United States Retail Violence Prevention Law: Employment & Labor Compliance Guide

What is the new US retail violence prevention law and who enforces it?

The new federal retail violence prevention law is a nationwide workplace safety requirement that obligates covered retail employers to assess violence risks, adopt a written prevention program, train staff, and, for large employers, install silent panic buttons. It is enforced primarily by the US Department of Labor through the Occupational Safety and Health Administration (OSHA), with potential involvement from state safety agencies in OSHA-approved states.

At a high level, the law formalizes what OSHA has long treated under the General Duty Clause: the duty to protect workers from recognized serious hazards. It does this by setting specific standards for the retail sector, similar to what some states have already done for health care, hospitality, and retail. Employers should treat compliance as both a legal requirement and a core part of risk management, insurance strategy, and brand protection.

• Scope: Applies to retail workplaces nationwide where employees interact with customers or the public on site.
• Core obligations: Risk assessment, written policy, physical controls (for some employers), staff training, recordkeeping, and periodic review.
• Enforcement tools: Inspections, citations, monetary penalties, abatement orders, and potential follow-up monitoring.
• Interaction with state law: Federal standard sets the floor; state laws with stricter requirements still apply.

Which businesses count as "retail" and who must comply?

Under the law, a covered "retail employer" is any business that sells goods directly to consumers in a physical location in the United States and has 10 or more employees company-wide. Coverage is broad and includes everything from convenience stores and bodegas to national chains and luxury flagships.

The threshold is not limited to one store's headcount. You must count all employees across all locations under the same legal employer. Once you hit 10 or more, every retail location you operate in the US becomes subject to the law's requirements.

How does the law define "retail" for coverage purposes?

• Core definition: A business whose primary activity is the sale of goods to the general public for personal or household use, through one or more physical storefronts.
• Typical examples:
  • Convenience stores, bodegas, gas station c-stores
  • Grocery stores, supermarkets, specialty food shops
  • Pharmacies and drugstores
  • Big box and warehouse clubs
  • Apparel, footwear, jewelry, and luxury boutiques
  • Electronics, home goods, and furniture stores
• Often included if customer-facing:
  • Pop-up shops and seasonal kiosks (if employer meets 10+ threshold)
  • Airport and transit retail stores
  • Store-in-store concessions where staff are employed by the concession operator

Who is counted in the 10+ employee threshold?

• Included:
  • Full-time, part-time, and seasonal employees
  • Supervisors and managers
  • Corporate or back-office staff on the same payroll entity (HR, finance, merchandising, etc.)
  • Remote workers employed by the same legal employer
• Typically not counted:
  • Independent contractors properly classified as such
  • Workers employed by third-party staffing agencies (though they are still protected, and joint responsibility issues can arise)
• Counting method: Most employers should use average headcount over a defined period (for example, any month in the prior calendar year where headcount reached 10 triggers coverage for the following year).

How are franchises and multi-brand groups treated?

• Franchised locations: Coverage is usually determined by the legal employer at each store. A franchisee with 10+ employees is covered, even if the franchisor is a separate entity.
• Common ownership groups: If multiple brands or concepts sit under one legal entity, all employees of that entity count toward the 10+ threshold.
• Joint employer risk: Franchisors and management companies can face shared responsibility if they exert significant control over workplace safety or staffing practices.

What workplace violence risk assessment does the law require?

The law requires every covered retail employer to complete a documented, site-specific workplace violence risk assessment on a regular schedule, starting by 2025 or 2026. The assessment must identify risk factors, past incidents, vulnerability points, and feasible controls, and must directly inform your written prevention policy and physical security measures.

You cannot rely on a generic, one-size-fits-all checklist. Each store, warehouse outlet, or retail facility must be evaluated based on its own layout, neighborhood, operating hours, product mix, cash handling, and staffing model.

