Legal Shift

The 2022 amendments to Malaysia’s Occupational Safety and Health Act 1994 (OSHA amendments), which came into effect on 1 June 2024, expand legal accountability by naming principals as new class of duty holders. The change is structural as it moves liability from a narrow focus on direct employers to a duty-based framework that follows control and influence in the workplace. Principals are now explicitly exposed where they engage contractors or subcontractors; self-employed persons are no longer invisible to OSHA and must ensure their work does not put others at risk.

This shift reflects a policy choice to align statutory responsibility with real-world risk: those who direct, resource, or create the conditions for work are drawn into the compliance perimeter. The statutory duties set out for principals require active measures, including establishing safe systems of work, ensuring adequate supervision, verifying contractor compliance, and conducting risk assessments and monitoring implementation. For self‑employed persons, the statute imposes affirmative duties to assess and control risks in their work and to comply with relevant safety standards.

.

Operational Impact

Duties affecting principals under the OSHA amendments under Section 18A requires principals to make necessary measures to ensure safety of contractor, subcontractors and their employees while they are at work under the principal’s direction: duty to conduct and implement risk assessment, duty to establish and implement a safety and health policy.

For many organisations, these new duties will mean rethinking how they manage outsourced work because what matters more is not how their obligations will be labelled in contracts, but their control and responsibilities in the workplace is spelled out in contracts. That creates immediate operational consequences across procurement, contractor management and site supervision.

Principals must establish documented proof of due diligence instead of depending on indemnities or contractual risk transfer to avoid liability. To discharge statutory duties, they will need written systems, active monitoring, and records showing verification of contractor competence and compliance.

The bottom line: outsourced work no longer creates an automatic legal firewall. Principals who continue to manage supply chains as if safety is solely the contractor’s responsibility will face both enforcement risk and reputational exposure.

.

Operational Impact: Example of Logistics Principal Engaging Multiple Contractors

Imagine a regional logistics principal that outsources warehousing, loading, and last‑mile delivery to multiple contractors and subcontractors. Under the amended OSHA, the principal can no longer treat contractors as entirely independent actors.

1. 1. Risk Allocation and Verification
2. The principal must ensure contractors operate safe systems of work for warehousing, forklift operations, loading bay procedures, and driver safety. That requires pre‑engagement competence checks, documented safety plans, and periodic audits rather than a one‑time compliance certificate.
3. .
4. 2. Supervision and Control
5. In view of the OSHA amendments, principals must include safety oversight when making supervisory arrangements. Where the principal sets operating schedules, performance metrics or directs how work is executed, his supervision oversight would include among others, induction and onboarding, work planning, site control such as material handling equipment.
6. .
7. 3. Incident Response and Evidence
8. The principal must have mechanisms for incident reporting and preservation of evidence across multiple contractors. This includes a clear responsibility framework, single‑point contact for safety escalation, and documented coordination in emergencies.
9. .
10. 4. Procurement and Contract Design
11. Contracts should make contractors deliver concrete safety items such as risk assessments, method statements, training records and permit-to-work procedures. They should also give the principal the right to audit and to stop work if safety is at risk.
12. .

ESG Perspective

The amendments dovetail with modern ESG expectations around supply chain due diligence and inclusive governance. Naming principals as duty holder aligns legal duty with corporate commitments to human capital and stakeholder safety, making safety governance a visible element of Environmental, Social, and Governance reporting and risk management.

.

Practical Steps for Principals

To operationalise compliance and limit liability exposure, principals should act now focusing on the following matters:

1. 1. Governance and Policy
2. Principals must adopt a written principal safety policy that accepts statutory duties where control exists and sets minimum contractor safety standards. They should maintain a centralised register of all contractors and the work they perform.
3. .
4. 2. Pre‑engagement Controls
5. Principals should require contractors to submit tailored risk assessments and method statements; perform competence checks, request proof of training and verify safety management systems in place.
6. .
7. 3. Ongoing Oversight
8. Principals should implement routine workplace inspections, safety performance dashboards, and an incident escalation pathway that operates across contractor boundaries. Ensure evidence is retained and accessible for inspections and prosecutions.
9. .
10. 4. Contracting and Procurement
11. Contracts can help manage risk, but they cannot remove the principal’s legal responsibilities when they direct or influence how work is carried out. The clauses should balance transparency, audit rights and risk allocation with insurance and indemnities that reflect real control points.
12. .
13. 5. Training and Cultural Measures
14. Principals should include contractors and self‑employed workers into site inductions, joint toolbox talks, and supervisor training. They should cultivate a safety culture that is consistent across principal and contractor workforces.
15. .
16. 6. Incident Preparedness
17. Principals must establish a single incident command structure at sties where multiple contractors operate. This structure should define clear roles and communication protocols and it must cover general workplace emergency preparedness requirements, These include the design and contraction of exit routes, provision of medical services and first aid, and availability of portable fire extinguishers, among other safety measures.
18. .

Conclusion

The amended OSHA makes a simple but powerful legal point: accountability follows control. For principals that means reconfiguring governance, procurement, and on‑site supervision to show that safety is actively managed and verifiable. Organisations that treat these changes as a compliance checkbox will miss the bigger opportunity: to make safety a core, auditable part of supply‑chain governance that protects people, reputations and shareholder value.

The ESG Service Line at Halim Hong & Quek provides advisory service to clients across a wide spectrum of occupational safety matters. This includes supporting employers and principals integrating their new duties under OSHA to their organization’s safety system. Should your organization require assistance in occupational safety and health matters, we would be pleased to assist. Please feel free to contact our team at pohyee.tan@hhq.com.my.

About the author

Tan Poh Yee
Senior Associate
ESG Practice Group
Halim Hong & Quek
pohyee.tan@hhq.com.my

More of our articles that you should read:

• • KL Structure Plan 2040 and KL Local Plan 2040: Transparent Development Orders for Sustainable Growth
• • Acquiring Heritage Properties in Penang, George Town UNESCO World Heritage Site – a Legal Commitment to Preserving Cultural Legacy
• • The Role of GHG Inventories in Meeting IFRS S2 Climate Disclosure Requirements