Small Business Compliance Checklist

BusinessLast reviewed: 1 April 20257 min

Keeping on top of compliance as a small business owner can feel overwhelming. This checklist brings together the key obligations across company law, tax, employment, data protection, and health and safety so you can identify any gaps in your compliance.

Key points

  • Company obligations include annual Companies House filings, Corporation Tax returns, and PAYE submissions.
  • Data protection requires ICO registration (for most businesses), a privacy notice, and a cookie consent mechanism.
  • Employment law obligations arise from the first hire and include contracts, payroll, pensions, and right to work checks.
  • Health and safety requirements include a written policy (for 5+ employees), risk assessments, and employers' liability insurance.
  • Consumer-facing businesses must comply with Consumer Rights Act obligations and ADR signposting requirements.
  • Reviewing compliance against a checklist at least annually reduces the risk of costly gaps being missed.

Company and Tax Compliance

Regardless of whether you are a sole trader or limited company, tax compliance is non-negotiable. Use the following checklist:

  • Sole traders:
    • Registered for Self Assessment with HMRC
    • Self Assessment tax return filed by 31 January each year
    • Payments on account made by 31 January and 31 July where required
    • Business records kept for at least 5 years after the filing deadline
  • Limited companies:
    • Corporation Tax return filed within 12 months of the company's accounting period
    • Corporation Tax paid within 9 months and 1 day of year end
    • Annual accounts filed at Companies House within 9 months of year end
    • Confirmation Statement filed annually
    • Event-driven filings submitted within 14 days of any changes (directors, addresses, shares)
    • PSC register kept up to date
  • VAT (if registered or turnover approaching £90,000 threshold):
    • VAT returns submitted quarterly (or monthly)
    • VAT paid within one month and 7 days of the period end
    • Digital records kept under Making Tax Digital for VAT

Employment Compliance

If you have employees, check you have covered the following:

  • HMRC PAYE registration completed before the first payday
  • Right to work check completed for every employee before start date — documents retained
  • Written employment contract or statement of particulars given on or before the first day
  • Payslips provided on or before each payday, itemising all deductions
  • National Minimum Wage / National Living Wage rates reviewed each April
  • Holiday entitlement tracked and recorded — statutory minimum of 5.6 weeks
  • Workplace pension scheme set up; eligible employees auto-enrolled within six weeks of start
  • Declaration of compliance submitted to The Pensions Regulator
  • Employers' liability insurance in force — certificate displayed
  • Disciplinary and grievance procedure in place, consistent with the Acas Code
  • Staff handbook (or equivalent policies) provided to all employees
  • Payroll records retained for at least 3 years (6 recommended)
  • P60s issued to all employees by 31 May each year
  • P11D filed for any employees with taxable expenses or benefits (by 6 July)

Data Protection and Health and Safety

Data protection (UK GDPR) checklist:

  • ICO registration fee paid (check whether exemption applies)
  • Privacy notice on website — covering all categories of personal data processing
  • Cookie consent mechanism implemented — equal prominence for accept and reject
  • Data processing agreements in place with all third-party processors (cloud services, email platforms, payment providers)
  • Process for responding to Subject Access Requests within one month
  • Internal breach log maintained; reportable breaches notified to ICO within 72 hours
  • Staff privacy notice provided to all employees
  • Personal data retention periods defined and enforced

Health and safety checklist:

  • HSE health and safety law poster displayed at workplace
  • Written health and safety policy in place (mandatory for 5+ employees)
  • Risk assessments completed for all significant hazards — written records kept (mandatory for 5+ employees)
  • First aid provision appropriate for the workplace and number of employees
  • Fire risk assessment completed and emergency procedures in place
  • Accident book in place; RIDDOR reporting process understood
  • Employers' liability insurance certificate kept for 40 years

Consumer Rights and Other Obligations

Consumer rights and trading standards:

  • Terms and conditions do not exclude or limit statutory consumer rights
  • Prices inclusive of VAT (for consumer-facing businesses)
  • Distance selling regulations complied with — cancellation rights communicated for online/phone sales
  • Written complaints procedure available and followed consistently
  • ADR scheme signposted in terms and conditions and final response letters
  • Product safety obligations met if you manufacture, import, or distribute goods

Other common obligations:

  • Business insurance reviewed annually — public liability, product liability, professional indemnity as appropriate
  • Licences and permits in place for regulated activities (alcohol licence, food business registration, care registration, financial services authorisation)
  • Anti-money laundering (AML) policies and procedures if operating in a regulated sector (accountancy, legal, estate agency, financial services)
  • Environmental obligations — waste duty of care, packaging regulations if applicable
  • Intellectual property — trademarks, copyrights, and domain names registered and protected as appropriate

