Domestic water risk assessments explained for UK compliance
- 3 hours ago
- 9 min read
A basic checklist will not keep you compliant. If you manage facilities or oversee compliance in a UK building with hot and cold water systems, a domestic water risk assessment is a legal obligation under HSE’s ACOP L8, not a discretionary exercise. Far too many organisations treat this as a form-filling task, leaving them exposed to enforcement action, reputational damage, and most importantly, genuine public health risk. This article sets out exactly what a domestic water risk assessment is, who needs one, what it involves in practice, and how the findings translate into a meaningful, ongoing compliance programme.
Table of Contents
Key Takeaways
Point | Details |
Legal compliance | Domestic water risk assessments are a legal requirement for Legionella management in the UK. |
Assessment steps | A systematic review covers water storage, system design, usage, and monitoring to identify real risks. |
Schemes of control | Assessment findings must be translated into written control schemes with clear monitoring and recordkeeping. |
Ongoing review | Risk assessments are not one-off exercises but must be updated after any system change or on a regular schedule. |
What is a domestic water risk assessment?
The term “domestic water risk assessment” refers to a structured evaluation of hot and cold water systems within a building. Despite the word “domestic,” this applies to far more than residential homes. In the UK context, it covers any building where water is stored, distributed, or used in a way that could present a risk from harmful microorganisms, most critically Legionella bacteria. Hotels, offices, care homes, schools, leisure facilities, and housing association properties all fall within scope.
Under HSE’s ACOP L8, a domestic water risk assessment is legally required to be a structured evaluation of hot and cold water systems that identifies risks and determines the appropriate controls for harmful microorganisms like Legionella. The word “suitable and sufficient” carries real legal weight here. It means the assessment must be proportionate to the complexity of the system, thorough enough to identify genuine risks, and specific enough to inform actionable controls.
You may also encounter terms such as “water hygiene risk assessment” or simply “water risk assessment.” These phrases are often used interchangeably in practice, but HSE’s ACOP L8 and the wider compliance framework for water hygiene make clear that legal compliance is anchored to this specific statutory guidance. Whatever terminology you use internally, the standard you are assessed against is ACOP L8.
Term | What it means in practice |
Domestic water risk assessment | Formal evaluation of hot and cold water systems for Legionella and other risks |
Water hygiene risk assessment | Common industry synonym; same legal standard applies |
Suitable and sufficient | Proportionate, thorough, and evidenced to the satisfaction of HSE |
Dutyholder | The person or organisation legally responsible for the premises |
“A risk assessment is required to identify and assess the risk of exposure to Legionella from work activities and water systems on the premises and any precautionary measures needed.” HSE ACOP L8
The legal and compliance framework
Understanding what the assessment is requires understanding why it exists and who is accountable. The legal framework in the UK rests on two main documents working in combination: ACOP L8 and HSG274 Part 2.
ACOP L8 is the Approved Code of Practice issued by the Health and Safety Executive. It gives legal status to the duty placed on employers, building owners, and those in control of premises to manage Legionella risk. HSE ACOP L8 describes dutyholders’ legal responsibilities, including identifying risks, implementing a control scheme, monitoring outcomes, keeping records, and appointing a competent responsible person. Failure to comply with ACOP L8 can be used as evidence of a breach of health and safety law in enforcement proceedings.
HSG274 Part 2 sits alongside ACOP L8 as the practical technical guidance for hot and cold water systems. HSG274 Part 2 provides guidance for hot and cold water systems in non-domestic premises and is routinely applied to domestic-type plumbing across UK buildings. Where ACOP L8 sets the legal standard, HSG274 provides the technical detail on temperatures, flow rates, and system design.
The key roles and responsibilities can be summarised as follows:
Dutyholder: The employer or person in control of the premises. Legally responsible for overall Legionella risk management.
Responsible person: Appointed by the dutyholder to manage day-to-day water hygiene tasks and monitoring.
Competent assessor: The individual or organisation carrying out the risk assessment. Must have the technical knowledge and experience to conduct a suitable and sufficient evaluation.
Monitoring personnel: Those who carry out routine temperature checks, inspections, and water sampling as part of the ongoing control programme.
