Evaluating compliance is the periodic check that an organisation is actually doing what its legal obligations require, not just claiming to in the legal register.
A legal register is the document an organisation uses to record the laws, regulations and other legal obligations that apply to its activities, along with how it complies with each one.
This section of the knowledge base covers UK legal and compliance obligations for small and medium-sized businesses. Articles are written for SME owners, directors and managers who need a clear understanding of the legal framework without wading through statute, with practical guidance on what compliance looks like day-to-day.
The cluster begins with the foundation of any management system - the legal register and the process of evaluating compliance against it. From there, the articles cover financial crime obligations under the Bribery Act 2010, Anti-Money Laundering Regulations, Modern Slavery Act 2015 and Fraud Act 2006. The people-law cluster covers equality, diversity and inclusion under the Equality Act 2010 and the Worker Protection Act 2023, whistleblowing under the Public Interest Disclosure Act 1998, right to work checks under the Immigration Asylum and Nationality Act 2006, and corporate manslaughter and health and safety offences. The data, trade and corporate cluster covers UK data protection under the UK GDPR and Data Protection Act 2018, consumer rights under the Consumer Rights Act 2015, CE and UKCA conformity marking including BS EN 1090 for structural fabricators, and the Companies Act 2006 obligations for UK limited companies.
Throughout the section, articles flag where obligations apply to all employers regardless of size and where size-based thresholds change what is required. Most UK legal duties apply identically to a five-employee SME and a five-thousand-employee multinational - the substantive obligations rarely scale, even though the practical compliance arrangements can. Where threshold-based requirements do apply (gender pay gap reporting at 250 employees, modern slavery transparency statements at £36 million turnover, fraud failure-to-prevent at the s.199 ECCT thresholds), the relevant articles flag the position clearly.
Each article includes a practical advice section with the alphaZ documents that operationalise the legal duty - the policies, procedures and registers that turn legal compliance into a documented management system. The integrated management system toolkits cover ISO 9001, ISO 14001, ISO 45001, BS EN 1090 and other standards alongside the legal compliance content, providing the complete documented framework. Articles are kept current with UK legislation and regulator guidance, with high-level pointers rather than dated specifics where the law is moving quickly.
Legal compliance is one of those phrases that gets people in a panic. It does not need to. UK law sets duties that apply to most businesses regardless of size - tax, employment, data protection, health and safety, anti-bribery. The articles in this section walk through what those duties actually are and how to evidence you are meeting them, without the legal jargon.
The clients who handle compliance well treat it as part of the management system, not a parallel exercise. One legal register, one evaluation cycle, and the same documented evidence covering both ISO certification and legal duties. The articles here cover the pattern that makes that work in a small or medium business - what the duties are, who they apply to, and where the size-based thresholds matter.
At external audit I am looking for evidence that legal compliance has been evaluated, not just declared. A current legal register, a recent evaluation against it, and evidence that issues identified have been actioned. The articles in this section flag where the audit angle matters and what an auditor will reasonably expect to see.