NR-1 in Brazil: What the New Rules on Psychosocial Risks Really Mean for Employers

For years, Brazil’s NR-1 regulation has focused on employers’ responsibility to identify workplace hazards and implement preventative measures. But the law’s 2024 regulatory update is changing that. And not in the way many expected.

As of the 26th of May, 2026, companies are expected to address something less visible but equally impactful beyond their usual responsibilities. And that is psychosocial risks. 

To better understand what this means in practice, we spoke with Jana Chezanoski, Global Mobility Strategist and Founder of RISO Global, who works closely with international companies navigating compliance in Brazil. Keep reading to learn more.

Who the NR-1 Regulatory Update Applies To

NR-1 applies to all employers in Brazil, regardless of size or industry. But that doesn’t mean implementation looks the same for everyone.

“Some requirements, like maintaining a CIPA, depend on the size and risk level of the company. So while NR-1 is broad, companies need to interpret it within their own context.”

This is often where confusion starts. Companies either underestimate their obligations or assume everything applies equally.

From Workplace Safety to Organizational Health

According to Jana, the update to NR-1 doesn’t introduce entirely new challenges. Instead, it formalizes ones that already exist.

“Companies have always dealt with workload, interpersonal conflict, or even harassment. What NR-1 does is require them to manage these risks in a structured and documented way.”

By explicitly including psychosocial risks, the regulation expands the definition of workplace safety. But instead of prescribing a strict methodology, it allows flexibility—companies are expected to adopt reasonable, documented approaches.

That flexibility is helpful, but it also raises an important question: What does this actually look like in practice?

What the NR-1 Update Means for Companies

For many organizations, the biggest shift is not about doing something completely new. It is about doing what they’ve always done in a consistent and traceable way.

Issues that were previously handled through conversations, emails, or ad hoc HR actions now need to be managed within a clear framework. In practice, companies are expected to:

• Identify and assess risks through a structured approach, such as a PGR
• Implement preventive measures across different types of workplace risks
• Involve employees in identifying and addressing issues
• Provide training and awareness
• Document risks, actions, and incidents
• Continuously monitor and improve their processes

“When inspections happen, it’s not just about whether you handled a situation—it’s whether you can demonstrate how your system works.”

Visibility Starts With Trust

A major challenge in managing psychosocial risks is visibility. If employees don’t feel safe raising concerns, many risks remain hidden until they escalate.

“You cannot manage what you don’t see. And in many companies, employees won’t speak up unless there is a safe and structured way to do it.”

That’s why many organizations introduce confidential reporting channels. Not necessarily because the law mandates a specific tool, but because it enables companies to meet the broader expectation of structured risk management.

What Happens If Companies Don’t Adapt

NR-1 itself does not define fixed fines, but noncompliance still carries real consequences. Penalties are established under NR-28 and depend on factors such as the severity of the violation and the size of the company.

In practice, this means companies may face fines reaching tens of thousands of reais per violation, along with corrective measures or operational restrictions.

“The financial impact is important, but the bigger risk is exposure. If you cannot demonstrate your processes, it becomes much harder to defend your position.”

NR-1 as Part of a Bigger Compliance Picture

NR-1 is not a standalone requirement. It works alongside other obligations, such as medical monitoring under PCMSO (NR-7)—a program that ensures employees undergo regular occupational health assessments—and reporting through eSocial, Brazil’s digital system for submitting labor, payroll, and compliance data to the government.

“Companies shouldn’t approach NR-1 in isolation. It’s part of a broader system that needs to function together.”

This reinforces the idea that compliance is no longer about isolated policies. Companies that wish to fulfill their regulatory obligations need to create effective, connected systems.

A Shift Toward Proactive Risk Management

At its core, NR-1 is about moving from reactive to proactive. Instead of addressing issues only after they arise, companies are expected to:

• Anticipate risks
• Act early
• Maintain structured and auditable processes

For organizations that approach this strategically, this is more than a compliance exercise.

“It’s an opportunity to strengthen internal processes, improve transparency, and build trust.”

Turning Requirements Into Practical Systems

As companies adapt, one thing becomes clear: informal processes are no longer enough. Organizations need systems that help them capture concerns, manage cases consistently, and maintain clear documentation.

This is where tools like FaceUp support compliance in practice. 

By centralizing reporting and case management into one structured system, organizations gain visibility, consistency, and audit-ready documentation, helping them reduce risk while building a more transparent workplace.

Final Thoughts

NR-1 doesn’t change what companies should care about—but it changes how they are expected to manage it. By bringing psychosocial risks into focus, it encourages a more structured, transparent, and preventative approach to workplace safety.

For a detailed breakdown of the legal requirements, you can explore our full NR-1 law overview.