Skip to main content

GM Group Services

Duty of care obligations start the moment your first contractor bumps in gear, not when the gates open.

If you're organising an event or running a venue, you're probably juggling suppliers, licensing, traffic flow, security, staffing and last-minute changes. That's normal. What isn't acceptable is treating safety as a document you file away once the plan is approved.

Your legal responsibility is active. It shifts with the conditions on site, the crowd, the weather, the layout, the alcohol service and the people you've put in charge. A quiet corporate function and a packed music event don't carry the same practical risk, even if both happen in the same building.

Your Fundamental Guide to Duty of Care Obligations

You've booked the venue. Contractors are onsite. A delivery truck is blocking part of the emergency access path. A patron arrives early and wanders into a setup zone. One staff member assumes someone else has checked the barricades. That's how preventable incidents start.

Duty of care obligations stop sounding like legal jargon and start looking like operations. In Australia, a Person Conducting a Business or Undertaking (PCBU) owes a primary duty of care to ensure, so far as is reasonably practicable, the health and safety of workers and others affected by the work, such as event attendees. This statutory obligation is not abstract; it mandates concrete actions to prevent foreseeable harm, as set out under Safe Work Australia's duties under WHS laws.

A group of professionals walking through an office building entrance with Duty of Care text displayed.

Why event organisers get caught out

New organisers often think duty of care means “try your best and hire security.” That's too loose. The law expects sensible, documented, proactive control of risk.

If a hazard was foreseeable, you need to show what you did about it. That means site checks, role clarity, incident reporting, first aid coordination, access control and supervision that happens on the ground.

Practical rule: If you can predict a problem, you're expected to manage it before it hurts someone.

Safety protects more than compliance

The initial focus often lands on liability first. Fair enough. But the operational benefit matters just as much. When your safety planning is solid, your event runs smoother, your staff make better calls under pressure, and your patrons feel the difference.

Good organisers build a safe environment on purpose. They don't rely on luck, assumptions or a generic event run sheet copied from the last job.

What Are Duty of Care Obligations in Australia

Think of duty of care like hosting guests at your home, except the law applies and the stakes are much higher. If you know the back steps are slippery, you don't ignore them and hope nobody falls. You fix the issue, warn people, or block access. That same logic applies to venues, festivals, licensed premises and workplaces.

For event operators and security teams, duty of care obligations are not optional standards. They're enforceable duties linked to how you identify hazards and act on them.

An infographic titled Understanding Duty of Care in Australia illustrating key legal concepts and obligations.

What a PCBU actually means

A PCBU is the business or undertaking with control over the work. In practice, that can be the event company, venue operator, promoter, contractor or another party with operational influence. If you control the environment, the workers, the systems or the decisions, you likely carry legal responsibility.

That matters because the law doesn't just ask whether an incident happened. It asks whether the responsible party should have seen the risk coming and taken reasonable steps to manage it.

Reasonably practicable means practical and provable

For Australian security providers, the duty of care is legally defined as a primary duty under the Model WHS Act s 19, requiring a PCBU to ensure health and safety so far as is reasonably practicable. This mandates a causal risk-management workflow: identifying foreseeable hazards, assessing risk, and then controlling those risks, as outlined in this LexisNexis guide on duty of care and safe places of work.

That phrase, reasonably practicable, matters. It doesn't mean perfection. It means action that fits the known risk, the available controls and the reality of the environment.

A few practical examples:

  • Crowd pressure at entry: You stagger queues, brief guards, define search procedures and keep emergency lanes clear.
  • Slip hazards near bars: You assign cleaning checks, improve lighting and make sure staff report spills immediately.
  • Aggressive patron behaviour: You use trained personnel, escalation protocols and clear communication between floor staff and security.

A generic safety plan won't save you if the actual hazard on the day wasn't managed.

The core test organisers should apply

Ask three blunt questions before every event:

  1. What could reasonably go wrong here?
  2. Who could get hurt by it?
  3. What controls are in place, and who is checking them?

If you can't answer those clearly, your compliance is weak and your operations are exposed.

State-Specific Legal Context for Events and Venues

The broad duty is consistent, but enforcement and practical expectations are local. If you operate across New South Wales, Victoria, Queensland and the ACT, don't assume one event pack works everywhere. It doesn't.

The safest approach is simple. Build one strong core safety system, then adapt it to the venue, regulator and operating conditions in the state you're working in.

A comparison table outlining state-specific duty of care regulations for events and venues in Australia.

How the same duty plays out differently

You're still dealing with worker safety, public safety, foreseeable harm and reasonable controls. What changes is how local regulators expect that to appear in planning, supervision and incident response.

