Chain of Responsibility (CoR) under the Heavy Vehicle National Law (HVNL) transforms every supply chain into a shared safety framework. The Chain of Responsibility (CoR) under the Heavy Vehicle National Law (HVNL) extends safety obligations to all parties in the heavy vehicle supply chain. This means you’re accountable whether you drive, load, schedule, consign, pack, or receive freight.
CoR compliance isn’t about ticking regulatory boxes. It’s about understanding your primary duty to eliminate risks so far as reasonably practicable. The stakes? Criminal liability if safety breaches occur in your sphere of influence.
The legal structure targets breaches at their source. If you’re a scheduler pushing unrealistic delivery times, you share responsibility for resulting fatigue management failures. If you’re a consignor specifying incorrect weights, you’re liable for mass breaches.
This article breaks down the complete CoR framework. You’ll understand who holds responsibility, what your primary duty demands, how the safety management system works, and what the NHVR launched the 2026 Master Code changes for supply chain compliance. We’ll examine real scenarios, practical compliance strategies, and the shift from role-based obligations to activity-based accountability.
What Chain of Responsibility Really Means in Your Supply Chain
Chain of Responsibility isn’t a single person’s job. It’s a compliance framework that distributes safety duties across every participant who influences heavy vehicle operations.
The HVNL identifies specific parties: employers, prime contractors, operators, schedulers, consignors, consignees, loaders, unloaders, loading managers, and packers. Each party carries a primary duty to ensure their decisions and actions don’t create safety risks.
Think about a typical freight movement. A consignor books a delivery. A scheduler sets timeframes. A loading manager oversees the process. A driver operates the vehicle. A consignee receives the goods.
Every decision in that chain affects safety outcomes. The scheduler who allows insufficient time creates fatigue risk. The loader who exceeds weight limits creates mass compliance risk. The consignor who provides incorrect documentation creates operational risk.
Primary Duty vs Secondary Obligations
Your primary duty sits at the core of CoR compliance. Section 26C of the HVNL requires you to eliminate or minimise public risks arising from your transport activities. This duty applies regardless of your specific role.
The standard? So far as reasonably practicable. Courts interpret this through what a reasonable person in your position would do, considering available knowledge, expertise, and resources.
Secondary obligations follow from this primary duty. These include specific requirements around mass, dimension, load restraint, speed, fatigue, and vehicle standards. But understanding your primary duty matters more than memorising secondary rules.
Who Actually Holds Responsibility
Multiple parties can share responsibility for the same breach. This joint liability concept distinguishes CoR from traditional regulatory frameworks where one party typically faces consequences.
Consider a fatigue incident. The employer who set roster patterns, the scheduler who specified delivery times, the prime contractor who accepted unrealistic deadlines, and the driver who failed to rest all contributed. All face potential liability.
The NHVR investigates backwards from safety breaches. They identify every party whose decisions influenced the incident. Your involvement in the transport activity triggers your duty, not your proximity to the breach.
The Problem: Why Traditional Supply Chain Models Failed Safety
Previous regulatory models targeted drivers and operators almost exclusively. Safety compliance concentrated at the operational end of the supply chain whilst commercial decision-makers escaped accountability.
This created perverse incentives. Consignors could demand impossible delivery windows without consequence. Schedulers could optimise cost over safety. Prime contractors could push risk down to subcontractors through contract terms.
The result? Drivers faced pressure to speed, skip rest breaks, overload vehicles, or falsify records. Operators struggled to maintain standards when commercial terms made compliance financially unviable.
Real Scenarios That Triggered CoR Reform
A major retailer demanded delivery within two-hour windows across multiple sites. The scheduler created routes requiring 14-hour driving days. Drivers regularly exceeded work hours to meet contractual obligations.
When fatigue-related incidents occurred, only drivers faced penalties. The retailer and scheduler continued practices that made fatigue breaches inevitable.
Another scenario involved a manufacturer specifying freight weights that consistently exceeded legal mass limits. Operators faced mass breaches whilst the consignor maintained unrealistic weight declarations.
These patterns demonstrated that safety responsibility must extend to everyone who influences transport operations through commercial decisions, operational requirements, or contractual terms.
How CoR Shifts Accountability Upstream
CoR recognises that safety decisions often occur in boardrooms, procurement departments, and logistics offices rather than driver cabins. The framework holds these decision-makers accountable for safety impacts.
This upstream accountability transforms supply chain relationships. Contracts now require safety considerations alongside commercial terms. Procurement processes must evaluate safety management systems. Commercial negotiations must address compliance requirements.
