Building a Safety Culture Means Going Beyond Compliance

Shifting federal policies, evolving state laws and expanding international requirements, all unfolding among other constraints, are creating uncertainty around the future of workplace safety regulation. Changing levels of enforcement of existing regulations, as well as proposals for new legislation, are creating additional uncertainty for organizations to navigate. In July 2025 alone, OSHA issued more than two dozen proposed rules along with one final rule-taking action, underscoring both the pace of regulatory activity and the challenge organizations face in keeping up with rapid operational, technological and workforce change.

The year ahead is poised to bring further shifts on the health and safety front. Some states are starting to decline adjusting informal citations, instead forcing every citation to be contested in court. At the same time, in federal OSHA states, legislatures are enacting regulations through various state agencies and expecting them to be enforced at the state level.

For global organizations, compliance has evolved from a clearly defined set of standards into an ever-expanding web of additional corporate policies overlapping with federal, state and international frameworks. This increasing “defensive posture” directly impacts workforce availability, productivity, vendor relationships and even the ability to operate or expand in certain markets. This begs the question: Is more policy and regulation actually what’s needed? As we evaluate what’s moving the needle in safety performance, we’re seeing how closely related downstream safety outcomes are to upstream business strategy that decisively leverages improving systems capability, prevention and mitigation as an intentional method of leadership.  

This sobering reality reveals the need for baseline fundamentals, which regulations establish and support, while realizing their limitations in terms of the performance and outcomes business leaders and industry expect.

Leveling up our perspective on regulations

There’s a noticeable movement by business leaders to recognize the difference between managing risk only to the level of compliance versus viewing compliance as a foundation to launch performance improvement. 

Before understanding basic elements of a safety management system, it’s important to recognize safety leadership. Anyone who is in a position to advocate for, improve and advance the creation of safety on the behalf of another person is a safety leader. This is an important aspect for business leaders to embrace, as it elevates their views and value from a reactive, compliance-based level of maturity toward one that is proactive. 

This is where we see leading organizations make a noticeable shift from, “What are the workers doing to avoid a regulatory violation or safety incident?” to “What are we doing together to ensure success?” Think of a football coach talking to the kicker moments before a potential game winning field goal. Should the leader in that moment say, “Don’t screw this up for me” or “I believe in you. This is what we’ve worked on together. You can make this happen.” Safety leadership matters greatly, and as Thomas Krause and Kristen Bell notes in their book, “7 Insights into Safety Leadership,” safety leadership sets improvement in motion across the entire organization. 

Ultimately, organizations are realizing the best line of defense is to strengthen their posture of offense when it comes to identifying, prioritizing and reducing serious incident and fatality (SIF) risk and realizing the methodology and system implementation for success in these areas requires a maturing culture that goes beyond compliance.

A safety program beyond reactive compliance

Because regulations often lag behind the realities of the current workplace, one of the best ways to stay ahead is to build a safety program that extends beyond current policy requirements. Rather than reacting to rules as they’re issued, organizations should build a robust safety program that anticipates and manages risk as it evolves.

One of the practical starting points I’ve found helpful for leaders is to begin incorporating three simple but core questions that get to the heart of what they really need to know.

First, is work happening the way we think it is?

This question helps uncover gaps between planned procedures and on-the-ground conditions, challenging assumptions. It also helps encourage deeper engagement with frontline teams and fosters more accurate situational awareness. It zeroes in on the current challenge: the assumption that because you have a written program and are compliant with regulations, work is happening as stipulated per corporate or regulatory policy. You must ask this question and be prepared to engage in basic discovery.

Second, what tells us that risk is at an acceptable level?

The absence of incidents alone is no longer a reliable indicator of safety. Following up on question No. 1, safety leaders must intentionally set out to discover when and where work goes from normal to abnormal, while recognizing that when this change occurs the presence of SIF risk multiplies. Leader-and-worker engagement through a dedicated SIF risk assessment process drives prevention, alongside tuning the organization to know what they really want to know: Where does work exceed our risk tolerance through unacceptable risk?

Third, how are we improving?

Safety leadership drives an intentional commitment to improvement and supports the application of lessons learned from leader-worker engagement and ongoing discovery. Safety improvements alongside adjacent business benefits surface new opportunities and strengthen momentum. Organizations must be able to answer the question, “Are we good or are we lucky?” Knowing where unacceptable risk surfaces — per question No. 2 — enables leaders to better answer this, while directly addressing the myth that a low incident frequency rate equates to acceptable levels of risk. This must be based on an intentional system of monitoring and assessing risk.

Together, the answers to these three questions point to a structured, repeatable approach to safety management that emphasizes planning, action, reflection and improvement.

Compliance

Measles Is on the Rise. Have You Reviewed Your Vaccine Policies Since Covid?

by Shardé Skahan, Dawn Solowey, Mackenzie Mullin and Melissa Ortega

March 23, 2026

14 new outbreaks reported so far in 2026

Read moreDetails

Plan-do-check-act (PDCA)

It’s been said that without planning, nothing happens on purpose. Not risk assessment. Not worker feedback. Not contractor evaluation and follow up. And certainly not organizational learning. The PDCA system is a model of continual improvement, serving as a bridge from basic due diligence and regulatory compliance to a systematic approach for organizational engagement. The PDCA is also strongly referenced in regions like the UK and Australia. It helps teams establish a simple method (plan) to move from required, basic regulatory initiatives into a proactive practice for monitoring and observing risk (do), verifying its effectiveness (check) and learning from the process and incorporating improvement (act). The process is cyclical and repeatable on a macro and micro scale, across organizations and within specific sites, teams and activities.  

Applying the PDCA framework is especially important in today’s modern workforce, where labor strategy increasingly depends on third parties, such as contractors, subcontractors and temporary workers. Across multiple management systems, the PDCA process integrates a complex environment into a dynamic focus on safety. In the face of regulatory uncertainty, this model is a proven and important step toward elevating expectations, improving performance, ensuring an organization is ready to work and creating resilience for safety programs.

Resilience beyond the checklist

I think of what it would be like to compete in a Formula 1 (F1) race against modern F1 cars and technology, but I’m strapped into a racecar from 1971. I simply wouldn’t be able to compete, and, in fact, could endanger those around me as I would lack modern safety features and controls. Yet, this is exactly how so many organizations are operating — locked into a compliance-based mindset and approach from the 1970s. I should point out, however, the enormous positive impact these regulations have had over the past more than 50 years. That said, we’ve reached an observable limit to what compliance can achieve. Regulatory compliance must now serve as the launch pad toward system management. 

Anyone who can advocate for, improve and advance the creation of safety on the behalf of another person is a safety leader. That’s all of us: procurement, risk management, human resources, operations, finance, engineering, IT and product development. It doesn’t require a title. It simply demands a commitment to drive meaningful change and safety for the benefit of those closest to the risk: the workers.

Safety leadership drives the difference for organizations, even within an uncertain regulatory environment. Leading with intention, committing to continuous improvement and building systems that monitor and assess risk beyond compliance serve as the pathway to resilience.