Open your WHS risk register right now. Search for the word "psychosocial."

If nothing comes back, your register ignores the fastest growing category of workplace harm in Australia. It probably documents slips, trips, falls, manual handling, electrical hazards, and chemical exposure in careful detail. All legitimate hazards. All well understood. But the hazard class driving the highest claim costs, the longest recovery times, and the steepest growth trajectory sits nowhere in your system.

That gap will cost you.

The numbers your risk register cannot see

Safe Work Australia's Key Work Health and Safety Statistics 2025 reports that mental health conditions now account for 12% of all serious workers' compensation claims in Australia. That figure marks a 14.7% increase on the previous year and continues a decade long trend with no sign of reversing. Ten years ago, mental health claims represented just 6.4% of serious claims. Since then, the volume of serious mental health claims has nearly doubled, rising 97.3% between 2012/13 and 2022/23.

The financial picture makes the scale of this problem impossible to dismiss. Safe Work Australia's 2024 data shows the median compensation for a mental health claim in 2021/22 reached $65,400, compared to just $14,400 across all serious claims. Psychological injury claims cost more than four times the median across all injury types. In New South Wales, the picture grows even starker. NSW Treasurer Daniel Mookhey told Parliament in March 2025 that the average cost of a psychological injury claim jumped from $146,000 in 2019/20 to $288,542 in 2024/25. He also noted that psychological claims make up 12% of total claims but consume 38% of total cost.

Recovery times compound every dollar. Workers who lodge mental health claims lose a median of 37 working weeks from their jobs, more than five times the median time lost across all serious claims. These absences stretch across most of a calendar year. They disrupt operations, increase workloads on remaining staff (which itself constitutes a psychosocial hazard under the Code of Practice), and ratchet up insurance premiums year after year.

In total, 146,700 serious workers' compensation claims landed in 2023/24. That works out to more than 400 serious claims every single day across Australia. And the trajectory continues to accelerate. In 2021, the Committee for Economic Development of Australia (CEDA) projected that mental health claims would hit $1 billion annually by 2030. That threshold fell in 2024/25, five years ahead of schedule.

Meanwhile, claims involving 13 weeks or more off work accounted for just 21% of all accepted claims in 2021/22 but consumed three quarters of all compensation payments, totalling $4.4 billion. Mental health claims dominate this long tail category. When a single claim type costs four times more than the median, takes five times longer to resolve, and grows by double digits each year, it deserves a dedicated line in your risk register and a dedicated system to manage it.

Your current WHS system handles physical hazards. It cannot handle this.

Most risk registers in Australian workplaces grew out of physical hazard management. The systems, templates, and workflows behind them reflect decades of practice in identifying and controlling risks like working at heights, manual handling, electrical exposure, and hazardous substances. WHS platforms like SafetyCulture and Donesafe handle these categories well. They offer established assessment methods, proven control hierarchies, and clear audit trail requirements for physical hazards.

Psychosocial hazards demand fundamentally different approaches.

The Safe Work Australia Model Code of Practice: Managing Psychosocial Hazards at Work identifies 17 hazard categories. These include job demands, low job control, poor support, lack of role clarity, poor organisational change management, inadequate reward and recognition, poor organisational justice, traumatic events or materials, remote or isolated work, violence and aggression, bullying, harassment including sexual harassment, conflict or poor workplace relationships, fatigue, poor physical environment, intrusive surveillance, and job insecurity.

These hazards interact and combine in ways physical hazards typically do not. High job demands alone may not create significant risk, but high job demands combined with low job control and poor support create conditions for serious psychological harm. The Code of Practice explicitly recognises this interaction effect and requires PCBUs to consider all psychosocial hazards workers face when managing psychosocial risks.

The identification methods differ too. Nobody can observe a psychosocial hazard the way they observe a frayed electrical cord or an unguarded machine. The Code of Practice requires structured consultation with workers, including surveys, interviews, analysis of incident and complaints data, and examination of work design factors like staffing levels, shift patterns, reporting structures, and performance management practices. Multiple methods of consultation may prove necessary, and the form and methods of consultation must be decided in consultation with workers themselves.

The control frameworks differ as well. Nobody can eliminate a psychosocial hazard with a guard or a barrier. Controls for psychosocial risks involve redesigning work, changing management practices, adjusting workload distribution, improving communication processes, and building organisational capability to spot early warning signs. The NSW WHS Regulation 2025 now explicitly requires the application of the hierarchy of controls to psychosocial risks, starting with higher order controls like flexible working arrangements and work redesign before relying on lower order controls like training or coping strategies.

