A 2025 study by Catalyst and NYU Law's Meltzer Center — the largest workplace inclusion survey published since executive orders on DEI — found that 88% of legal leaders and 83% of C-suite leaders say maintaining or expanding DEI is essential to mitigating legal risk. A further 65% of legal leaders said moving away from DEI would create more legal risk, not less. Their conclusion: opting out of DEI is not a neutral act. It is a choice with consequences.
The research is US-based — but the risk logic is identical. In Australia, the obligations go further.
- Anti-discrimination law — across race, sex, disability, age and other protected attributes — creates baseline employer obligations that do not bend to political climate or budget cycles.
- The positive duty framework under the Sex Discrimination Act requires employers to take reasonable and proportionate measures to eliminate sexual harassment, sex discrimination, and hostile work environments — not just respond to them.
- State and Territory-based Work Health and Safety law places a direct obligation on organisations to manage psychosocial risks.
- From 2026, large employers are required under new legislative amendments to select and commit to gender equality targets — and demonstrate improvement against them. The accountability is no longer aspirational. It is statutory.
DEI is not adjacent to these obligations. It is central to them.
A DEI strategy is a risk management tool — but only if it's built that way. Most aren't. A strategy disconnected from the systems, decisions and behaviours that shape how the organisation actually runs doesn't neutralise risk. It papers over it. And an organisation that believes its DEI strategy is doing the work, when structurally it isn't, is more exposed than one that knows it hasn't started.
The problem isn't usually that organisations don't care. It's that DEI has been designed to sit outside the business rather than inside it.
It shows up as a strategy owned by HR rather than the business. Initiatives disconnected from the decisions that shape people's experience day to day. Metrics that don't link to performance or risk. Inclusion treated as culture rather than capability. Effort without structural change.
And anything that sits outside the core operating model will always lose priority. Always. Which means the risk it was meant to manage keeps building — unseen, unmeasured, and unaddressed — until it isn't.
What does that risk actually look like in practice?
- Hiring processes designed for efficiency, not equity — narrowing your talent pool before you've started.
- Leadership capability measured on results, not how those results are achieved — creating incentives that drive out exactly the people you need to retain.
- Promotion pathways built on informal sponsorship rather than transparent systems — compounding disadvantage quietly, over years.
- Risk frameworks that capture financial exposure but not cultural or psychosocial risk — leaving the organisation blind to some of its most significant liabilities.
- Decisions made without diverse perspectives, and without consequence — reducing the quality of thinking at precisely the moments it matters most.
A DEI strategy exists. But it doesn't influence how the organisation runs. And that gap — between the strategy on paper and the system in practice — is where the risk lives.
This is the shift a modern DEI strategy makes.
Not asking, "What initiatives should we add?" but "How does inclusion show up in how we operate?" Because inclusion is the mechanism that makes diversity work. Without it, representation doesn't shift. Retention doesn't improve. Legal and psychosocial obligations don't get met. The organisation remains exposed.
A modern DEI strategy is not a program. It is infrastructure.
Built into recruitment, performance, leadership, governance and risk — not bolted on as an afterthought. Owned by leaders accountable for outcomes, not just intent. Driven by workforce data and lived experience, not borrowed best practice. Measured in representation, retention, progression, safety and engagement — tracked and acted on, not reported and filed.
Because inclusion lives in who gets heard and who doesn't. Who gets opportunities — and how. What behaviours are rewarded. What risks are named — and which are quietly ignored. If those systems aren't inclusive, nothing else will compensate. And the cost of getting it wrong compounds every year the underlying architecture stays unchanged.
The organisations getting this right have stopped adding DEI on top of the business. They've started building it into the business.
That's not a values choice. It's a risk management decision.
So if your DEI strategy isn't delivering — don't add another initiative. Don't rewrite the same plan. Ask the harder question:
"Where is DEI still sitting outside the way we operate — and what is that costing us?"
Because that's where the exposure is. And that's where the work is.
Felicity Menzies is the CEO of Culture Plus Consulting. Culture Plus delivers evidence-based diversity, inclusion, and respect at work programmes to organisations across Australia.
If you're ready to close the gap between DEI intent and organisational reality, we'd love to talk.