Photo: graphixchon / iStock / Getty Images Plus

Smarter EHS programs in 2026 must be built to withstand scrutiny

By Greg Duncan, MELP, CSP

The Enforcement Themes Defining 2026
    Several new and continuing regulatory priorities are shaping enforcement trends in the United States. While these areas vary in scope and focus, regulators share a common expectation: organizations must implement structured programs and proactively manage risk, not just respond after an incident occurs.

PFAS and Expanding Chemical Oversight
    Per- and polyfluoroalkyl substances (PFAS) represent one of the most complex compliance challenges facing organizations today. Reporting obligations under the EPA’s Toxics Release Inventory (TRI) have expanded, and PFAS requirements are increasingly integrated into other environmental programs, including EPCRA, RCRA, and water-related regulations.
    The compliance burden includes demonstrating defensible monitoring practices, accurate chemical inventory maintenance, supply chain transparency, and long-term waste management strategies. In many cases, PFAS compliance demands cross-functional coordination between EHS, procurement, environmental engineering, and legal teams.
    Where programs tend to break down is not in awareness, but in documentation. During inspections or information requests, companies must be able to show how PFAS were identified, how thresholds were evaluated, and how ongoing monitoring is conducted. Fragmented records and inconsistent inventory controls create immediate compliance risk.

Hazard Communication Updates
    OSHA’s 2024 final rule updating the Hazard Communication Standard to align with Revision 7 of the Globally Harmonized System (GHS) introduces expanded hazard classifications, revised labeling provisions, and updated Safety Data Sheet (SDS) requirements. Phased compliance deadlines begin in 2026 for chemical manufacturers, distributors, and employers.
    For many organizations, HazCom programs have historically been stable and well-established. However, updates to classifications and SDS formats require systematic review of chemical inventories, revised labeling, employee retraining, and corresponding written plan updates.
    Compliance issues often arise when hazard communication programs have not been comprehensively reconciled with updated hazard classifications and other hazard information. Outdated SDS libraries, inconsistent label practices, and incomplete training documentation can quickly undermine an otherwise mature safety program.

Heat Illness Prevention
    Regulatory action around heat illness prevention and enforcement has accelerated, with a pending proposed federal heat standard and active National Emphasis Programs targeting indoor and outdoor heat exposure risks. Regulators increasingly expect formal Heat Illness Prevention Programs (HIPPs), including written procedures, monitoring protocols, acclimatization processes, access to water and rest breaks, and emergency response planning.
    Historically, some organizations have relied on informal controls or supervisor discretion during heat events. Under the heightened emerging workplace safety standards and enforcement directives, that approach is no longer sustainable. Regulators are asking for written programs, training records, environmental monitoring data, and documented corrective actions.
    Compliance breaks down when controls are implemented operationally but not formally documented. A program that exists in practice but cannot be demonstrated in writing may be treated as non-existent during an inspection.

Ergonomics and Musculoskeletal Disorder Prevention
    Musculoskeletal disorders (MSDs) remain a leading cause of workplace injury and a major source of costs to employers. While federal OSHA relies primarily on the General Duty Clause, several state plan including California, Minnesota, and New York have implemented mandatory ergonomics-specific standards that require employers to develop structured prevention programs, documented risk assessments, and effective engineering controls. At the same time, Washington and Oregon have each developed voluntary standards as recommended guidance for prevention of workplace MSDs, and formal adoption of those standards by their respective state OSHA agencies is likely in the future.
    Regulatory scrutiny has shifted from reactive injury response to proactive hazard identification and MSD risk control. Organizations are expected to conduct ergonomic assessments, track trends, and implement targeted corrective measures.
    The most common compliance gaps include incomplete or inconsistent MSD risk assessment, lack of follow-up on worker complaints and/or MSD injury underreporting, and insufficient documentation of engineering or administrative controls. Without systematic tracking capabilities and modern assessment tools including AI, organizations struggle to gain a foothold toward MSD reductions and sustained job improvement.

