SE Worldwide

Features / Compliance automation

Regulatory compliance — on a cadence, not a fire drill.

Compliance is the proactive, calendar-driven half of regulatory work — the obligations that exist regardless of whether an incident occurred. Annual Form 300A posting. March 1 OSHA ITA deadline. Cal/OSHA SB 1299 annual WPV attestation. NL serious-incident 4-hour notification. UK over-7-day incapacity. SE ships an obligation registry with citation-grounded provenance, per-form workflows for the heaviest annual cadences, per-jurisdiction recordkeeping across federal OSHA + all 50 states + DC + 5 territories + Netherlands + UK, and a scheduled-reminder function that surfaces unposted establishments inside the posting window. Where the Incident spoke covers what happens after an event, this one covers what happens regardless.

Inspection-readiness review through one-click audit-packet generation — the running product against Apex Manufacturing demo data. On-screen captions narrate each step.

See it in action

Walk-throughs against live demo data.

Short, captioned clips of the running product against the Apex Manufacturing demo tenant. Click any to play.

Fleet readiness posture — summary counts + severity-ranked list across the establishment fleet.

What's in it

The capability surface.

Obligation registry + extraction

  • Structured obligation records — title, description, recurrence (one-time, daily, weekly, monthly, quarterly, annual, or event-driven), due date, how completion is measured (none, numeric reading, observation, pass/fail, or document submission), and a responsible role.
  • Source-citation linkage — every obligation carries the regulation paragraph (or policy section) it derived from.
  • Provenance — every obligation is stamped as manually entered or AI-extracted, with confidence and a grounded-source indicator preserved for AI extractions.
  • Review lifecycle — Proposed → Approved → Rejected with a reviewer audit trail (who, when, notes).
  • AI-assisted extraction is built in; the manual-entry path against approved source documents is shipped and fully tested. Production model selection is the remaining tuning step.

Annual Form 300A posting cycle

  • Annual attestation — the admin supplies average employee count + total hours worked at year-end, which locks the case data for posting.
  • Posting record — captures the executive name + title, who posted, when, and optional notes; a digital signature is embedded on the rendered 300A PDF.
  • Cycle state is computed automatically (before the period, in the period, or deadline passed) against the 1904.32 Feb 1 – Apr 30 window.
  • Form 300A page status banner — per-establishment cycle state, posted-confirmation, inline "Sign and post" dialog.
  • Home dashboard tenant-wide posting summary — Total / Posted / Not Posted / Is Overdue counts; appears when the cycle is active and at least one establishment is unposted.
  • A scheduled daily reminder surfaces every establishment inside (or past) the posting window; in-app + logged today, with email / Slack / Teams delivery sequenced next.

OSHA ITA electronic submission

  • A submission record per establishment per year — submitted-at, submitted-by, method (manual portal or direct), confirmation number, status (submitted / failed / pending), and a back-reference when a correction supersedes a prior submission.
  • Manual path — the platform generates the OSHA-format 27-column CSV; the admin uploads it to the OSHA portal and records the submission via an inline dialog.
  • Direct path — the platform submits directly to OSHA's ITA service; per-tenant credentials are held in encrypted secret storage.
  • Eligibility check — ≥250 employees, or 20–249 + high-hazard NAICS per Appendix A — surfaced as a banner on the Form 300A page.
  • Automatic retry — three attempts with backoff on transient failures; submissions awaiting confirmation are held in a pending state.
  • Per-establishment submission history — year-grouped, status badges, and a mark-as-superseded workflow for corrections.