A general WHS platform built for physical hazard management cannot provide the structured psychosocial risk assessment methodology, the hazard specific control frameworks, or the tailored audit trails and compliance evidence that this obligation demands. These hazards need their own system, built for their own characteristics, with the same rigour your organisation already applies to physical safety.

Every Australian jurisdiction now enforces this obligation

The regulatory landscape has shifted completely. As of 1 December 2025, with Victoria's Occupational Health and Safety (Psychological Health) Regulations 2025 commencing, every Australian jurisdiction now explicitly requires employers to identify, assess, and control psychosocial hazards. The national framework is complete.

This obligation predates the recent reforms. The WHS Act has always defined "health" to include both physical and psychological health, which means the primary duty of care has always applied to psychosocial risks. What the model WHS Regulations now add is explicit specificity. They define "psychosocial hazard" and "psychosocial risk" in regulatory language and require PCBUs to apply a structured risk management process. The accompanying Codes of Practice detail what that process looks like in practice across all 17 hazard categories.

Regulators have moved well beyond education and awareness campaigns. They now enforce.

SafeWork NSW released its Psychological Health and Safety Strategy 2024 to 2026, committing to increased regulatory action against high risk and large businesses and government agencies. Under this strategy, SafeWork inspectors now conduct psychosocial WHS checks when visiting any workplace with 200 or more employees. King & Wood Mallesons noted that businesses should expect additional planned inspector compliance visits and further revisits to non-complying businesses.

The enforcement numbers tell a clear story. In July 2024, a SafeWork NSW compliance blitz produced more than 500 non-compliance notices related to psychosocial hazards across the state. SafeWork NSW now carries six monthly reporting requirements to the Minister on the number and types of psychosocial complaints and notices in both the government and private sectors, which guarantees sustained regulatory focus for the foreseeable future. These reporting requirements also mean psychosocial enforcement data becomes politically visible, making it even less likely that regulatory attention will soften.

Enforcement has already produced real consequences. In October 2023, Court Services Victoria pleaded guilty and received a $379,157 fine for breaching the Occupational Health and Safety Act 2004 between 2015 and 2018. The prosecution centred on the organisation's failure to properly identify and assess risks to the psychological wellbeing of its employees, particularly in the context of what prosecutors described as a toxic culture within the Coroners Court. The case illustrates exactly the kind of gap that an empty psychosocial section in your risk register represents: no systematic identification, no structured assessment, no documented controls.

SafeWork SA now expects employers to demonstrate an active system for psychosocial risk management, not just a policy on paper. And in Victoria, the new regulations commencing December 2025 carry the expectation of more frequent and more severe penalties for failures to manage psychosocial hazards, reflecting a tougher enforcement environment across the board.

What the absence tells a regulator about your organisation

When a SafeWork inspector opens your risk register and finds detailed entries for physical hazards but nothing for psychosocial hazards, the absence itself becomes a finding. It tells the inspector your organisation operates no system to detect psychosocial hazards, no methodology to assess their severity, no documented controls, and no evidence that those controls work. The inspector does not need to find a specific incident of harm. The absence of a system tells the story.

Courts reinforce this position. An approved code of practice provides evidence of what a duty holder should know about a hazard, risk, or control, and courts may rely on the code when determining what counts as reasonably practicable. An inspector can reference the code when issuing an improvement or prohibition notice. If your organisation has not followed the code, you need to demonstrate an equivalent or higher standard. An empty risk register achieves neither.

The governance implications compound this risk. If psychosocial hazards never appear in your risk register, they never appear in your board reporting. If they never appear in your board reporting, your directors and officers cannot demonstrate due diligence on a risk category that regulators now actively enforce. Officers carry a personal, non-delegable duty under WHS law to exercise due diligence. That duty requires officers to acquire and maintain current knowledge of WHS matters, to understand the hazards and risks associated with the business, and to ensure the business has appropriate resources and processes to manage those risks.

For executive leadership teams, the question is direct. Can you see psychosocial risk with the same specificity you see financial risk, cyber risk, or operational risk? If not, you carry a visibility gap in a risk category where claims cost four times the median, recovery takes five times longer, and regulators issue hundreds of non-compliance notices per quarter.

Why engagement surveys and EAPs do not close this gap

Many organisations believe their engagement surveys or Employee Assistance Programs (EAPs) address psychosocial risk. Both serve important purposes, but neither meets the regulatory obligation.

An engagement survey measures how people feel about their work. The regulation requires your organisation to identify what specific hazards exist, assess their severity, implement controls targeted at those hazards, and document that those controls work. A Culture Amp result showing declining engagement in a particular team tells you something needs attention. It does not tell you which of the 17 psychosocial hazard categories your workers face, what risk ratings those hazards carry, what controls you have in place, whether those controls actually reduce harm, or who owns the remediation. A regulator will draw this distinction clearly and quickly.