The shift forces parties who control resources, set timeframes, and determine operational parameters to consider safety implications. You can’t insulate yourself from liability by outsourcing transport operations whilst maintaining control over conditions that affect safety.
How the CoR Framework Actually Works
The CoR framework operates through primary duties, executive officer obligations, and party-specific requirements. Understanding this structure helps you identify where your responsibilities sit.
Your primary duty requires you to eliminate or minimise public risks arising from your transport activities. This applies to all parties in the supply chain. The duty is ongoing, not triggered by specific events.
Executive officers carry additional personal liability. If you direct or influence organisational conduct, you must ensure your organisation complies with CoR obligations. This creates accountability at leadership levels.
The Reasonably Practicable Standard
Determining what’s reasonably practicable involves balancing risk severity against the cost, effort, and time required to eliminate or minimise that risk. Courts consider five factors when assessing reasonable practicability.
First, the likelihood of hazard occurrence. High-probability risks demand stronger controls. Second, the degree of harm that might result. Fatality risks require more extensive measures than minor injury risks.
Third, what you know or ought reasonably to know about hazards and control measures. Industry knowledge, available research, and professional expertise set your knowledge standard.
Fourth, the availability and suitability of control measures. Courts examine whether effective controls exist and whether they’re accessible to your organisation.
Fifth, the cost of available controls balanced against risk reduction. Disproportionate costs don’t automatically excuse non-compliance, but courts consider proportionality when assessing reasonableness.
Due Diligence vs Compliance Checklist Approaches
Many organisations treat CoR as a checklist exercise. They implement standard procedures, complete documentation, and assume compliance follows automatically.
True due diligence requires active engagement with your specific risk profile. You must identify risks particular to your operations, assess their severity, implement appropriate controls, monitor effectiveness, and continuously improve.
Documentation supports due diligence but doesn’t replace it. Courts examine whether you genuinely understood and managed risks, not whether you completed paperwork. Your safety management system must demonstrate real risk management, not compliance theatre.
| Compliance Approach | Characteristics | CoR Adequacy |
|---|---|---|
| Checklist Compliance | Standard procedures applied uniformly, minimal risk assessment, documentation focus | Insufficient for demonstrating due diligence |
| Risk-Based Due Diligence | Context-specific controls, ongoing risk assessment, evidence of active management | Meets reasonably practicable standard |
| Reactive Management | Responds to breaches after occurrence, minimal preventive measures | Fails primary duty requirements |
Understanding Parties and Their Specific Obligations
The HVNL defines nine party categories, each with specific duties beyond the primary obligation. Your party status determines which requirements apply to your operations.
Employers must ensure employed drivers comply with road transport laws. This includes providing adequate training, resources, and systems that enable compliance.
Prime contractors hold similar duties for contractors and subcontractors they engage. Your obligation extends down the contracting chain, requiring oversight of subcontractor practices.
Scheduler Obligations Under CoR
Schedulers exercise substantial control over transport operations through timeframe specifications. Your scheduling decisions directly impact fatigue management, speed compliance, and operational safety.
You must ensure schedules allow sufficient time for drivers to complete journeys whilst complying with rest requirements, speed limits, and work hour restrictions. Unrealistic schedules create breach inevitability.
Consider actual driving time, loading and unloading duration, rest breaks, meal breaks, and potential delays from traffic, weather, or operational issues. Your schedule must accommodate reality, not optimistic assumptions.
Document your scheduling methodology. Show how you calculated journey times, what assumptions you made, and what contingencies you included. This evidence demonstrates due diligence when schedules face scrutiny.
Consignor and Consignee Responsibilities
Consignors must provide accurate information about loads, including mass, dimension, and load restraint requirements. Inaccurate declarations create operational risks throughout the transport chain.
You’re responsible for ensuring declared weights reflect actual mass. This requires reliable weighing systems, accurate calculations, and verification processes that catch errors before vehicles depart.
Consignees control unloading timeframes and processes. Excessive waiting times contribute to fatigue risks. Unsafe unloading practices create immediate hazards.
Your receiving procedures must enable safe, timely unloading. Extended detention times that force drivers to exceed work hours breach your primary duty. Implement booking systems, adequate unloading resources, and realistic processing times.
Loader and Packer Duties
Loaders directly control how freight is placed in or on vehicles. Your loading practices affect mass distribution, load restraint effectiveness, and vehicle stability.
