How to Write a Code of Conduct (With Template)

Q: Is a code of conduct a legal requirement in the UK?

There is no single law requiring one, but it helps you meet related obligations such as the adequate procedures defence under the Bribery Act 2010 and duties on discrimination, health and safety and data protection.

Q: Who should write and approve it?

Draft it with input from HR, leadership and staff so it reflects real working life, then have it formally approved by the board or business owner, with one owner to keep it current.

Learning how to write a code of conduct is one of the most useful things a growing business can do, because it turns vague good intentions into a clear set of expectations everyone can point to. A code of conduct is a short, plain document that states the standards of behaviour your organisation expects from its people, and what happens when those standards are not met. This guide explains what to include, the structure to follow, and how to roll it out so it is actually used rather than filed away.

A code of conduct is not the same as a code of ethics. A code of ethics sets out the values and principles you stand for; a code of conduct translates those principles into concrete rules and behaviours. The best documents connect the two: a short statement of values at the top, then practical conduct rules underneath. If you have not already, it helps to be clear on your underlying principles first, which we cover in our guide to what business ethics is.

Why your business needs one

A written code does three jobs. It sets shared expectations so new and existing staff know where the lines are. It protects the business, because consistent, documented standards make it far easier to act fairly when something goes wrong. And it signals to customers, partners and regulators that you take integrity seriously, which increasingly matters in procurement and due diligence. Even a small team benefits, because the moment you have more than a handful of people, "everyone just knows how we do things" stops being true.

What to include: the core sections

Most effective codes of conduct cover the same ground. Use these as your section headings:

Purpose and scope. Who the code applies to (employees, contractors, directors), and why it exists.
Our values. A short statement of the principles the rules flow from, such as honesty, respect, safety and fairness.
Treating people well. Expectations on respect, anti-harassment, anti-discrimination, bullying and equal opportunity.
Conflicts of interest. How to recognise and declare a conflict, and rules on outside work and personal relationships.
Gifts, hospitality and bribery. What is acceptable, what must be declared, and a clear no-bribery line. In the UK this is underpinned by the Bribery Act 2010, and having "adequate procedures" is a legal defence.
Confidentiality and data. Handling of confidential information and personal data, with a nod to your data protection obligations under UK GDPR.
Company property and IT. Acceptable use of equipment, email, devices and social media.
Health, safety and wellbeing. The duty everyone shares to work safely and report hazards.
Raising concerns. How to speak up, including a whistleblowing route, and a firm anti-retaliation promise.
Consequences. What happens if the code is breached, linked to your disciplinary policy.

A simple code of conduct template

You do not need legal language. Use this skeleton and fill each section with two or three plain sentences:

1. Introduction. "This code sets out how we expect everyone at [Company] to behave. It applies to all staff, contractors and directors."
2. Our values. "We act with [your three or four values]. These principles guide every rule below."
3. How we treat each other. Respect, inclusion, zero tolerance of harassment and discrimination.
4. Integrity at work. Conflicts of interest, gifts and hospitality, anti-bribery, accurate records.
5. Looking after information and property. Confidentiality, data protection, acceptable use of IT.
6. Health, safety and the environment. Working safely, reporting risks, our environmental commitments.
7. Speaking up. How to raise a concern, who to contact, and our promise of no retaliation.
8. If the code is broken. The standards are taken seriously and breaches are handled through our disciplinary procedure.
9. Sign-off. Owner, approval date and review date.

How to write it well

Keep it short, ideally a few pages, and write in plain language an apprentice and a director would both understand. Use "we" and "you", give real examples where a rule could be ambiguous, and avoid copying a generic template wholesale, because a code that does not reflect how your business actually works will be ignored. Decide the tone deliberately: a code can be warm and values-led or formal and rules-led, but it should match your culture.

Approval and rollout

A code only works if people know it exists and leaders live by it. Get it formally approved by the board or owner, then introduce it properly: brief the whole team, walk through the key sections, and ask everyone to acknowledge they have read it. Build it into induction for new starters, point to it when relevant decisions come up, and review it at least once a year or whenever the law or your business changes. Pair it with a clear decision process for the grey areas, such as the seven-step framework in our guide to ethical decision-making.

Frequently asked questions

What is the difference between a code of conduct and a code of ethics?

A code of ethics states your values and principles; a code of conduct turns them into concrete rules and expected behaviours. The strongest documents combine both: values at the top, practical conduct rules underneath.

How long should a code of conduct be?

Short enough to be read. A few pages is plenty for most businesses. If it runs long, move the detail into supporting policies and keep the code itself a clear summary.

Is a code of conduct a legal requirement in the UK?

There is no single law requiring one, but a code helps you meet related obligations, such as the "adequate procedures" defence under the Bribery Act 2010 and your duties on discrimination, health and safety and data protection. It is strongly recommended even where it is not mandated.

Who should write and approve it?

Draft it with input from HR, leadership and a cross-section of staff so it reflects real working life, then have it formally approved by the board or business owner. Assign one owner to keep it up to date.

How often should we review the code?

At least once a year, and whenever the law, your structure or your risks change. Record the approval and next review date on the document itself.