Four years after the release of ISO 31030: Travel Risk Management, the landscape of corporate travel has changed dramatically. Geopolitical instability, a younger mobile workforce, and shifting expectations around duty of care mean organisations must take a far more mature and structured approach to managing travel risk.
In a recent GSA Global and Healix webinar, legal specialists from the UK and France joined senior travel-risk practitioners to explore the evolving legal implications of business travel and what organisations need to know now. Here are the key insights.
Travel Risk Has Changed and So Have Travellers
Jacob Painter of Healix opened with a simple truth: the world looks very different to how it did three or four years ago. Organisations aren’t just evaluating the security environment of destinations anymore they are increasingly considering the personal comfort, capabilities and well-being of their travellers, especially younger staff embarking on business travel for the first time.
Dr. Brian Moore of GSA Global noted a parallel trend: the rise of the “work from anywhere” mindset. Employees now expect flexibility to perform their role globally, and many do so without fully understanding the risks. This creates challenges for employers, from cyber-security alerts triggered by overseas logins to unclear internal accountability when staff relocate themselves abroad.
Against this backdrop, recent incidents show just how costly travel-related failures can be. Nick Hawkins shared examples including a £800,000 settlement for a traveller with Crohn’s disease who wasn’t medically supported, a fatal helicopter crash involving a senior executive that led to litigation and media scrutiny, and a kidnap incident that resulted in PTSD and internal organisational fallout. These cases highlight that travel risk failings affect people first but organisations carry the legal, financial and reputational burden.
Duty of Care: The Legal Reality
UK Perspective
According to Zoe Betts of Pinsent Masons, employers have both a moral and legal duty to safeguard staff and this duty cannot be delegated, even when using specialist travel risk providers. Courts and regulators assess “reasonable care” partly by referencing recognised standards such as ISO 31030.
Where things go wrong, consequences can include civil compensation claims, criminal investigations, substantial fines based on turnover, higher insurance premiums, reputational damage, and potential loss of tenders or investors. As Zoe put it: “If you think compliance is expensive, try having an accident.”
French Perspective
The French approach, explained by lawyers Philippe Rossignol and Frédéric Bellanca, is even stricter in several respects. Employers must guarantee employee safety, including overseas, and “inexcusable fault” can be found even where failings are minor. Importantly:
- French courts can prosecute incidents anywhere in the world if the victim is French.
- Both the company and individual directors can be criminally liable.
- Penalties include large financial damages and up to five years’ imprisonment.
Recent French case law has even upheld the dismissal of an employee who chose to work remotely from Canada without employer approval, a sign of how seriously jurisdictions are treating overseas working risks.
ISO 31030: A Benchmark That’s Becoming a Legal Touchstone
It became evident that, despite being a guidance standard, the courts increasingly are looking at recognised professional standards or industry standards and that’s where the relevance of ISO 31030 comes in. Adoption strengthens an organisation’s defensibility by demonstrating systematic risk assessment, proportionate mitigation measures and structured planning.
The panellists noted that ISO is now exploring a formal evolution of ISO 31030 into a certifiable standard, similar to ISO 9001 or ISO 27001. If this happens, organisations will face greater expectations, external validation and clearer minimum requirements. For those with mature programs, it could become a commercial differentiator enabling safe entry into higher-risk markets that competitors avoid.
Bleisure, Remote Working and Where Duty of Care Ends
One area generating increasing confusion is the blending of business and leisure travel. While attractive for employee well-being, “bleisure” trips create grey areas around liability. Zoe emphasised the need for clear employment contracts and explicit policies outlining:
- When employees may extend trips
- What the organisation will and won’t cover
- Where its duty of care ends
- Insurance limitations for high-risk leisure activities
Brian added that during leisure time, employees effectively become tourists, a demographic statistically more prone to drownings, road accidents and violent crime. Employers cannot control personal choices, but they can set expectations and boundaries through policy, communication and reasonable instructions.
The French perspective reinforced that unclear remote working arrangements can be legally dangerous. Employers are still responsible for safety, even when the employee is abroad, and courts increasingly expect organisations to maintain visibility and authorisation over where staff are working.
Mental Health and New Dimensions of Risk
Looking ahead, mental health is becoming a central pillar of travel risk. Jacob reported a sharp increase in mental health incidents linked to business travel, especially post-COVID. Travellers with pre-existing conditions, or those sent to culturally or psychologically challenging environments, may face heightened vulnerability.
Zoe also highlighted a major shift in UK law: employers now have a proactive duty to prevent sexual harassment, which extends to travel-related contexts such as conferences, events, late-night engagements and situations involving junior staff travelling alone. Organisations must show they anticipated risks and implemented preventive actions, not merely responded after the fact.
What the Next Four Years Will Bring
The panel agreed on several likely developments between now and 2030:
- ISO 31030 is likely to become certifiable.
- Insurers will more aggressively scrutinise preventable travel-related losses.
- A recognised professional body for travel risk practitioners may emerge.
- AI will increasingly shape real-time risk intelligence and decision-making.
- Mental health and psychological safety will take centre stage.
- Governments (especially France) will continue tightening expectations as the social cost of workplace injury rises.
Four years on from ISO 31030, one thing is clear: organisations that take travel risk seriously will be better protected legally, financially and reputationally and better positioned to compete globally. Those who delay will find themselves increasingly exposed as courts, regulators, insurers and travellers themselves demand higher standards of duty of care.
GSA Global will continue supporting organisations on this journey through TRM maturity assessments, legal whitepapers, advisory services and its quarterly TRM Meetings.
