Master OSHA's structure and enforcement powers, understand how global regulatory systems work, know your workers' rights, and learn how to navigate an inspection — before one shows up at your door.
The Occupational Safety and Health Administration is the primary federal workplace safety regulator in the United States. Understanding its structure tells you who enforces the law, who is covered, and what your obligations are.
"The Occupational Safety and Health Act of 1970 was enacted to assure safe and healthful working conditions for working men and women by authorizing enforcement of the standards developed under the Act, by assisting and encouraging the States in their efforts to assure safe and healthful working conditions, by providing for research, information, education, and training in the field of occupational safety and health."
Covers private sector employers and workers in all 50 states and territories. Also covers federal government employees (not state/local). Approximately 7 million worksites, 130+ million workers.
29 states and territories operate their own OSHA-approved plans. Must be "at least as effective" as federal OSHA. Can be more stringent. Cover state/local government workers federal OSHA cannot.
The research arm — created by the same OSH Act. Conducts studies, recommends exposure limits (RELs), and develops criteria documents. Does NOT enforce — only recommends.
Occupational Safety and Health Review Commission — the independent adjudicatory body that hears contests to OSHA citations. Separate from OSHA itself to ensure impartiality.
Who is NOT covered by OSHA: Self-employed workers (no employees); immediate family farm operations; workplaces covered by other federal agencies (mines — MSHA; airlines — FAA; nuclear — NRC; railroads — FRA). State and local government workers are not covered by federal OSHA but may be covered by an approved State Plan. Reference: OSH Act §4(b)(1)
| Standard | Coverage | Key CFR Title | Examples |
|---|---|---|---|
| General Industry | All industries not covered by specific standards (manufacturing, retail, healthcare, services, etc.) | 29 CFR Part 1910 | 1910.95 (Noise), 1910.119 (PSM), 1910.134 (Respiratory Protection), 1910.147 (LOTO), 1910.1200 (HazCom) |
| Construction | All construction, alteration, repair, painting and decorating operations | 29 CFR Part 1926 | 1926.502 (Fall Protection), 1926.503 (Fall Training), 1926.652 (Excavations), 1926.1400 (Cranes) |
| Maritime | Shipyard employment, marine terminals, longshoring, gear certification | 29 CFR Parts 1915–1919 | 1915.12 (Confined spaces in shipyards), 1917 (Marine terminals) |
| Agriculture | Farm work — field operations, greenhouses, nurseries | 29 CFR Part 1928 | 1928.110 (Field sanitation), 1928.21 (Applicable standards for agriculture) |
| Federal Employees | Federal agencies' own workplaces — executive order mandates OSHA compliance | 29 CFR Part 1960 | Agency self-inspection programs; workers can file complaints with OSHA |
OSHA cannot simply decide to regulate a hazard overnight. Federal rulemaking is a structured legal process that takes years. Understanding it helps you anticipate regulatory changes and participate in them.
A new standard can be initiated by: a petition from an employer, union, or standards-setting body; NIOSH research findings; OSHA-commissioned studies; or a Congressional mandate. OSHA evaluates whether a "significant risk" exists in the workplace that can be reduced by a feasible standard.
OSHA may convene an Advisory Committee on Construction Safety and Health (ACCSH) or Standards Advisory Committee to review evidence. NIOSH provides criteria documents and recommended exposure limits (RELs) that inform OSHA's rulemaking.
Optional step — OSHA publishes an ANPR in the Federal Register to invite public comment on whether a standard is needed and what it should cover. The public has 60–90 days to respond. OSHA is not required to proceed after an ANPR.
OSHA publishes the proposed standard in the Federal Register. A public comment period (minimum 30 days, typically 60–90 days) opens. Any person may submit written comments. Public hearings may be held. This is the most important public participation opportunity.
After reviewing all comments, OSHA publishes the final rule in the Federal Register with a preamble explaining the basis for each decision. The rule is incorporated into 29 CFR. An effective date is set (typically 60–180 days after publication) to allow employers compliance time.
Any person adversely affected may challenge the rule in a US Circuit Court of Appeals within 60 days of publication. The court reviews whether the standard is supported by "substantial evidence" in the record. Courts have struck down OSHA standards — notably in Industrial Union Dept. v. American Petroleum (Benzene case, 1980) which established the "significant risk" test.
Temporary Emergency Standards (ETS): OSH Act §6(c) allows OSHA to issue an ETS that takes effect immediately — bypassing normal rulemaking — when workers are in "grave danger" from a new hazard. The COVID-19 Healthcare ETS (2021) and the Vaccination/Testing ETS (2021, later stayed by courts) are recent examples. An ETS simultaneously serves as a proposed permanent standard.
