At first glance, IT industry might not appear particularly “risky” in the traditional sense when it comes to workplace safety. However, the new Occupational Health and Safety Lawwhich came into force on May 7, 2023, introduces significant obligationsfor tech companies, startups, and employers in the digital services sector.

Below, we highlight the key changes that are especially relevant to the IT sector:

1. Remote Work Is No Longer a “Grey Zone”

In IT sector remote work has long been the norm. Whether through full remote engagement, hybrid models, or coworking spaces.For the first time, the new law explicitly recognizes working from home and mandates that, even in these cases, employers must assess risks and prescribe safety measures.

This means software companies are now required to:

• Have a risk assessment document that includes home working conditions (ergonomics, screen setup, lighting),
• Ensure regular medical checkups in line with workplace risks,
• Provide training and guidance to employees on how to work safely and healthily, even from home,
• Document such training and communication with employees — and ensuret hat occupational health and safety experts undergo continuous education and renew their licenses every five years.

In practice, HR and legal departments may now need to create internal rules or contract annexes related to remote work.

2. Ergonomics and Mental Health – The Silent Risks in the IT World

IT employers often overlook that serious issues can arise both in offices and at home:

• Carpal tunnel syndrome, back, neck, and shoulder pain (due to poor ergonomics),
• burnout and stress caused by overload, constant availability, or working overtime.

Although the law does not yet explicitly recognize mental health, it is the employer’s duty to identify and prevent all risks that could endanger employee health — including stress and excessive working hours.

3. Medical Checkups – Even for Developers?

The law stipulates that employees in high-riskroles and those working night shifts have the right (and obligation) to undergo medical checkups. While IT work is typically not classified as “high-risk,” if a position involves prolonged sitting, shift work, or night work,employers may be required to:

• Provide pre-employment medical checkups,
• Conduct regular checkups during employment,
• Approve additional checkups requested by employees — at the employer’s expense.

4. Mandatory Training and Knowledge Documentation in IT industry

The law places a strong emphasis on training for employees and managers.Occupational health and safety training becomes mandatory for both workers and those responsible for organizing work processes. Employees using equipment must be trained on proper use, and employers are responsible for ensuring that training is conducted and documented.

Even in IT companies, health and safety training must:

• Be provided upon hiringposition change, or introduction of new technologies (e.g. equipment or work environments),
• Be repeated at least every three years (or more frequently for risky roles),
• Be adapted to employees’ language and capabilities (important in international teams).

Even if a worker “just sits at a computer,” the employer must inform them of the risks of such work and protection measures — including advice on proper sitting posture, lighting, breaks, and equipment use.

5. Bylaws and Subregulations in IT industry

Following the adoption of the new law, a series of regulations and decrees have been issued to more precisely govern specific aspects.

The law requires detailed records to be kept, including those on high-risk jobs, workplace injuries, occupational diseases, and completed training and medical exams.

A Workplace Injury Registry has also been introduced, maintained by the Occupational Health and Safety Administration, and employers are required to regularly update it.

6. Fines and Liability – Not Just for Factories

The law introduces a stricter penalty policy. The number of violations has increased, and fines can now exceed one million dinars. Therefore, it is important to align all business aspects with the law and accompanying regulations — from general corporate policies to specific workplace procedures.

This law applies to all employers, regardless of industry. That means IT firms, digital agencies, software teams, and startups must comply by May 7, 2025, or face consequences such as:

• Fines of up to RSD 1,500,000 for legal entities,
• do 150.000 RSD za direktore i odgovorna lica,
• Labor inspectors may impose measures even for office spaces.

What Should IT Companies Do Right Now?

If you're an employer in the IT sector, here are concrete steps to take:

• Update your risk assessment document – include remote work and specific office conditions.
• Organize occupational health and safety training – it can be done online but must be documented.
• Implement remote work policies and mental health care strategies.
• Consider medical checkups for roles involving long sitting hours, night shifts, or other risk factors.
• Prepare for possible labor inspections.

Conclusion

The new Occupational Health and Safety Law aims to enhance worker protection through clearly defined rules and responsibilities for all participants in the work process. While it remains to be seen how all changes will be implemented in practice, it is certain that employers are expected to take a serious, proactive approach to compliance.

For those who haven’t started this process yet — now is the time to act.