Grey fleet risk assessment: UK compliance checklist for employers

Did you know that nearly 85% of UK employees use their own cars for work-related travel? Known as a "grey fleet," these personal vehicles account for around 40% of all vehicles on UK roads – and yet many organisations are unaware of the hidden risks they pose (data source).

Under UK law, employers have a duty of care to manage the risks associated with grey fleets and are responsible for the legal, financial, and safety implications of employees using personal vehicles for work-related driving.

Ignoring this responsibility can expose your organisation to serious compliance breaches, safety incidents, and reputational damage.

In this article, we’ll break down why grey fleet risk management matters, how to assess and mitigate associated risks, and provide a practical grey fleet risk assessment checklist you can use to ensure your organisation is protected and compliant.

👉 Go to the risk assessment checklist

Employers have a legal duty of care with grey fleets

More than 60% of UK employers do not perform vehicle checks on grey fleet vehicles. However, you have the same legal duty of care for these vehicles as you do for company-owned or leased ones. This duty covers several areas set out by various laws.

Under the Health and Safety at Work Act 1974 and Health and Safety at Work Regulations 1999, you are responsible for ensuring the health, safety, and well-being of employees at the workplace, including any vehicle used for work-related driving. You are also required to assess any risks to employees' health and safety while performing their work duties, including while driving a vehicle for business purposes.

Under the Road Traffic Act 1988 and Corporate Manslaughter and Corporate Homicide Act 2007, organisations and employers can be liable for road traffic offences, injuries, or death if gross negligence or gross breach of duty of care is proven.

But don’t let these laws worry you. In a few steps, you can set up a risk assessment process for your grey fleet that protects both you and your employees.

Mileage tracking made easy

Trusted by millions of drivers

Automate your mileage log Automate your mileage log

Claim your deductions

Reclaim your time

Automatic mileage tracking and HMRC-compliant reporting.

Get started for free Get started for free

Grey fleet legal requirements

There are three main risk areas to account for when conducting a grey fleet risk assessment.

These are driver risks (like licence validity, health, fatigue, and driving behaviour), vehicle risks (such as insurance, MOT, maintenance, age, and condition), and journey risks (including mileage and travel times).

You should conduct a grey fleet risk assessment at least once per year, but consider doing so more frequently for high-risk drivers or vehicles.

Driver risk assessment

Ensure your grey fleet drivers do not pose risks by checking that:

• They have a valid licence for the relevant vehicle category
• Are medically fit to drive
• They adhere to road traffic laws, obey speed limits, wear seatbelts, and do not use hand-held devices while driving
• They are not fatigued or overworked before a work-related journey

Vehicle risk assessment

To avoid compliance and safety issues with employees’ personal vehicles, check the following:

• The vehicles are roadworthy, with a valid MOT, and paid tax
• The vehicles are regularly serviced and safe to drive
• Make sure car insurance covers both personal and business driving. If business use is not included, employees are uninsured during work trips

Journey risk assessment

You must assess the potential journey risks for your employees, including:

• The length and time of the journey
• External conditions, such as weather and roadworks
• Employee fatigue and time pressures

These factors can put your employees at risk. Always check if they are fit to make the journey and if the trip is truly needed.

Administrative responsibilities

You are responsible for assessing, documenting, and regularly reviewing the risks associated with your grey fleet.

If you have more than five employees in your organisation, Health and Safety Executive (HSE) regulations require you to have a written policy statement on health and safety, including while driving, and documented evidence of the risk assessments you carry out.

Finally, if you reimburse employees for business miles, you are responsible for ensuring compliance with HMRC’s rules on Approved Mileage Allowance Payments (AMAPs), reporting any excess, and maintaining adequate recordkeeping. 

Read more about reimbursing business mileage and adequate management and recordkeeping for your grey fleet.

Download a step-by-step risk assessment checklist

We've created a step-by-step grey fleet risk assessment checklist to help you fulfil your health and safety and duty-of-care responsibilities.

