From time to time, NR-1 is updated to accommodate the reality of the current labor market.
In 2025, Brazil registered more than 546,000 work absences due to mental disorders—the highest number in the past decade and an increase of 15,66% compared to the previous year, according to data from the Ministry of Social Security.
Given this scenario, the Ministry of Labor and Employment put into effect Ordinance MTE No. 1,419/2024, which made psychosocial risks an integral part of the PGR of all companies.
With this, psychosocial risks must be monitored and supervised by the Risk Management Program (PGR)., Creating action plans to mitigate The risks of burnout, stress, and workplace violence.
What is NR-1 and
Regulatory Standard No. 1 is the foundation of the entire Occupational Safety and Health (OSH) system in Brazil. It establishes the general provisions, principles, and guidelines that underpin and direct the application of all other regulatory standards.
In theory, it functions as the structuring framework upon which the other NRs are built. Defining the rights, duties, and responsibilities of both employers and workers.
At the operational core of the standard is Occupational Risk Management (ORM): the systematic process by which the organization identifies hazards, assesses risks, and implements control measures to protect physical and mental integrity of their collaborators.
The OHS Management System's macro view is the OHS Management System, and the Risk Management Program (RMP) It is the documentary instrument that materializes this process—the occupational risk inventory and the action plan that support legal compliance and guide preventive actions.
Until 2022, when the new wording of NR-1 came into effect, companies operated under the PPRA (Environmental Risk Prevention Program) model, whose scope was limited to physical risks, chemical and biological.
The O GRO and PGR expanded this universe, also incorporating ergonomic factors and accidents. The 2024 update represents an even more profound qualitative leap: psychosocial risks now have explicit and mandatory normative recognition in the Brazilian OSH system.
To understand more about difference between GRO and PGR and how each is applied in practice, it is worth deepening this understanding before moving on to the strategic implications of the change.
What changed with NR-1?
The PORTARIA MTE No. 1,419/2024 specifically amended Chapter 1.5 of NR-1, which deals with Occupational Risk Management. The central change is the express inclusion of Psychosocial Risk Factors Related to Work (FRPRT) in the list of risks that must be included in the PGR's risk inventory.
In practice, this means that organizations acquire the legal duty to identify, assess, and manage factors such as: chronic occupational stress, workload and abusive goals, moral and sexual harassment, excessive working hours, inadequate management practices, systematic interpersonal conflicts, and lack of organizational support.
These elements should now be treated with the same methodological rigor applied to physical, chemical, biological, and ergonomic risks, with assessments of severity and probability, documented prevention measures, an action plan with responsible parties and deadlines, and continuous monitoring.
Additionally, the updated standard requires organizations adopt participation and consultation mechanisms workers in the risk management process, including the involvement of CIPA (Internal Commission for Accident and Harassment Prevention).
The focus of interventions should be on the organization of work, not just on the individual, representing an important cultural shift.
The effective date of the new requirements, originally scheduled for May 2025, came into effect by Ordinance MTE No. 765/2025 on May 25, 2026.
NR-1 and psychosocial risks: why is this a strategic issue, not just one of compliance?
The update to NR-1 reinforces that psychosocial risk factors related to work must be considered in Occupational Risk Management and the PGR.
This means that issues such as overwork, occupational stress, harassment, excessive pressure, exhausting work schedules, and failures in work organization will no longer be treated solely as behavioral or cultural issues. They will become part of the company's formal risk management agenda.
The rise of mental disorders in Brazil reinforces the urgency of the topic.The numbers show the magnitude of the problem:
- 546.254 benefits for mental and behavioral disorders granted in 2025;
- A 15.66% increase compared to 2024;
- 166,489 concessions related to anxiety disorders;
- 126,608 allowances related to depressive episodes;
- 63,46% of benefits granted to women;
- São Paulo, Minas Gerais, and Rio Grande do Sul among the states with the highest volume of concessions.
These data do not mean that all cases have an occupational origin. Nevertheless, they highlight a increasing pressure on companies, leadership and management systems.
When an employee is absent due to mental illness recognized as work-related by the INSS, the lack of documented management of psychosocial risks in the PGR significantly facilitates the recognition of the causal link, generating a provisional stability of 12 months, the obligation to pay FGTS during the absence, and exposure to compensation for moral and material damages.
The practical obligations of the updated NR-1: what the PGR needs to cover
To transform compliance into execution, it is fundamental that managers understand the concrete requirements that the updated NR-1 imposes on the PGR.
The process of risk management psychosocial follows the same methodological logic as other occupational risks and should be structured in clear stages.