Here's the practical comparison:

State or territoryRegulator and contextWhat organisers should focus on
NSWSafeWork NSW is a key reference point for WHS expectationsStrong site-specific risk controls, active supervision and clear escalation during changing conditions
VICWorkSafe Victoria applies the local framework in operational settingsDocumented systems, contractor coordination and practical proof that controls are being followed
QLDWHS Queensland settings often intersect with large public event risk and venue operationsCrowd movement, entry management, emergency access and visible command structure
ACTACT regulators expect the same disciplined planning in smaller but often complex sitesTight role clarity, contractor oversight and clean incident documentation

NSW highlights the operational shift during incidents

One point organisers often miss is that duty of care changes in intensity when a situation turns active. During routine monitoring, your controls may be stable. During a sudden medical issue, crowd surge or violent incident, the standard of care becomes more urgent in practical terms because your team must respond to a known, immediate risk.

SafeWork NSW's guidance on duty of care reinforces that a PCBU must try to eliminate risks so far as is reasonably practicable. On the ground, that means your plans must work both in normal operations and under stress.

If your safety system only works while everything is calm, it isn't a complete safety system.

Why multi-state consistency matters

A festival in regional Queensland, a corporate launch in Melbourne and a licensed venue in Sydney don't need identical staffing. They do need the same discipline:

  • Localised risk assessment
  • Clear chain of command
  • Training records and supervision
  • Incident response that matches the operational environment

A common failing occurs among inexperienced organisers. They buy a template and call it compliance. Regulators and courts look for something else. They look for evidence that your planning matched the actual risks at the site.

Who Is Responsible and What Are Their Duties

Safety on site is shared, but not evenly shared. The person with the most control carries the heaviest burden. If you own the venue, run the event, engage contractors or direct staff, you can't push all responsibility down to the front line.

At the same time, workers, supervisors, contractors and volunteers also have obligations. People on the ground must take reasonable care for their own safety and avoid harming others through what they do or fail to do, as explained in this overview of applying duty of care in Australian workplaces.

The chain of responsibility

Here's the practical breakdown most organisers need:

  • PCBU or organiser: Owns the overall system of work, site planning and risk controls.
  • Officers and senior decision-makers: Must make sure resources, planning and oversight are provided.
  • Supervisors and team leaders: Turn plans into action, monitor staff and correct unsafe conduct fast.
  • Workers, contractors and volunteers: Follow instructions, report hazards and avoid risky shortcuts.
  • Patrons and visitors: Don't carry management duties, but their vulnerability affects the standard expected of you.

Training and supervision are not paperwork extras

Under Australian OHS regulations, employers must provide OHS/WHS information, instruction and training and supervision to employees. The absence of documented training or site supervision systems is often primary evidence used to prove negligence in litigation, according to ADAS on duty of care.

That point should change how you run your event. If your induction happened verbally in a noisy loading dock and nobody recorded it, don't assume you can prove anything later.

Operational duties that matter most

Your legal obligations show up in operational basics. If these areas are weak, your exposure grows quickly:

  • Risk assessment: Review access points, crowd movement, lighting, service areas, staging zones and emergency paths.
  • Security planning: Match staffing and deployment to the event profile, not to the cheapest quote.
  • RSA and intoxication control: Licensed venues need active monitoring, not passive hope.
  • Medical readiness: Coordinate first aid, emergency contacts and escalation points.
  • Incident recording: Log what happened, when, who responded and what changed afterwards.
  • Supervision: Make sure someone is visibly accountable on site, not just available by phone.

A common failure point

A lot of organisers write responsibilities into a plan but never assign names. That's sloppy. “Security to monitor entry” is weak. “Supervisor to manage gate one, screen bags, maintain egress lane and report refusals” is accountable.

When responsibility is vague, response is slow. When response is slow, people get hurt.

A Practical Guide to Fulfilling Your Duty of Care Obligations

Most organisers overcomplicate this. You don't need a legal thesis. You need a working system your team can apply under pressure.

The cleanest model is Identify, Control, Respond. That aligns with the requirement that employers implement a three-step process: identify foreseeable hazards, put controls in place via policies and training, and respond appropriately when incidents occur, including having trained first aiders and equipment, as explained by Vital First Aid's guide to duty of care in Australian workplaces.

A visual roadmap outlining the three key steps for duty of care compliance in professional event safety.

Identify the real risks

Start with the site, not the template. Walk it. Watch the pinch points. Think about who'll be there and how they'll move.

Check these first:

  • Entries and exits: Are queues likely to block evacuation paths?
  • Alcohol service zones: Where will behaviour change once service ramps up?
  • Back-of-house areas: Can patrons drift into contractor or plant zones?
  • Medical access: Can responders reach a casualty quickly?
  • Environmental hazards: Wet surfaces, poor lighting, cables, uneven ground and heat exposure all matter.

If your event includes travelling staff, transport legs or off-site movements, broaden the risk lens. A useful reference is AuditReady's travel risk guide, especially when your event operation extends beyond the venue footprint.

Control the risks with visible measures

Controls must match the hazard. Don't deploy generic crowd staff where you need assertive access control. Don't assign inexperienced personnel to conflict-heavy areas.

Some controls are procedural. Others are physical or personnel-based. Use a mix.

  • Physical controls: Barriers, lighting, signage, search lanes, restricted access points.
  • Procedural controls: Entry rules, incident escalation, intoxication management, emergency communications.
  • Personnel controls: Supervisors, static guards, patrols, first aiders, specialist handlers where the environment justifies it.

