Business Travel Duty of Care: A Guide for HR Teams

Business travel duty of care is the legal and moral obligation of an employer to protect employees from foreseeable harm while they travel for work. It covers physical safety, mental health, security, and medical support from departure to return. Most HR teams understand that the obligation exists, but many still struggle to put it into practice when an incident unfolds.

HR teams need clear processes and reliable data to carry out the obligation, which begins with traveler visibility. Pre-trip controls and clear emergency response processes build on that visibility, making the duty of care easier to act on.

What Business Duty of Care Means and Why HR Owns It

Duty of care requires employers to take reasonable steps to protect employees from foreseeable risks during work-related travel. When an employee boards a flight, checks into a hotel, or takes a rideshare, the workplace becomes mobile. The employer’s obligations move with it.

When the workplace moves, HR teams carry primary accountability and coordinate with security, legal, medical, and procurement. The obligation rests on legal frameworks and requires a clear cross-functional operating model.

The Legal Foundation

For many organizations, duty of care is shaped by U.S., UK, and global frameworks:

• OSHA General Duty Clause (U.S.): Requires employers to keep the workplace free from recognized hazards likely to cause death or serious harm. That obligation may extend beyond a fixed office when employees are traveling for work.
• Health and Safety at Work Act 1974 (UK): Requires employers to take reasonable steps to help protect employee health and safety during domestic and international work-related travel.
• ISO 31030 (Global): Provides guidance for organizations building travel risk management programs.

Together, these frameworks create overlapping obligations that apply whether or not an organization has formally adopted any one of them.

Where HR Fits in the Cross-Functional Model

HR’s role extends beyond writing the policy. When an urgent situation develops, the team needs to know who’s traveling, where they are, and how to reach them.

Of course, knowing where travelers are is only useful if HR can act on that information. HR teams need both the authority to restrict travel to high-risk destinations and access to systems that track travelers in real time. With both in place, the obligation can move from policy language to direct response.

Why Traveler Visibility Supports Duty of Care Programs

HR teams need current itinerary data before they can locate, assess risk for, and contact employees during an incident. That visibility depends on whether employees are booked through a managed channel.

Findings from The State of Corporate Travel and Expense 2026, a report from Skift and Navan, show the gap clearly: 80% of the travel and finance managers surveyed were confident in data access, but only 40% had real-time visibility. Two factors drive that gap: how employees book and why they avoid approved booking flows.

Managed Bookings Keep Traveler Data Connected

Every off-platform travel booking removes a traveler from the organization's central itinerary system. Without that data, HR teams cannot quickly locate the employee or coordinate support during a disruption. The consequences compound during incidents such as flight cancellations or weather events, when HR teams have no record of whether the employee is in the affected region.

Disruptions occur often enough to shape how travelers book, yet off-platform bookings through consumer sites and direct supplier websites remain widespread. When those realities overlap, HR teams can spend hours contacting managers and reviewing expense reports to confirm who is where. Even organizations with written policies prohibiting non-platform bookings often struggle to enforce them, because enforcement typically happens after the trip through expense audits.

Why Travelers Book Outside Managed Channels

Low compliance is often evidence of policy and system design problems. When policies are difficult to follow, or the booking experience feels harder than consumer tools, employees are more likely to step outside the managed channel.

This issue, however, can be a useful diagnostic. If compliance rates are low, ask: “What about the policy design makes compliance difficult?” Making the managed channel the easier path can help strengthen duty of care coverage. A Forrester Consulting Total Economic Impact study commissioned by Navan and based on a composite organization found that Navan customers cut booking time from 15 to 20 minutes down to about five. Faster booking gives employees less reason to leave the company platform. Broader inventory — through GDSs, NDC connections, and OTA partnerships — also helps keep travelers on the approved path. With visibility in place, HR can build the operational components that act on it.

Core Components of a Duty of Care Program

A mature travel risk management program must do three things for every traveling employee:

• Locate them wherever they are
• Assess risks affecting them using current intelligence
• Contact them through two-way communication

Without all three, an organization understands its responsibilities but lacks the ability to act on them. These capabilities form the operational backbone connecting booking behavior, pre-trip planning, and crisis response.

1. Pre-Trip Risk Assessment

Assess risk before departure, when the team has time to review the trip and adjust plans. An organization’s program should account for the destination, the planned work, and the employee’s specific needs.

Pre-trip controls can support this assessment within the booking workflow. Systems that route reservations through approval levels based on destination risk and policy rules help reduce the chance that an employee departs for a high-risk location without review. The strongest tools tie destination risk alerts and documentation checks into the booking flow, so the assessment happens before confirmation, not after.