You must understand load restraint requirements, mass limits, and dimension restrictions. Loading decisions require technical knowledge, not just physical capability to move freight.
Packers determine how goods are prepared for transport. Packaging affects load security, mass distribution, and handling safety. Your packing decisions cascade through the transport chain.
Select packaging appropriate for transport mode, journey duration, and handling requirements. Document your packing methodology to demonstrate considered risk management.
Building an Effective Safety Management System
A safety management system provides the operational framework for meeting your CoR obligations. The NHVR expects documented systems that identify risks, implement controls, monitor performance, and drive continuous improvement.
Your system must address six risk areas: fatigue management, mass management, dimension compliance, load restraint, speed management, and vehicle standards. Each area requires specific policies, procedures, and controls.
Start by identifying your party status under the HVNL. This determines which risk areas apply to your operations and what specific obligations you must address.
Risk Assessment and Control Hierarchy
Effective risk assessment examines your operations systematically. Map your transport activities, identify potential breaches, assess likelihood and consequences, and determine existing controls.
Apply the control hierarchy when addressing identified risks. Elimination removes hazards entirely. Substitution replaces high-risk activities with lower-risk alternatives. Engineering controls modify physical environments.
Administrative controls establish procedures, training, and supervision. Personal protective equipment provides the last line of defence. Your control mix should emphasise elimination and substitution over lower-order controls.
Document your risk assessment process and control selection reasoning. This evidence demonstrates you’ve met the reasonably practicable standard by considering available options and implementing appropriate measures.
Fatigue Management Requirements
Fatigue management extends beyond driver work hours. You must consider all factors that contribute to fatigue risk: journey duration, time of day, roster patterns, workload intensity, and recovery time.
Implement systems that monitor work hours, enforce rest requirements, and flag fatigue risk indicators. Technology solutions can automate monitoring, but human oversight remains essential.
Your fatigue management system should address scheduling practices, workload distribution, roster design, and contingency planning. Consider how commercial decisions affect driver fatigue, not just operational factors.
Train relevant personnel in fatigue risk recognition and management. Schedulers, dispatchers, and supervisors need understanding of how their decisions impact fatigue risks.
Mass and Dimension Compliance Systems
Mass management requires accurate weighing, reliable documentation, and verification processes. Your system must ensure vehicles don’t exceed gross mass, axle limits, or load distribution requirements.
Implement weighing procedures for outbound freight. Calibrate equipment regularly. Train staff in proper weighing technique. Verify that declared weights match actual mass.
Dimension compliance involves measuring loads accurately and understanding legal limits. Height, width, and length restrictions vary by route and vehicle type. Your system must account for this complexity.
Create load measurement procedures, route planning processes that consider dimension limits, and verification checkpoints that catch errors before departure.
The 2026 Master Code Changes and What They Mean
The updated Master Code for the heavy vehicle industry lifts the industry benchmark by moving away from role-based obligations to activities. This fundamental shift changes how you approach CoR compliance.
Previous Master Codes organised obligations around party definitions. The 2026 version focuses on activities and their safety implications. This activity-based approach better reflects how modern supply chains operate.
You’re now accountable for activities you control or influence, regardless of your formal role. This eliminates gaps where parties argued specific obligations didn’t apply because their role wasn’t explicitly listed.
Activity-Based Compliance Framework
Activity-based compliance asks what you actually do rather than what you’re called. If you set delivery timeframes, you’re accountable for scheduling impacts. If you specify freight requirements, you’re accountable for resulting operational constraints.
This approach captures complex supply chain relationships better than rigid role definitions. Modern logistics involves shared responsibilities, outsourced functions, and integrated operations that don’t fit traditional categories.
Assess your actual activities across the transport chain. What decisions do you make? What requirements do you set? What controls do you exercise? Your activity profile determines your compliance obligations.
Document your activities and corresponding safety measures. Show how you’ve identified risks arising from each activity and what controls you’ve implemented to manage those risks.
Practical Implications for Supply Chain Parties
The activity-based framework means you can’t hide behind narrow role definitions. Claims that you’re “just the consignor” or “only handle scheduling” won’t insulate you from liability when your activities influence safety outcomes.
Review your contracts, operational procedures, and commercial relationships. Where do you exercise control? What requirements do you impose? What constraints do you create? These activities trigger compliance obligations.
Engage with other parties in your transport chain. Understand how your activities affect their operations. Collaborative safety management becomes essential when multiple parties influence outcomes.