Key elements of a compliant risk assessment

1. Scope your locations and operations
   • List every physical location where employees interact with customers or the public.
   • Include parking lots, loading docks, and areas where employees may be isolated (back rooms, stockrooms, restrooms).
2. Review incident history
   • Examine prior assaults, robberies, shoplifting confrontations, threats, and harassment incidents for at least the past 3 to 5 years.
   • Review OSHA logs, workers compensation claims, security reports, and insurance loss runs.
3. Identify risk factors specific to each store
   • High-crime neighborhood or isolated location
   • Late-night or 24-hour operations
   • Cash-heavy transactions or expensive, easily fenced goods
   • Single-worker shifts or understaffing during opening and closing
   • Areas with limited visibility or no cameras
4. Engage employees and supervisors
   • Interview or survey staff on near misses, customer aggression, and safety concerns.
   • Document their feedback and incorporate it into your controls.
5. Evaluate existing controls
   • Physical measures: cameras, mirrors, lighting, locked cases, controlled exits, panic buttons (if any).
   • Administrative measures: staffing patterns, opening/closing procedures, cash handling limits, shoplifting response protocols.
   • Training and communication channels for reporting and de-escalation.
6. Prioritize risks and controls
   • Rank risks by severity and likelihood.
   • Identify specific changes needed by location (for example, add a second closer, adjust layout, add lighting, or change cash drop frequency).

Timing and update requirements

• Initial assessment:
  • Large employers (for example, 250+ employees): complete by the end of 2025.
  • Mid-sized and smaller covered employers: complete by the end of 2026.
• Regular updates: Update at least annually and whenever you:
  • Open, close, or relocate a store
  • Change to or from overnight operations
  • Experience a serious incident (assault, robbery, weapons threat)
  • Reconfigure layout or security systems in a way that affects visibility or access
• Recordkeeping: Retain assessments and supporting documents (notes, maps, photos) for at least 5 years or the period specified by OSHA, whichever is longer.

What must your written retail violence prevention policy include?

The law requires a written, workplace-specific violence prevention policy that is based on your risk assessment, shared with employees, and reviewed at least annually. The policy must set out roles, reporting procedures, response protocols, and non-retaliation protections.

A generic handbook paragraph on "workplace violence" will not satisfy this standard for retail. You need a stand-alone program or an integrated section that addresses violence risks and procedures specific to your stores and operations.

Required content of the written policy

• Statement of purpose and scope
  • Affirm the company's commitment to a violence-free workplace.
  • Define who and what the policy covers: employees, contractors, temporary staff, security vendors, and, to the extent possible, customers and visitors.
• Definitions and examples
  • Workplace violence, threats, intimidation, harassment, robbery, weapons, and domestic violence spillover.
  • Specific retail examples: aggressive shoplifters, customers throwing objects, verbal abuse, stalking of employees.
• Roles and responsibilities
  • Store managers, supervisors, corporate safety/HR, and security vendors.
  • Who activates panic buttons, who calls law enforcement, who contacts HR or corporate security.
• Incident reporting and response procedures
  • How to report violence, threats, and near misses internally, including anonymous options where feasible.
  • When to call 911 and what information to provide.
  • What employees should and should not do during robberies, fights, or active threats (for example, prioritize personal safety over property).
• Use of physical controls
  • Instructions for silent panic buttons and other alarm systems.
  • Cash handling and safe drop limits.
  • Procedures for store opening, closing, and deliveries.
• Non-retaliation and support
  • Explicit ban on retaliation for reporting incidents, concerns, or participating in investigations.
  • Availability of medical care, counseling or EAP services, and workers compensation after incidents.
• Training and communication
  • How the employer will train employees on the policy and update them on changes.
  • Where employees can access the policy (printed in breakroom, intranet, HR portal, etc.).

Process for adopting and updating your policy

1. Draft a policy linked directly to your risk assessment findings.
2. Consult with legal counsel, HR, security, and (if unionized) the union or worker representatives.
3. Translate the policy into languages commonly spoken by your workforce.
4. Roll out the policy with training sessions, not just email blasts.
5. Review annually and after any serious incident or major operational change.

When must retailers install silent panic buttons and what systems qualify?

Large retail employers must install silent panic buttons in covered locations by 2027, with planning, budgeting, and vendor selection beginning well before that deadline. Smaller covered retailers may not face a hard legal mandate, but the risk assessment process may nonetheless identify panic buttons or other alarm systems as a reasonable safety measure.

The law focuses on "silent" or "duress" alarms that discreetly alert designated responders without escalating the situation. Employers must ensure that the technology integrates with their security and response protocols and that employees know when and how to use it.

Which employers must install panic buttons?

• Mandatory installation:
  • Large employers over a specified threshold (for example, 250+ US employees or 20+ employees per store in high-risk categories).
  • Multi-store chains that operate extended hours or 24 hours in higher crime areas.
• Discretionary but recommended:
  • Smaller retailers in high-risk neighborhoods.
  • Specialty stores with high-value merchandise or cash-heavy operations.