Per-jurisdiction recordkeeping

  • Pluggable jurisdiction model — each jurisdiction supplies its own recordability logic, its own forms, and its own reporting rules; the platform dispatches per establishment automatically. Adding a jurisdiction is a registration, not a rebuild.
  • US federal OSHA — 29 CFR 1904 recordability + Form 300 / 300A / 301 + ITA + severe-injury 1904.39 (8h fatality / 24h hospitalization / amputation / eye loss) with OSHA Area Office routing across 10 federal regions.
  • US state plans — all 50 states + DC + Puerto Rico + Virgin Islands + American Samoa + Guam. Per-state regulatory-regime flag (federal / state-plan-private+public / state-plan-public-only / state-plan-mixed). Per-state authority data. Cal/OSHA Form 5020 fully shipped.
  • Netherlands — Arbowet Artikel 9 + Arbobesluit cascade; Ongevallenrapport PDF; NL serious-incident 4-hour deadline notification + NLA regional office routing by postcode prefix; a submission-lifecycle record.
  • United Kingdom — RIDDOR 2013 (deaths, specified injuries, over-7-day incapacity, dangerous occurrences); Form F2508 + F2508A renderers; single national HSE contact.

Forms rendering — federal + state + non-US

  • OSHA Form 300 — per-establishment per-year running log, auto-derived from Incident recordability cascade + outcomes.
  • OSHA Form 300A — auto-computed annual summary; digital-signature embedding from the posting record.
  • OSHA Form 301 — per-recordable-case incident report; 5-year retention.
  • Cal/OSHA Form 5020 — California-specific employer's report.
  • State Workers' Comp First Report of Injury — a state-specific FROI for all 50 states + DC, each with its own form code and statutory citation. Filing-complete: prefilled from the incident, the establishment's Workers' Comp insurance, and the injured worker's profile, with the worker's SSN and date of birth encrypted at rest and masked on the form.
  • NL Ongevallenrapport — Nederlandse Arbeidsinspectie workplace accident report under Arbowet Artikel 9.
  • UK F2508 + F2508A — RIDDOR accident report + dangerous-occurrence variant.
  • Rendering — pixel-faithful regulatory-form layouts; per-form retention policy enforced.

Privacy handling — 1904.29 + GDPR

  • Universal privacy-concern category set per 1904.29 — sexual assault, mental illness, HIV/AIDS/hepatitis, needlesticks, etc.; first-class field on the incident.
  • Masking on the public 300 log per the regulation; separately-maintained confidential roster.
  • Access-control gates — HR + safety officers see unmasked; admins grant per-user.
  • GDPR DSAR (Data Subject Access Request) export — all personal data on a subject across the incident, the affected person, Form 301 case details, the Workers' Comp worker profile (with its encrypted SSN / date of birth decrypted for the subject's own export), regulatory submissions, and the annual posting record.
  • Erasure / anonymization on DSAR request — shipped, not a roadmap item; covers the NL + future EU tenant baseline.

Submission tracking + supersede semantics

  • A universal submission record plus per-jurisdiction tracking (federal OSHA ITA; NL Arbeidsinspectie; UK HSE manual today).
  • Per-submission audit trail — method, timestamp, confirmation number, target authority, notes, submitter identity.
  • Supersede semantics — when a corrected submission replaces a prior one, the prior one is marked superseded with a back-reference; the audit trail preserves both.
  • Manual ("submitted via phone") + assisted-UI + live-API paths all supported and tracked the same way.
  • Retry persistence — failed submissions persist with their failure state; the admin can retry; transient OSHA endpoint failures are handled automatically.

Establishment + multi-tenant scoping

  • Each establishment carries its jurisdiction, its industry classification (NAICS for US, SBI for NL, SIC for UK, ANZSIC for AU), employee count, registered address, and timezone.
  • Multi-establishment tenants — a default establishment is created on onboarding; each establishment's regulatory regime is shown read-only.
  • Each site rolls up to an establishment, which scopes posting + recordkeeping.
  • Department scoping — optionally scoped to an establishment (hybrid: tenant-wide functional departments coexist with establishment-scoped corp-structure departments).
  • Per-establishment timezone drives posting-cycle math + reminder schedules.

Representative workflows

What this looks like in practice.

