Workplace Risk Assessment Template Germany: What §5 ArbSchG Actually Requires
A workplace risk assessment template that works in Germany must satisfy §5 of the Occupational Safety and Health Act, the relevant Berufsgenossenschaft, and the labour inspectorate of the Bundesland. This article explains the legal minimum and how to keep the template auditable across sites.
Section 5 of the German Occupational Safety and Health Act (Arbeitsschutzgesetz, ArbSchG) requires every employer in Germany to assess the hazards at work and to document the assessment, the measures taken, and the verification of effectiveness. The obligation has existed since 1996, but enforcement intensified after the 2013 amendment extended the explicit duty to mental workload (psychische Belastungen). Foreign-headquartered employers running German subsidiaries frequently underestimate the depth of this duty. A template downloaded from a corporate intranet, written in English, and structured around an Anglo-Saxon risk matrix, will rarely satisfy a German labour inspector, a Berufsgenossenschaft auditor, or a works council.
This article addresses HR leaders, occupational safety specialists, legal counsel, and managing directors of German operations of international groups. You will learn what §5 ArbSchG actually demands, how the Betriebssicherheitsverordnung, Gefahrstoffverordnung, and Biostoffverordnung interact with it, what documentation a Berufsgenossenschaft expects, how mental workload assessment must be integrated, and how the CIVAC compliance platform and Officer-as-a-Service approach the risk assessment as a living document. The objective is not a template that you fill in once, but a living artefact that the labour inspectorate and the Berufsgenossenschaft accept without follow-up questions.
Auf einen Blick
- §5 ArbSchG requires a documented, regularly updated risk assessment for every workplace and every group of activities, including mental workload since the 2013 amendment.
- A risk assessment template alone is not compliance. Berufsgenossenschaften and the Gewerbeaufsicht assess whether the template is filled, reviewed, and effective in practice.
- The Fachkraft für Arbeitssicherheit and the Betriebsarzt are statutory partners under §§5–6 ASiG, their involvement must be documented for every assessment.
Legal foundation: §§5 and 6 ArbSchG and the Arbeitssicherheitsgesetz
The Occupational Safety and Health Act (ArbSchG) is the framework law transposing the European Framework Directive 89/391/EEC into German law. §5 ArbSchG places the duty to assess hazards on the employer, regardless of company size. §6 ArbSchG adds the duty to document the assessment, the measures, and the verification. The documentation must be available to the labour inspectorate (Gewerbeaufsicht) and to the responsible Berufsgenossenschaft on request, typically within a few working days. Smaller companies with fewer than ten employees enjoy reduced documentation obligations under §6 Abs. 1 Satz 2 ArbSchG but are not exempt from the assessment itself.
The Occupational Safety Specialists Act (Arbeitssicherheitsgesetz, ASiG) requires the employer to appoint a Fachkraft für Arbeitssicherheit (occupational safety specialist) and a Betriebsarzt (occupational physician). The minimum hours of involvement are set by accident prevention regulation DGUV Vorschrift 2 and depend on company size and risk class. The specialists support the risk assessment but do not replace the employer's responsibility. The signature on the risk assessment remains with the employer or a duly delegated person, typically the managing director of the German entity.
For groups operating across borders, the personal liability of the managing director under §130 Ordnungswidrigkeitengesetz (OWiG) is the practical reason to take the assessment seriously. A documented breach of supervisory duties can result in fines and, in serious cases, criminal liability. The CIVAC compliance platform and Officer-as-a-Service therefore treat the risk assessment as a board-level artefact, not as an HR formality. The platform keeps the appointment letter for the Fachkraft für Arbeitssicherheit, the involvement records, the assessment versions, and the management review in a single auditable record.
Structure of an audit-ready risk assessment under German law
A risk assessment template that holds up in Germany follows seven steps, codified by the Joint German Occupational Safety and Health Strategy (GDA) and reflected in the BAuA leaflet on §5 ArbSchG. Step one is to define the work area and the activities. Step two is to identify hazards across mechanical, electrical, thermal, chemical, biological, ergonomic, psychological, and organisational categories. Step three is to assess the risk by likelihood and severity. Step four is to define protective measures following the STOP principle (Substitution, Technical, Organisational, Personal protective equipment).
Step five is to implement the measures with named responsibilities and deadlines. Step six is to verify effectiveness, in writing, after an appropriate period. Step seven is to update the assessment when activities, equipment, or hazards change. Each step generates documentation. The template must accommodate all seven, with timestamps and named contributors. A template that stops at step four is incomplete and will not survive an inspection.
