English
Español
Deutsch
FI
PT
BR
FR
AR
ZH
PL
RO
BG
LT
Every fleet operator has the same workflow on paper: driver reports a defect, the office triages, the fitter or garage repairs, the vehicle goes back out. Where the workflow fails is in the gaps between these steps — the moments when a defect is "raised", "noted", "passed on", "looked at", "sorted", and the operator cannot prove what actually happened in what order.
This article is for SMB fleet operators where the workflow is informal. It is not for enterprise operators with dedicated transport managers and CMMS systems. It is for the 10-50 vehicle operator who runs the office out of a converted warehouse next to the depot, where the manager is also the dispatcher and the bookkeeper, where defects are sometimes raised verbally at handover, where the fitter is a one-person business who comes by twice a week, and where the records are a mixture of paper, WhatsApp, voice notes and an Excel sheet.
If that is your operation, this article is the one that matters most for you in 2026.
The five-step workflow that survives
The DVSA Guide to Maintaining Roadworthiness sets out the expected workflow in formal language. Translated into operational terms, it has five steps. Every step has to leave a contemporaneous, identifiable, unalterable artefact behind.
Step 1: Driver report
The driver raises a defect. The artefact is the report itself, with:
- Date and time of report — generated by the system, not typed by the driver.
- Driver identity — verified, not just typed.
- Vehicle identity — registration plate, fleet number, mileage at report.
- The defect description — the driver's own words, not pre-filled tick-boxes alone.
- Photos where possible — with EXIF carrying GPS, capture timestamp and device fingerprint.
- A submission acknowledgement — the driver sees confirmation the report was received.
The failure mode at this step is the verbal report. "I told the boss on the way out" leaves no artefact. The boss does not remember exactly when. The driver does not remember exactly which boss. The report exists in human memory, which courts treat as one of the least reliable forms of evidence.
Step 2: Operator acknowledgement
Someone at the operator level acknowledges receipt. The artefact is:
- Date and time of acknowledgement.
- Acknowledger identity — by name, not just "the office".
- The decision taken — quarantine the vehicle, schedule a fix, or no further action with reasons.
- Linkage to the original report.
The failure mode at this step is the silent triage. The defect is read, considered "minor", and dismissed without any record of who decided what. When the same defect contributes to a loss two weeks later, there is nothing to show whether it was dismissed by the senior manager (who has the authority) or the apprentice (who does not).
Step 3: Vehicle quarantine
Where the defect is safety-critical, the vehicle must be removed from service until the fix is verified. The artefact is:
- A status flag on the vehicle — visible in the dispatch system.
- Physical control — keys removed, vehicle parked separately, signage on dashboard.
- A record of the quarantine decision and timing.
The failure mode at this step is the unallocated-vehicle problem. Where vans are not allocated to specific drivers — common in last-mile, courier and same-day operations — a quarantined van can be re-issued by the next dispatcher who does not see the flag. The Wednesday note in the office tray fails this step.
Step 4: Repair and parts
The fix is carried out. The artefact is:
- Date and time of repair.
- Identity of the person who carried out the repair, with their qualification or authorisation.
- Description of the fix.
- Parts used, with reference numbers and supplier where appropriate.
- Photos of the fix — the new component installed, with EXIF.
- An invoice or job sheet from the garage where the work was contracted out.
The failure mode at this step is the verbal fix. "The fitter took it on Thursday" with no job sheet, no parts record, and no photo of the new component leaves the operator unable to show whether the fix was effective, whether it addressed the actual defect, or whether the repair was carried out by a competent person.
Step 5: Verification before re-issue
The vehicle is returned to service only after a competent person verifies the fix. The artefact is:
- Identity of the verifier — separate from the person who carried out the repair where possible.
- Date and time of verification.
- Description of the verification — visual, road test, mechanical test as appropriate.
- The decision to release the vehicle.
- A linked thread back to the original defect report.
The failure mode at this step is the missing verification. The fitter declares the fix done; the dispatcher takes the keys back; the van goes out the next morning with no formal sign-off. If the fix was inadequate, no second pair of eyes saw it, and there is no record that anyone at the operator level took responsibility for releasing the vehicle.
Why courts care about each step separately
An HSE investigator, a Sheriff conducting an FAI, a loss adjuster acting for an insurer, a coroner — all of them assemble the same picture from the same artefacts. They draw a timeline of the defect: reported on day N, acknowledged on day N+0, quarantined on day N+0, fixed on day N+5, verified on day N+5, returned to service on day N+5.
If any of those points is missing, they substitute the absence into a finding. "There is no record of when the report was acknowledged, and we cannot determine whether the decision-maker was authorised to dismiss the defect" is a finding. "There is no record of the vehicle being quarantined, and the same vehicle was issued to a different driver the next morning" is a finding. "The fix was carried out without parts records and without verification by a second competent person" is a finding.
The sum of three or four findings, in a fatal incident, becomes a "gross failure" under the Corporate Manslaughter and Corporate Homicide Act 2007. The Sentencing Council's corporate manslaughter guideline sets fines proportional to organisational turnover but typically running into the high six figures or low seven figures for SMB operators.
The unallocated-fleet variant
Same-day couriers, last-mile delivery operators, and parcel networks frequently run unallocated fleets — drivers are issued whatever van is available that morning. The workflow is harder to enforce here because no driver has continuous accountability for any vehicle.
The countermeasure is a vehicle-side quarantine state that travels with the vehicle, not with the driver. A quarantined van cannot be issued from the gate. The keys are physically separated. The dispatcher's screen shows the vehicle in red. The defect history is attached to the vehicle, not to whichever driver last reported something.