Annual Form 300A posting cycle — Feb 1 reminder to Apr 30 closing

A US tenant with 14 sites across 6 states. February 1 arrives. The scheduled reminder runs at 08:00 UTC, surfaces the posting-cycle banner on each establishment + a Home dashboard tenant-wide summary (14/0/14/0). The first Site Safety Officer clicks into Form 300A, reviews the auto-computed summary (recordables, DART cases, days-away, restricted-work — all derived from the year's incident records), supplies the annual attestation, and clicks "Sign and post." The inline dialog captures executive name + title + user + timestamp; the digital-signature block embeds into the rendered PDF; the posting record persists; the status card flips green. Over eight weeks the other thirteen follow; the counter decrements as each posts. April 30: one still unposted, dashboard shows the overdue badge, reminder log surfaces the escalation. External email / Slack delivery is sequenced next.

OSHA ITA submission — eligibility check, manual + live, supersede semantics

March 1 approaches. Form 300A surfaces the ITA eligibility banner — 480 employees + manufacturing NAICS prefix, so 1904.41 applies. Two paths: Manual (download the 27-column CSV, upload to the OSHA portal, record the confirmation number inline) or Direct (the platform submits directly to OSHA's ITA service using per-tenant credentials in encrypted secret storage; the submission record persists with method + confirmation + submitter). Three weeks later the admin discovers a recordability misclassification, corrects the incident, re-submits — a new submission record persists with a back-reference to the prior; the prior flips to Superseded. The per-establishment history page renders both, year-grouped, supersede chain visible. Audit trail is the data, not a narrative.

NL serious-incident notification — 4-hour deadline + NLA portal lifecycle

A workplace accident at a Netherlands establishment meets the Arbowet Artikel 9 + Arbobesluit 4.10b severe-incident predicate (death, permanent incapacity, or hospital admission). The incident's recordability cascade — running the NL jurisdiction model, not the US one — surfaces the determination, the 4-hour deadline, and the regional NLA office derived from postcode prefix. The Ongevallenrapport PDF renders in Dutch field labels. The HSE Director submits via the NLA portal and records the reference; the submission-lifecycle record persists. If the case data later changes (hospitalised worker dies → fatality), supersede semantics apply. The whole chain is auditable in Dutch and in the platform's universal evidentiary trail — no jurisdiction-specific code path inside the incident.

Regulatory coverage shipped

The citations behind the platform.

US federal OSHA

  • 29 CFR 1904.1 / 1904.2 — size + partial-industry exemptions evaluated against the establishment shape
  • 29 CFR 1904.7 — recordability cascade fed into Forms 300 / 300A / 301
  • 29 CFR 1904.29 — privacy-concern category set + masking on the public 300 log
  • 29 CFR 1904.32 — Form 300A annual summary posting cycle (Feb 1 – Apr 30)
  • 29 CFR 1904.39 — severe-injury reporting (8h fatality / 24h hospitalization / amputation / eye loss)
  • 29 CFR 1904.41 — OSHA ITA submission (manual CSV + direct electronic submission)

US state plans

  • All 50 states + DC + Puerto Rico + Virgin Islands + American Samoa + Guam in the state-plan registry.
  • Per-state regulatory-regime flag (federal / state-plan-private+public / state-plan-public-only / state-plan-mixed).
  • Per-state authority data — addresses, phone numbers, electronic-submission URLs.
  • Cal/OSHA — Form 5020 shipped; the SB 1299 workplace-violence annual attestation surface is on the roadmap.
  • MIOSHA, WA L&I, Oregon OSHA — per-state authority routing + state-specific reporting deviations.

Netherlands

  • Arbowet Artikel 9 + Arbobesluit 4.10b — workplace accident + occupational disease recordability + serious-incident notification predicates.
  • Ongevallenrapport — NLA workplace accident report rendered in Dutch field labels.
  • 4-hour serious-incident notification deadline + NLA regional office routing by postcode prefix.
  • Submission-lifecycle tracking + the audit-ready PDF for the NLA portal today; direct electronic submission is on the roadmap.