Mental workload (psychische Belastungen) requires its own methodology, which the BAuA describes in the toolbox "Psychische Belastung am Arbeitsplatz". A simple checklist for monotony, time pressure, role conflict, and emotional demand does not replace a structured analysis, but it is a defensible starting point for small operations. The Berufsgenossenschaften publish sector-specific tools, for example the VBG's INQA-Check and the BGW's Gefährdungsbeurteilung psychischer Belastung. A template that ignores mental workload is non-compliant since the 2013 amendment, regardless of how thorough the physical risk assessment is. The CIVAC workspace includes a structured mental workload module that draws on these tools and avoids the common mistake of reducing the topic to an annual employee survey.
Sector-specific Berufsgenossenschaft requirements
Germany has nine sector Berufsgenossenschaften, each with its own accident prevention regulations (DGUV Vorschriften) and binding rules (DGUV Regeln). The applicable BG depends on the activity, not on the registered head office. A logistics arm of a financial services group, for example, falls under the BG Verkehr, not under the VBG. The risk assessment template must reflect the BG-specific requirements, in particular the relevant DGUV Vorschriften and the technical rules (TRBS, TRGS, TRBA) that translate the statutory hazard categories into operational specifications.
A template that simply repeats §5 ArbSchG and then lists generic hazards will not satisfy a BG audit. The auditor expects the template to reference the specific DGUV Vorschrift, for example DGUV Vorschrift 1 (general prevention regulation) and DGUV Vorschrift 2 (appointment of safety specialists and physicians). Sector-specific examples include DGUV Vorschrift 38 for construction, DGUV Vorschrift 70 for vehicles, and BGV C22 for ports. The CIVAC platform maintains a sector-aware mapping that pre-populates the relevant DGUV references based on the activity selected, reducing the risk of incomplete references.
Foreign groups frequently miss the role of the Sicherheitsbeauftragter, an honorary safety representative appointed under §22 SGB VII and required in companies with more than 20 employees by DGUV Vorschrift 1 §20. The Sicherheitsbeauftragter is not the Fachkraft für Arbeitssicherheit. The roles are distinct and both must be filled. A template that lacks a field for the Sicherheitsbeauftragter signals to an auditor that the employer is unfamiliar with the German safety architecture. The platform tracks both roles, with appointment letters, training records, and review cycles, and produces consolidated reports for the managing director and the Berufsgenossenschaft.
Documentation duties under §6 ArbSchG
§6 ArbSchG requires the employer to keep documentation that an authorised inspector can review on site. The documentation must contain the assessment, the measures, the verification, and the persons responsible. The form is at the employer's discretion, but the labour inspectorate prefers structured digital documents that can be filtered by activity, date, and responsible person. A binder full of unsorted PDFs is technically compliant but practically problematic, because the inspector will not wait while an HR clerk searches for the relevant page.
The retention period for risk assessment documentation is not explicitly defined in the ArbSchG. The general civil retention period of three years (§195 BGB) is the minimum. In practice, ten years is the safer threshold, because liability for occupational diseases and chronic exposures can extend that far. For biological agents under the Biostoffverordnung, §13 BioStoffV requires documentation for at least ten years, in some cases forty years. A template that does not accommodate long retention is incompatible with German practice.
The CIVAC workspace stores risk assessment documentation in the EU data residency tier with full versioning, time-stamped contributor entries, and an immutable audit log. The labour inspectorate or the Berufsgenossenschaft can be given read-only, time-limited access for an audit, which automatically revokes after the configured period. The audit log captures who saw what, when, and why, fulfilling the documentation duty under §6 ArbSchG and supporting the employer in a potential dispute about whether a risk had been known and assessed at a given point in time. Verifying effectiveness through follow-up assessments is therefore not an optional courtesy but an integral part of the legal record.
Mental workload (Psychische Belastung) since the 2013 amendment
The 2013 amendment to the ArbSchG made explicit what was already implicit since the European Framework Directive: mental workload is part of the hazard assessment. The BAuA and the GDA have published joint guidance defining the relevant categories: work content, work organisation, social environment, work environment, and new forms of work (such as remote and platform work). Each category must be screened for hazards. A bare anonymous employee survey is not sufficient, the assessment must be tied to specific work areas and activities.
Common mistakes include outsourcing the mental workload assessment entirely to an external psychologist without integration into the operational safety system, or running a single survey every few years without measures and verification. Both approaches fail the §5 ArbSchG test. A defensible assessment integrates physical and psychological hazards in a single template, with measures, responsibilities, deadlines, and effectiveness verification. The Betriebsarzt is typically involved, drawing on §3 ASiG, but the responsibility remains with the employer.