This is the single most important workflow change unallocated-fleet operators can make. The operator who continues to track defects through driver-side channels (whoever was driving when it happened tells whoever is dispatching today) loses cases. The operator who tracks them through vehicle-side channels (the vehicle is quarantined, full stop, until fix verified) wins them.
The contractor driver question
Where drivers are self-employed contractors paid per drop — the dominant model in same-day delivery — the operator's duty of care still applies. HSE guidance on driving at work is clear: the operator engaging the contractor is responsible for ensuring the work is carried out safely, including ensuring the vehicle is fit for the journey.
HMRC's view of contractor drivers as employees-in-effect (the IR35 question) is a separate issue but feeds into the same evidential problem. The investigator looking at a fatal collision will not be persuaded that the contractor "was responsible for their own pre-flight check" if the operator paid them per drop, set their route, set their vehicle assignment and never received the check. The investigator will treat the operator as having retained the duty of care, and will look for the operator's record of how that duty was discharged.
The defensible operator runs the same defect workflow regardless of employment status. Every driver — own or contracted — submits the walk-round check and any defect report through the same system. The system records who submitted what. The record is identical in evidential weight whether the driver was on PAYE or paid through Self Assessment.
RIDDOR — the regulator finds out automatically
The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR) require the employer to report specified categories of incident to HSE. Reportable incidents include:
- Death of any person, whether worker or member of the public, arising from a work activity.
- Specified serious injuries — fractures (other than fingers/toes), amputations, severe burns, loss of sight, etc.
- Over-7-day incapacitation of a worker.
- Dangerous occurrences — including the failure of a load-bearing part of a vehicle.
RIDDOR notifications are made to HSE via the F2508 online form. They trigger an HSE investigation. The investigator arrives — sometimes the same day, sometimes within days — and asks for the workflow record. If your defect-report-to-fix-verified workflow is intact, the investigator usually concludes the operator discharged the duty of care and closes the file with an advisory letter. If the workflow has gaps, the investigation widens, the inspector talks to drivers, and the case starts moving toward enforcement.
The Workplace Regulations 1992 angle for depots
If your defect workflow takes place at a depot — even a small yard with a workshop — the Workplace (Health, Safety and Welfare) Regulations 1992 apply to the workshop area. Lifting equipment in the workshop falls under LOLER and PUWER. Vehicles undergoing repair are work equipment under PUWER. The fitter is a worker; if they are a contractor, the operator retains the duty under HSE's contractor framework.
This matters for the workflow because the verification step (Step 5) often happens in the depot. The competent person is in your workshop, signing off the vehicle. Their identity, their qualifications, their authorisation under your maintenance contract — all of these become part of the record the investigator examines.
What "tamper-evident" means in this context
The principle is simple: each artefact in the five-step workflow is sealed at the moment it is created. Each entry includes the cryptographic hash of the previous entry for that vehicle, forming a chain. Any retroactive change to an old entry breaks every entry that came after it.
What this gives the operator: the ability to show, at any point, that the entries are in their original state. What it gives the investigator: the ability to verify the chain themselves, without trusting the operator's word. What it gives the court: a record that has the same evidential weight as a contemporaneous bank statement or a court-stamped legal document.
The cost of running such a system in 2026 is small. The cost of running a paper-and-Excel system in 2026 is the inability to defend a case that the chain-of-custody system would have defended.
The checklist for SMB fleet operators today
- Map your current defect workflow. From "driver notices something" to "vehicle returns to service", who owns each step?
- For each step, identify the artefact. If the artefact is a verbal handover, a WhatsApp message, or a tear-off pad, mark it as a workflow gap.
- For each gap, design the artefact that should exist there — driver report, acknowledgement, quarantine decision, repair and parts, verification.
- For unallocated fleets, build a vehicle-side quarantine state that the dispatcher cannot override.
- Apply the same workflow to contractor drivers as to own drivers. There is no second class of evidence.
- Brief the team on RIDDOR reporting timelines. The regulator finds out about serious incidents one way or another.
- Migrate to a tamper-evident system within 90 days. The cost is small. The protection is large.
Sources & further reading
- DVSA — Guide to Maintaining Roadworthiness — the canonical defect-workflow reference
- Health and Safety at Work etc. Act 1974
- Corporate Manslaughter and Corporate Homicide Act 2007
- HSE — RIDDOR: Reporting of Injuries, Diseases and Dangerous Occurrences
- Workplace (Health, Safety and Welfare) Regulations 1992
- Provision and Use of Work Equipment Regulations 1998 (PUWER)
- Lifting Operations and Lifting Equipment Regulations 1998 (LOLER)
- HSE / DfT — Driving at work
- HSE — Workplace Transport — Driving
- Sentencing Council — Corporate Manslaughter definitive guideline
Related Mekavo articles: Sheriff Court FAI — what your fleet maintenance record must prove, DVSA roadside spot-check — the 12-minute window, Four phrases UK insurers use to refuse a fleet claim, Adapted vehicles, the Equality Act and corporate manslaughter.
Why we care
Mekavo Fleet was built around the five-step defect workflow. Every report is sealed at submission, hash-chained, EXIF-bound. Every acknowledgement carries the operator's identity. Every quarantine state lives on the vehicle and cannot be overridden by a dispatcher who did not see the flag. Every repair carries parts, photos, and a competent-person signature. Every verification is a separate sealed entry. When the HSE investigator arrives, you do not assemble a defence — you produce the record. We do not give you software. We give you a chain of custody.