EAPs support individuals after harm occurs or when they seek help. This matters, but it addresses the downstream effect of an upstream problem. The regulatory obligation focuses on the organisational conditions that create harm in the first place: workload design, role clarity, change management, management capability, reporting structures, and interpersonal conduct standards. An EAP does not constitute a control for a hazard like poor organisational change management or inadequate reward and recognition. Wellbeing and compliance serve different functions under the law.

The gap between what these tools provide and what the regulation requires is where compliance risk concentrates. Organisations that recognise this gap need to do something fundamentally different, not more of the same.

What a purpose built system for psychosocial risk actually looks like

Closing the gap requires infrastructure that covers the full compliance lifecycle: detect, assess, control, manage, and govern.

Detection starts with structured methods to surface psychosocial hazards across the organisation. This means psychosocial risk surveys built around the 17 recognised hazard categories, incident reporting mechanisms that capture psychosocial factors, and ongoing monitoring of indicators like complaints data, absenteeism patterns, and turnover trends. The goal is continuous visibility into emerging hazards before they escalate, not a point in time snapshot that grows stale within weeks.

Assessment requires a standardised methodology for rating the severity of identified hazards, factoring in duration, frequency, and severity of worker exposure. It also requires consideration of how hazards interact and compound with each other. A proper psychosocial risk register records each identified hazard, its risk rating, the workers or groups affected, and the current status from identification through to governance review.

Controls need to target each specific hazard and draw from evidence based frameworks. A compliance mapped control library gives organisations proven interventions to deploy, along with evidence collection mechanisms that document implementation. Each control links directly to the risks it addresses, creating the traceability a regulator expects to see. The hierarchy of controls applies here too: higher order controls like work redesign come before lower order controls like training.

Management means assigning clear ownership and deadlines for every control, then verifying those controls actually work through structured effectiveness reviews. Without this step, controls exist on paper but never change conditions in the workplace. Tasks need tracking, follow through needs documentation, and nothing can fall through the cracks when a regulator asks to see your records.

Governance brings everything together into board ready reporting that demonstrates compliance across all applicable frameworks, whether ISO 45003, the Safe Work Australia Code of Practice, state specific regulations, or Comcare guidance. This layer allows officers to demonstrate due diligence. It gives boards the visibility they need to make informed decisions. And it produces the inspection ready documentation that regulators now routinely request.

ReFresh provides this infrastructure in a single platform, purpose built for the 17 psychosocial hazard categories the Code of Practice identifies. Psychologists and compliance experts built the system specifically for this obligation. It does not adapt a physical safety system or bolt onto an engagement survey tool. For organisations that already run mature WHS systems for physical safety through tools like SafetyCulture or Donesafe, ReFresh works as a complement. Different tool, different job, same rigour.

ReFresh also integrates with existing HRIS, WHS, and people systems where integration adds value, and supports enterprise scale deployments as well as scaleup implementations. The platform carries SOC 2, GDPR, and Australian Privacy Act compliance, with role based access, full audit trails, and data residency options that meet governance requirements for HR teams handling sensitive psychosocial data.

The question your risk register needs to answer

Pull up your risk register. Look at what sits there and what does not. Your physical hazard documentation probably represents years of careful work, real expertise, and genuine commitment to keeping people safe from physical harm.

Now ask whether your organisation applies the same systematic approach to the hazard class that drives the highest claim costs, the longest recovery times, and the most active regulatory enforcement programme in Australian WHS history.

If the answer is no, that gap will not close itself. The regulatory landscape has changed. The enforcement posture has changed. The claims data has changed. Mental health claims hit the $1 billion annual threshold five years ahead of projections. SafeWork inspectors now check for psychosocial compliance at every large workplace they visit. Every jurisdiction in the country now enforces this obligation explicitly.

What needs to change now is your system.

Find your psychosocial compliance gaps in 24 hours.

Disclaimer: This article provides general information about psychosocial hazard management and WHS compliance obligations in Australia. It does not constitute legal, medical, or professional advice. Regulatory requirements vary across jurisdictions and change over time. Organisations should consult qualified WHS professionals and legal advisors to understand the specific obligations that apply to their circumstances. While every effort has been made to ensure the accuracy of the data and regulatory references cited in this article, readers should verify current figures and requirements through the relevant regulatory authorities. ReFresh provides psychosocial risk management software and does not provide legal advice or assurance of regulatory compliance.