How to Prove You Took "Reasonable Steps": Your Vicarious Liability Defence Checklist

Are you familiar with the term “vicarious liability”? If not, here’s the uncomfortable truth: your business can be held legally responsible for sexual harassment or discrimination committed by your employees: even if you had no idea it was happening.

But there’s a defence. Under Australian law, you can avoid vicarious liability if you can prove you took “reasonable steps” to prevent the misconduct. The problem? Most employers have no idea what “reasonable steps” actually looks like in the eyes of a court or the Australian Human Rights Commission (AHRC).

This isn’t just about ticking compliance boxes anymore. With the introduction of the Positive Duty under the Sex Discrimination Act 1984, employers are now legally obligated to proactively prevent sexual harassment and discrimination: not just respond after the fact. So what does this mean for you? It means the bar for “reasonable steps” has been raised, and if you can’t prove you’ve met it, you’re exposed.

Let’s walk through exactly what the AHRC and the courts will check for when they assess whether you’ve done enough.

What Is Vicarious Liability for Sexual Harassment?

Put simply, vicarious liability means your business can be held legally responsible for unlawful conduct committed by your employees in the course of their employment. If an employee sexually harasses or discriminates against a colleague, client, or third party at work, you: the employer: can be sued, even if you didn’t know about it.

This isn’t a new concept. Courts have long held employers accountable for the actions of their staff. But here’s the catch: you have a defence if you can prove you took all reasonable steps to prevent the conduct from occurring.

The key phrase here is “reasonable steps.” That’s the legal threshold. And under the new Positive Duty legislation, the AHRC has made it very clear what they expect.

Business professionals reviewing vicarious liability compliance documents in boardroom meeting

The New Standard: Positive Duty and the 7 AHRC Standards

In December 2023, the Positive Duty came into effect. This means all Australian employers must now take proactive, reasonable, and proportionate measures to eliminate sexual harassment and discrimination in their workplaces.

The AHRC has outlined 7 Standards that businesses must meet. These standards form the foundation of what “reasonable steps” looks like in 2026. If you can’t demonstrate compliance with these standards, you won’t have a viable defence against vicarious liability claims.

Here’s what the AHRC will check for:

  1. Leadership – Senior leaders must actively champion a respectful workplace culture
  2. Culture – Your workplace must have zero tolerance for harassment and discrimination
  3. Knowledge – All employees must understand what conduct is unacceptable
  4. Risk Management – You must identify and address risks specific to your workplace
  5. Support – Victims must have access to safe, confidential reporting channels
  6. Reporting and Response – Complaints must be handled promptly, fairly, and transparently
  7. Monitoring and Evaluation – You must regularly review and improve your systems

If you’re audited by the AHRC and can’t show evidence of these measures, you’ll struggle to claim you took reasonable steps. That means vicarious liability becomes almost certain.

Your Vicarious Liability Defence Checklist: What Courts Actually Look For

So, how do you prove you’ve taken reasonable steps? Let’s break it down into the evidence courts and the AHRC will examine.

1. Written Policies That Are Actually Enforced

You need more than a dusty policy document buried in your intranet. Courts will ask: Do you have clear, accessible policies that explicitly prohibit sexual harassment and discrimination?

Your policy must:

  • Define sexual harassment and discrimination with real-world examples
  • Outline consequences for breaching the policy
  • Explain how employees can report concerns
  • Be communicated to all staff regularly (not just during onboarding)

Key evidence: Policy documents, email trails showing distribution, signed acknowledgments from employees.

Employee completing Respect@Work training online to meet workplace compliance requirements

2. Comprehensive, Documented Training

This is where most employers fail. It’s not enough to say “we do training.” You need to prove it. Courts will examine your training records in detail.

Your Respect@Work training must:

  • Be delivered to all employees, including senior leaders
  • Cover the legal obligations, behavioural standards, and bystander intervention
  • Be refreshed regularly (not just a one-time induction module)
  • Be documented with attendance records, completion certificates, and assessment results

Key evidence: Training logs, completion reports, follow-up training schedules.

This is where Respect@Work training becomes your strongest defence. It shows you’ve educated your workforce about acceptable behaviour, their legal rights, and the consequences of misconduct. Without it, you’re vulnerable.

3. Clear Complaint and Reporting Mechanisms

Employees must know exactly how to report harassment or discrimination. Vague or informal processes won’t satisfy the reasonableness test.

You need:

  • Designated, trained complaint handlers (not just “talk to your manager”)
  • Multiple reporting channels (phone, email, anonymous online form)
  • Clear timelines for acknowledging and investigating complaints
  • Protection from victimisation for anyone who reports

Key evidence: Documented complaint procedures, records of how past complaints were handled, evidence of confidentiality protocols.