Frequently asked questions

How can I stay on top of compliance changes as a busy small business owner?
Sign up for HMRC, Companies House, and ICO email newsletters to receive updates directly. Consider joining a trade association — many provide compliance updates tailored to your sector. Your accountant should flag significant tax law changes affecting your business. For employment law, the Acas website updates its guidance when legislation changes. Building a simple annual compliance review into your calendar ensures nothing drifts.
Do I need a compliance officer or dedicated HR person?
No — most small businesses manage compliance through a combination of good systems, reputable professional advisers (accountant, solicitor), and staying informed. The key is having clear ownership: for a sole trader, you are responsible for everything. For a small company, assign responsibility for different compliance areas to specific individuals. Cloud-based payroll, accounting, and HR software significantly reduces the administrative burden and helps avoid missed deadlines.
What are the most common compliance failures among small businesses?
Acas and HMRC data consistently show the most common failures are: late filing of Companies House documents, failure to auto-enrol eligible employees into pensions, paying below the minimum wage (often through unlawful deductions reducing effective pay), inadequate right to work checks, and non-compliant cookie banners. All of these are relatively straightforward to fix with the right systems in place.
I have received a compliance notice from a regulator. What should I do?
Do not ignore it. Read the notice carefully to understand exactly what is alleged and the timescale for response. Engage with the regulator promptly and professionally — most regulators distinguish between those who cooperate and those who do not when deciding on sanctions. Seek legal or professional advice before responding if the matter is complex or involves potential significant liability. Keep all correspondence with the regulator.
How often should compliance be reviewed?
A full compliance review should be carried out at least annually — typically at the start of your financial year or after any significant change to the business. Targeted reviews should also be triggered by changes in law or regulation (for example, new employment legislation, HMRC threshold changes, or updated ICO guidance), after an incident or near-miss, and when you take on a new activity or enter a new market. Building compliance reviews into your calendar prevents obligations from being overlooked.
What are the penalties for non-compliance?
Penalties vary widely by the area of law breached. HMRC can charge penalties of up to 100% of unpaid tax for deliberate non-compliance, plus interest. Companies House imposes automatic late-filing penalties up to £1,500 per year. ICO data protection fines can reach £17.5 million or 4% of global annual turnover. HSE can issue improvement notices, prohibition notices, and prosecute for criminal offences, with unlimited fines. Employment Tribunal awards for unfair dismissal are capped at around £115,000, with no cap for discrimination claims.

What to do next

  1. 1
    Use the GOV.UK business compliance tool
  2. 2
    Register for Companies House email reminders
  3. 3
    Read about hiring your first employee
  4. 4
    Understand data protection obligations

Official bodies and resources

Companies House

Government

Incorporates and dissolves limited companies, registers company information, and makes it available to the public.

Visit website0303 123 4500

HM Revenue & Customs

Government

Responsible for collecting taxes, paying some forms of state support, and administering national insurance.

Visit website0300 200 3300

Information Commissioner's Office

Regulator

The UK's independent authority for data protection and information rights, enforcing the UK GDPR and Data Protection Act 2018.

Visit website0303 123 1113

Health and Safety Executive

Regulator

Regulates workplace health, safety, and welfare, and enforces related legislation across Great Britain.

Visit website

Advisory, Conciliation and Arbitration Service

Government

Provides free, impartial advice on workplace relations and employment law, and offers early conciliation before tribunal claims.

Visit website0300 123 1100

Was this page helpful?

Related guides

Sole Trader vs Limited Company

Choosing the right business structure is one of the most important decisions you will make as a new business owner. Sole trader and limited company are the two most common options, each with distinct implications for tax, personal liability, and administrative burden.

8 min

Companies House Filing Requirements

Every private limited company in the UK must make certain filings at Companies House. Missing deadlines can result in automatic financial penalties and, eventually, your company being struck off the register. This guide covers the key obligations.

6 min

Hiring Your First Employee

Taking on your first employee is a significant milestone and creates a range of legal and administrative obligations. Missing any of the key steps can result in fines, employment disputes, or worse. This guide covers every step you need to take before your new employee starts work.

7 min

Data Protection Basics for SMEs

Almost every UK business handles personal data — whether collecting customer email addresses, managing employee records, or running a mailing list. UK GDPR and the Data Protection Act 2018 impose legal obligations on all organisations that handle personal data, regardless of size.

7 min

Health and Safety for Small Businesses

Employers have a legal duty to protect the health, safety, and welfare of their employees and others who may be affected by their work. For small businesses, compliance does not need to be onerous — but ignoring it carries serious legal and financial consequences.

6 min

Disclaimer

This information is for general guidance only and does not constitute legal advice. You should seek qualified legal help if your situation requires it.