This article adopts a comparative socio-legal approach in exploring the relationship between disaster risk and compliance with normative frameworks concerning disaster management. Risk colonisation is the term given to the phenomenon whereby societal risks such as those posed by disasters create further risks, institutional in nature, to disaster management systems themselves. Disaster management systems are exposed to institutional risks, including those that arise from non-compliance with the range of laws and guidelines relating to disaster management developed in recent years. Grounded in exploratory case studies drawn from Indonesia and Ireland, it is suggested that the consequences of this phenomenon is that, in circumstances in which disaster risk is perceived to be high, patterns of compliance with regulatory frameworks are likely to be characterised by recourse to scientific expertise. Blame avoidance and defensive compliance strategies are also likely to occur. Conversely, in circumstances in which disaster risk is perceived to be relatively low, compliance patterns are likely to be ad hoc in nature and allow for significant governmental discretion. The implications of such consequences for the normative underpinning of disaster management are addressed.