Managing the risk of legionella bacteria is not merely optional or “good practice”. Instead, it is a clear legal obligation under UK health and safety law for those who control buildings and water systems.
Failure to comply with the legal requirements for legionella management can expose building users to Legionnaires’ disease, while putting the duty holder at risk of serious enforcement action.
The concept of the duty holder sits at the heart of legionella compliance. It is crucial to establish clarity as to who is legally responsible, as the answer is not always the building owner.
Responsibility is based on the control of premises and water systems. This means that for many organisations, responsibility may be shared across estates, departments, contractors, and multiple locations.
This article, then, will explain who the law identifies as being responsible for managing legionella risk. Insight will also be provided into what those responsibilities involve in practice, and how organisations can maintain clear accountability across complex property portfolios.
What does the law say about legionella responsibility?
Legionella responsibilities in the UK are built around a combination of primary legislation and practical guidance.
The core legal framework consists of:
- The Health and Safety at Work etc Act 1974, which makes clear that employers and those controlling premises must protect employees and others from risks to their health.
- The Control of Substances Hazardous to Health Regulations 2002 (COSHH), which classifies biological agents such as legionella bacteria as hazardous substances for which assessment and control are necessary.
- The Health and Safety Executive (HSE)’s Approved Code of Practice (ACOP) and guidance under the L8 series code.
The ACOP L8 document is particularly important. This publication is the practical expression of the broader duty to manage water systems safely.
Although the ACOP guidance is not legislation itself, it carries quasi-legal weight. So, organisations that fail to follow it may need to demonstrate that they have achieved an equivalent standard of control.
Responsibility under L8 applies across most non-domestic premises. It also extends into certain residential environments where landlords or managing organisations control communal water systems.
The relationship between the ACOP L8 and HSG274 documents
Confusion can sometimes arise about the role of another HSE document, the Legionnaires’ disease technical guidance under the series code HSG274, in the context of ACOP L8.
Both these publications are relevant to duty holders and competent persons who are managing legionella risk in a particular building.
In summary:
- L8 explains what organisations must achieve to comply with their legal obligations
- HSG274 sets out the technical detail on how these controls should be implemented and maintained.
Duty holders and competent persons should take the time to read and understand both publications, as both legal accountability and technical execution are critical to effective legionella management.
Who is the ‘duty holder’ for legionella?
In accordance with L8, the duty holder is the individual or organisation with overall legal responsibility for controlling legionella risk.
The duty holder is typically the employer or the person in control of the premises. However, it is important to emphasise that duty holder status is ultimately determined by control of the premises, rather than ownership.
There are, then, various parties who may hold this duty for a given building, such as:
- The employer
- The property owner
- The landlord
- A managing agent with delegated operational control
To give a few examples:
- In a multi-tenanted office building, it may be the facilities management team with responsibility for shared water systems that is operationally responsible
- A housing association managing residential properties may become the duty holder for communal hot and cold water systems
- A managing agent operating a commercial estate may assume practical responsibility under contractual arrangements.
Where buildings, contracts, and operational structures become more complex, it is essential for the affected parties to document exactly who holds responsibility.
What if responsibility is shared across multiple parties?
Many organisations operate in environments where responsibility for legionella management may be divided or shared.
Examples include:
- Multi-occupancy commercial buildings
- Outsourced facilities management arrangements
- Distributed property portfolios
- Mixed-use developments
- Organisations operating nationally across multiple sites
L8 stresses the need for clear agreements that define who manages which parts of a water system. In the absence of explicit agreements, the person in overall control of the premises will retain responsibility.
Multi-site organisations often struggle to maintain the necessary visibility and accountability when they attempt to manage their legionella responsibilities through spreadsheets, disconnected documents, and local processes.
This is precisely where centralised compliance software can show its worth. A cloud-based platform like Vision Pro Software can provide a single source of truth, creating a consistent record of responsibility and activity across every location the given multi-site organisation is overseeing.
What does the responsible person have to do?
Once it is established who actually has responsibility, the duty holder must ensure the implementation of a complete legionella control regime.
The core practical obligations under L8 include making sure:
- A suitable and sufficient legionella risk assessment is performed and kept under review
- A written control scheme (or water safety plan) is prepared and put into action where risks are identified
- A competent person (often referred to as the “responsible person”) is appointed to oversee day-to-day legionella management
- Precautions are monitored and maintained
- Records of all actions are kept and readily available
- The programme is reviewed at appropriate intervals, or after significant changes.
It is crucial to affirm that these are ongoing legionella management obligations, rather than “one-off” exercises.
Multi-site duty holders often find it difficult to evidence compliance under audit, due to the use of manual processes and spreadsheets that create gaps in recordkeeping. This is a recurring challenge that the comprehensive Vision Pro Software can help solve.
The differences between the duty holder and the competent person
The duty holder for a given building may, and usually should, appoint a competent person (responsible person) to undertake risk assessments and manage the water safety programme.
An easy way to understand the distinction is that while the competent person handles technical delivery and day-to-day control, legal liability remains with the duty holder. The appointment of the competent person delegates tasks, but it doesn’t transfer ultimate accountability.
In this context, “competent” means having significant training, knowledge, experience, and authority to carry out the role effectively, as defined by L8.
Responsibilities by building type
While the core legionella management framework is consistent, the practical application of duty holder responsibilities varies according to the setting:
- For commercial premises, it is typically the employer that holds the duty.
- Social housing and residential landlords hold responsibilities for hot and cold-water systems serving tenants, particularly communal areas.
- In healthcare settings, additional requirements apply under Health Technical Memorandum (HTM) 04-01, reflecting high-risk occupants.
- Educational establishments such as schools and universities are often overlooked; nonetheless, they’re subject to the same clear obligations as other non-domestic premises.
What happens if legionella responsibilities are not met?
Failure to manage legionella risk can lead to formal enforcement.
The HSE has powers to issue:
- Improvement Notices demanding corrective action
- Prohibition Notices restricting unsafe activities
- Prosecution proceedings if serious failures are found
In accordance with COSHH Regulation 33, enforcement action may be taken against organisations as well as, in some circumstances, individuals involved in management decisions.
How does legionella management software support duty holder compliance?
Organisations cannot be sure of effectively managing the legionella risk at their properties on the basis of good intentions alone. That’s because a systematic process will also be needed for scheduling, recordkeeping, and reporting.
A specialist cloud-based software platform can help duty holders by providing:
- Clear audit trails and centralised records
- Automated scheduling of risk assessments, monitoring, and reviews
- Real-time visibility and alerts for overdue actions
- Comprehensive reporting for internal reviews or external audits
The legionella management functionality of Vision Pro Software is built specifically around UK compliance requirements, including L8, COSHH, and HSG274. It therefore gives duty holders the benefit of a system designed for the regulatory environment they operate in.
Vision Pro Software provides multi-site organisations with a single dashboard for visibility across all locations. It is a complete package for supporting a robust and defensible L8 compliance programme, at the same time as minimising administrative burden.
Final thoughts: take steps towards more compliant legionella management
Always remember: legionella responsibility is a defined legal duty, with clear consequences for non-compliance. Clarity of responsibility, and the systems used to manage it, are no less important than the technical controls themselves.
Are you ready to explore how your multi-site organisation can strengthen its L8 compliance programme? If so, please don’t hesitate to request a demo of Vision Pro Software. Our legionella management platform can support duty holders with visibility, automation, and audit-ready records across an entire property portfolio.
