Due Diligence Defence: What UK Food Businesses Need to Know

Last updated: May 2026

Picture this. An EHO inspector turns up unannounced. A customer has made a complaint. Your team did everything right, but can you prove it?

That single question is what separates a fine from a dismissal. And the answer comes down to one legal concept every food business owner needs to understand: the due diligence defence.

What Is the Due Diligence Defence?

Under Section 21 of the Food Safety Act 1990, a food business can defend itself against a food safety charge by proving it took "all reasonable precautions and exercised all due diligence" to avoid committing the offence.

In plain English? If something goes wrong, you need to show that your systems, training, and record-keeping were solid enough that the incident wasn't down to negligence.

This isn't about being perfect. It's about being prepared.

When Does the Due Diligence Defence Apply?

The defence applies to offences under the Food Safety Act 1990, including:

• Selling food that doesn't meet safety requirements (Section 8)
• Selling food not of the nature, substance, or quality demanded (Section 14)
• Falsely describing or presenting food (Section 15)

It also extends to regulations made under the Act, including the Food Safety and Hygiene (England) Regulations 2013 and equivalent legislation in Scotland, Wales, and Northern Ireland.

If your business faces prosecution, the burden of proof falls on you. You need to demonstrate that your precautions were genuine, documented, and consistently followed.

What "All Reasonable Precautions" Looks Like in Practice

Courts have been clear on this. Saying "we have a food safety policy" isn't enough. You need to show the policy was implemented, monitored, and enforced.

Here's what a strong due diligence defence looks like:

1. Written Food Safety Management System

Every food business in the UK must have a documented food safety management system based on HACCP principles. This should cover your critical control points, monitoring procedures, corrective actions, and verification steps.

2. Temperature Monitoring Records

Temperature control is one of the most common areas where businesses get caught out. You need consistent records for:

• Fridge and freezer temperatures (checked at least twice daily)
• Hot holding temperatures (above 63°C)
• Cooking and reheating temperatures (core temp of 75°C or equivalent)
• Delivery temperature checks
• Probe calibration logs

Gaps in your temperature records are one of the first things an inspector will flag. If there's a two-week gap in your fridge logs, the defence starts to crumble.

3. Staff Training Records

Every team member handling food needs appropriate training, and you need proof they received it. This includes:

• Induction training records
• Level 2 Food Safety certificates
• Allergen awareness training
• Refresher training dates

4. Supplier Due Diligence

You're responsible for what comes through your door. Keep records of:

• Approved supplier lists
• Supplier food safety certifications
• Delivery check records (temperature, condition, use-by dates)
• Any rejected deliveries and the reasons why

5. Cleaning and Maintenance Records

Cleaning schedules need to be documented and signed off. Equipment maintenance logs, pest control reports, and deep cleaning records all form part of your defence.

6. Incident and Corrective Action Logs

When something goes wrong, what did you do about it? Recording incidents and your response shows that your business doesn't ignore problems. It addresses them.

The Audit Trail Problem

Here's where most businesses fall down. They have the systems. They do the checks. But the records are incomplete, inconsistent, or missing entirely.

Paper-based systems are the biggest culprit. Clipboards get lost. Pages get damaged. Handwriting is illegible. And there's no way to prove when a record was completed, because anyone can backfill a paper form the night before an inspection.

Courts and inspectors know this. A stack of paper forms completed in the same pen, on the same day, for the previous month? That's not a defence. That's a red flag.

Why Timestamps Matter

The strength of your due diligence defence comes down to one thing: credibility.

Can you prove the check was done at the time it was supposed to be done, by the person who was supposed to do it?

Digital records with automatic timestamps solve this. Every entry is logged with the exact date, time, and user. No backfilling. No ambiguity. No arguments about whether the 6am fridge check happened at 6am or 6pm.

Aquaint's compliance tools generate timestamped, auditable records for every task your team completes. Temperature checks, cleaning sign-offs, opening and closing procedures. Each one is logged with the who, what, and when, creating an audit trail that holds up under scrutiny.

