamless integration into your operations.

Get in touch today to see how we can support your needs.

Share:
Get a QuoteBrowse All Articles
Trustpilot Reviews - 5 Stars