Workplace Violence Prevention and PPE Fit
    In recent years, workplace violence prevention standards have expanded their relatively narrow focus on healthcare settings to become a major compliance priority across industries. In several states, employers are required to develop written prevention plans, training programs, systematic hazard assessment and control, and incident documentation.
    Simultaneously, renewed emphasis on proper PPE fit has elevated what was once considered a procurement detail into a compliance issue. Recent federal and state OSHA requirements obligate employers to assess PPE fit needs for ALL workers, paying special emphasis on PPE for female employees who are historically under-represented when fitting and selecting workplace PPE.
    Both areas reflect a broader enforcement trend: regulators are focusing on whether employers have systematically identified foreseeable risks and implemented documented controls.
    Programs often falter when policies exist but lack evidence of implementation, such as training records, hazard assessments, fit evaluations, and corrective actions must be consistently maintained.

Where EHS Programs Break Down During Inspections
    Despite the best intentions of even the most experienced EHS teams, compliance failures happen. These failures frequently stem from structural weaknesses, rather than a lack of effort.
    Common weak points include:
    • Manual tracking systems that make it difficult to verify current regulatory applicability
    • Siloed documentation stored across departments without centralized access and standardized data protocols
    • Inconsistent audit practices that fail to evaluate program effectiveness in addition to compliance status
    • Reactive corrective action management, where issues are addressed informally but not tracked to closure
    • Outdated written programs that no longer reflect current regulatory requirements.
    During inspections, compliance officers will typically start by requesting and reviewing documentation, including written programs, evidence of control implementation and performance, training documentation, audit records, and proof of corrective action completion. When documentation is incomplete, inconsistent, or difficult to retrieve, organizations appear less prepared, even if operational controls are in place.
    On the flip side of that coin, strong compliance program documentation goes a long way in establishing good faith in the eyes of inspectors and sets a positive tone during regulatory inspection activities. In 2026, the most resilient organizations in terms of compliance will be those that can quickly produce structured, defensible evidence of compliance.

Why Proactive Audits are Essential
    In today’s compliance environment, internal audits are no longer administrative formalities. They are becoming foundational tools for regulatory risk management.
    Proactive, risk-based audit programs serve several critical functions:
    • Verification of Implementation — Testing whether written programs are executed consistently across sites.
    • Early Detection of Gaps — Identifying compliance deficiencies before regulators do.

    • Documentation of Due Diligence – Demonstrating a structured approach to oversight and continuous improvement.
    • Alignment with Management Systems — Supporting frameworks such as ISO 45001 and integrated environmental management systems.
    Audits that focus solely on checklist completion are insufficient. Effective programs evaluate whether hazard controls are functioning, training is current, and corrective actions are tracked through resolution. When audit findings are systematically analyzed and addressed, organizations build a defensible compliance record that regulators recognize as evidence of active governance.

Building Programs Regulators Trust
    To withstand scrutiny in 2026 and beyond, EHS programs must be designed with verification in mind. Practical steps include:
    • Maintaining up-to-date regulatory applicability analyses across jurisdictions
    • Standardizing written programs and ensuring they reflect current requirements
    • Embedding documentation practices into daily operations, rather than treating them as afterthoughts
    • Establishing closed-loop corrective action processes that assign ownership and track completion
    • Conducting regular, structured audits that evaluate both program design and execution
    Equally important is fostering cross-functional alignment. Chemical management, heat stress mitigation, ergonomic controls, and workplace violence prevention often involve operations, HR, procurement, and facilities teams. Clear accountability and shared documentation standards reduce fragmentation.

From Reactive Compliance to Defensive Readiness
    Regulatory activity in 2026 suggests that enforcement will continue emphasizing chronic and systemic risks. Whether addressing PFAS exposure, hazard communication updates, heat stress, or ergonomics, regulators are converging around a consistent expectation: Compliance programs must be demonstrably effective.
    For EHS leaders, this shift represents both a challenge and an opportunity.
Organizations that continue to rely on informal controls and manual tracking may find themselves vulnerable. Those that invest in structured, documented, and auditable compliance frameworks will not only reduce enforcement risk but also strengthen operational resilience and help them stand out as leaders among peers and competitors.
    In a climate where simply having an EHS program is no longer enough, the differentiator will be the ability to easily and definitively prove it works—and works well.