Legal Responsibilities for Businesses

Understanding your legal duty to assess and manage legionella risks in commercial premises.
Businesses in the UK have a legal responsibility to identify, assess, and control the risk of legionella bacteria within their premises. This applies to most non-domestic buildings where water systems are present and used by employees, customers, or visitors.
Failure to manage legionella risks appropriately can result in enforcement action, fines, reputational damage, and — most importantly — serious health consequences.

FIND A PROVIDIER
TYPICAL COSTS

What Is Legionella and Why Is It a Legal Issue?

Legionella bacteria can develop in water systems where conditions allow it to multiply, particularly in warm, stagnant water. If inhaled through aerosols (such as from taps or showers), it can cause Legionnaires’ disease — a potentially fatal form of pneumonia.
Because businesses control water systems that may expose others to risk, legionella management is treated as a health and safety obligation under UK law.

What Does the Law Require Businesses to Do?

Businesses must take reasonable steps to manage legionella risk. This includes:

  • Identifying potential legionella hazards in water systems
  • Assessing the level of risk
  • Implementing suitable control measures
  • Keeping records of assessments and actions taken
  • Reviewing the assessment regularly or when systems change

In most cases, this begins with a legionella risk assessment carried out by a competent person.

Who Is Responsible Within a Business?

The duty usually falls to the duty holder, which may be:

  • The employer
  • The building owner
  • A facilities or property manager
  • A managing agent acting on behalf of the business

Where responsibilities are shared, it is important that roles are clearly defined and documented.

Do All Businesses Need a Legionella Risk Assessment?

Most businesses will require a legionella risk assessment if they:

  • Control hot and cold water systems
  • Provide water to employees, customers, or visitors
  • Operate from commercial or non-domestic premises

This applies across sectors including offices, retail, hospitality, healthcare, education, and industrial environments.
Very low-risk situations may not require a full assessment, but this determination should still be made by a competent person.

What Happens If a Business Does Not Comply?

Non-compliance can lead to:

  • Enforcement notices
  • Prosecution and financial penalties
  • Increased liability in the event of illness
  • Breach of insurance or contractual obligations

Maintaining an up-to-date legionella risk assessment helps demonstrate due diligence and compliance with health and safety requirements

How Often Should Businesses Review Their Assessment?

A legionella risk assessment should be reviewed:

  • At regular intervals (typically every 1–2 years)
  • When water systems are modified
  • When the use of the building changes
  • After periods of low occupancy or shutdown
  • If there is reason to believe it is no longer valid

Ongoing monitoring and review form part of good water safety management.

Finding a Competent Risk Assessment Provider

Legionella Risk Assessment UK helps businesses find independent, qualified providers who understand commercial compliance requirements.
We do not carry out assessments ourselves and do not favour any provider.
Our role is to help you identify suitable professionals so you can make an informed choice.

Find a Provider
View Typical Costs