Consider how the Master Code changes affect your safety management system. You may need to expand risk assessments, update procedures, or implement additional controls to address activity-based obligations.
Implementing Practical Compliance Measures
Compliance requires practical measures embedded in daily operations. Theory matters less than how you actually manage risks when freight moves, schedules are set, and commercial decisions are made.
Start with your highest-risk activities. Where do breaches most likely occur? What activities create the most serious consequences? Focus your initial efforts on these priority areas.
Develop practical procedures that frontline staff can actually follow. Complexity creates compliance failure. Simple, clear processes increase adherence and reduce breach likelihood.
Contract Terms and Safety Obligations
Your contracts should explicitly address safety responsibilities. Ambiguous terms create compliance gaps where parties assume someone else manages particular risks.
Include specific clauses covering delivery timeframes, loading requirements, documentation accuracy, compliance with road transport laws, and safety management system requirements.
Specify consequences for safety breaches. Contract terms should create commercial incentives for compliance, not just legal protection for your organisation.
Review existing contracts for CoR adequacy. Many standard terms predate activity-based compliance requirements and don’t adequately address current obligations.
Training and Competency Requirements
Effective training targets specific roles and their associated risks. Generic awareness training doesn’t develop the competencies needed to manage actual compliance challenges.
Schedulers need training in journey time calculation, rest requirement application, and fatigue risk assessment. Loaders need training in load restraint, mass limits, and safe loading practices. Consignors need training in accurate documentation and impact of commercial terms on safety.
Assess competency through practical application, not just course completion. Can schedulers actually calculate compliant journey times? Can loaders properly secure varied freight types? Can consignors accurately determine freight mass?
Document training delivery and competency assessment. This evidence demonstrates your commitment to ensuring personnel understand and can meet their obligations.
Monitoring and Continuous Improvement
Monitoring reveals whether your controls actually work. Implement systems that track performance indicators, identify trends, and flag potential issues before breaches occur.
Review near-misses and incidents systematically. What patterns emerge? What controls failed? What systemic issues contributed? Use this analysis to improve your safety management system.
Conduct regular audits of your CoR compliance. Internal audits identify gaps before external scrutiny occurs. External audits provide independent verification of your system effectiveness.
Act on audit findings promptly. Documented issues that remain unaddressed demonstrate inadequate safety commitment and undermine due diligence claims.
Technology Solutions for CoR Management
Technology platforms can automate monitoring, streamline documentation, and improve visibility across the supply chain. Solutions range from simple tracking tools to comprehensive compliance management systems.
Consider your specific needs before selecting technology. What activities create your highest risks? What manual processes consume excessive resources? Where do compliance gaps most often occur?
Effective solutions integrate with existing systems rather than creating parallel processes. Freight management, scheduling, and documentation systems should share data to reduce duplication and improve accuracy.
Automated Compliance Monitoring
Automated systems track work hours, monitor driving patterns, and flag potential breaches in real time. This proactive approach enables intervention before breaches occur rather than reactive response after incidents.
Telematics platforms collect data on vehicle speeds, locations, and operating parameters. This objective evidence supports compliance verification and provides defence against unfounded allegations.
Choose systems that integrate fatigue management, mass monitoring, and operational tracking. Fragmented solutions create information silos that limit visibility and increase administrative burden.
Ensure automated systems include escalation procedures for identified risks. Technology that flags issues without triggering human intervention provides limited value.
Digital Documentation and Audit Trails
Digital documentation systems create reliable audit trails, reduce paperwork burden, and improve information accessibility. When investigators examine your operations, comprehensive records demonstrate your compliance commitment.
Implement systems that capture scheduling decisions, loading confirmations, weight declarations, and driver acknowledgements digitally. These records should be tamper-evident and readily retrievable.
Cloud-based platforms enable real-time sharing across the supply chain. All parties can access relevant information without delays or communication failures that contribute to compliance breakdowns.
Retention requirements demand long-term record keeping. Choose solutions with reliable backup, disaster recovery, and data preservation capabilities that meet legal requirements.
Enforcement, Penalties and Legal Consequences
The NHVR enforces CoR obligations through graduated responses ranging from education to prosecution. Understanding enforcement approaches helps you appreciate compliance importance and potential consequences.
Minor or first-time breaches might attract warnings or improvement notices. Serious breaches, systemic non-compliance, or repeated violations trigger formal enforcement action.
Penalties include substantial fines, licence sanctions, and criminal prosecution for serious breaches. Corporate penalties reach millions of dollars. Individual liability includes imprisonment for the most serious offences.
