PCBU Explained: What Does It Mean For Australian Businesses?

Starting or running a business in Australia comes with real responsibilities, particularly around keeping people safe. One term you’ll see in workplace health and safety (WHS) laws is PCBU - short for “person conducting a business or undertaking.”

If you’re registering your first venture, growing a company, or engaging contractors, it’s important to understand whether you’re a PCBU and what that means in practical terms. In this guide, we break down the definition, who it covers, the duties involved, and the simple steps you can take to comply with confidence.

Our aim is to keep things clear and actionable so you can focus on building your business while meeting your legal obligations.

What Does PCBU Mean In Australia?

PCBU stands for “Person Conducting a Business or Undertaking.” It’s a core concept under Australia’s Work Health and Safety laws (including the Work Health and Safety Act 2011, adopted across most states and territories).

In plain English, a PCBU is anyone - individual or organisation - who runs a business or directs work activities. The definition is intentionally broad so that responsibility follows control of the work, not just a traditional employer-employee relationship.

A few key points to keep in mind:

• “Person” includes companies, incorporated associations, partnerships, government departments and sole traders - not just individuals.
• “Business or undertaking” covers both profit-making and not-for-profit activities, and many organised operations where work is carried out.
• The concept focuses on who influences how work is done. If you control, direct or manage work activities, you’re likely a PCBU.

Let’s make that concrete. If you operate a small company, work as a sole trader under an ABN, manage a charity with paid staff, or run a franchise site, the entity that’s running those activities is typically a PCBU.

Who Counts As a PCBU?

Most Australian businesses and organisations fall within the definition. Common examples include:

• Companies: The company itself is the PCBU. Directors and senior decision-makers are “officers” with a separate duty to exercise due diligence to ensure the PCBU complies with its WHS obligations.
• Sole traders and freelancers: If you operate on your own under an ABN, you personally are the PCBU for that work.
• Partnerships: The partnership is the PCBU for the work it controls.
• Incorporated associations and charities: Where there are paid workers or regular operations, the association is usually a PCBU (even if not for profit).
• Franchisees: A franchise location is typically operated by the franchisee entity, which is a PCBU for that site’s activities.
• Government bodies and schools: Many public entities are PCBUs for the work they manage.

The key exception is a volunteer association with no paid workers. Once an association pays someone to carry out work (even part-time), it will generally be a PCBU.

If you’re weighing up the right legal vehicle for your venture, many founders consider setting up a company for limited liability and growth potential - our Company Set Up information outlines what’s involved.

What Duties Does a PCBU Have Under WHS Laws?

PCBUs hold the primary duty of care under Australia’s WHS laws. This means you must ensure, so far as is reasonably practicable, the health and safety of:

• Workers engaged by you or whose activities you influence or direct (this can include employees, contractors, labour hire workers, apprentices and, in some cases, volunteers), and
• Other persons who may be put at risk from work carried out as part of your business or undertaking (such as customers, clients, site visitors or nearby members of the public).

Importantly, the duty is to protect workers and other persons from risks arising from your work. It is not a duty to ensure the health and safety of other PCBUs themselves. However, as explained below, PCBUs must consult, cooperate and coordinate with other duty holders where duties overlap.

What does this primary duty of care involve in practice?

• Safe work environment and systems: Provide and maintain a work environment without risks to health and safety, including safe systems of work, safe use of plant and structures, and adequate facilities.
• Risk management: Identify hazards, assess risks and eliminate them where reasonably practicable, or minimise them with effective controls if elimination isn’t feasible.
• Information, training and supervision: Ensure workers receive the information, instruction, training and supervision they need to work safely.
• Worker participation and consultation: Consult with workers so they can contribute to WHS decisions (for example, through toolbox talks or safety committees).
• Incident management and reporting: Prepare for incidents, keep records, and notify the regulator of notifiable incidents (such as serious injuries or dangerous occurrences).

The officer due diligence duty means directors and senior leaders should actively make sure the PCBU has appropriate resources, processes and systems to comply - this is more than a “set and forget” obligation. For a broader view of the employer’s obligation to keep people safe, our overview of duty of care for employers is a helpful companion read.

How Do Multiple Duty Holders Work Together?

It’s common for more than one PCBU to be involved in the same work. Think of a construction site with a principal contractor and multiple subcontractors, or a shared office where a building manager, host business and contractor all carry out activities that overlap.

When duties overlap, each PCBU must, so far as is reasonably practicable, do what it can within its control and influence. There’s also a specific duty to consult, cooperate and coordinate activities with each other to manage shared risks effectively.

In practice, that often looks like:

• Sharing relevant safety information with other duty holders (e.g. site rules, hazards, and controls).
• Agreeing on who will manage particular risks to avoid gaps or duplication.
• Holding coordination meetings and recording decisions and responsibilities.
• Ensuring contractor agreements and work orders reflect safety expectations and responsibilities.

If you regularly engage contractors, having a clear Contractors Agreement helps set out safety obligations, induction requirements and reporting lines in plain terms.

