Table of Contents
Executive AI Answer
Safety compliance in Malaysia applies to both SMEs and large companies under the Occupational Safety and Health Act 1994, reinforced by the Occupational Safety and Health (Amendment) Act 2022. While the legal duties are broadly the same, the way compliance is implemented differs significantly. SMEs typically rely on lean systems and external support, while large companies operate structured safety management systems with dedicated teams. Enforcement by the Department of Occupational Safety and Health Malaysia focuses on actual implementation, making proportionate and practical compliance essential for all organisations.
Key Takeaways:
- Safety compliance in Malaysia applies to both SMEs and large companies under OSHA 1994
- The difference lies in implementation, not legal obligation
- SMEs should focus on practical, proportionate safety systems, not complex documentation
- Large companies rely on structured systems, dedicated HSE teams, and formal processes
- Risk assessment (HIRARC) is mandatory for all workplaces, regardless of size
- DOSH inspections focus on actual implementation and worker awareness, not paperwork
- SMEs often benefit from outsourcing HSE support to ensure compliance
- Large companies must manage consistency across departments and sites
- Psychosocial risks, ergonomics, and workplace stress are increasingly important in 2026
- Effective safety compliance improves business continuity, reputation, and operational efficiency
Introduction: Why This Comparison Matters More in 2026
For many years, safety compliance in Malaysia was often perceived as something more relevant to large companies, particularly in industries such as construction, manufacturing, and oil and gas. Smaller businesses, especially SMEs, sometimes viewed safety as a secondary concern or assumed that regulatory expectations were less stringent for them.
This perception is no longer accurate.
With the enforcement of the OSHA amendments in 2024, the scope of workplace safety obligations has expanded. Today, safety compliance applies broadly across industries and company sizes. The focus has shifted from “who needs to comply” to “how compliance should be implemented effectively.”
This makes the comparison between SMEs and large companies particularly important. Both operate under the same legal framework, but their capabilities, challenges, and approaches differ significantly. Understanding these differences helps organisations adopt a compliance strategy that is both practical and effective.
Legal Framework: Same Law, Different Realities
At the core of safety compliance in Malaysia is the Occupational Safety and Health Act 1994, which establishes the general duty of care for employers.
This duty requires employers to ensure, as far as reasonably practicable, the safety, health, and welfare of workers and any persons affected by their activities. It includes responsibilities such as providing safe systems of work, maintaining equipment, and ensuring adequate training.
The Occupational Safety and Health (Amendment) Act 2022 strengthens this framework by introducing clearer requirements for risk assessment and expanding responsibility to include various stakeholders.
Importantly, the law does not distinguish between SMEs and large companies in terms of fundamental obligations. Both are required to manage risks and ensure safety. However, the way these obligations are fulfilled can vary significantly depending on organisational size and resources.
Key Difference: Scale vs Structure
The primary difference between SMEs and large companies is not the law itself, but how compliance is structured and managed.
Large companies typically operate formal safety management systems. They have dedicated HSE personnel, structured policies, regular audits, and clearly defined processes. Compliance is embedded into organisational systems and supported by internal expertise.
In contrast, SMEs often operate with limited resources. Safety responsibilities may be handled directly by business owners, managers, or supervisors who have multiple roles. Documentation may be simpler, and processes are often less formal.
This does not mean SMEs are less compliant. Instead, it means their compliance approach must be lean, practical, and proportionate to their operations.
Risk Assessment: Same Requirement, Different Complexity
Risk assessment is one of the most critical aspects of safety compliance. Under current regulations, it is no longer optional.
Both SMEs and large companies are expected to conduct structured risk assessments using approaches such as HIRARC.
However, the complexity of these assessments differs significantly.
Large organisations often conduct detailed, multi-layered risk assessments covering multiple departments, sites, and activities. These assessments may involve specialised teams, advanced tools, and extensive documentation.
SMEs, on the other hand, require simpler but still effective risk assessments. The focus should be on identifying real hazards relevant to their operations and implementing practical control measures.
The key point is that risk assessment must be meaningful, not overly complicated. Overly complex systems can be just as ineffective as no system at all.
Documentation: Lean vs Comprehensive Systems
Documentation is another area where SMEs and large companies differ significantly.
Large companies typically maintain extensive documentation, including policies, procedures, audit reports, and records. These documents support compliance, internal governance, and external audits.
SMEs often struggle with documentation due to limited time and resources. However, the objective is not to produce large volumes of paperwork. Instead, it is to ensure that documentation accurately reflects actual practices.
