A workplace risk assessment is a mandatory document that evaluates hazards in the working environment and their effect on employees' health. It is mandatory for all employers from the first employee (TTOS - Occupational Health and Safety Act - § 13 lg 1). The assessment must be updated whenever significant changes occur in the working environment (TTOS § 13-4 lg 4) and retained for 55 years (TTOS § 13-4 lg 9).
What is a risk assessment and why is it mandatory?
A risk assessment is a document prepared by the employer that describes the hazards present in the working environment, evaluates their severity, and sets out mitigation measures. Its purpose is to prevent workplace accidents and occupational diseases - not to satisfy a bureaucratic formality.
TTOS § 13 lg 1 requires every employer to assess working environment risks before work begins. This obligation does not depend on company size, sector, or number of employees. A single-person office or sole-trader operation must prepare a risk assessment just the same.
The absence of a risk assessment is a breach that the Labour Inspectorate (Tööinspektsioon) will address during an inspection. For violations of occupational health and safety requirements that endanger an employee's health or life, the maximum fine for a legal person is up to 32,000 euros (TTOS § 27-1 - § 27-5 lõige 2); for a natural person (the employer or their representative) up to 300 fine units. The far greater risk, however, is the situation where an employee suffers a health impairment that could have been prevented - and the employer cannot demonstrate that they were aware of the risks.
What must a risk assessment contain?
The law does not prescribe an exact format for a risk assessment, but the content must cover the following areas.
A list of hazards. You must describe all hazards present in the working environment: physical (noise, vibration, temperature, lighting), chemical (hazardous substances, dust), biological (viruses, bacteria), ergonomic (constrained postures, lifting of loads) and psychosocial (work pace, harassment, lone working).
Assessment of hazards. For each hazard you must evaluate its severity and frequency of occurrence. A simplified scale is typically used: low, medium, high risk. For more serious hazards, additional measurements are required - for example noise measurement in decibels or measurement of chemical substance concentrations.
Mitigation measures. For each identified hazard you must describe what the employer will do to reduce it. Measures are recorded in order of priority - first eliminating the hazard, then substitution, then collective protective measures, and personal protective equipment only as a last resort.
Responsible persons and deadlines. Each measure must be linked to a responsible person and an implementation deadline. A general entry such as "improve lighting" is not sufficient - the document must show who will do this and by when.
A sample document covering all required sections is available on the TT24 risk assessment document page (in Estonian). Adapt it to suit your company's sector.
Step-by-step process for preparing a risk assessment
Gather information about the working environment
Walk through the workplaces and describe what employees do, which substances they come into contact with, which equipment they use, and the physical environment in which they work. Ask employees what they consider hazardous - the value of practical experience is considerable. Review the accident log entries and any previous health complaints, where these exist.
Identify hazards
List all identified hazards. Use the TT24 checklist, which helps you work through all hazard categories systematically so that nothing is overlooked. The checklist has been put together by employers who have carried out the same assessment themselves.
Assess the risk level of each hazard
For each hazard, determine two indicators: probability (how likely the hazard is to materialise) and severity of consequences (how serious the possible health impairment would be). The combination of these two indicators gives the risk level. Hazards with a high risk level require immediate action.
Set mitigation measures
For each high and medium-risk hazard, describe a specific measure together with a deadline and a responsible person. Measures are listed in the document in order of priority - high-risk hazards are addressed first. Low-risk hazards are documented but may wait until a planned review.
Sign and notify employees
The completed risk assessment document is signed by the employer. The employer is then required to inform employees of the working environment risks and protective measures in writing (TTOS § 12 lg 4). It is advisable to have employees sign an acknowledgement - this protects you in the event of a later dispute.
Archive and plan the next review
Under the Occupational Health and Safety Act, a risk assessment document must be retained for 55 years (TTOS § 13-4 lg 9; working environment data register § 24-1 lg 4 p 5). Put the date of the next annual review straight into your calendar. Updating is also required earlier if the working environment changes.
How often must a risk assessment be updated?
Under TTOS § 13-4 lg 4, a risk assessment must be reviewed and updated when a significant change occurs in the working environment - new equipment or technology, a workplace accident, new data on a hazard, or a work-related health impairment. The law does not set a fixed periodic deadline, but good practice is to review the assessment on a regular basis to keep it current.
Changes that require a review include the following. Introducing a new piece of equipment or production process brings new risks that were not present in the original assessment. An employee's health impairment or a workplace accident shows that a hazard had been underestimated. A significant change in the number of employees can alter ergonomic and psychosocial risks. A physical reorganisation of the working environment - a new room, new location, or new production line - requires the assessment to be refreshed.
A review does not always mean rewriting the entire document. It is often sufficient to go through the existing document, add any new hazards, and update measures that have changed.
