Australian HR has always operated in a tangle of awards, legislation and shifting regulatory expectations. But 2026 is different. Several changes are landing at once, each reinforcing the others, each raising the stakes if you get caught on the back foot.
Together, they demand something most Australian businesses haven't built yet: a compliance infrastructure that's proactive, documented and continuously reviewed.
This guide breaks down the 10 HR compliance risks Australian employers need to take seriously in 2026 ⬇️
From 1 July 2026, the way employers pay superannuation changes fundamentally. Under the Treasury Laws Amendment (Payday Superannuation) Act 2025, super guarantee (SG) contributions must be paid at the same time as wages – not quarterly.
Contributions must reach the employee's super fund within seven business days of each payday (20 business days for a new employee's first contribution).
SG is now calculated as 12% of "qualifying earnings" (QE) – a new term that replaces ordinary time earnings and includes salary sacrifice amounts. The ATO's Small Business Superannuation Clearing House closes permanently on 1 July 2026, so every employer using it needs to migrate to an alternative clearing house before that date.
The Super Guarantee Charge (SGC) now applies per payday, not quarterly. Penalties range from 25% to 50% of the unpaid amount, with a maximum of 200% of the SGC – and critically, the SGC is not tax-deductible. The ATO has released Practical Compliance Guideline PCG 2026/1 outlining a first-year compliance approach with low, medium and high-risk zones. They'll be matching Single Touch Payroll data with fund reporting in real time, which means late payments will be visible almost immediately.
Treasury has acknowledged that many SMEs historically used quarterly super as a cash-flow buffer. That buffer is gone. More than one in five SMEs could struggle with the cash-flow impact, and Treasury itself has warned the regime may trigger a wave of insolvencies among businesses that relied on the "super float."
Hospitality, retail and construction businesses with irregular cash flow and large casual workforces. Directors relying on Safe Harbour protections should note that non-compliance with Payday Super may disqualify them.
Since 1 January 2025, intentional wage underpayment has been a criminal offence under the Fair Work Act 2009. 2026 is the first full calendar year of active enforcement, and the Fair Work Ombudsman (FWO) is investigating.
The penalties are severe. Companies face fines of the greater of three times the underpayment or $8.25 million. Individuals (including directors and senior managers) face up to 10 years' imprisonment and/or fines of up to $1.65 million. Civil penalties for non-small business employers have also increased, reaching up to $495,000 per contravention or $4.95 million for serious contraventions.
The offence catches intentional underpayment of wages, super contributions, redundancy pay, leave payments, overtime, penalty rates, allowances and leave loading.
The Voluntary Small Business Wage Compliance Code provides employers with fewer than 15 employees a pathway to avoid criminal prosecution, provided they demonstrate genuine compliance efforts. Employers of any size can enter into cooperation agreements by self-reporting.
According to HiBob research published in February 2026, only 10% of Australian organisations have completed a formal psychosocial risk assessment. Yet psychosocial risk management is now a legal compliance requirement – not a wellbeing programme – across nearly every state and territory.
The defined hazards employers must manage include bullying, harassment, excessive workload, lack of autonomy, poor workplace relationships, job insecurity, exposure to traumatic events, fatigue, intrusive surveillance and remote work isolation.
The same HiBob research found that 57% of HR professionals report having no energy left for their own wellbeing after supporting others, and 61% feel they're expected to solve every internal problem. The people responsible for psychosocial compliance are themselves the most at risk of psychosocial harm.
Healthcare and emergency services face heightened obligations around traumatic exposure. Construction and mining industries must address fatigue management. Professional services and tech companies need to scrutinise workload intensity and always-on culture, particularly in the context of right-to-disconnect obligations.
The right to disconnect now applies to every employer in Australia, including small businesses with fewer than 15 employees (from 26 August 2025). It's a protected right under the Fair Work Act and has been embedded in all modern awards.
Employees can refuse to monitor, read or respond to work-related contact outside their working hours, unless the refusal is unreasonable. This covers contact from employers and third parties (clients, suppliers, customers) across all channels: calls, emails, texts, social media and messaging apps.
Employers face fines of up to approximately $93,000. The Fair Work Commission must handle applications within 14 days and can issue stop orders. Adverse action protections apply, meaning a reverse onus of proof sits with the employer and damages are uncapped. There's no reported case law yet as of early 2026, which makes this an area of significant legal ambiguity.
If out-of-hours contact constitutes directed or required overtime, it could trigger additional payment obligations under the applicable award — which loops right back into the wage theft provisions discussed above.
Businesses operating across Australian time zones (particularly WA and eastern states during daylight savings) face genuine operational complications. Emergency services, healthcare and on-call roles need particularly clear policies distinguishing reasonable from unreasonable contact.
Australia is, remarkably, the first country in the world to mandate gender equality target-setting for large employers. From 1 April 2026 (private sector) and 1 September 2026 (public sector), employers with 500 or more employees must select, report on and work towards specific targets through the Workplace Gender Equality Agency (WGEA).
Employers must choose three targets from a menu of 9 numeric and 10 action-oriented options – at least one must be numeric (such as achieving a specific percentage of female representation or reducing the pay gap to a defined figure). These operate on three-year cycles, and progress will be published publicly on the WGEA website.
Employers who fail to set targets without a reasonable excuse may be publicly named by WGEA. Non-compliance also renders an employer ineligible to tender for Australian Government contracts – a material commercial consequence for many large organisations.
