Your duties under CDM 2015

The Construction (Design and Management) Regulations 2015 place clear obligations on principal contractors regarding the workforce on their sites. Regulation 13 requires the principal contractor to plan, manage, and monitor the construction phase, including ensuring that every contractor (and their workers) has the skills, knowledge, training, and experience to carry out the work safely.

This is not a passive duty. You cannot simply ask a subcontractor to confirm that their workers are competent and leave it at that. CDM 2015 expects active management. That means verifying competence, checking qualifications, and having a system to ensure that standards are maintained throughout the project, not just at the point of appointment. For the full picture of what CDM 2015 requires from principal contractors, see our CDM 2015 compliance guide.

Company-level checks

Before a subcontractor starts work on your site, you should verify the following at the company level:

  • Employers' liability insurance: Every employer in the UK must hold employers' liability insurance of at least £5 million. Request a current certificate and check the expiry date. Do not accept expired certificates.
  • Public liability insurance: While not legally mandatory, most principal contractors require subcontractors to hold public liability insurance, typically at a minimum of £5 million or £10 million depending on the project.
  • Professional indemnity insurance: Required for subcontractors providing design services.
  • Health and safety policy: Any employer with five or more employees must have a written health and safety policy. Request a copy and check that it is current and relevant to the work being carried out.
  • Risk assessments and method statements (RAMS): The subcontractor should provide task-specific RAMS for the work they will carry out on your site. Generic RAMS copied from a template are not acceptable.
  • CHAS, SafeContractor, or Constructionline accreditation: These are pre-qualification schemes that verify basic health and safety competence. They are not a legal requirement, but many principal contractors use them as a baseline.
  • Tax status: CIS (Construction Industry Scheme) registration and UTR number. Verify the subcontractor's tax status with HMRC to ensure correct CIS deductions.
  • Modern slavery statement: For subcontractors with a turnover above £36 million, a modern slavery statement is a legal requirement under the Modern Slavery Act 2015. Regardless of turnover, checking for indicators of labour exploitation is good practice.

Worker-level checks

Company-level checks tell you that the subcontractor is a legitimate business with appropriate insurance and processes. Worker-level checks tell you that each individual person on your site is competent and authorised to be there. Both are necessary.

For each subcontractor worker on your site, verify:

  • CSCS card: Valid, in-date, and appropriate for the work being carried out. A labourer's green card is not acceptable for skilled trade work. A supervisor should hold a gold supervisor card, not a blue skilled worker card.
  • Right to work: You have a legal obligation to ensure that workers on your site have the right to work in the UK. This applies even when the worker is employed by a subcontractor. The penalty for employing an illegal worker is up to £60,000 per worker.
  • Site-specific induction: Every worker must complete a site-specific induction before starting work. This is a CDM 2015 requirement and your responsibility as principal contractor.
  • Trade-specific competencies: Beyond the CSCS card, certain tasks require specific competencies. Scaffolders need CISRS cards. Electricians need ECS (Electrotechnical Certification Scheme) cards. Plant operators need CPCS or NPORS cards. Verify that each worker holds the right cards for their specific role.
  • Medical fitness: For certain roles (crane operators, divers, anyone working in confined spaces), medical fitness certificates are required. Check that these are current.

Pre-arrival verification

The most effective approach is to verify worker compliance before they arrive on site, not at the gate on their first morning. Gate checks create bottlenecks, and discovering a compliance gap at 07:00 when the worker has already travelled to site is a poor outcome for everyone.

A pre-arrival process works like this:

  1. The subcontractor registers their workers on the principal contractor's workforce management platform before mobilisation.
  2. Each worker's CSCS card, competencies, induction status, and right-to-work documentation are verified digitally.
  3. Any gaps are flagged to the subcontractor immediately, giving them time to resolve issues before the worker's start date.
  4. Workers arrive on site already verified, reducing gate processing time from minutes to seconds.

AttendIQ's supply chain management features enable exactly this workflow. Subcontractors are invited to the platform free of charge and can manage their own workers' records. The principal contractor sees a real-time compliance view across all subcontractors, with red/amber/green status for each worker.

Ongoing compliance monitoring

Compliance is not a one-time check. On a project lasting 12 months or more, competencies will expire, insurance certificates will lapse, and new workers will arrive who were not part of the original mobilisation. Ongoing monitoring means:

  • Automated expiry tracking: CSCS cards, insurance certificates, and other time-limited documents need to be tracked with automated alerts before they expire.
  • Access rule enforcement: When a competency expires or a required document lapses, the worker should be automatically blocked from signing in to site until the issue is resolved.
  • Subcontractor dashboards: Give subcontractors visibility of their own compliance status so they can self-manage, rather than relying on you to chase them.
  • Spot checks: Regular site audits to verify that workers on the ground match the records in the system. Check that the person wearing the hard hat is the person registered on the platform.

Managing compliance at scale

On a single site with one or two subcontractors, manual compliance management is feasible, if tedious. On a portfolio of sites with dozens of subcontractors and hundreds of workers, it is not. The administration simply does not scale.

The common failure pattern is this: a principal contractor has a thorough pre-qualification process for appointing subcontractors, but a weak process for monitoring ongoing compliance once work has started. Insurance expires. CSCS cards lapse. New workers appear on site without being formally registered. The pre-qualification was rigorous, but the ongoing compliance is a gap.

Closing that gap requires a system that tracks compliance continuously, not just at the point of appointment. It needs to be accessible to both the principal contractor and the subcontractor, so that the subcontractor can manage their own workforce proactively rather than waiting to be told about problems.

AttendIQ is built for this. Subcontractors join the platform at no cost and manage their workers' records in a portal scoped to their company. The principal contractor sees a single compliance view across all subcontractors, filterable by site, by trade, or by compliance status. Expiry alerts, access rule enforcement, and real-time dashboards replace the spreadsheets and email chains that most principal contractors currently rely on. See our pricing page for details on how supply chain access is included at no additional cost.

Get your supply chain compliant before they arrive on site

AttendIQ lets subcontractors manage their own workers' compliance, while giving you a real-time view across your entire supply chain. Expiry alerts, access rules, and pre-arrival verification in one platform.

Get Started Book a Demo

From £5 per worker per month on annual plans. No setup fee.