Use the checklist as a standardised method for easily assessing driver eligibility, maintaining vehicle standards, and ensuring continuous compliance with the grey fleet legal requirements. 

Get the checklist as an editable Google Doc or PDF below.

Grey fleet legal requirements for employees

While you retain a duty of care, employees carry significant responsibilities for their driving condition, and the legality, safety, and maintenance of their vehicles. These include ensuring that:

• They hold a valid driving licence appropriate for the category of vehicle they are driving
• They are medically fit to drive, and avoid driving if too tired or unwell
• Their grey fleet car insurance covers business use, so they are insured for work-related journeys.
• Their vehicles are taxed and have a valid MOT certificate
• Their vehicles are roadworthy, safe and regularly serviced

Employees also have a duty to disclose any changes to their driving status and vehicle condition, and to report incidents that occur while driving for business purposes.

Keep in mind that while you and your employees have a shared responsibility for the legality, roadworthiness, and compliance of the grey fleet, this does not reduce your liability.

Consequences of inadequate risk assessment

Grey fleet risk assessments might feel like extra admin, but it’s important to do them regularly and keep good records. Poor or infrequent assessments can lead to several problems.

Regulatory and legal consequences, and civil liability

If you don’t regularly do risk assessments and keep records, your organisation could face enforcement action, prosecution, and large fines if something happens during work driving. You might also face civil claims from employees or others in the event of an incident.

Insurance and financial risk

If grey fleet vehicles don’t have the right business-use insurance or employees lack valid documents, your organisation could face delayed or denied claims, uninsured losses, compensation claims, and high legal costs.

You may also incur additional costs, such as sick pay, hiring temporary staff, and management time spent on investigations.

Reputational damage

Serious grey fleet incidents can damage client and stakeholder confidence in your organisation, attract unwanted media attention, and scrutiny from insurers and regulators.

Mileage fraud risks

Without a mileage tracking solution that lets you easily verify and approve mileage claims, your employees may exaggerate their work-related grey fleet mileage, resulting in non-compliance with HMRC regulations and financial losses for your organisation.

Managing risks associated with your grey fleet

You should manage employee-owned vehicles just as carefully as you do company cars. This means doing thorough vehicle and driver checks, automating processes where possible, and properly documenting grey fleet mileage reimbursements.

Establish clear policies

Your grey fleet policy should establish compliance requirements for both drivers and vehicles, specify the frequency of checks, and outline the consequences for non-compliance.

For drivers

Collect copies of your employees’ licences and review their vehicle insurance policies to ensure they include business use. Require proof of MOT and paid road tax, and evidence that your employees service their vehicles regularly.

For vehicles

Consider setting minimum vehicle standards, such as age, Euro NCAP rating, and CO2 emissions. Ensure vehicles have working safety features, such as seatbelts, airbags, and fire extinguishers.

Carry out risk assessments regularly

Annual or random checks aren’t enough to keep your operations safe and legal. Easily ensure grey fleet compliance by setting up regular risk assessments to keep checking licences, insurance, and vehicle condition. 

Automate risk assessment processes

Use digital tools to make admin easier. Automating risk assessments helps you collect data faster, spot risks sooner, and keep better records. This will also help you prepare for audits.

Improve mileage reimbursement management

Use company-wide mileage tracking software to record and reimburse actual miles driven, instead of relying on employee estimates.

With an automatic tracker for companies like Driversnote Teams, employees will accurately track grey fleet mileage, and you’ll have accurate logs in one place, reducing errors and paperwork.

Organise training programs

Offer regular driving safety training for your employees and keep them informed about any updates to your grey fleet policy.

Grey fleet risk assessment is about more than ticking boxes. It’s about safeguarding your team, complying with the law, and protecting your organisation from avoidable risk.

By implementing a robust risk assessment strategy and using the right tools, you’ll create a safer, more efficient, and more compliant grey fleet.

FAQ