Practical tip: Schedule your annual risk assessment review at the same time as your meeting with your occupational health service provider. This way you can carry out the review together with a specialist and save the time of arranging a separate appointment.
What must be documented?
The mandatory documentation for a risk assessment covers several parts. All of these parts must exist in writing - a verbal agreement is not sufficient evidence in the event of an inspection by the Labour Inspectorate (Tööinspektsioon).
The core risk assessment document contains the list of hazards, risk evaluations and mitigation measures. This is the heart of the document.
Measurement records are required in situations where the risk assessment calls for objective measurement - noise, lighting, chemical substance concentrations, vibration and so on. Measurements may only be carried out by accredited laboratories or specialists.
Confirmation of employee notification demonstrates that employees have been informed of the risks. The simplest option is a handover sheet on which the employee signs to confirm they have read the risk assessment.
Tracking of mitigation measure implementation - notes recording when each planned measure was actually put in place. This shows that the risk assessment is not simply a document sitting on a shelf.
Sample versions of all these documents are available in the TT24 risk assessment document (in Estonian).
Common mistakes employers make
The risk assessment is prepared once and then forgotten. The document is filed away and never looked at again. The law requires an annual review and updating whenever the working environment changes.
All hazards are rated as low risk. Some employers fill in the form quickly, marking all hazards as "low risk". This does not reflect reality and protects neither the employee nor the employer - and the Labour Inspectorate (Tööinspektsioon) will recognise such a document immediately.
Employees know nothing about the risk assessment. By law, employees must be informed of working environment risks. A risk assessment sitting on the employer's desk that nobody knows about does not fulfil its purpose.
Mitigation measures are not implemented. The risk assessment identifies problems but no action is taken. Documented but unimplemented measures are dangerous - they demonstrate that the employer was aware of the risks but failed to act.
Psychosocial risks are left out. Many employers assess only physical and chemical hazards. TTOS requires psychosocial factors to be assessed as well: work pace, emotional load, risk of harassment, and the effects of night work.
Measurements are carried out using the wrong methodology. Some hazards - for example noise or chemical substance concentrations - can only be assessed by accredited measurement. An estimate by eye is not legally sufficient.
Start your risk assessment today
Use the TT24 checklist to work through all hazard categories systematically - and download the sample risk assessment document that you can adapt for your company.
Frequently asked questions
Is a risk assessment mandatory for a company with just one employee?
Yes. A risk assessment is mandatory for all employers regardless of the number of employees (TTOS § 13 lg 1). Even a one-person business must prepare a risk assessment before work begins. The scope of the assessment depends on the complexity of the working environment - for straightforward office work, two or three pages are often sufficient.
How often must a risk assessment be updated?
A risk assessment must be updated whenever a significant change occurs in the working environment: new equipment or technology, a changed working method, a workplace accident, new data on a hazard, or an identified work-related health impairment (TTOS § 13-4 lg 4). The law does not set a fixed periodic deadline - good practice is to review the assessment regularly, but when a change occurs it must be updated immediately.
Who may prepare a risk assessment?
A risk assessment may be prepared by the employer, an employees' representative, an occupational health service provider, or another competent person (TTOS § 13 lg 2). In a straightforward working environment the employer can do this themselves using the sample document. In more complex environments - noise, chemicals, heavy physical work - it is advisable to involve an occupational health physician or an occupational safety specialist.
How long must a risk assessment document be retained?
Under the Occupational Health and Safety Act, a risk assessment document must be retained for 55 years (TTOS § 13-4 lg 9; working environment data register § 24-1 lg 4 p 5). This long retention period is justified: for some hazards - such as asbestos, certain chemicals, or prolonged noise exposure - health effects may not appear until decades later. The document must remain accessible even if the company has changed hands in the meantime.
What should you do when a new hazard is identified in the working environment?
When a new hazard is identified, the risk assessment must be updated immediately, mitigation measures put in place, and employees notified in writing. Waiting for the next planned review is not permissible if the hazard has been identified today. A prompt response protects both employees and the employer from liability.
Do office-based companies need a risk assessment?
Yes, a risk assessment must be prepared for an office environment as well. Typical office hazards include screen work (eye strain, constrained posture), inadequate lighting, ergonomically unsuitable furniture, and psychosocial factors such as work pace and emotional load. In an office company the risk assessment is usually short - but it must exist.
Next step: check your readiness
A risk assessment is one part of fulfilling your occupational health obligations. Use the TT24 tools to get a clear picture of where you stand right now.
Related topics
What the Labour Inspectorate requires during an inspection Remote work occupational health requirements (in Estonian)
Obligations for remote workers What happens without an inspection (in Estonian)
Consequences of a missing risk assessment TTOS 2026 amendments (in Estonian)
What changed in the Occupational Health and Safety Act
Sources: the State Gazette (Riigi Teataja), the Labour Inspectorate (ti.ee).