An OSHA inspection is one of the most significant events an EHS professional will face. Knowing the process protects your organisation's rights while ensuring full cooperation with lawful enforcement.
Fourth Amendment rights: OSHA compliance officers do not have the right to enter a workplace without either consent or a warrant. In Marshall v. Barlow's Inc. (1978), the US Supreme Court held that warrantless OSHA searches violate the Fourth Amendment. However, OSHA can obtain an administrative search warrant with minimal showing. In practice, most employers consent to inspections. Withholding consent signals non-compliance and OSHA will obtain a warrant.
OSHA prioritises inspections in this order — highest priority first:
The compliance officer (CO) presents credentials and explains the purpose, scope, and procedures of the inspection. The employer has the right to have a representative accompany the CO. Employees also have the right to have their representative participate.
Ref: 29 CFR 1903.7–1903.8
The CO physically inspects the workplace, observing conditions, practices, equipment, and records. The CO may take photographs, samples (air, surface), and measurements. The CO can interview workers privately — employers cannot be present during worker interviews.
Ref: 29 CFR 1903.7
After the walkaround, the CO meets with the employer and worker representatives to discuss preliminary findings. The CO explains what violations were observed, their likely classification, and estimated penalty ranges. No citations are issued at this stage.
Ref: 29 CFR 1903.7(e)
Within 6 months of the inspection, OSHA may issue a citation by certified mail. The citation describes each violation, the standard violated, the proposed penalty, and the abatement deadline.
Ref: OSH Act §10 29 CFR 1903.17
OSHA classifies violations by severity. Penalties are adjusted annually for inflation under the Federal Civil Penalties Inflation Adjustment Act. The figures below reflect 2024 maximums.
A hazard that could cause death or serious physical harm AND the employer knew or should have known about it.
Employer intentionally or knowingly disregarded the law, or showed plain indifference to employee safety. Criminal referral possible for wilful violations causing death.
Violation of any standard, rule, or order where OSHA found a substantially similar violation within the previous 5 years.
Violation directly related to job safety or health but unlikely to cause death or serious physical harm. Penalty may be zero at OSHA discretion.
Criminal penalties — OSH Act §17(e): Wilful violations causing the death of an employee carry a maximum 6 months imprisonment and $10,000 fine on first conviction; $20,000 and 1 year on repeat. Knowingly falsifying OSHA records carries up to 6 months imprisonment per §17(g). These are misdemeanours under federal law — EHS professionals and company officers can be personally prosecuted. Many states have stronger criminal provisions under state law.
OSHA's injury and illness recordkeeping system is one of the most important compliance obligations in the US. Getting it wrong is itself a citable violation — and incorrect data undermines the entire national safety surveillance system.
Who must keep OSHA 300 records: Employers with 11 or more employees in most industries must maintain injury/illness records under 29 CFR 1904. Partially exempt: establishments with 10 or fewer employees AND low-hazard industries (retail, finance, insurance, real estate). Fully exempt: several low-risk NAICS codes listed in 29 CFR 1904.2 Appendix A. Note: ALL employers — even exempt ones — must report fatalities and severe injuries to OSHA within the required timeframes.
| Form | Name | Purpose | Retention | Posting Requirement |
|---|---|---|---|---|
| OSHA 300 | Log of Work-Related Injuries and Illnesses | Running log of every recordable injury/illness throughout the year. Maintained by establishment. Must be available to workers upon request. | 5 years from end of year | Not posted — but accessible to workers, former workers, and their reps |
| OSHA 301 | Injury and Illness Incident Report | Detailed individual case form for each recordable incident. Contains worker info, task at time of injury, description of injury, medical treatment, and how the incident occurred. | 5 years from end of year | Not posted — available to workers and reps on request within 4 hours |
| OSHA 300A | Summary of Work-Related Injuries and Illnesses | Annual summary of totals from the 300 Log. Must be certified by a company executive. Posted every year from February 1 through April 30 in a conspicuous location. | 5 years from end of year | Posted Feb 1 – Apr 30 annually — mandatory |
A work-related injury or illness is recordable if it results in any of the following — per 29 CFR 1904.7:
Treatment by a licensed healthcare professional beyond first aid (prescription medication, sutures, surgery, physical therapy, etc.) constitutes recordable medical treatment.
Any work-related injury that causes the worker to miss at least one day of work beyond the day of the incident. Number of calendar days is recorded on the 300 Log.