One practical option is GM GROUP Services, which provides services such as static guards, K9 units and handlers, vehicle patrols, gatehouse control, emergency response and risk assessments for events, venues and businesses across NSW, VIC, QLD and the ACT. Those services are relevant when your identified hazards require dedicated access control, patrol visibility or rapid response capacity.

Good control measures are specific. “Have security onsite” is not specific.

Respond like the incident is part of the job

Many plans fail in such instances. Organisers write emergency procedures, then never rehearse who does what. Under stress, confusion replaces process.

Build response around three questions:

  1. Who takes command?
  2. Who communicates with emergency services, staff and patrons?
  3. What gets documented immediately after the situation is stabilised?

A practical mini-checklist helps:

  • Medical incident: Secure space, notify first aid, direct responders, record timeline.
  • Aggressive patron: Isolate the behaviour, protect bystanders, remove triggers, document staff actions.
  • Crowd compression: Pause entry, redirect flow, clear bottlenecks, brief staff in real time.
  • Evacuation trigger: Use plain language, keep routes clear, account for vulnerable persons where possible.

Keep evidence as you go

If you don't document it, you'll struggle to prove it happened. Keep records of:

  • Briefings and inductions
  • Guard rosters and supervision notes
  • Risk assessments and control updates
  • Incident reports and post-incident reviews

That paperwork isn't bureaucracy for its own sake. It's proof that your duty of care obligations were operational, not theoretical.

Consequences of Failure and the Value of a Security Partner

Failure in this area lands in two places at once. Someone can get hurt, and your business can spend years dealing with the fallout.

In legal terms, a breach of duty of care is established only when five specific elements are proven: a legal relationship, foreseeability of harm, a defined standard of care, a breach of that duty, and a direct causal link between the breach and actual damages, as set out by Maurice Blackburn's explanation of duty of care.

What that means in practice

A negligence claim doesn't succeed just because an incident occurred. It succeeds when the claimant can show you owed them a duty, the risk was foreseeable, your response fell below the required standard, and that failure caused actual loss.

That's why weak supervision, poor records and vague planning are so dangerous. They create the exact gaps a claim will focus on.

The real-world consequences

When organisers mishandle duty of care obligations, the damage tends to stack up fast:

  • Legal exposure: Claims, investigations and a long paper trail of uncomfortable questions.
  • Regulatory problems: Scrutiny from the relevant WHS authority and licensing consequences depending on the venue.
  • Commercial fallout: Sponsors, venue partners and insurers don't like avoidable incidents.
  • Reputational damage: Patrons remember unsafe events. So do staff.

The point isn't fear. It's realism. If your event profile includes alcohol, crowd density, public access or contractor activity, you need professional risk controls.

Why a security partner matters

A capable security partner doesn't just place people at doors. They help convert legal obligation into operational discipline. That includes deployment planning, access control, visible supervision, incident response and records you can rely on later.

A good security provider reduces confusion. That alone prevents a lot of bad decisions.

If you're relying on unbriefed casuals or a bare-minimum presence, you're not saving money. You're shifting risk onto your balance sheet and everyone onsite.

Frequently Asked Questions About Duty of Care Obligations

Can a waiver remove my duty of care obligations

No. A waiver may have limited relevance in some circumstances, but it doesn't wipe out your core legal responsibilities. If a foreseeable risk existed and you failed to manage it properly, a signed form won't rescue poor operations.

Are volunteers part of my responsibility

Yes. If volunteers are working within your event or venue operation, they need clear instructions, appropriate supervision and a safe system of work. Treating volunteers casually is a common mistake.

Does a small private function carry the same duty as a major festival

The legal concept remains, but the practical standard depends on the environment and foreseeable risks. A private dinner usually needs simpler controls than a large public event. That doesn't mean informal. It means proportionate and thought through.

What changes during an active incident

Your duty becomes more operationally demanding because the risk is no longer hypothetical. Staff need clear authority, communication lines and escalation procedures. Routine monitoring is not enough once conditions change.

What documents should I keep

Keep records of risk assessments, staff briefings, training, rosters, incident reports, contractor coordination and any control changes made during the event. If an issue is foreseeable enough to manage, it's important enough to document.

Do security guards carry the whole duty for me

No. Security supports your system. It doesn't replace your responsibility as organiser, operator or controlling party. You still need proper planning, safe systems and active oversight.

What's the fastest way to improve compliance

Start with a site-specific risk review, assign named responsibilities, tighten supervision and fix your documentation process. Most problems come from vague ownership and weak follow-through, not from a lack of policies.


If you need a practical review of your event, venue or site setup, talk to GM GROUP Services. Their team works across NSW, VIC, QLD and the ACT on security deployment, risk assessments, patrols, gatehouse control, event coverage and incident response support. A professional conversation before the event is far cheaper than explaining preventable failures after it.


Discover more from GM Group Services

Subscribe to get the latest posts sent to your email.

Leave a Reply

Discover more from GM Group Services

Subscribe now to keep reading and get access to the full archive.

Continue reading