2. Real-Time Traveler Tracking

Tracking employees during a disruption requires two things: centralized booking, so the system has itinerary data; and real-time visibility, so teams can act on current information.

Modern travel platforms can collapse those two requirements into a single view. Navan, for instance, offers a live map showing all traveling employees in real time. That kind of visibility matters, because the Skift and Navan report found that 49% of business travelers surveyed cite disruptions as a top concern. When HR can see who may be affected, the response can be faster and more targeted.

3. Crisis Communication and Emergency Response

Effective crisis response depends on two-way communication, where organizations send and receive information. One-way alerts leave gaps during fast-moving events.

Dashboards that surface live disruption data help close that gap. Navan’s travel impact dashboard, as one example, surfaces strikes, weather, and other disruptions with affected traveler counts. Push notifications can alert travelers when situations develop, so HR has time to respond before a disruption escalates. Navan’s 24/7 in-house agents use the TravelXen platform, which helps provide full traveler context for faster resolution.

How Travel Policy Reinforces Duty of Care

Travel policy enforcement and duty of care are part of the same system. Pre-trip approval processes support duty-of-care responsibilities, reinforce policy compliance, and limit costs. The connection between policy and safety runs through every enforcement mechanism.

The following two enforcement mechanisms do most of the work:

Pre-Trip Controls vs. Post-Trip Auditing

Pre-trip controls are more useful than post-trip auditing for duty of care, because post-trip auditing occurs after the employee has already traveled. Retroactive review cannot intervene before travel begins, maintain itinerary visibility, or redirect a traveler away from a high-risk destination.

The Forrester TEI study found that Navan customers saved 85% of travel manager time. The recovered hours can be redirected toward strategic safety work, such as reviewing destination risk assessments, updating emergency response plans, and training travelers on protocols they need to know before departure.

Making Compliance the Path of Least Resistance

When the compliant path is also the easiest path, adoption tends to rise and visibility gaps can shrink. Policies tend to produce stronger compliance when they reflect actual market costs and surface in-policy options during search. Broad inventory also supports that outcome: When travelers can find competitive options from GDSs, NDC connections, and OTA partnerships in one place, the managed channel becomes easier to use and easier to trust.

Inclusive Duty of Care: Accounting for Every Traveler

A standard duty of care briefing that doesn’t account for traveler identity can fail its purpose. Enforcement and ease of use cover the mechanics, but they don’t address who the traveler is. Generic guidance can miss identity-related or medical needs, along with personal circumstances. Those gaps are often the difference between a written policy and support that works in practice.

Three groups commonly need destination-tailored support that generic briefings miss: LGBTQ+ travelers, women travelers, and travelers with disabilities.

LGBTQ+ Travelers

LGBTQ+ travelers may face destination-specific legal, medical, and social risks that generic guidance does not address. Policies also should not depend on employees self-identifying to receive appropriate support.

Required actions include:

• Destination-specific risk assessments for every trip
• Clear medical and harassment protocols
• The ability for employees to opt out of unsafe travel without penalty

These steps should be available to everyone by default, without requiring anyone to disclose their identity to receive protection.

Women Travelers

Women business travelers may face safety concerns that standard briefings do not fully address. Policies should account for those concerns through booking guidelines, vetted hotel preferences, and ground transportation standards.

These adjustments reflect the broader point of inclusive duty of care: A useful program tailors support to the traveler and the destination instead of assuming one briefing works for everyone.

Travelers With Disabilities

Travelers with disabilities have legal protections that shape how HR should plan their trips. In the U.S., the Americans with Disabilities Act requires employers to offer reasonable accommodations during business travel. HR teams should avoid assuming that travel is impossible for a person with a disability. With advance planning, many requirements can be addressed.

Keeping employee profiles up to date helps support planning without asking travelers to re-enter information for every trip.

From Policy Document to Protective System

Duty of care becomes real when your organization locates traveling employees, assesses the risks affecting them, and contacts affected travelers quickly after an incident. Most programs fall short when they have a policy but no system to execute it.

Start by measuring the current state: How long would it take to confirm every employee’s safety after a disruption? If the answer is unclear, it’s time to make changes. Close the visibility gap by driving adoption up, then build inclusive risk assessments that account for every traveler’s identity. Pre-trip controls should anchor the program, because they let you intervene before employees face risk.

The responsibility is clear. The practical question is whether your systems can support it.