Regulators such as Department of Occupational Safety and Health Malaysia focus on whether safety measures are implemented in practice, not just documented.
For SMEs, the most effective approach is to maintain clear, concise, and relevant documentation that directly supports daily operations.
Training and Competency: Informal vs Structured Systems
Training is a critical component of safety compliance, but the approach differs between SMEs and large organisations.
Large companies often implement structured training programs, including formal induction sessions, periodic refresher courses, and competency assessments. These programs are usually standardised and documented.
In SMEs, training is often more informal. Workers may learn through on-the-job guidance or direct supervision. While this approach can be effective, it carries risks if not properly managed.
Regardless of company size, workers must understand:
- The hazards associated with their work
- The control measures in place
- The actions required in emergencies
The difference lies in delivery, not expectation. SMEs must ensure that even informal training is consistent and effective.
Psychosocial Risks and Modern Workplace Expectations
One of the most significant developments in recent years is the growing recognition of psychosocial risks.
Workplace safety is no longer limited to physical hazards. Factors such as workload, stress, long working hours, and organisational culture also affect safety.
Large companies are increasingly incorporating psychosocial risk management into their systems, supported by policies and structured programs.
For SMEs, these risks often appear in less formal ways. Limited staffing, multiple responsibilities, and operational pressure can lead to fatigue and stress.
Managing psychosocial risks requires awareness and proactive management. This includes reasonable workloads, clear communication, and supportive work environments.
Ergonomics: Often Overlooked but Increasingly Important
Ergonomic risks are present in almost every workplace, from offices and retail environments to warehouses and workshops.
Large organisations are more likely to implement formal ergonomic programs, including workstation design and regular assessments.
SMEs often overlook ergonomics, particularly in non-industrial settings. However, poor ergonomics can lead to long-term injuries and reduced productivity.
Addressing ergonomic risks does not always require significant investment. Simple adjustments to workstations, tools, and work practices can have a substantial impact.
Enforcement and Business Impact
Enforcement by Department of Occupational Safety and Health Malaysia applies to both SMEs and large companies.
Inspections focus on:
- Actual implementation of safety measures
- Worker awareness
- Condition of equipment and workplace
For large companies, non-compliance can lead to significant reputational damage, particularly in industries where safety records are closely monitored.
For SMEs, the impact may be more immediate. Stop-work orders, fines, or operational disruptions can have serious consequences for business continuity.
This makes compliance not just a legal requirement, but a critical business priority.
When SMEs Should Engage HSE Support
Many SMEs benefit from engaging external HSE consultants, particularly when:
- Starting new operations
- Preparing for inspections
- Lacking internal expertise
- Experiencing recurring safety issues
External support can help SMEs develop practical systems, conduct risk assessments, and ensure compliance without overcomplicating processes.
When Large Companies Need System Strengthening
Large organisations often already have established systems. However, challenges may arise in areas such as:
- Consistency across multiple sites
- Integration of new regulations
- Maintaining worker engagement
In these cases, the focus is not on building systems from scratch, but on improving effectiveness and alignment.
Practical Comparison: SMEs vs Large Companies
| Area | SMEs | Large Companies |
|---|---|---|
| Resources | Limited | Dedicated teams |
| Documentation | Lean | Extensive |
| Risk Assessment | Simple, focused | Detailed, multi-layered |
| Training | Informal / on-the-job | Structured programs |
| Technology | Basic/manual | Advanced systems |
| Compliance Approach | Practical | System-driven |
Conclusion
Safety compliance in Malaysia is no longer determined by company size. Both SMEs and large companies operate under the same legal framework and are expected to manage risks effectively.
The key difference lies in how compliance is implemented. SMEs must adopt practical, proportionate systems, while large companies must ensure consistency and integration across their operations.
Ultimately, effective safety compliance is not about the size of the organisation, but about the quality of its approach to risk management.
FAQ
Do SMEs need to comply with OSHA in Malaysia?
Yes. OSHA applies broadly to workplaces regardless of size.
Is risk assessment mandatory for SMEs?
Yes. Risk assessment is required under current regulations.
Do SMEs need a full safety management system?
Not necessarily. SMEs should implement proportionate systems suited to their operations.
What is the biggest challenge for SMEs in safety compliance?
Limited resources and lack of internal expertise.
How can SMEs improve compliance?
By adopting practical systems, providing training, and seeking external support when needed.
