Do I Need a Legionella Risk Assessment? Who Must Comply and When
Published 28 March 2026 · Last reviewed 14 March 2026
The short answer: in almost all cases, yes. If you are responsible for a building with a water system in the UK and other people occupy or work in it, you are likely to need a legionella risk assessment. Genuine exceptions exist (see below) but they are uncommon.
Here is a building-by-building breakdown of who needs one, who does not, and what triggers the requirement.
The legal trigger
The requirement comes from the Health and Safety at Work etc. Act 1974 and the Control of Substances Hazardous to Health Regulations 2002 (COSHH). These apply to anyone who is:
- An employer with premises containing a water system, or
- A person in control of premises (landlords, building managers, facilities managers)
ACoP L8 is the Approved Code of Practice that specifies how to comply with these duties in relation to legionella.
Do I need one? Quick reference
| Building type | Need a risk assessment? | Notes |
|---|---|---|
| Rental property (single let) | Yes | Landlord is the duty holder |
| HMO | Yes | Higher risk — shared facilities, tenant turnover |
| Care home | Yes | Higher risk — vulnerable occupants |
| Dental or GP practice | Yes | Aerosol generation during procedures |
| Hotel or B&B | Yes | Seasonal occupancy creates stagnation risks |
| School | Yes | Holiday closures create stagnation risks |
| Office building | Yes | Employer duty under COSHH |
| Shop or retail unit | Yes | If it has a water system (even just a toilet and sink) |
| Owner-occupied home | No | No duty holder/tenant relationship. You manage your own risk. |
| Building with no water system | No | Extremely rare — most buildings have at least cold water |
If your building has hot and cold water and someone other than you occupies or works in it, you need a risk assessment.
Common misconceptions
"My property is low risk, so I don't need one"
Low risk does not mean no risk. Even a simple flat with a combi boiler and no stored water has some risk — a shower that creates aerosols, an unused second bathroom, pipework running through warm spaces. The assessment may be brief and the conclusion may be "low risk, minimal controls needed" — but the assessment itself must exist.
"I need a legionella certificate"
There is no such thing as a legionella certificate in UK law. Unlike gas safety (which requires an annual Gas Safety Certificate from a Gas Safe registered engineer), legionella compliance is based on a risk assessment and ongoing records — not a one-off certificate. HSE confirms this explicitly.
"I need to hire a specialist"
Not necessarily. HSE confirms that landlords of simple domestic water systems can carry out their own risk assessment if they are competent. For standard residential properties (combi boiler or stored cylinder, no cooling tower, no complex distribution), a competent landlord can self-assess.
"Legionella testing is legally required"
Routine microbiological testing (sampling water for legionella bacteria) is not required for standard domestic hot and cold water systems. Testing is only needed in specific circumstances — usually for larger or complex systems, or after a positive sample or incident. What IS required is the risk assessment and ongoing temperature monitoring.
What triggers a NEW assessment
You need a fresh risk assessment (not just a review) when:
- You acquire a property with no existing assessment
- A property is newly built or substantially refurbished
- The water system is significantly modified (new storage, new distribution, new outlets)
- The previous assessment is lost or was never documented
For review triggers on an existing assessment, see our guide to risk assessment review frequency.
What happens if you do not have one
Enforcement follows a ladder:
- Informal advice — an inspector tells you to get one done
- Improvement notice — formal requirement to produce a risk assessment within a specified timeframe
- Prosecution — fines and imprisonment under health and safety legislation, with penalties reflecting the severity of the breach
The absence of a risk assessment is not, by itself, a criminal offence — but it is strong evidence of non-compliance if a tenant falls ill or an inspector investigates.
Getting started
For landlords and building managers of standard properties, the process is:
- Assess — use LegioLog's Risk Assessment Template Generator to create a building-specific template
- Document — complete the assessment, sign, date, and set a review date
- Monitor — start the ongoing temperature checks and flushing schedule. Use the Temperature Compliance Checker and Flushing Schedule Calculator to set up your routine.
For the full regulatory background, see our ACoP L8 and HSG274 guide.
This guide covers legionella risk assessment requirements under UK health and safety law. This is general compliance guidance, not legal or professional advice — for site-specific assessments, consult a competent person as defined by ACoP L8.
Sources
Keep your legionella records audit-ready
Join the waitlist for LegioLog — purpose-built compliance tracking for UK duty holders.
No spam. Unsubscribe any time. Privacy policy
Related guides
Legionella Log Book: Digital vs Paper and Why It Matters for Compliance
Comparing digital and paper legionella log books — what records you must keep, how long to retain them, where each format helps and fails, and what inspectors expect.
What Is a Legionella Risk Assessment? A Guide for Building Managers
What a legionella risk assessment covers, who needs one, and how it works in practice — a practical guide for building managers, facilities teams, and duty holders beyond residential landlords.
Can I Do My Own Legionella Risk Assessment? Self-Assessment Guide for Landlords
Yes — UK landlords can self-assess legionella risk for simple domestic systems. Here is how to decide if self-assessment is right for your property, what to check, and when to hire a specialist.