Building a Defensible System: Step by Step

If you want to build a due diligence defence that works, here's the practical roadmap:

Step 1: Document Everything

If it's not written down, it didn't happen. That's the legal reality. Make sure every food safety procedure has a corresponding record.

Step 2: Make Compliance Part of the Daily Routine

Don't treat compliance as a separate task. Build it into your team's daily workflow. Opening checks, midday checks, closing checks. When compliance is routine, it gets done consistently.

Step 3: Remove the Barriers

If your team has to hunt for a clipboard, find the right form, and figure out where to file it, compliance will slip. The easier you make it, the more reliable your records become. This is where moving from paper to digital makes the biggest difference.

Step 4: Monitor and Review

Due diligence isn't set-and-forget. Review your records regularly. Look for patterns. Are fridge checks being missed on weekends? Is one site consistently late with cleaning sign-offs? Catch problems before an inspector does.

Aquaint's site scoring gives managers a clear view of compliance performance across locations, so you can spot gaps without digging through paperwork.

Step 5: Act on Non-Compliance

Finding a problem is only half the story. Documenting what you did about it completes the defence. Corrective actions, retraining, process changes. Record them all.

Real-World Due Diligence Failures

Courts have rejected the due diligence defence in cases where:

• Records existed but weren't consistently maintained
• Training was provided but not documented
• The business had a food safety system on paper but couldn't show it was followed in practice
• Checks were recorded retrospectively with no proof of real-time completion

The common thread? The systems looked good on paper but fell apart under examination. A defence that exists only on a shelf in the office isn't a defence at all.

How Digital Compliance Tools Strengthen Your Defence

Switching from paper to digital isn't about technology for technology's sake. It's about creating records that are harder to dispute.

With a tool like Aquaint, your compliance records are:

• Timestamped automatically so there's no question about when a check was completed
• Attributed to individual users so you can prove who did what
• Stored securely with no risk of lost or damaged paperwork
• Accessible remotely so managers can review compliance across multiple sites
• Exportable for inspections, audits, or legal proceedings

When your EHO inspection arrives, pulling up six months of complete, timestamped records is a far stronger position than handing over a binder of paper forms.

Due Diligence Beyond Food Safety

The concept of due diligence extends beyond food safety in hospitality. Fire safety, health and safety, allergen management, and RIDDOR reporting all require defensible records.

Building a culture of documentation across your entire operation means you're protected on every front, not caught out because your food safety records were spotless but your fire safety log was three months out of date.

The Bottom Line

The due diligence defence exists to protect businesses that take compliance seriously. But "taking it seriously" means more than good intentions. It means consistent, verifiable, timestamped records that prove your team followed the right processes at the right times.

If your current system can't deliver that, it's time to look at what can.

FAQs

What is the due diligence defence in UK food law?

Under Section 21 of the Food Safety Act 1990, a food business can avoid conviction by proving it took all reasonable precautions and exercised all due diligence to avoid committing the offence. This requires documented evidence of food safety systems, training, monitoring, and corrective actions.

What records do I need to prove due diligence?

You need temperature monitoring logs, staff training records, supplier checks, cleaning schedules, HACCP documentation, incident logs, and corrective action records. Each record should include who completed it, when, and any relevant readings or observations.

Can paper records support a due diligence defence?

Paper records can support a defence, but they're weaker than digital records because there's no way to verify when they were completed. Courts have rejected defences where paper records appeared to have been backfilled. Timestamped digital records are harder to dispute.

How often should compliance checks be recorded?

Fridge and freezer temperatures should be checked at least twice daily. Hot holding temperatures should be monitored throughout service. Cleaning, opening, and closing checks should be completed and logged as part of each shift. The more consistent your records, the stronger your defence.

Does due diligence only apply to food safety?

No. The principle of demonstrating reasonable precautions applies across health and safety, fire safety, allergen management, and other regulatory areas. A comprehensive approach to compliance record-keeping protects your business across all these areas, not food safety alone.