Due diligence is one of the most important — yet frequently misunderstood — concepts in UK food safety law. It is not merely a buzzword; it is a statutory defence that can mean the difference between a prosecution succeeding or failing. If your food business faces enforcement action, being able to demonstrate due diligence may be your only line of defence. This guide explains exactly what due diligence means, how the law defines it, and what you need to have in place to prove it.
Section 21: The Due Diligence Defence
The Food Safety Act 1990, Section 21, provides a defence for food businesses charged with offences under the Act. It states that it shall be a defence for the person charged to prove that they took all reasonable precautions and exercised all due diligence to avoid the commission of the offence. This defence has two distinct limbs, and both must be satisfied for the defence to succeed.
The Two Limbs of Due Diligence
Limb 1: All Reasonable Precautions
This limb requires you to demonstrate that you have set up proper systems and procedures to prevent food safety offences. It is about the design of your food safety management system. Evidence includes a documented HACCP plan, written cleaning schedules, supplier approval procedures, allergen management systems, temperature monitoring protocols, and pest control contracts. The key word is "reasonable" — the law does not expect perfection, but it does expect that you have thought about the risks and put proportionate controls in place.
Limb 2: All Due Diligence
This limb goes beyond having systems on paper — it requires you to prove that those systems were actually followed in practice. Having a beautiful HACCP document that sits in a drawer is not due diligence. This is where your records become critical. Completed temperature logs, cleaning records, training certificates, supplier audit reports, corrective action records, and delivery check documentation all serve as evidence that your systems were actively maintained and followed.
Building Your Due Diligence System
A robust due diligence system rests on four pillars:
- HACCP — a documented, hazard-based food safety management system that identifies risks and sets critical controls. Download our HACCP template for restaurants to get started
- Supplier management — approved supplier lists, specifications on file, delivery temperature checks, and traceability records
- Training — documented evidence that all staff have received appropriate food safety training. Use our training record template to maintain proper records
- Monitoring and verification — regular checks that your systems are working, including temperature monitoring, cleaning verification, internal audits, and management reviews
Common Failures That Undermine Due Diligence
Even businesses that believe they are compliant often fall short when scrutinised. The most common failures include:
- Gaps in records — missing temperature logs for certain days or times suggest the system is not being followed consistently
- Identical entries — if every fridge reads exactly 3 degrees Celsius every day, EHOs will suspect the records are being fabricated
- No corrective action records — if something went wrong and there is no record of what you did about it, the system appears ineffective
- Outdated HACCP plans — a plan that references old menus or former premises undermines your entire due diligence argument
- Missing training records — if you cannot prove a team member was trained, in the eyes of the law they were not trained
A Real-World Scenario
Consider a restaurant where a customer suffers a severe allergic reaction after being served a dish containing undeclared peanuts. The local authority investigates and decides to prosecute. In court, the restaurant argues the Section 21 due diligence defence. To succeed, they must show they had a documented allergen management system (reasonable precautions) and that it was being followed at the time of the incident (due diligence). If they can produce an up-to-date allergen matrix, evidence that the dish was supposed to be peanut-free, training records showing staff were trained on allergens, and a record of the investigation into what went wrong, they have a credible defence. If any of these elements are missing, the defence collapses.
Getting Expert Help
Building a due diligence system that will withstand legal scrutiny requires expertise and attention to detail. Our food safety consulting service can help you design, implement, and maintain a system that meets the requirements of Section 21. We work with businesses across the UK to ensure their food safety documentation is comprehensive, current, and capable of protecting them if the worst happens.
Frequently Asked Questions
Is due diligence the same as having a HACCP plan?
Not quite. A HACCP plan is a critical component of due diligence, but due diligence is broader. It encompasses your entire food safety management system, including training, supplier management, monitoring, and record-keeping. A HACCP plan that is not actively followed does not constitute due diligence.
How long should I keep food safety records?
There is no single legal requirement for retention periods, but best practice is to keep food safety records for a minimum of two years. For traceability records, the requirement is to retain them for the shelf life of the product plus six months. Given that prosecutions can take time to bring, retaining records for three to five years provides the most robust protection.
Can a small business claim due diligence?
Yes. The due diligence defence is available to businesses of all sizes. The standard of "reasonable precautions" is judged relative to the size and nature of your operation. A small cafe is not expected to have the same systems as a large food manufacturer, but it is expected to have proportionate controls in place and evidence that they are followed.
Written by Carren Amoli, BSc (Hons), RSPH Registered
