Port of Auckland CEO Conviction: What It Means for Boards
Tony Gibson’s conviction set a new precedent for officer liability in NZ. Here’s what H&S leads need their boards to understand – and act on.
What the Port of Auckland conviction means for every board with critical risk obligations
Key takeaway: Tony Gibson wasn’t convicted because Port of Auckland lacked safety systems. He was convicted because nobody had verified that those systems were actually working. That distinction – between documentation and verification – is now the standard every board in New Zealand is being held to.
| Case | Port of Auckland (Maritime NZ v Gibson) |
|---|---|
| Convicted | Former CEO Tony Gibson |
| Date | November 2024 |
| Charge | Failing to exercise due diligence as an officer under the Health and Safety at Work Act 2015 |
| Significance | First conviction of its kind against a CEO of a large, complex organisation in New Zealand |
In November 2024, former Port of Auckland CEO Tony Gibson was convicted of failing to meet his due diligence obligations as an officer under the Health and Safety at Work Act 2015. It was the first conviction of its kind against the chief executive of a large, complex organisation in New Zealand – and possibly the most significant health and safety precedent set in this country since the Act came into force.
If you work in health and safety, you probably already know about it. The question is whether your board does – and more importantly, whether they understand what it actually means for them. Most commentary has focused on the personal liability angle. That’s worth understanding, but it’s not the whole story.
It wasn’t about having the wrong systems
Port of Auckland wasn’t operating without safety infrastructure. They had policies, procedures, a Health and Safety Manual, and a Health and Safety Steering Committee. They had performance agreements with health and safety weighted at 30%, an annual H&S plan, and a KPMG audit on the books. In many respects, they had exactly the kind of H&S infrastructure that boards point to when they want reassurance.
And yet, on 30 August 2020, a stevedore died at the container terminal when a container fell from a crane – in an area where workers weren’t supposed to be.
The exclusion zone rule existed. Workers routinely ignored it, and nobody with authority over the system had taken adequate steps to find out whether the rule was being followed on the ground. Documentation said one thing. Reality said another.
Tony Gibson was convicted – in part – because he hadn’t verified that Port of Auckland’s critical controls were actually working.
“Work as done” versus “work as imagined”
The Court’s judgment introduced a distinction worth carrying into every board conversation you have: “work as done” versus “work as planned, intended, or imagined.”
Officers, the Court found, are expected to maintain sufficient knowledge of work as done – not just work as imagined. They can’t rely solely on what the management system says should be happening; they’re required to have genuine visibility into what’s actually happening. This isn’t a technicality. It’s the difference between a CEO who receives reports and a CEO who knows.
That gap isn’t one that quarterly H&S reports close. A report assembled weeks after the fact, from information people chose to surface, describes work as someone wanted it to be seen – not necessarily as it was.
Gibson was aware, via a March 2019 Critical Risk Report, that the number of recorded incidents and near misses likely wasn’t reflective of actual events at the port. He knew that widespread non-compliance with the exclusion zone rule existed, and he didn’t take adequate steps to verify that the underlying controls had been addressed. That awareness, combined with inaction, was central to his conviction.
Worth noting too: evidence of his involvement in other positive H&S initiatives wasn’t enough to get him off the hook. If anything, it was used to set the standard for what someone in his role should have been doing across the board. You don’t get credit for the things you got right when you failed to act on what you knew.
What this means for officers at large organisations
Before this case, there was a reasonable assumption – not quite stated, but widely held – that prosecution of officers in large, complex organisations was unlikely. The hands-on operator of a small business? Yes. The CEO of a major port? Less clear.
That assumption is gone.
The Court was direct: the fact that a CEO isn’t on the tools every day doesn’t reduce what’s expected of them – it changes the form it takes. For a CEO, doing your job on health and safety means ensuring the organisation has the systems, the reporting lines, and the verification processes that give you genuine confidence that critical controls are working. Not just receiving information, but being able to trust that it’s accurate.
It also means something important for the entire board. The judgment pointedly noted that the board’s own conduct wasn’t on trial in this case – leaving the door explicitly open for boards, not just executives, to face similar scrutiny in future prosecutions.
That sentence deserves to sit in your next board paper.
The Health and Safety at Work Amendment Bill has the same fingerprints
The Port of Auckland conviction has echoes in New Zealand’s most significant health and safety reform since the 2015 Act – the Health and Safety at Work Amendment Bill, introduced to Parliament in early 2026 and expected to reach Royal Assent before the House rises in September.
The Bill introduces, for the first time, a formal legal definition of “critical risk.” It requires organisations to genuinely prioritise critical risks: managing them before other risks, checking and reviewing controls for them more frequently, and putting more resources into them. For officers, the duty to exercise due diligence under section 44 is being tightened – moving from a broad, open-ended list of what’s expected to a clear, fixed set of requirements. One of those requirements is verification: officers must verify that the resources and processes they’re responsible for are actually being provided and used.
Not documented. Not planned. Verified.
The Bill doesn’t create a new obligation that didn’t exist before. What it does is remove the ambiguity that allowed boards and officers to be comfortable with less. When “critical risk” becomes a defined legal term and “verification” appears explicitly in the officer duty, the question shifts from “did we have a system?” to “did we know it was working?” That’s the question the Port of Auckland case was ultimately decided on, and the Bill is going to make it the standard question for every organisation with critical risk obligations.
The practical implication for H&S leads
If you’re an H&S manager, risk lead, or operations manager, here’s the most important thing the Port of Auckland case tells you about your role right now: the information you give upward matters more than it ever has.
Gibson was on notice. He had audit findings, incident data suggesting under-reporting, and a critical risk report that flagged the gap. The problem wasn’t that he lacked information – it was that the information he had didn’t translate into verified action on the controls that needed to change.
The boards and executives you work with are now operating in an environment where their personal liability is tied to whether they genuinely knew the state of critical controls – and whether they acted when they should have known something was wrong. That creates two obligations for you.
The first is to give them real information, not reassuring information. The gap between what a management system says and what workers are actually doing on-site is the gap where incidents happen and convictions follow. If you’re aware of non-compliance, near-misses that aren’t being captured, or controls that exist on paper but not in practice – that information needs to reach decision-makers clearly and quickly, not softened in a monthly summary.
The second is to change what you’re asking for visibility on. Most H&S reporting looks backward: incidents that happened, near misses that were logged, findings from the last audit. What the Port of Auckland case demands – and what the Amendment Bill will reinforce – is verified status of critical controls in real time. Not “we have an exclusion zone policy.” Not “our last audit found the zone was in use.” But: is the control working right now, and can we demonstrate that?
A different kind of governance question
Boards ask a lot of questions about health and safety. Many of them are the wrong ones.
“Are we compliant?” misses the point. Compliance is a floor, not a ceiling – and the Port of Auckland conviction happened inside an organisation that, on paper, looked like it was doing everything right. “What does the report say?” isn’t much better. Reports describe work as imagined, assembled by people who may not have visibility into work as done.
The question that matters – the one the Court effectively required Gibson to be able to answer, and couldn’t – is: how do we know our critical controls are actually working?
Not how do we think. Not what does our system say. How do we know?
That question – answered honestly, with evidence – is the standard that the Port of Auckland conviction established and the Amendment Bill is about to write into law. If your board isn’t asking it yet, that’s the conversation worth having.
Critter is built by IMPAC – 27 years of health and safety expertise, purpose-built for the critical risk governance challenge. Learn more about IMPAC.