United Kingdom

  • RIDDOR 2013 — deaths, specified injuries, over-7-day incapacity, dangerous occurrences.
  • Form F2508 — accident report renderer.
  • Form F2508A — dangerous-occurrence variant.
  • Single national HSE contact — no per-region office routing required.
  • Audit-ready PDF for the HSE portal today; direct electronic submission is on the roadmap.

How this is different

What sets compliance automation apart.

Most EHS platforms ship compliance as a checklist module — a list of regulatory tasks with due dates and assignment fields. SE ships compliance as a workflow surface — obligations carry citations, forms render from canonical data, submissions track confirmation chains with audit-trailed supersede semantics, and the multi-jurisdiction surface dispatches per-establishment through a pluggable jurisdiction model. The differences that follow are direct consequences.

Obligations carry their citations

Every obligation record links to the regulation paragraph (or policy section) it derived from, with provenance stamped — manually entered or AI-extracted, grounded-source indicator preserved. When an inspector asks "where did you get this requirement?" the answer is the specific citation on the record, not a narrative reconstruction. AI-extracted obligations carry model version + confidence + grounded flag; a human-review approval gate sits between extraction and live status. Evidentiary chain runs regulation → obligation → form → submission, every step audit-trailed.

Jurisdiction is pluggable, not hardcoded

One incident model, three jurisdictions — each carries its own recordability, forms, and reporting Establishment carries a jurisdiction code US Recordability 1904.7 cascade Forms 300 / 300A / 301 + Cal/OSHA 5020 Reporting Area Office routing + ITA submission NL Recordability Arbowet Artikel 9 Forms Ongevallenrapport Reporting NLA regional office 4-hour deadline UK Recordability RIDDOR 2013 Forms F2508 + F2508A Reporting Single HSE contact
Same incident model, dispatch by jurisdiction code. Adding a country is a registration, not a data-model rebuild.

The same design choice that makes the Incident spoke's recordability cascade work across federal OSHA + 50 state plans + NL + UK makes compliance work too. Forms 300 / 300A / 301 + Cal/OSHA 5020 + NL Ongevallenrapport + UK F2508 / F2508A all render through the same jurisdiction form model; ITA submission + NL submission lifecycle + UK HSE manual path all flow through per-jurisdiction reporting evaluators. Multi-national tenants run native compliance cadences from one incident model and one compliance surface.

Submission supersede semantics are first-class

Regulatory submissions get corrected. ITA superseded by data corrections; NL updated when a hospitalised worker's outcome changes; UK F2508 follow-up after a final injury determination. Every submission record carries a first-class supersede back-reference, prior status flips to Superseded, audit trail preserves both. The history page renders the supersede chain visibly. An inspector reviewing submission history sees the data — not a verbal explanation of why the second replaced the first.

Privacy + GDPR are shipped, not a roadmap item

1904.29 privacy categories are first-class on the incident — masking on the public 300 log + a separately-maintained confidential roster + access-control gates. GDPR DSAR export crosses every regulatory record (incident, affected person, Form 301, submissions, annual posting); erasure / anonymisation on DSAR request is shipped. For NL + future EU tenants this is the floor, not the ceiling. Some platforms position privacy + GDPR as a bolt-on module; SE positions them as required-for-correct-recordkeeping, not optional.

Forms render from canonical data, not export-import

Form 300 / 300A / 301 + Cal/OSHA 5020 + NL Ongevallenrapport + UK F2508 / F2508A all render from the same canonical incident model. When an incident's recordability changes, every form drawing from it re-renders with the corrected data — no re-keying, no export-then-import, no spreadsheet that drifts from the source. Per-form retention is a built-in constraint: 5-year retention on Form 301 is enforced by the platform, not a manual cleanup script.

Adjacencies

What compliance automation connects to.

Incidents

Incident recordability cascade feeds Form 300 / 300A / 301 + Cal/OSHA 5020 + NL Ongevallenrapport + UK F2508 rendering; severe-injury 1904.39 triggers feed the submission workflow.