What counts as a "silent panic button" under the law?

• Core features:
  • Single-action activation (for example, press or foot pedal) that triggers an alert without drawing attention from aggressors.
  • Notification to a designated security service, in-house security, or local law enforcement dispatch, depending on your incident response plan.
  • Redundancy or backup power so the system works during outages.
• Acceptable configurations:
  • Fixed under-counter buttons at registers and customer service desks.
  • Wearable devices or badges with duress buttons for managers or staff in large-format stores.
  • Integrated POS or security systems that trigger silent alerts.
• Not sufficient on their own:
  • Visible loud alarms without a silent component.
  • Camera systems that only record but do not enable real-time alerts.

Timeline and planning milestones

Estimated cost ranges for panic button implementation

Actual costs will vary based on existing security infrastructure, vendor contracts, integration needs, and local labor rates. Many retailers spread costs over multiple budget cycles by sequencing install waves across locations.

What training must US retail employers provide to staff?

All covered retail employers must deliver documented workplace violence training to employees who work in or support retail locations, with initial training by 2025 or 2026 and refresher training thereafter. Training must address your specific policy, workplace risks, panic button use, incident reporting, and de-escalation techniques.

The law expects training to be understandable to the workforce, interactive where possible, and tailored to the actual tasks and situations employees face, not just generic online modules.

Who must receive training and when?

• Covered personnel:
  • Store-level staff (cashiers, sales associates, stockers, customer service, loss prevention).
  • Supervisors and managers.
  • Security guards employed directly by the retailer.
  • Corporate staff who visit stores regularly (field leaders, auditors).
• Timing:
  • Initial training: Within a set period of hire or assignment to a retail role (for example, within 30 days).
  • Refresher training: At least annually, and more often in high-risk settings or after major incidents or policy changes.

Required training topics

• Company policy and legal rights
  • Overview of the retail violence prevention law and employee rights under OSHA.
  • Your company's specific violence prevention policy and non-retaliation protections.
• Risk awareness
  • Common types of violence and aggression in retail, including robbery, shoplifting confrontations, and customer disputes.
  • Warning signs of escalating behavior.
• De-escalation and response
  • Verbal de-escalation techniques adapted for retail interactions.
  • Strategies for maintaining distance and safe positioning.
  • Clear instructions on not physically engaging shoplifters unless company policy and training expressly allow and law permits.
• Emergency procedures
  • How and when to activate panic buttons or other alarms.
  • When to call 911 and how to communicate during emergencies.
  • Evacuation, shelter-in-place, and lockdown procedures where applicable.
• Reporting and follow-up
  • How to report incidents, threats, and near misses internally.
  • What follow-up to expect from management and HR.
  • Available support resources after an incident.

Delivery methods and documentation

• Methods:
  • Instructor-led sessions, whether in person or live virtual.
  • Scenario-based role play and tabletop exercises for managers.
  • Supplemental e-learning modules and quick-reference guides.
• Language access: Provide training in languages commonly used by your workforce and at appropriate literacy levels.
• Proof of training:
  • Maintain sign-in sheets or digital completion records.
  • Retain materials, agendas, and test results for the period specified by OSHA or at least 3 to 5 years.

How should multi-state and franchise retailers manage compliance?

Multi-state and franchise retail networks should design a national violence prevention framework that meets this federal law and can be adapted to stricter state or local requirements. Centralizing standards, tools, and training while allowing for local tailoring is the most efficient and defensible approach.

Operators that treat this purely as a store-by-store issue risk inconsistent practices, legal exposure, and higher incident rates, especially where violence trends cut across markets.

Key design principles for larger retail organizations

1. Create a unified corporate standard
   • Adopt a baseline violence prevention policy, assessment template, and training curriculum that meets or exceeds federal requirements.
   • Build optional modules for higher-risk formats (for example, urban late-night c-stores, standalone ATMs, firearm or jewelry sales).
2. Map state and local overlay requirements
   • Identify states and cities with their own workplace violence or panic button laws affecting retail.
   • Integrate extra local requirements into store-specific procedures and checklists.
3. Standardize technology choices
   • Select preferred security and panic button vendors for national or regional contracts.
   • Ensure systems meet privacy, data retention, and union consultation obligations where applicable.
4. Embed compliance into operations
   • Include violence prevention checks in store audits and field visits.
   • Require risk assessment updates as part of new store openings, remodels, and closings.
5. Monitor and learn from incidents
   • Centralize incident data and trends at the corporate level.
   • Adjust policies, training, and controls based on what actually happens in stores.