Practical Steps To Meet Your PCBU Obligations

The law sets the standard; your systems, documents and culture bring it to life. Here’s a practical roadmap you can apply in almost any industry.

1) Map Your Activities And Risks

Start by listing your core activities (on-site work, deliveries, customer visits, equipment use, after-hours work, etc.). Identify foreseeable hazards and who could be harmed. Keep it simple at first - you can build detail over time.

Document your findings so you have a baseline and can show you’ve considered your risks. Reviewing this periodically (e.g. quarterly or after any incident) helps you stay on top of changes.

2) Choose Controls That Actually Work

Use the hierarchy of control: eliminate hazards where practicable, then substitute, isolate or engineer controls before relying on administrative rules or PPE. The aim is to reduce risk at its source, not just add paperwork.

For example, replacing a hazardous chemical (substitution) or installing guarding on machinery (engineering control) is usually more effective than adding a warning sign alone.

3) Build Safe Systems, Not Just “Rules”

Translate your risk controls into everyday processes: inductions, checklists, permits-to-work, maintenance schedules and escalation procedures. Make sure they’re easy to find, easy to follow, and part of how work is planned and scheduled.

Where you operate as a company with co-founders or investors, establishing clear governance alongside your operational systems can also help decision-making and accountability. A tailored Shareholders Agreement and a fit-for-purpose Company Constitution clarify who is responsible for what at leadership level.

4) Consult And Train Your People

Your workers often have the best insights into risks and workable solutions. Consult them early and often, and use feedback to refine your controls. Provide training relevant to each role and keep a record of who has completed what.

When hiring staff, formalise expectations in a written Employment Contract and ensure you have a clear Workplace Policy or staff handbook that covers safety, incident reporting, bullying and harassment, drugs and alcohol, and related conduct standards.

5) Coordinate With Other Duty Holders

Where you share a site or engage third parties, make consultation part of your process. Agree on responsibilities in writing (for example, within contractor scopes or site rules), and share information about hazards and incidents promptly.

This is where a robust Contractors Agreement pays off - it helps align expectations and creates a clear mechanism to escalate and resolve safety issues quickly.

6) Prepare For Incidents And Keep Good Records

Even with strong controls, incidents can happen. Have a simple incident response procedure, train your team to follow it, and record what occurred, how it was managed, and what you’ll change to prevent recurrence.

If your operations involve collecting personal information about workers or customers (for example, online onboarding forms or a client portal), consider how you handle that data in an emergency or investigation. Many businesses choose to publish a transparent Privacy Policy and implement a Data Breach Response Plan as good practice, even where the Privacy Act may not strictly apply to them (more on this below).

7) Review, Improve And Lead From The Top

Set a regular review cadence for your WHS system. Track actions from incident investigations, safety meetings and audits. Officers should actively verify that the PCBU has adequate resources and processes - and that they are being used.

Do I Need A Privacy Policy As A PCBU?

Not all small businesses are legally required to have a Privacy Policy under the Privacy Act 1988 (Cth). Generally, the Australian Privacy Principles apply to businesses with annual turnover above $3 million, and to some specific small business types (for example, health service providers) regardless of turnover.

That said, many smaller businesses still choose to implement a Privacy Policy because:

• It’s often expected by customers and required by platforms, payment providers or enterprise clients.
• It supports good governance and incident response planning (particularly if you collect personal information online).
• It can be contractually required in B2B relationships.

If you’re unsure whether the Privacy Act applies to you, or you want to adopt best-practice transparency, a tailored Privacy Policy is a practical step that fits neatly alongside your WHS documentation.

When Should I Get Legal Help?

It’s normal to feel unsure about where to start. Consider getting advice when:

• You’re setting up a new entity or changing structure (for example, moving from sole trader to company) - see our Company Set Up services.
• You’re hiring staff and need tailored employment contracts and policies that reflect your industry risks.
• You’re engaging contractors regularly and want to align safety responsibilities in a clear Contractors Agreement.
• You need leadership-level documents such as a Shareholders Agreement to clarify decision-making and risk oversight.
• You collect personal information and want to implement privacy and incident response processes proportionate to your operations.

Key Takeaways

• PCBU means “person conducting a business or undertaking” and captures most Australian businesses and organisations - the focus is on who controls the work, not just who employs staff.
• As a PCBU, you owe a primary duty of care to protect workers and other people from risks arising from your work, so far as is reasonably practicable.
• Where duties overlap, PCBUs must consult, cooperate and coordinate activities with each other; each must still do what is reasonably practicable within their control.
• Compliance is practical: identify hazards, implement effective controls, consult and train workers, keep records, manage incidents and review regularly - with visible leadership from officers.
• Helpful documents include an Employment Contract, Workplace Policy or handbook, a clear Contractors Agreement, and (where appropriate) a Privacy Policy and Data Breach Response Plan.
• If you operate through a company, leadership documents such as a Shareholders Agreement and a tailored Company Constitution support governance and officer due diligence.

If you’d like a consultation about PCBU responsibilities or WHS compliance for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.