A truly compliant programme does not end with the risk assessment. Reviewing a Legionella risk assessment is an ongoing obligation, and the written scheme of control that flows from the assessment must be actively implemented, not filed away.
Duty | Legal source | Who is responsible |
Identify and assess risk | ACOP L8 | Dutyholder / Competent assessor |
Implement control scheme | ACOP L8 / HSG274 | Responsible person |
Monitor and inspect | HSG274 Part 2 | Monitoring personnel |
Keep records | ACOP L8 | Responsible person |
Review assessment | ACOP L8 | Dutyholder |
What does a domestic water risk assessment involve?
Knowing the regulatory framework is one thing. Understanding what actually happens during the assessment is equally important, particularly when commissioning one or evaluating whether a previous assessment was adequate.
A thorough domestic water risk assessment follows a structured methodology. A risk assessment includes mapping the water system, inspecting components, identifying vulnerable people and aerosol-generating outlets, and measuring water temperatures and conditions. Here is what that looks like in practice:
System survey and schematic mapping. The assessor walks the full system: cold water storage tanks, calorifiers, hot water cylinders, distribution pipework, and every outlet including taps, showers, and TMVs (thermostatic mixing valves). A schematic drawing is produced or updated.
Identification of system conditions that support Legionella growth. This includes dead legs (sections of pipework with no through-flow), redundant pipework, and areas where water temperature sits in the risk zone of 20°C to 45°C.
Identification of aerosol-generating outlets. Showers, spray taps, water features, and cooling towers are high-risk because Legionella is inhaled as a fine aerosol, not ingested. Each outlet is assessed individually.
Usage pattern review. Outlets that are infrequently used, such as guest bathrooms in hotels or spare office kitchen taps, present a higher risk because stagnant water allows bacteria to proliferate. The assessment captures which outlets are used regularly and which are not.
Assessment of at-risk populations. The risk to people who are elderly, immunocompromised, or undergoing medical treatment is significantly higher. A care home or hospital requires more stringent controls than a commercial office. The population using the building directly influences the control measures recommended.
Temperature data collection. Hot water must reach and store at 60°C and deliver at 50°C within one minute at outlets (55°C where vulnerable people are present). Cold water must be stored and distributed below 20°C. Temperatures are measured and recorded at the time of assessment.
Documentation of findings and risk rating. Each identified risk is assigned a severity rating, and the assessor sets out what control measures are needed, how they should be monitored, and how frequently.
Pro Tip: Ask your assessor to walk you through the schematic and explain each risk finding. If they cannot explain it clearly to you, they may not have assessed it thoroughly. A good assessment produces clarity, not paperwork.
A useful reference point for this step-by-step approach is a practical Legionella risk assessment case study which shows how findings translate into tangible actions across a real commercial site.
Turning findings into compliance: schemes of control and ongoing action
The risk assessment is not the end of the process. It is the foundation. What happens next determines whether your organisation is genuinely protected or simply holds a piece of paper.
A risk assessment must result in a written scheme of control, ongoing monitoring and inspection, and comprehensive recordkeeping, all of which must be reviewed after significant changes to the system. The written scheme is a living document. It sets out precisely what controls are in place, who is responsible for each, and how frequently each action must be carried out.
A robust monitoring and inspection schedule typically includes:
Monthly cold water storage tank inspections to check condition, float valve function, and inlet and outlet temperatures.
Weekly sentinel outlet temperature checks at the nearest and furthest points from each calorifier, to verify that hot and cold water temperatures remain within safe parameters.
Monthly shower head and hose cleaning and descaling, particularly in facilities with high turnover of users or hard water areas.
Quarterly TMV servicing to confirm that thermostatic mixing valves are blending correctly and not presenting a scalding or Legionella risk.
Annual water sampling at defined sample points to check for the presence of Legionella bacteria and coliform organisms.
Calorifier inspection and cleaning at least annually, or more frequently where water quality or temperature data gives cause for concern.
Recordkeeping is equally critical. Every check, every temperature reading, every cleaning activity, and every corrective action must be recorded. During a compliance audit or in the aftermath of an incident, records are the only evidence that controls were in place and working. An organisation that cannot demonstrate its monitoring programme through records is an organisation that cannot demonstrate compliance, regardless of what its written scheme says.
