Legionella control isn’t optional in the UK. If you are a duty holder, you have a legal responsibility to assess, manage, and control the risk of exposure to Legionella bacteria in your premises.

This guide explains:

• Who qualifies as a duty holder

• Your legal obligations under UK law

• What a compliant Legionella control programme looks like

• Documentation and record-keeping requirements

• Common compliance mistakes

Legionella is a waterborne bacterium that can cause Legionnaires’ disease, a potentially fatal form of pneumonia. It develops in man-made water systems when conditions allow:

• Water temperature between 20°C–45°C

• Stagnation

• Scale, sludge or biofilm

• Inadequate maintenance

Outbreaks are most commonly linked to:

• Cooling towers

• Hot and cold water systems

• Spa pools

• Shower systems

• Healthcare water networks

UK Legal Framework for Legionella Control

Legionella compliance in the UK is governed by:

• Health and Safety at Work etc. Act 1974

• Control of Substances Hazardous to Health Regulations 2002 (COSHH)

• Management of Health and Safety at Work Regulations 1999

• HSE Approved Code of Practice L8

• HSG274

Together, these place a legal duty on employers and those in control of premises to:

✔ Identify and assess risk

✔ Prevent or control exposure

✔ Maintain and monitor systems

✔ Keep records

✔ Appoint a competent person

Failure to comply can result in enforcement notices, prosecution, and substantial fines.

Who Is a Legionella Duty Holder?

In non-domestic premises, the duty holder is typically:

• The employer (if the premises are controlled by them)

• The person in control of the premises

• The building owner

• Facilities managers with delegated responsibility

• 
  

This applies to:

• Offices

• Healthcare settings

• Care facilities

• Industrial sites

• Educational buildings

• Public sector buildings

Even if tasks are outsourced, legal responsibility cannot be delegated.

What Must a Duty Holder Do?

1. Conduct a Legionella Risk Assessment

You must identify:

• Sources of risk

• Susceptible individuals

• Existing control measures

• Required improvements

The assessment must be:

• Suitable and sufficient

• Reviewed regularly

• Updated after system changes

There is no fixed review period in law, but industry best practice suggests reviewing every 2 years or sooner if significant changes occur.

2. Implement a Written Control Scheme

A written scheme outlines how you control risk, including:

• Temperature monitoring schedules

• Flushing regimes

• Cleaning and disinfection

• Inspection frequencies

• Responsibilities and escalation procedures

This is mandatory under ACOP L8.

3. Appoint a Responsible Person

You must nominate a competent person to oversee Legionella control.

This person must:

• Understand the water systems

• Have adequate training

• Ensure monitoring is completed

• Maintain records

In larger organisations, this may include deputy roles and clearly defined lines of responsibility.

4. Monitor and Maintain Water Systems

Typical control measures include:

Hot water systems:

• Stored at ≥60°C

• Distributed at ≥50°C within one minute

Cold water systems:

• Maintained below 20°C

Cooling towers:

• Regular microbiological testing

• Biocide dosing

• Drift eliminator inspection

Monitoring frequency depends on system type and risk profile.

5. Keep Accurate Records

You must retain records of:

• Risk assessments

• Monitoring logs

• Temperature checks

• Cleaning and disinfection

• Corrective actions

• Training records

Duty holders should exercise particular vigilance in:

• Healthcare facilities

• Care homes

• Facilities with immunocompromised occupants

• Sites with complex water systems

• Buildings with low occupancy or intermittent use

Post-COVID building closures significantly increased stagnation-related risks across the UK.

Common Compliance Mistakes

1. Treating Legionella assessment as a “tick-box” exercise

2. Failing to review assessments after refurbishments

3. Poor record-keeping

4. Inadequate temperature monitoring

5. Assuming contractors hold legal responsibility

Remember: outsourcing maintenance does not remove liability.

What Happens If You Don’t Comply?

The Health and Safety Executive can:

• Issue Improvement Notices

• Issue Prohibition Notices

• Prosecute organisations

• Impose unlimited fines

• Pursue imprisonment in severe cases

Recent prosecutions have resulted in fines exceeding six figures for systemic failures.

When Should You Review Your Legionella Risk Assessment?

You must review it when:

• The water system changes

• Building use changes

• There is an outbreak or suspected case

• Monitoring identifies control failures

• There is reason to suspect it is no longer valid

  
  

Frequently Asked Questions

Is Legionella testing legally required?

Routine testing is not always mandatory but may be required for cooling towers and high-risk systems. Risk assessment determines necessity.

How often should temperature checks be carried out?

Typically monthly for sentinel outlets, but depends on system type and written scheme.

Can a duty holder complete the risk assessment themselves?

Yes, if they are competent. However, complex systems require specialist knowledge.

Final Thoughts for UK Duty Holders

Legionella compliance is about active management, not paperwork alone.

As a duty holder, you must:

• Understand your systems

• Appoint competent oversight

• Monitor consistently

• Maintain accurate records

• Review regularly

  
  

Failure to do so exposes building occupants to serious health risks and your organisation to severe legal consequences.