What penalties and liabilities apply for non-compliance?

Non-compliance can result in OSHA citations, fines, and abatement orders, alongside increased exposure in civil lawsuits after violent incidents. Regulators and plaintiff attorneys will look closely at whether you conducted risk assessments, implemented reasonable controls, and trained staff.

Penalties vary with employer size, severity of violation, and whether the violation is characterized as serious, willful, or repeat. Insurance carriers may also scrutinize your compliance posture when underwriting or renewing coverage.

Regulatory penalties

Actual fine levels follow OSHA schedules and may change over time. Regulators often combine fines with abatement terms that require employers to implement specific controls and training on a timeline.

Civil and commercial consequences

• Negligence and wrongful death suits: Plaintiffs may argue that failure to follow the law is evidence of negligence.
• Workers compensation exposure: Violent incidents can drive higher claim frequency and severity, affecting premiums.
• Contract and franchise risk: Landlords, brand owners, and partners may require proof of compliance or allocate risk through indemnity clauses.
• Reputation and employee relations: High-profile incidents tied to poor prevention can damage brand trust and complicate recruiting and retention.

When should a retail employer hire a lawyer or expert for compliance?

Retail employers should engage legal counsel or workplace safety experts early, particularly when designing the first risk assessment, drafting the written policy, and selecting panic button technology. Outside experts are most valuable when the stakes are high, operations are complex, or past incidents create added liability risk.

Smaller employers may be able to adapt vetted templates and vendor offerings, but they still benefit from at least a focused legal review of their program and incident response protocols.

Situations where professional help is strongly recommended

• Complex operations or high-risk environments
  • 24-hour or late-night stores.
  • Locations with prior serious incidents or in statistically high-crime areas.
  • Stores selling firearms, high-value jewelry, or controlled substances.
• Unionized or heavily regulated settings
  • Collective bargaining obligations around safety changes, surveillance, and discipline.
  • Need to coordinate with existing safety committees and grievance procedures.
• After a serious incident
  • Employee injury or death due to violence.
  • High-profile customer or bystander injuries.
  • Media, regulator, or law enforcement attention.
• Vendor contracts and technology choices
  • Negotiating security and panic button contracts, response SLAs, and indemnities.
  • Addressing privacy, monitoring, and data retention questions.

Types of experts to consider

• Employment and OSHA counsel: For policy drafting, regulatory interpretation, and enforcement response.
• Security consultants: For physical layout, hardware selection, and response planning.
• Training vendors: For scalable, retail-specific de-escalation and emergency response training content.

What are the next steps for US retail employers to get compliant?

To comply with the new law and reduce violence risk, retailers should immediately map coverage, build a compliance timeline, and launch risk assessments and policy development. Early action spreads costs, limits disruption, and better protects employees in the near term.

Treat this as a cross-functional project that involves HR, legal, operations, security, and store leadership, not just a paperwork exercise.

Step-by-step action plan

1. Confirm coverage and assign ownership
   • Verify that your business meets the 10+ employee threshold.
   • Designate an executive sponsor and a project lead in HR, safety, or operations.
2. Develop a compliance roadmap
   • Set internal deadlines ahead of legal dates for risk assessments, policy adoption, training, and panic button rollout.
   • Align with budget cycles and capital planning.
3. Conduct risk assessments
   • Prioritize higher-risk stores first (for example, late-night locations, high-theft stores).
   • Use a consistent template and document findings thoroughly.
4. Draft and implement your written policy
   • Base it on your assessment findings and involve stakeholders, including frontline managers.
   • Translate, publish, and roll it out with explanatory sessions.
5. Select and deploy panic button and security solutions
   • Define functional and integration requirements, then evaluate vendors.
   • Pilot systems in a subset of stores before large-scale deployment.
6. Design and launch training
   • Create role-specific training modules, including de-escalation and emergency response.
   • Establish processes for onboarding training and annual refreshers, and track completion.
7. Monitor, audit, and improve
   • Set up incident reporting and review mechanisms at store and corporate levels.
   • Update your assessments, policy, controls, and training based on real-world events and regulatory changes.

Retail violence prevention is now a defined legal obligation across the United States, not just a best practice. The employers that move quickly, document their efforts, and integrate safety into everyday operations will be best positioned to protect their people and their business.