Explore →

Hazards

Recurring hazard-cadence obligations (e.g., USP <800> wipe-test quarterly, respirator fit-test annual) are roadmap territory — the Obligation registry can hold them, but the per-cadence workflow surfaces are not yet pre-built.

Explore →

AI extraction

Per-tenant AI extraction reads regulatory / policy documents → produces obligation candidates with grounded citations + confidence; a human-review approval gate sits before they land as Approved.

Explore →

Notifications

Posting-reminder + ITA submission outcomes + severe-injury countdowns all flow through the notification layer; in-app + logged today; production email / Slack / Teams channels are sequenced next.

Establishment + multi-tenancy

Per-establishment jurisdiction dispatch + per-tenant timezone + per-tenant ITA credentials in encrypted secret storage + per-establishment posting cycle + department scoping where applicable.

GDPR + DSAR

Data-subject-access export plus erasure / anonymisation across the regulatory record (incident, affected person, Form 301, submissions, annual posting). A cross-cutting shipped capability.

Citations, secure share & versioned packets

Structured regulatory-citation tracking (rule, classification, penalty, response and abatement deadlines, forward-only lifecycle); a time-boxed, revocable, access-logged secure link that lets an inspector view the audit packet and citations with no account; versioned, tamper-evident audit packets; and a multi-establishment compliance rollup with a unified deadline calendar. All shipped.

Closed-loop audit-finding tracking

Each regulatory citation links forward to the corrective-action tasks that address it. The citation detail page shows the full trace — citation → response → corrective tasks → abatement — in one view, with each task's live status badge and a closure summary ("N of M corrective tasks closed; full closed-loop achieved", or "citation closed but some corrective tasks remain open"). Inspectors and auditors get the closed-loop story without hunting across tabs.

On the roadmap

What's next for regulatory recordkeeping.

Everything above is shipped and ready to demo, including the unified compliance-deadline calendar, multi-establishment rollup, structured citation tracking, the token-gated inspector share, and the full inspection-readiness module. These are the focused next additions, sequenced by customer demand.

UK HSE + NL Arbeidsinspectie live electronic submission. The audit-ready PDF and submission-lifecycle tracking work today for both; direct electronic submission to each portal is sequenced next.
OSHA ITA status-check + auto-poll. Submission ships today; automatic status refresh and confirmation polling is the follow-on.
External notification channels. Posting reminders, ITA notifications, and severe-injury countdowns route in-app today; email / Slack / Teams delivery adapters are sequenced next.
Pre-built recurring-obligation workflows. The obligation registry holds any recurring obligation today, and EPCRA Tier II + TRI Form R obligations are pre-seeded; further pre-built workflows (Cal/OSHA SB 553 annual WPV plan, respirator fit-test, USP <800> wipe-test, NRC quarterly) open per customer demand.
Live electronic Workers' Comp submission. The state First Report of Injury renders filing-complete for all 50 states + DC today; electronic submission to state WC systems and carriers — beyond the print-ready PDF — is the focused next addition.
Additional national jurisdictions. Canadian provincial WCBs (BC WSBC, Ontario WSIB, Quebec CNESST), Australia Safe Work, broader EU — the jurisdiction model is built to add each in days to weeks once a customer needs it.
Per-establishment obligation filtering. The obligation registry is tenant-scoped today; per-establishment and per-department surfacing ("respirator cycle applies to Manufacturing but not Admin") is the next refinement.

Continue exploring

More on the SE platform.

Five live feature spokes + two roadmap pages + the Workers' Comp claims roadmap. Jump anywhere.

Incident management Hazards Workers' comp claims Compliance automation Live · You are here Behavioural safety Chemical safety Equipment + assets AI intelligence

See the compliance cadence in the running product.

A 30-minute walk-through against your actual regulatory shape — your jurisdictions, your establishment count, your annual cycle posture, your current submission process. We'll show the Form 300A posting workflow + the ITA submission UI + the per-jurisdiction dispatch in action, with the actual product + real recordability data.

Request a demo