Psychosocial hazard identification
The risk inventory should map, by sector and function, the factors that can impact employees' mental health. This includes analysis of work schedules, goal structure, workflows, leadership practices, interpersonal dynamics, and ergonomic conditions with a psychosocial dimension.
The standard requires active listening mechanisms for workers, such as employee climate surveys, reporting channels, and manifestations of CIPA as an integral part of the identification process.
Risk assessment with documented criteria
Once the hazards are identified, the organization must assess each factor according to its severity (potential gravity of consequences for the worker's health) and probability of occurrence.
The evaluation methodology is up to the company, as long as the criteria used are documented. PDCA cycle, widely adopted in management systems, offers a natural framework for structuring this process in a continuous and auditable manner.
Action plan with responsible parties and deadlines
Based on the risk assessment, the organization must develop a Action plan with preventive measures and mitigation, implementation schedule, defined responsible parties, and monitoring mechanisms.
The plan should be treated as a living document, not a filed report, with mandatory revisions every two years or whenever there are relevant changes in the environment, processes, or the occurrence of accidents and illnesses.
Integration with organizational governance
NR-1 is not an isolated task within the Safety and Health department, as it requires the involvement of HR, Legal, Compliance, leadership, and senior management.
According to COSO ERM, operational and compliance risks should be managed with the same discipline and visibility applied to financial and strategic risks. The ability to integrate the PGR data into the system Enterprise Risk Management is what differentiates a reactive response from a mature governance strategy.
How to structure the strategic response to NR-1?
The new wording of NR-1 came into effect in May 2026 and reinforced the need to include psychosocial risk factors related to work in the Occupational Risk Management and at the PGR.
For companies that still treat the subject merely as a documentary requirement, this represents a race for compliance. For organizations with a strategic vision, the standard should be seen as part of a broader agenda of occupational health, productivity, governance, and operational continuity.
The starting point is exposure diagnosis. Before creating generic actions, the company needs to identify where psychosocial risks are most concentrated.
This involves mapping sectors, functions, units, and management practices associated with overload, harassment, low autonomy, incompatible goals, lack of support, recurring conflicts, or failures in work organization.
This diagnosis should combine different sources of information:
- Leave and absenteeism data;
- Turnover rates;
- Climate and engagement surveys;
- Ombudsman records, complaints, and listening channels;
- Interviews, focus groups, or structured listening sessions;
- Workload and operational capacity indicators.
Based on this diagnosis, the strategic response to NR-1 should be structured in three dimensions:
| Dimension | What does it involve | Objective |
| Documentary and regulatory | Inclusion of psychosocial risks in the GRO/PGR, evaluation criteria, risk inventory, and action plan | Demonstrate compliance and traceability |
| Cultural and managerial | Leadership training, listening channels, worker participation, and review of management practices | Reduce organizational risk factors |
| Continuous monitoring | Indicators, periodic review of risks, and evaluation of the effectiveness of measures | Avoid a one-off, reactive approach |
The effort-impact matrix can support this prioritization, helping leadership identify which actions should be implemented quickly and which require structural planning.
Structuring the response to NR-1, therefore, does not mean just fulfilling a regulatory obligation. It means creating a management model capable of identifying risks before they turn into absences, liabilities, loss of productivity, or deterioration of organizational culture.
The role of technology in integrated risk management of NR-1
The complexity of implementing NR-1 makes manual management unfeasible. Static spreadsheets and disconnected processes not only increase the risk of non-compliance but also reduce the organization's ability to transform data into decisions.
In general, an integrated risk management system allows for:
- Centralize risk inventory;
- Connect psychosocial risks to action plans;
- Monitor Key Risk Indicators (KRIs) in real time;
- Record implementation evidence;
- Generate auditable reports for Ministry of Labor inspections.
This traceability and governance capability is precisely what differentiates an audit-ready organization from one exposed to sanctions and labor liabilities.
According to Gartner, organizations that integrate risk management into their governance systems reduce their response time to compliance events by up to 30% and increase the reliability of their decision-making processes.
Technology does not replace management intelligence, but amplifies it, ensuring that the right information reaches the right people at the right time. This principle is at the core of Intelligent automation applied to corporate governance.
An NR-1 represents a normative adaptation that goes far beyond the creation of new bureaucratic obligations.
By including psychosocial risks on the same level as physical, chemical, and biological risks, the standard formally recognizes that employees' mental health is an organizational responsibility, and that the absence of structured management in this dimension constitutes not only a legal liability but also a strategic risk.
As such, it is the organization's role to transform this regulatory requirement into governance.
