Defining Duty of Care: Legal and Ethical Foundations
Duty of care policies are the formal frameworks organizations use to identify, manage, and reduce risks to employee health, safety, and well-being — wherever work takes them.
Here's what you need to know at a glance:
| Element | What It Means |
|---|---|
| Legal obligation | Employers must take reasonable steps to prevent foreseeable harm |
| Ethical responsibility | Goes beyond compliance — it's about genuinely protecting people |
| Who it covers | Employees in the office, working remotely, and traveling globally |
| Key risks addressed | Physical hazards, mental health, travel risks, natural disasters |
| Core requirement | Proactive risk assessment, crisis planning, and clear communication |
Duty of care isn't a new concept. It traces back to a 1932 court case where a woman became ill after finding a decomposed snail in a bottle of ginger beer. That case — Donoghue v Stevenson — established a principle that still shapes workplace law today: if you can foresee harm, you have a responsibility to prevent it.
For corporate travel managers, that responsibility is especially complex. Your employees cross borders, navigate geopolitical instability, and face health and safety risks that shift by the hour. The legal stakes are real. So is the human cost of getting it wrong.
Over 50 countries now have laws that specifically cover business travelers. And yet, many organizations still operate with fragmented booking systems, outdated emergency protocols, and no clear plan for what happens when something goes wrong abroad.
This guide breaks down everything you need to build — or strengthen — a duty of care program that actually works.
I'm Jay Ellenby, President of Safe Harbors Travel Group, and I've spent decades helping global organizations navigate the intersection of corporate travel and duty of care policies — from risk management frameworks to real-time traveler support. As you read through this guide, you'll find practical, experience-backed strategies drawn from managing complex international travel programs for organizations that can't afford to get safety wrong.
At its heart, duty of care is about reasonable care. In the eyes of the law, this means acting as an "ordinarily prudent person" would under similar circumstances to avoid acts or omissions that could foreseeably harm others. While it sounds simple, the legal definition of duty of care encompasses a wide range of obligations across both tort law (negligence) and agency law (fiduciary duties).
In a corporate setting, directors and officers are bound by a fiduciary duty. According to the American Law Institute’s Principles of Corporate Governance, this requires leaders to perform their functions in good faith and in a manner they reasonably believe to be in the best interests of the corporation.
To prove a breach of duty in a legal sense, four elements must typically be established:
- Duty: A legal obligation was owed to the individual.
- Breach: The organization failed to meet the required standard of care.
- Causation: The breach of duty directly caused the injury or harm.
- Damages: The individual suffered actual loss or injury.
The "Golden Thread" connecting these elements is foreseeability. If a risk is known—or should have been known—an employer has a moral and legal mandate to mitigate it.
The Evolution of Duty of care policies
The concept of duty of care has traveled a long road from the Industrial Revolution to the modern digital office. Historically, the "privity limitation" meant that manufacturers only owed a duty to those they had a direct contract with. This changed forever with the landmark 1932 case Donoghue v Stevenson.
When May Donoghue found a decomposed snail in her ginger beer, she couldn't sue the manufacturer for breach of contract because her friend had bought the drink. The House of Lords ruled that the manufacturer still owed her a duty of care because it was foreseeable that a consumer could be harmed by a contaminated product. This "neighbor principle" shifted the focus from contracts to people.
| Feature | Historical Standard (Pre-1932) | Modern Standard (2025) |
|---|---|---|
| Scope | Limited to direct contracts (Privity) | Extended to anyone foreseeably affected |
| Focus | Physical safety in factories | Holistic: Physical, mental, and digital |
| Geography | Localized to the workplace | Global: Home, travel, and virtual |
| Responsibility | Reactive (responding to accidents) | Proactive (risk assessment and prevention) |
Regulatory Frameworks: OSHA and ISO 31030
While common law provides the foundation, specific regulations give duty of care policies their teeth. In the United States, the OSHA General Duty Clause is the primary driver. It requires employers to provide a workplace "free from recognized hazards that are causing or are likely to cause death or serious physical harm."
For global travel, the gold standard is ISO 31030 travel risk management. This framework provides a structured approach for organizations to manage the risks associated with business travel. It encourages companies to move beyond simple insurance policies and toward integrated risk mitigation strategies.
Other critical frameworks include the UN Guiding Principles on Business and Human Rights, which emphasize the corporate responsibility to respect human rights across the entire supply chain. Organizations are also increasingly using Duty of Care Risk Analysis (DoCRA) to evaluate whether their security controls are "reasonable" compared to the risks they face.
Modern Challenges and the Scope of Employer Responsibility
The definition of "the workplace" has exploded. Today, duty of care policies must cover remote workers, hybrid teams, and employees operating in high-risk international environments. We can no longer assume that an employee is safe just because they aren't on company property.
Modern challenges include:
- Extreme Weather: From wildfires to "once-in-a-century" floods, climate change is creating foreseeable risks that require real-time monitoring and evacuation plans.
- Active Shooter Incidents: With over 500 mass shootings in the U.S. in 2024 alone, organizations are turning to technology like Visual AI gun detection to provide a layered security approach.
- Cybersecurity: Duty of care now extends to data. Failing to implement reasonable security controls can lead to massive litigation, as seen in recent settlements involving data breaches.