Worker is assigned to a restricted job, restricted from performing routine job functions, or transferred to another job due to a work-related injury or illness.
Any work-related diagnosed illness or injury that is not first aid — including occupational illnesses (hearing loss, silicosis, dermatitis) even if asymptomatic.
Any work-related loss of consciousness — regardless of duration — is automatically recordable. Also covers significant injuries diagnosed by a healthcare professional even without symptoms.
All work-related needle sticks and sharps injuries involving contamination (blood or other potentially infectious materials) are automatically recordable per 29 CFR 1904.8.
Electronic submission (OSHA 300A data): Since 2016, certain employers must electronically submit their 300A summary data to OSHA via the Injury Tracking Application (ITA) at osha.gov. As of 2023 rulemaking, establishments with 100+ employees in high-hazard industries must also submit 300 log and 301 data electronically. Ref: 29 CFR 1904.41
The Environmental Protection Agency (EPA) regulates the environmental side of EHS. Understanding its major statutes is essential — violations carry civil and criminal penalties equal to or exceeding OSHA's.
| Statute / Regulation | What It Covers | Key Requirement for EHS | Penalty |
|---|---|---|---|
| Clean Air Act (CAA) 1970/1990 | Air emissions from stationary and mobile sources. National Ambient Air Quality Standards (NAAQS) for 6 criteria pollutants. Title V operating permits for major sources. | Title III: Hazardous Air Pollutants (HAPs) — 187 listed chemicals. Title V: Operating permits. Title VI: Ozone-depleting substances. | Up to $70,117/day civil; criminal up to 5 years imprisonment. Ref: 42 U.S.C. §7413 |
| Clean Water Act (CWA) 1972 | Discharge of pollutants into navigable waters. NPDES permit program. Stormwater management. Spill prevention. | NPDES permits for wastewater discharge. SPCC (Spill Prevention, Control, Countermeasure) plans for oil storage ≥1,320 gallons above ground. Ref: 40 CFR Part 112 | Up to $64,618/day per violation. Negligent violations: 1 year imprisonment. Knowing violations: 3 years. |
| RCRA — Resource Conservation and Recovery Act 1976 | Management of solid and hazardous waste from "cradle to grave" — generation, storage, transport, treatment, disposal. | Hazardous waste generator classification (LQG/SQG/VSQG). Manifest system for hazardous waste shipments. Storage time limits. Treatment, Storage, Disposal Facility (TSDF) permits. Ref: 40 CFR Parts 260–299 | Civil: up to $70,117/day. Criminal: up to 5 years imprisonment (knowing endangerment). |
| CERCLA — Superfund 1980 | Cleanup of contaminated sites. Liability for releases of hazardous substances. National Priorities List (NPL) sites. | Reporting releases above Reportable Quantities (RQs) to National Response Center within 24 hours. Strict, joint, and several liability — current and former owners can be liable for cleanup costs. Ref: 40 CFR Part 302 | Failure to report: up to $64,618/day. Cleanup costs can reach billions of dollars. |
| EPCRA — Emergency Planning and Community Right-to-Know Act 1986 | Community emergency planning for hazardous chemical releases. Toxic Release Inventory (TRI) reporting. | Facilities with Extremely Hazardous Substances (EHSs) above threshold planning quantities (TPQs) must notify Local Emergency Planning Committees (LEPCs). Annual TRI Form R reporting for listed chemicals above threshold. Ref: 40 CFR Part 355 | Up to $64,618/day for failure to report or provide emergency notification. |
| EPA Risk Management Program (RMP) 40 CFR Part 68 | Prevention of accidental releases of listed regulated substances above threshold quantities. Companion to OSHA PSM. | Three program levels based on hazard potential. RMP Plan submitted to EPA and filed with LEPCs. Includes hazard assessment, prevention program, and emergency response. Ref: 40 CFR §68 | Civil: up to $70,117/day. Triggered by Bhopal disaster — enacted 1990 CAA Amendment. |
Knowing Endangerment — maximum penalty: Under RCRA §3008(e) and CAA §113(c)(5), "knowing endangerment" — knowingly placing another person in imminent danger of death or serious bodily injury — carries up to 15 years imprisonment and $250,000 personal fine ($1 million for organizations). Environmental criminal cases have sent corporate officers to prison. EHS professionals who knowingly certify false environmental reports face personal prosecution.
If you work for a multinational company or pursue an international career, you must understand how other countries regulate workplace safety. The approaches differ significantly.
