OiRA: Building a Secure, Open, and Long-Lived Digital Risk Assessment Platform on Plone

Micro and small enterprises (MSEs represent over 99% of businesses in the EU, yet many lack the resources and expertise to carry out legally compliant occupational safety and health (OSH) risk assessments. To address this challenge at European scale, the European Agency for Safety and Health at Work (EU-OSHA) partnered with the Plone ecosystem to create OiRA (Online interactive Risk Assessment) — a European successor to the Dutch risk assessment approach.

OiRA is a free, multilingual, web-based platform built on Plone, one of the world’s most secure and mature open-source content management frameworks. It enables MSEs across Europe to conduct structured, sector-specific risk assessments through guided, interactive workflows.

Today, the platform is used by 17 EU countries and counting, supports hundreds of tailored tools, and plays a central role in advancing EU OSH policy objectives.

Project website: OSHA OiRA

At a Glance

Client
European Agency for Safety and Health at Work (EU-OSHA)

Industry
Public sector · Occupational safety and health · Digital public services

Technology Stack

  • Plone (open-source, Python-based CMS)
  • Modular risk assessment engine (Euphorie)
  • Secure, scalable web architecture

Key Results

  • Platform adopted by 17 EU Member States
  • Hundreds of sector-specific and national risk assessment tools
  • Increased uptake and quality of OSH risk assessments among MSEs
  • Recognised by the European Commission as a major contribution to SME OSH compliance

The Challenge: Scaling OSH Compliance Across Europe

EU-OSHA’s mission is to improve safety and health at work across Europe. A major barrier stood in the way: micro and small enterprises often lack the time, expertise, and resources to perform robust risk assessments, despite being legally required to do so.

Existing approaches — paper-based methods or static online guidance — were:

  • Hard to understand for non-specialists
  • Poorly adapted to specific sectors and national contexts
  • Difficult to maintain consistently across countries and languages

EU-OSHA needed a long-term digital platform, not a short-lived project. The solution had to be:

  • Extremely secure
  • Open and transparent
  • Adaptable across jurisdictions
  • Maintainable for decades, not just funding cycles

Why Plone: Security, Openness, and Proven Longevity

Plone was a deliberate and strategic choice for OiRA.

Plone was selected as the foundation for OiRA due to its exceptional security record, open-source governance, and long-term stability.

With more than 25 years of continuous development, Plone is one of the most mature open-source platforms in the world and is widely trusted by governments, international organisations, and institutions with high security and compliance requirements.

Key reasons Plone was chosen include:

  • Security by design
    Plone has an exceptional security track record and is known for its robust permission model, secure defaults, and proactive security team — critical for a public-sector platform handling sensitive workplace data.

  • Open source and vendor independence
    Plone’s open-source nature ensures transparency, avoids vendor lock-in, and allows EU-OSHA and national partners to retain full control over the platform.

  • Proven longevity and stability
    Plone’s long history and active community provide confidence that the platform can evolve sustainably over many years.

  • Python-based extensibility
    The Python ecosystem enabled the development of a highly flexible, modular risk assessment engine tailored to diverse regulatory and sectoral needs.

The Solution: OiRA — A User-First Platform Built on Plone

Built on Plone, OiRA translates complex OSH regulations into clear, guided digital workflows that MSEs can follow independently.

The platform guides users through five structured steps:

  1. Preparation – defining the workplace context
  2. Hazard identification – sector-specific and relevant
  3. Risk evaluation – consistent and compliant
  4. Action planning – practical, prioritised measures
  5. Reporting – clear documentation aligned with legal requirements

Plone’s strong content modelling and permission system allow country partners to collaboratively create and maintain their own tools, while ensuring consistency at EU level.

A strict User-First approach ensured the platform remains understandable and usable for people with no formal OSH background — without sacrificing regulatory accuracy.

What Made This Implementation Unique

A Generalised, Reusable Open-Source Core

The Plone-based Euphorie engine was adapted and generalised so it could be reused beyond EU-OSHA. Today, the same core technology supports:

  • Enterprise risk assessment tools (e.g. Mercedes-Benz, Daimler Truck)
  • National platforms such as the Netherlands’ Global Risk Assessment tool

Built for Multilingual, Multi-Country Use

OiRA supports:

  • Dozens of languages
  • Country-specific legislation
  • Sector-specific logic
  • Hundreds of independently maintained tools

All within a single, secure platform.

Designed for Long-Term Operation

Plone’s stability, security, and upgrade path make OiRA a platform that can evolve continuously, rather than requiring periodic replacement — a critical factor for public-sector digital services.

The Results: Measurable Impact at European Scale

OiRA has delivered sustained value:

  • 17 EU countries actively using the platform
  • Hundreds of tailored risk assessment tools
  • High adoption rates and strong qualitative user feedback on usability and clarity
  • Demonstrated improvements in risk awareness and OSH management practices among MSEs

The European Commission stated:

“The online interactive risk assessment tool (OiRA) developed by EU-OSHA is a major contribution to facilitating SMEs’ compliance with OSH requirements.”
— European Commission, EU Strategic Framework on Health and Safety at Work

OiRA continues to evolve under the EU Strategic Framework (2021–2027), reinforcing its role as a cornerstone of Europe’s digital OSH strategy.

Solution Provider

Syslab.com GmbH

Syslab is a European software company specialising in secure, open-source digital platforms for the public sector, NGOs, and regulated environments. The company has extensive experience delivering long-lived Plone-based systems aligned with policy goals, security requirements, and distributed stakeholder networks.

Sector focus

  • Public sector and government agencies
  • Occupational safety and health
  • NGOs and international organisations
  • Secure decision-support and compliance platforms

Website: https://www.syslab.com
Contact: info@syslab.com

Try Plone