Addressing Mental Health and Invisible Risks
We often focus on physical safety, but the "invisible" risks are just as costly. Mental health issues left unaddressed cost businesses nearly $108 billion a year. A comprehensive duty of care program must prioritize psychological safety.
Many forward-thinking companies now offer Employee Assistance Programs (EAPs), which provide confidential counseling and short-term support for personal or work-related problems. Beyond EAPs, managing the mental health business costs involves promoting work-life balance and training managers to spot signs of burnout. In the context of business travel, this might mean allowing for "rest days" after long-haul flights or ensuring travelers have access to telemedicine services.
Protecting a Mobile Workforce
When employees go "on the road," the organization’s business travel risks multiply. A mobile workforce requires a dynamic approach to safety. We believe that a robust travel risk management program is the only way to meet these obligations.
Key components include:
- Traveler Tracking: Knowing where your people are at all times (without infringing on their privacy).
- Real-Time Alerts: Sending automated updates about transportation strikes, weather events, or security threats.
- 24/7 Support: Providing a "lifeline" for travelers who find themselves in an emergency.
- Itinerary Monitoring: Ensuring that bookings stay within the "safety envelope" of the corporate travel policy.
The Consequences of Breaching Duty of Care
The fallout from a duty of care failure is rarely just financial; it can be existential. When an organization fails to take reasonable steps to prevent harm, it faces a trifecta of consequences: legal liability, reputational damage, and operational paralysis.
Consider the NSW fatigue lawsuit, where an employee won a million-dollar settlement after a car accident caused by work-induced fatigue. The court found the employer had not done enough to manage the foreseeable risk of exhaustion. Similarly, the Hillsborough disaster, a fatal crowd crush in England, remains a haunting example of how systemic negligence can lead to unimaginable tragedy and decades of legal battles.
For a business, a single high-profile failure can erode years of brand equity. Top talent will avoid companies perceived as "dangerous" or "unresponsive," and clients may flee to competitors who prioritize safety.
Best Practices for Implementing Comprehensive Duty of care policies
Creating a policy is only the first step; implementing it requires a culture of safety. Effective corporate duty of care is never the job of a single department. It requires cross-functional collaboration between HR, Legal, Security, Finance, and Travel Management.
We recommend a 5-step framework for building your policy:
- Consultation: Talk to your employees. Understand the specific risks they face in their daily roles.
- Data Integration: Ensure your HR systems, travel booking tools, and emergency notification platforms talk to each other.
- Action Planning: Write clear, actionable protocols for foreseeable crises (e.g., "What do we do if a traveler is in a city during a terror attack?").
- Technology Leverage: Use tools for real-time tracking and multi-channel communication.
- Communication: Ensure every employee knows the policy exists and how to access help.
Conducting Effective Risk Assessments
You cannot manage what you haven't identified. Business travel duty of care and risk management starts with a thorough risk assessment. This shouldn't just be a "check-the-box" exercise. It involves mapping vulnerabilities based on the traveler’s profile, the destination's geopolitical stability, and the nature of the work.
Providing pre-trip briefings is one of the most effective ways to fulfill your duty. When travelers are informed about local laws, health risks, and security protocols before they depart, they are much less likely to find themselves in harm's way.
Who is responsible for Duty of care policies?
While the legal duty is non-delegable (meaning the organization as a whole is responsible), the daily tasks are shared:
- Leadership: Sets the tone and provides the budget for safety tools.
- Travel Managers: Ensure bookings are safe and travelers are tracked.
- HR: Manages the mental health and well-being aspects of the policy.
- Security Teams: Monitor global threats and manage active incidents.
- Employees: Have a responsibility to follow the safety protocols and use the provided tools.
Conclusion and Frequently Asked Questions
Prioritizing duty of care is more than a legal safeguard—it’s a competitive advantage. Statistics show that companies with exemplary safety and health programs outperformed the S&P 500 by between 3 and 5%. When employees feel safe and supported, they are more engaged, more productive, and more likely to stay with the company.
At Safe Harbors, we understand that managing global travel is a massive responsibility. Our white-glove service and elite tech partnerships are designed to give you peace of mind, ensuring that your duty of care policies are not just words on a page, but a living, breathing shield for your most valuable asset: your people.
Ready to elevate your global travel management? Let’s build a program that protects your team wherever the world takes them.
What is the legal definition of duty of care?
In a legal context, duty of care is a requirement to adhere to a reasonable person standard to avoid acts or omissions that could foreseeably harm others. It is the first essential element of a negligence claim. If a risk is foreseeable and a party fails to take reasonable steps to mitigate it, they may be held liable for any resulting damages.
How has COVID-19 changed employer responsibilities?
The pandemic drastically expanded the scope of duty of care. It highlighted the need for better health monitoring, pandemic resilience plans, and the ability to locate and assist stranded travelers during border closures. It also forced organizations to consider the risks non-traveling employees might bring into the office after personal travel.
How can organizations measure the success of Duty of care policies?
Success isn't just the absence of accidents. Effective organizations use tabletop exercises to simulate crises and test their response times. They also track compliance audits, employee feedback on safety feeling, and the speed of communication during real-world disruptions. Continuous improvement based on these metrics is key to a resilient program.