The CIVAC workspace integrates the mental workload assessment as a separate but linked module. The same activity is assessed for physical and psychological hazards. Measures from both perspectives are tracked together. The Betriebsarzt and the Fachkraft für Arbeitssicherheit collaborate within the platform under their respective statutory roles. The works council (Betriebsrat) under §87 BetrVG has a co-determination right on the design of the assessment process and on protective measures, which the platform supports through configurable approval workflows. A template that ignores the works council guarantees friction. A template that integrates the works council from the start avoids it. The dual model applies here too: license the workspace for your internal safety team, or have our officers appointed for your German operations.
Integration with chemical, biological, and equipment-specific regulations
The risk assessment under §5 ArbSchG is the umbrella. Below it sit several specific regulations that require their own assessments and documentation. The Gefahrstoffverordnung (GefStoffV) requires a chemical risk assessment under §6 GefStoffV, supported by the Technical Rules for Hazardous Substances (TRGS), most prominently TRGS 400 (general hazard assessment methodology) and TRGS 510 (storage of hazardous substances). The Biostoffverordnung (BioStoffV) imposes a similar duty for biological agents under §4 BioStoffV with the Technical Rules for Biological Agents (TRBA).
The Betriebssicherheitsverordnung (BetrSichV) governs work equipment. §3 BetrSichV requires an assessment for each item of work equipment before first use and at appropriate intervals thereafter. The Technical Rules for Operational Safety (TRBS), in particular TRBS 1111, give the methodology. A template that consolidates §5 ArbSchG, §6 GefStoffV, §4 BioStoffV, and §3 BetrSichV into one structure reduces redundancy. A template that separates these into four parallel processes wastes time and creates inconsistency.
The platform approach is to share the activity definition and the risk matrix across all four regulatory tracks, while keeping the regulation-specific fields. A chemical agent appears in both the §5 ArbSchG umbrella assessment and the §6 GefStoffV detailed chemical assessment. A change to the chemical inventory propagates automatically. The Gefahrstoffbeauftragter and the Fachkraft für Arbeitssicherheit see consistent data. The Bestellurkunde for the safety roles is kept in the same archive, signed, dated, retrievable. When the labour inspector arrives, the assessment, the appointment letters, the training records, and the technical rules references are in one place.
Update triggers and review cycles
A risk assessment is not a static document. §3 Abs. 1 ArbSchG demands that the employer continuously check and improve the protective measures. In practice, three triggers force a review: changes to activities or equipment, accidents or near-misses, and new findings about hazards. A reasonable baseline review cycle is annual, with a deeper review every three years and immediate updates for change events. Some sectors, in particular construction and chemical industry, require shorter cycles. The DGUV regulations applicable to the sector set the minimum.
Without a review process embedded in the template, the assessment becomes historical fiction. The labour inspector knows this and will check the date of the last update. A template that shows updates only every five years signals a paper exercise. A template with rolling updates and effectiveness verifications signals operational discipline. The platform model adds an automatic recurrence schedule per assessment, with notifications to the responsible person and escalation to the managing director if a review is missed. This is the same logic that the CIVAC compliance platform applies to other officer roles, such as data protection or information security: a missed review is a measurable event, not a forgotten task.
Near-misses are particularly valuable input. A formal procedure for capturing near-misses, even without injury, generates the data needed for proactive improvement. The Berufsgenossenschaften strongly encourage such capture and publish guidance for sector-specific forms. Integrating near-miss capture into the risk assessment platform closes the feedback loop between the operational reality and the documented assessment. The auditor sees that the assessment lives, not that it sleeps in a folder. The phrase to remember: "the inspector calls, the evidence is ready."
Foreign-headquartered groups: what is different in Germany
Foreign groups frequently apply a global health and safety policy and assume that a German subsidiary can adopt it with minor adaptations. Three structural differences usually require more than minor adaptation. First, the works council under the Betriebsverfassungsgesetz has a strong co-determination right on health and safety matters, including the design of risk assessment processes. A global policy that bypasses the works council is challenged immediately.
Second, the Berufsgenossenschaft system is unique. It combines insurance and prevention regulation in a single statutory body, with binding rules that go beyond the umbrella law. Foreign groups familiar with private insurance markets miss this. The risk assessment must reflect the relevant BG's expectations. Third, the appointment of Fachkraft für Arbeitssicherheit and Betriebsarzt under the ASiG is mandatory and the minimum hours are set by DGUV Vorschrift 2. There is no equivalent in many other jurisdictions, and outsourcing models that worked elsewhere may not satisfy the German requirements.