Goal-setting regulatory regime — the law sets objectives ("so far as is reasonably practicable"), not prescriptive rules. Duty holders decide how to meet the goal. ACoPs (Approved Codes of Practice) provide accepted compliance methods.
Framework Directive 89/391/EEC sets minimum standards across all 27 member states. Individual daughter directives cover specific hazards. Each country enacts national law implementing the directives — local enforcement varies significantly.
Harmonised Work Health and Safety (WHS) Acts based on a model law framework — most states and territories have adopted the Model WHS Act. The concept of "reasonably practicable" is central. Persons Conducting Business or Undertaking (PCBUs) — not just employers — have duties.
Divided jurisdiction — federal Canada Labour Code covers federally regulated industries (banks, airlines, railways, telecommunications). Each province has its own occupational health and safety act for provincially regulated workplaces. Significant variation between provinces.
Workplace Safety and Health Act (2006) follows the UK goal-setting model. The WSH framework places responsibility on all stakeholders — designers, manufacturers, suppliers, employers, and workers. Heavy penalties: up to S$500,000 fine and/or 2 years jail for individuals.
UAE Labour Law (Federal Decree-Law No. 33 of 2021) governs employment and safety. Free zone authorities (JAFZA, ADNOC, etc.) have their own HSE frameworks. Aligns increasingly with international standards — ISO 45001 adoption growing rapidly across the GCC.
ILO Conventions as the global baseline: Regardless of which country you work in, ILO Conventions set the international minimum floor. C155 (general OHS), C161 (occupational health services), C167 (construction safety), C176 (mining safety), and C187 (promotional framework) are the most widely applied. 187 countries are ILO members — all are expected to progressively implement these conventions whether ratified or not.
Workers are not passive recipients of safety programs — they have legally enforceable rights. As an EHS professional, protecting and promoting these rights is a core part of your role.
Workers have the right to information about hazardous substances they work with — including access to Safety Data Sheets, chemical labels, and exposure records.
A worker can refuse work they reasonably believe poses imminent danger of death or serious injury. The refusal must be in good faith and the danger must be imminent. The employer cannot retaliate.
Workers can file OSHA complaints, participate in inspections, and testify without fear of discharge, demotion, or other retaliation. Whistleblower Protection Program covers 25+ statutes beyond just OSHA.
Workers and their authorised representatives have the right to accompany OSHA compliance officers during inspections and to be interviewed privately — without management present.
Workers have the right to access their own occupational exposure records and medical records maintained by the employer — within 15 working days of a written request.
ISO 45001 Clause 5.4 requires "consultation and participation" of workers in hazard identification, risk assessment, and determination of controls. Workers must be able to report hazards and participate in incident investigations.
Workers must be trained in the hazards specific to their job, the controls in place, and emergency procedures — in a language and vocabulary they understand. Training must be documented.
Retaliation is illegal and prosecuted: OSHA's Whistleblower Protection Program enforces anti-retaliation provisions in 25 federal statutes, not just the OSH Act. Recent high-profile cases include multi-million dollar settlements for workers fired after reporting COVID-19 safety concerns. Complaints must be filed within 30 days of the retaliatory act under the OSH Act (some other statutes have longer windows). Ref: OSH Act §11(c)
Many OSHA standards require specific written programs. These are not optional — inspectors check for them and will cite you for their absence even if no injury has occurred.
| Written Program | OSHA Standard | Industry | Core Elements Required |
|---|---|---|---|
| Hazard Communication Program | 29 CFR 1910.1200(e) | All industries (General + Construction) | List of hazardous chemicals; SDS availability and location; labelling system; employee training records |
| Emergency Action Plan (EAP) | 29 CFR 1910.38 | All with 11+ employees | Evacuation procedures; alarm system; employee accounting; rescue/medical duties; training frequency |
| Lockout/Tagout (LOTO) Program | 29 CFR 1910.147 | General Industry (maintenance operations) | Energy control procedures; employee training; annual inspections of each energy control procedure; equipment-specific LOTO procedures |
| Respiratory Protection Program | 29 CFR 1910.134 | Where respirators are used | Written procedures; medical evaluation; fit testing; maintenance and inspection; training; air quality for supplied-air |
| Permit-Required Confined Space Program | 29 CFR 1910.146 | Facilities with permit-required confined spaces | Space identification and classification; permit system; attendant/entry supervisor/entrant roles; rescue procedures |
| Hearing Conservation Program | 29 CFR 1910.95(c) | Where noise ≥85 dB(A) TWA | Noise monitoring; audiometric testing; hearing protection selection; training; recordkeeping |
| Bloodborne Pathogen Exposure Control Plan | 29 CFR 1910.1030(c) | Healthcare, first aid providers, laboratories | Exposure determination; universal precautions; engineering/work practice controls; PPE; hepatitis B vaccination; post-exposure follow-up |
| Process Safety Management Program | 29 CFR 1910.119 | Facilities with covered highly hazardous chemicals above TQs | 14 elements: Process Safety Information, PHA, Operating Procedures, Training, Contractors, Pre-startup Safety Review, MOC, Incident Investigation, Emergency Planning, Compliance Audits, Trade Secrets, Hot Work Permits, Mechanical Integrity, Employee Participation |
| Fall Protection Plan | 29 CFR 1926.502(k) | Construction | Required when conventional fall protection is infeasible or creates greater hazard. Must be site-specific, prepared by qualified person, reviewed and updated. |
Having the written program is not enough: OSHA inspectors look for evidence that programs are implemented and effective — not just written. A Respiratory Protection Program sitting in a binder but with no documented medical evaluations or fit tests will still be cited. ISO 45001:2018 Clause 7.5 reinforces this — documented information must be "controlled" and demonstrate the system is operating as intended.