Professional documenting reasonable steps in vicarious liability defence checklist

4. Prompt, Fair, and Transparent Complaint Handling

When a complaint is made, how you respond is critical. Courts will assess whether you acted in a “reasonably prompt manner” and whether your investigation was thorough and impartial.

Best practices include:

  • Acknowledging the complaint within 24-48 hours
  • Appointing an independent investigator
  • Supporting both the complainant and respondent during the process
  • Taking appropriate corrective action based on findings
  • Documenting every step of the process

Key evidence: Complaint investigation files, timelines, corrective action records, support provided to all parties.

5. Regular Risk Assessments and System Reviews

The Positive Duty requires you to identify and manage risks specific to your workplace. This means conducting regular risk assessments and updating your systems accordingly.

You should:

  • Conduct annual workplace culture surveys
  • Analyse complaints and incident data for patterns
  • Update policies and training based on emerging risks
  • Adjust controls if your workplace changes (e.g., new site, new industry, restructure)

Key evidence: Risk assessment reports, action plans, evidence of policy updates, meeting minutes showing regular review.

6. Leadership Accountability

This is Standard 1 of the AHRC framework, and it’s non-negotiable. Senior leaders must visibly champion respect and model appropriate behaviour. If your leadership team isn’t engaged, the rest of your efforts will be questioned.

Evidence of leadership includes:

  • Directors and executives completing the same training as staff
  • Regular leadership communication about workplace culture
  • Consequences applied to senior staff who breach policies
  • Board-level reporting on compliance

Key evidence: Leadership training records, internal communications, board reports.

You can read more about this in our article on Positive Duty Leadership.

Why Respect@Work Training Is Your Best Defence

Here’s the reality: if you’re audited or sued, the first thing the AHRC or a court will ask for is your training records. If you can’t produce them, or if they show incomplete or inconsistent training, you’ve lost your “reasonable steps” defence before you’ve even started.

Respect@Work training is your documented proof that you’ve:

  • Educated your workforce about unacceptable conduct
  • Created awareness of reporting channels
  • Empowered bystanders to intervene
  • Set clear behavioural expectations

It’s also one of the most cost-effective and scalable ways to meet the AHRC’s Knowledge Standard (Standard 3). Without training, you can’t claim your employees “should have known better.”

HR manager conducting confidential workplace harassment complaint discussion with employee

Small Business vs Large Enterprise: Does “Reasonable” Change?

Yes. Courts recognise that what’s reasonable for a multinational corporation isn’t the same as what’s reasonable for a small business with 10 employees.

For small employers:

  • Informal complaint mechanisms may be acceptable (as long as they’re clear)
  • Training can be delivered in shorter, more flexible formats
  • Policies can be simpler, but they still need to exist

For large employers:

  • Formal HR complaint systems are expected
  • Comprehensive training programs are mandatory
  • Policies must be detailed, with multiple reporting pathways

The key is proportionality. You must do what’s reasonable for your size, industry, and risk profile.

What Happens If You Can’t Prove Reasonable Steps?

If you’re found vicariously liable for an employee’s sexual harassment or discrimination, the consequences include:

  • Financial penalties: Courts can award substantial damages to victims
  • AHRC enforcement action: The AHRC can issue compliance notices, require you to take specific actions, and publicly name your business
  • Reputational damage: Public court cases and media coverage can destroy trust with clients, customers, and talent
  • Increased insurance premiums: Your professional indemnity and public liability insurers will take notice

More importantly, you’ll be exposed to ongoing liability until you can prove you’ve fixed the problem. This means more complaints, more claims, and more damage.

Your Action Plan: Building Your Vicarious Liability Defence Today

If you want to protect your business from vicarious liability, here’s what you need to do right now:

  1. Audit your current systems against the 7 AHRC Standards
  2. Implement or update your Respect@Work training for all staff: and document everything
  3. Review and strengthen your complaint procedures so employees know how to report
  4. Conduct a workplace risk assessment to identify industry-specific or role-specific risks
  5. Engage your leadership team and ensure they’re visibly supporting your compliance efforts
  6. Keep records of everything: policies, training, complaints, reviews, and improvements

The courts and the AHRC will judge you on the evidence. If you can’t produce it, you can’t prove you took reasonable steps.

Need help building your vicarious liability defence? Our Respect@Work training courses are designed specifically to meet the AHRC’s Positive Duty standards: and they give you the documented evidence you need to protect your business.