What Triggers NHVR Investigation
Incidents involving heavy vehicles automatically trigger scrutiny. The NHVR investigates backwards from crashes, fatigue breaches, mass violations, and other safety incidents to identify contributing parties.
Industry intelligence, complaints, and targeted compliance programs also initiate investigations. The NHVR maintains focus on high-risk operators, systemic non-compliance, and parties with breach history.
Your cooperation during investigations affects outcomes. Obstructive behaviour, evidence destruction, or false information escalate enforcement responses and demonstrate inadequate safety culture.
Provide requested information promptly and accurately. Demonstrate your safety management systems, show evidence of due diligence, and explain what measures you’ve implemented to prevent breaches.
Defending Against Liability Claims
Your defence against CoR liability centres on demonstrating due diligence. Courts examine whether you took reasonable steps to prevent breaches, not whether breaches occurred.
Document your risk assessment processes, control implementation, monitoring activities, and continuous improvement efforts. This evidence shows you understood obligations and actively managed compliance.
Show how you investigated incidents, what corrective actions you implemented, and how you verified effectiveness. Reactive improvements demonstrate commitment to compliance even when initial controls proved inadequate.
Engage legal advice early when facing investigation or enforcement action. CoR liability involves complex legal questions requiring specialist expertise.
Building a Sustainable Compliance Culture
Sustainable compliance requires more than systems and procedures. You need organisational culture where safety considerations influence decisions naturally, not just when auditors visit.
Leadership commitment sets cultural tone. When executives prioritise safety over short-term commercial gains, frontline staff receive clear messages about what matters. When leaders ignore compliance for profit, no system will succeed.
Integrate safety into decision-making processes. Procurement shouldn’t select carriers on price alone. Scheduling shouldn’t optimise cost without considering fatigue. Commercial negotiations shouldn’t create operational pressures that make breaches inevitable.
Executive Accountability and Governance
Executive officers carry personal liability under CoR. If you direct or influence organisational conduct, you must ensure CoR compliance receives adequate attention and resources.
This means understanding your organisation’s CoR obligations, questioning whether adequate systems exist, ensuring appropriate resources are allocated, and verifying that compliance occurs in practice.
Board reporting should include CoR compliance indicators. What breaches occurred? What trends are emerging? What system improvements are underway? What resources are required?
Personal liability creates powerful incentives for genuine engagement. Executive officers who treat CoR as administrative detail expose themselves to prosecution when serious breaches occur.
Supply Chain Collaboration for Safety
Collaborative approaches work better than adversarial relationships. When parties view CoR as shared responsibility rather than liability to be avoided, supply chains operate more safely and efficiently.
Establish regular safety discussions with key supply chain partners. Share information about risks, near-misses, and improvement initiatives. Collective learning benefits all parties.
Develop joint safety initiatives that address shared risks. Collaborative fatigue management, coordinated load restraint training, or shared technology platforms improve outcomes whilst distributing costs.
Your commercial relationships should reward safety performance. Consider compliance track records in contractor selection. Include safety KPIs in performance reviews. Create incentives for continuous improvement.
Your Next Steps for CoR Compliance
CoR compliance starts with understanding your specific obligations based on activities you control or influence. Review your operations using the activity-based framework the 2026 Master Code introduces.
Conduct thorough risk assessments across the six CoR areas. Identify where your activities create breach risks. Assess current controls for adequacy. Determine what additional measures are reasonably practicable.
Develop or update your safety management system to address identified gaps. Document your risk assessment processes, control measures, monitoring systems, and continuous improvement mechanisms.
Implement practical procedures that frontline staff can follow. Train relevant personnel in their specific obligations. Monitor compliance and act on identified issues promptly.
For organisations seeking comprehensive CoR compliance solutions, implementing CoR compliance technology provides practical guidance on technology-enabled compliance approaches.
Engage with other supply chain parties about shared safety responsibilities. Collaborative approaches manage risks more effectively than isolated efforts.
Remember that CoR compliance represents ongoing commitment, not one-time implementation. Regular review, continuous improvement, and genuine safety culture determine long-term success.
The activity-based compliance framework makes avoiding responsibility harder but managing safety more practical. Focus on what you actually do, how your decisions affect safety, and what reasonably practicable measures you can implement to eliminate or minimise risks.
Your primary duty exists whether you acknowledge it or not. The question isn’t whether CoR applies to your operations, but whether you’re meeting obligations that already exist.