EHS compliance is not one-time — it runs on a calendar. Missing a deadline is a citable violation. Every EHS professional should know these recurring obligations by heart.
| Deadline | Obligation | Standard / Authority |
|---|---|---|
| Feb 1 – Apr 30 | Post OSHA 300A Annual Summary in workplace — must be visible to all workers | 29 CFR 1904.32 |
| March 2 | Electronic submission of OSHA 300A data to OSHA Injury Tracking Application (ITA) for covered establishments | 29 CFR 1904.41 |
| March 1 | Tier II chemical inventory reports due to State Emergency Response Commission (SERC), LEPC, and local fire department — for facilities with hazardous chemicals above threshold quantities | EPCRA §312 / 40 CFR §370 |
| July 1 | EPA Toxic Release Inventory (TRI) Form R / Form A annual submission for covered facilities with listed chemicals above reportable thresholds | EPCRA §313 / 40 CFR §372 |
| Annual | Audiometric testing for workers in the Hearing Conservation Program (baseline within 6 months of first exposure; annual thereafter) | 29 CFR 1910.95(g) |
| Annual | Respirator fit testing for workers required to use tight-fitting facepiece respirators | 29 CFR 1910.134(f) |
| Annual | LOTO inspection — annual inspection of each energy control procedure by authorised employee (other than the one using the procedure) | 29 CFR 1910.147(c)(6) |
| Quarterly / Annual | Fire extinguisher inspections — monthly visual check, annual maintenance inspection, hydrostatic test per NFPA 10 schedule | NFPA 10:2022 |
| Annually (at min.) | Emergency evacuation drills — ISO 45001 and OSHA Emergency Action Plan both require drills at appropriate frequency | 29 CFR 1910.38 ISO 45001 §8.2 |
| Every 3 years | PSM compliance audit — OSHA requires that covered facilities certify compliance with PSM requirements at least every three years | 29 CFR 1910.119(o) |
| As needed | OSHA injury/illness reporting: fatality within 8 hours; in-patient hospitalization, amputation, or eye loss within 24 hours | 29 CFR 1904.39 |
| Within 24 hours | CERCLA release notification to National Response Center (NRC) when a hazardous substance release exceeds the Reportable Quantity (RQ) | CERCLA §103 / 40 CFR §302 |
ISO 45001 internal audit requirement: ISO 45001:2018 Clause 9.2 requires organisations to conduct internal audits of their OH&S management system at planned intervals. The frequency is not specified — it must be appropriate to the organisation's risk profile and previous audit findings. Most organisations audit annually; high-risk facilities audit more frequently. The audit programme must be documented and results reported to top management (Clause 9.2.2).
1. Under OSHA 29 CFR 1904.39, within what timeframe must an employer report a work-related fatality to OSHA?
2. What is the maximum civil penalty for a single OSHA WILFUL violation (2024 figures)?
3. The Supreme Court case Marshall v. Barlow's Inc. (1978) established which important principle for OSHA inspections?
4. Which EPA regulation requires facilities with oil storage above 1,320 gallons aboveground to develop a Spill Prevention, Control, and Countermeasure (SPCC) plan?
5. The OSHA 300A Annual Summary must be posted in the workplace during which period each year?
6. Under ISO 45001:2018 Clause 5.4, what does the standard specifically require regarding workers?
7. Which OSHA standard requires Process Safety Management (PSM) and lists 14 mandatory program elements including Process Hazard Analysis (PHA)?