The CIVAC compliance platform and Officer-as-a-Service is designed for this scenario. License the workspace for your internal safety team, with all 490 audit templates, the German technical rules pre-mapped, the works council workflows configured, and the assessment cycles automated. Or have our officers appointed, with a Bestellurkunde signed in German, a service level of two business days for ad-hoc requests, and a quarterly report to the managing director. Both models share the same EU data residency, ISO/IEC 27001:2022 certification, and bilingual user interface. The dual model lets you adopt the platform for sites where you have internal capacity, and the officer service for sites where you do not, without changing the underlying data.
From reading to a German risk assessment that survives audit
A workplace risk assessment template for Germany is not a deliverable, it is a process. The legal requirements are well-defined, the technical rules are publicly available, and the sector-specific Berufsgenossenschaften publish their expectations openly. The challenge is integration: assembling the §5 ArbSchG umbrella with the chemical, biological, equipment-specific, and mental workload assessments into a coherent record that the labour inspector and the BG auditor accept without rework.
CIVAC is a compliance platform and Officer-as-a-Service. License the workspace for your internal Fachkraft für Arbeitssicherheit, Betriebsarzt, and Sicherheitsbeauftragter, with appointment letters, training records, assessment cycles, and management reporting in one place. Or have our officers appointed where you do not have internal capacity, with the same templates and the same reporting. Both models share the EU data residency, the ISO/IEC 27001:2022 certification, and the two business day service level. The 490 audit templates cover §5 ArbSchG, the GefStoffV, the BioStoffV, the BetrSichV, and the mental workload assessment, with sector-specific DGUV references pre-populated.
Aus dem Lesen einen Auftrag machen, to use the German phrase: turn reading into a mandate. Write to info@civac.de or use the contact form on civac.de. In an initial conversation we clarify the current state of your risk assessment documentation, identify the two or three most critical gaps, and decide together whether the workspace combines with your internal safety team or whether CIVAC appoints external officers. The first audit-ready version of your risk assessment is typically available within two business days of operational data being shared, instead of the usual two to six weeks of internal scramble before an unannounced visit by the Gewerbeaufsicht.
FAQ
Is a risk assessment template downloaded from a corporate intranet sufficient for German compliance?
Rarely. A global template typically lacks references to the Berufsgenossenschaft-specific DGUV Vorschriften, omits the appointment of Sicherheitsbeauftragter, and does not include the mental workload assessment in the structured form required since the 2013 ArbSchG amendment. It is a starting point, not a compliant template, and labour inspectors recognise the difference quickly. Localisation is the typical missing step.
How often must a risk assessment be updated under German law?
§3 ArbSchG requires continuous improvement, without a fixed interval. In practice, an annual review and a deeper update every three years are the baseline. Immediate updates are required for changes in activities, equipment, or hazards, and after accidents or near-misses. Construction, chemical, and biological sectors typically require shorter cycles set by the relevant DGUV regulation.
Do small companies with under ten employees need a documented risk assessment?
Yes, the duty under §5 ArbSchG applies to every employer. §6 Abs. 1 Satz 2 ArbSchG reduces the documentation requirements for very small employers, but the assessment itself remains mandatory. The Berufsgenossenschaften provide simplified templates for small operations. The exemption does not extend to the appointment of Fachkraft für Arbeitssicherheit or Betriebsarzt under the ASiG.
Must the risk assessment template be in German?
The labour inspectorate accepts bilingual or English documentation in practice, but the Berufsgenossenschaft and the works council typically request German. A bilingual template is the safer choice. The CIVAC workspace supports German and English in parallel for every field, which avoids the translation gap that often appears when a global template is forced into a German audit.
Who signs the risk assessment in a German subsidiary of a foreign group?
The managing director (Geschäftsführer) of the German entity signs, unless the duty is formally delegated to another person with sufficient authority and resources. The Fachkraft für Arbeitssicherheit and the Betriebsarzt advise but do not sign. The signature carries personal liability under §130 OWiG for supervisory failures, which is why the appointment letter must be carefully drafted.
Can CIVAC appoint external safety officers for German operations?
Yes. CIVAC offers Officer-as-a-Service for the Fachkraft für Arbeitssicherheit and supports the appointment of the Betriebsarzt through partner physicians. The external officer fulfils ASiG duties, attends works council meetings as required, and reports to the managing director under a two business day service level. Alternatively, license the workspace and keep the role internal.
Turn this into a mandate.
Let us carry the operational weight. External officer, templates and documentation in one workspace. No obligation.