Approximately 2,000 employers covering 3.9 million employees are affected. WGEA data indicates that 56% of covered companies have already set some form of gender equality targets.
Every Australian employer (regardless of size or industry) now has a positive duty under the Sex Discrimination Act 1984 to take proactive steps to eliminate workplace sexual harassment, sex-based harassment, sex discrimination, hostile work environments and related victimisation. This isn't new legislation (it commenced in December 2022), but the enforcement powers are. The Australian Human Rights Commission (AHRC) can now commence inquiries into suspected non-compliance without the employer's consent.
Sexual harassment is now simultaneously treated as a psychosocial hazard under WHS laws, meaning employers could face parallel scrutiny from the AHRC and state/territory WHS regulators. In Queensland, employers must have a written sexual harassment prevention plan.
The AHRC expects organisations to meet seven compliance standards: leadership and culture; knowledge; risk management; support; reporting and response; data collection and analysis; and monitoring, evaluation and transparency. This is not a "set and forget" exercise — annual review is expected.
The Closing Loopholes amendments introduced the "whole of relationship" test for worker classification, effective from 26 August 2024. Courts now look at how the contract is actually performed in practice, not just what the paperwork says.
This matters enormously in 2026 because the consequences of getting classification wrong are compounding. If a worker classified as a contractor is actually an employee, you're now liable for back payments of all entitlements (leave, super, penalty rates), and from 1 July 2026, superannuation liabilities carry the amplified penalties of the Payday Super regime. If misclassification is deemed intentional, it could constitute sham contracting (which is illegal) or even wage theft under the criminal provisions.
The NES now provides an "employee choice pathway" allowing casuals to request permanent employment after six months (for employers with 15+ employees) or 12 months (smaller employers).
The construction, transport and IT sectors have historically high rates of contractor engagement and are particularly exposed. Retail and hospitality face risks around casual classification, where workers with regular patterns may no longer meet the legal definition of "casual."
This is the compliance risk that's moving fastest and where most employers are least prepared. Several regulatory threads are converging.
From 10 December 2026, businesses must legally disclose which decisions they make through automated means and what personal information feeds into those decisions. For HR teams using AI in recruitment screening, performance evaluation or workforce analytics, this is a direct obligation.
The employee records exemption under the Privacy Act is being narrowed through recent OAIC determinations, which have applied a strict interpretation limiting the exemption to actions with a precise connection to the employment relationship. The OAIC has launched its first-ever compliance sweep of businesses' privacy policies in early 2026, and enforcement powers now include fines of up to $50 million for significant breaches.
Australia's National AI Plan (December 2025) confirmed the government will manage AI through existing legislation rather than a standalone AI Act. However, a parliamentary inquiry has recommended classifying all AI systems used for employment purposes – recruitment, hiring, promotion, remuneration, termination – as "high-risk." A bill addressing digital work systems in the workplace is anticipated during 2026.
Facial recognition technology has already attracted penalties (the Bunnings and Kmart cases involved OAIC determinations regarding in-store facial recognition).
Australia's modern award system is one of the most complex industrial frameworks in the world, with over 120 modern awards covering different industries and occupations, each with distinct pay rates, allowances, overtime provisions, penalty rates and classification structures. Misinterpreting which award applies, or applying the wrong classification within the right award, remains one of the most common sources of underpayment – and underpayment now carries criminal penalties.
Record-keeping amplifies the risk. The Fair Work Act requires employers to maintain employee records for seven years. If you can't produce records during a dispute, the burden of proof shifts to the employer. Record-keeping failures can also contribute to a finding of "serious contravention" under wage theft laws.
With Payday Super adding per-pay-cycle superannuation records, psychosocial risk assessments requiring documentation, and gender equality data requiring annual tracking, the documentation burden in 2026 is heavier than it's ever been.
From 1 July 2026, eligible parents can access up to 26 weeks of government-funded Paid Parental Leave (up from 24 weeks in 2025–26). Four weeks are reserved for each parent on a "use it or lose it" basis. The government also pays 12% superannuation on PPL (from July 2025).
Alongside this, the first comprehensive review of the National Employment Standards (NES) since the Fair Work Act commenced in 2009 is underway. It could result in changes to leave entitlements, maximum hours, redundancy rules and flexible working arrangements. Potential changes include the removal of the small-business redundancy exemption and adjustments for job losses caused by technological change.
For small businesses where a single absence represents 10% or more of the workforce, 26 weeks of parental leave presents a genuine resourcing challenge. Many small employers still don't have formal parental leave policies. The Fair Work Commission has found that failing to consult with an employee on parental leave during restructuring can constitute unfair dismissal.
Use this checklist to assess where your organisation stands across each risk area. Score each item as compliant, in progress or not started.
There's a tempting narrative that compliance is about avoiding penalties. And yes, the penalty regime in 2026 is more punitive than it's ever been: criminal prosecution for wage theft, escalating SGC penalties under Payday Super, AHRC inquiries without consent, OAIC fines reaching $50 million.
But the cost of getting compliance wrong is measured in the trust of the people who work for you. Every one of these 10 risks – from psychosocial safety to the right to disconnect, from award interpretation to gender equality targets – exists because Australian law has decided that the way people are treated at work matters enough to enforce.
The compliance infrastructure you build now isn't just protection. It's the foundation of the employer you actually want to be.
Looking for more practical HR guidance?
Visit the Subscribe-HR blog for expert insights on workplace compliance, talent management strategies, and evidence-based approaches to building high-performing, inclusive teams across Australia and New Zealand. 🙌