Reviewing a risk assessment becomes mandatory when significant changes occur: major plumbing works, changes in building use, new at-risk populations, a positive Legionella water test result, or any incident involving suspected Legionella exposure. But it is also good practice to schedule a proactive review every two years as a minimum, even in the absence of changes.
Pro Tip: Implement a bespoke logbook system from day one. A logbook that is structured around your specific site, with pre-formatted monitoring sheets and clear escalation procedures, dramatically reduces the chance of missed actions and makes audits straightforward. Generic templates rarely capture what actually matters for your building.
If you operate across multiple sites, Legionella risk assessments in Caludon illustrates how a location-specific approach ensures nothing is missed when systems vary across a portfolio.
A compliance officer’s truth: why box-ticking fails (and what works)
Here is something that rarely appears in guidance documents. The organisations with the best Legionella compliance records are not necessarily those with the most sophisticated systems or the largest budgets. They are the ones where the dutyholder or compliance officer is genuinely engaged and curious, not just administratively compliant.
We see this repeatedly. A facilities manager who asks their assessor why a dead leg presents a risk, and then follows up to check it has been removed, will achieve more than one who receives the report, stores it in a folder, and considers the job done. The risk assessment is a decision-making tool. Treating it as an administrative exercise is where compliance programmes fall apart.
The single most common failure we encounter is this: a perfectly adequate risk assessment exists, a written scheme of control was produced, but nothing was actually implemented or monitored in the months that followed. The assessment becomes outdated within the first year because the water system changed, a new outlet was installed, or the building occupancy shifted, and nobody revisited the documents.
The second most common failure is over-reliance on external contractors without internal accountability. Contractors play a vital role, but the responsible person in your organisation needs to understand what is being checked, why, and what a poor result looks like. If your responsible person cannot explain your Legionella control programme in plain terms, that is a gap worth addressing.
What genuinely works is building a culture where water hygiene monitoring is treated with the same rigour as fire safety or electrical testing. It is not optional, it is not low priority, and it does not look after itself. The water risk assessment best practice guidance we work from consistently shows that organisations with clear accountability, regular internal reviews, and trained responsible persons outperform those relying on annual external visits alone.
Support for domestic water risk assessment and Legionella compliance
Navigating the full scope of domestic water risk assessment requirements is considerably easier when you have specialist support that understands your specific buildings and systems.
At Bespoke Compliance Solutions, we work directly with facilities managers and compliance officers across the UK to make water hygiene compliance practical and proportionate. Whether you need office Legionella compliance support to establish a control programme from scratch, or you want your responsible person to build genuine confidence through Legionella awareness training, we provide solutions that are built around your site and your team. We also support ongoing compliance through water tank cleaning and disinfection and bespoke logbook systems that make monitoring simple and auditable. Our goal is always the same: clear compliance, reduced risk, and a team that understands what they are doing and why.
Frequently asked questions
Who is legally responsible for domestic water risk assessments in the UK?
The dutyholder, typically the building owner or the person in control of the premises, holds legal responsibility. Under ACOP L8, dutyholders are responsible for identifying and assessing sources of risk, implementing control schemes, and monitoring performance.
How often should a domestic water risk assessment be reviewed?
It should be reviewed whenever there is a significant change to the water system or its use, and proactively on a regular basis regardless. HSE’s ACOP L8 states that risk assessments must be reviewed after significant changes and maintained on an ongoing basis.
What are common risks identified in a domestic water risk assessment?
The most frequently identified risks include dead legs in pipework, infrequently used outlets where water stagnates, and aerosol-generating fixtures such as showers. Assessments identify dead legs, redundant or infrequently used outlets, and high-risk aerosol sources as standard findings across most UK building types.
What is the key technical guidance for domestic-type systems?
HSG274 Part 2 is the primary technical reference for hot and cold water systems in non-domestic premises. HSG274 Part 2 explains practical guidance for controlling Legionella in these systems, covering temperatures, inspection frequencies, and corrective actions.
Recommended
Comments