Legionella Risk Assessment — Plain English Guide

Looking for the technical detail? Read the version for professionals → L8 ACoP, HSG274 Parts 1–3, sampling regimes, and notification duties.

What is legionella?

A bacteria found naturally in water. It causes Legionnaires' disease — a serious lung infection that can kill.

What is a legionella risk assessment?

A check of your water system to identify where legionella could grow and how to prevent it.

Is a legionella risk assessment legally required?

Yes.

Under the Health and Safety at Work Act 1974 and COSHH 2002, you must assess and manage the risk of legionella from water systems.

Who needs a legionella risk assessment?

Anyone in control of premises with a water system. That includes employers, landlords, and building owners.

Why do businesses actually do legionella risk assessments?

To stop people getting ill. And to prove they've managed the risk if someone does.

Who is responsible for legionella risk in a building?

The "duty holder". This is usually the employer, landlord, or person in control of the premises.

How do people catch Legionnaires' disease?

By breathing in tiny water droplets containing the bacteria. Showers, taps, cooling towers, spa pools, and humidifiers can all spread it.

How often should a legionella risk assessment be done?

Review it at least every two years. Also review it whenever anything changes.

When should a legionella risk assessment be updated?

After changes. For example: new equipment, building work, change of use, prolonged shutdown, or a confirmed case of Legionnaires' disease.

What happens if I don't have a legionella risk assessment?

You are in breach of health and safety law. If someone catches Legionnaires' disease, you can be fined, prosecuted, or imprisoned.

Can I do my own legionella risk assessment?

Yes — but only if you are competent. For simple domestic rentals, the landlord can usually do it. For complex commercial buildings, use a professional.

What does a legionella risk assessment include?

The water system layout, where bacteria could grow, who is at risk, and what controls are in place.

What buildings need a legionella risk assessment?

All workplaces and rental properties with a water system. That covers offices, shops, factories, hotels, care homes, and rented homes.

Do landlords need a legionella risk assessment?

Yes. For most domestic lets, the assessment is simple and the landlord can do it themselves.

Do small businesses need a legionella risk assessment?

Yes. The duty applies regardless of business size.

Do offices need a legionella risk assessment?

Yes. Any office with hot and cold water systems is in scope.

Do care homes need a legionella risk assessment?

Yes — and the risk is higher. Vulnerable people are more likely to catch Legionnaires' disease and more likely to die from it. Controls must be tighter and reviewed more often.

How long does a legionella risk assessment take?

A small property: about an hour. A large commercial site: a day or more.

How much does a legionella risk assessment cost?

A small domestic rental: typically £80–£150. An office or small business: £200–£400. Larger or higher-risk sites: £500–£2,000+.

What is the L8 ACoP?

The HSE's Approved Code of Practice for legionella. It tells duty holders how to comply with the law.

What is HSG274?

HSE technical guidance on controlling legionella. It has three parts — cooling towers, hot and cold water systems, and other risk systems like spa pools.

What temperature kills legionella?

Hot water above 60°C. Cold water stored below 20°C. Anything in between can let bacteria grow.

Do I need to test water for legionella?

Sometimes. Routine sampling isn't always required, but it's expected for higher-risk systems and after any disinfection.

Do showerheads need cleaning to prevent legionella?

Yes. Descaling and disinfecting showerheads quarterly is one of the simplest and most important controls.

What is a "little-used outlet"?

A tap or shower that hasn't been used for a week or more. Stagnant water lets legionella grow. Run them weekly to flush them through.

What is a cooling tower?

A large piece of equipment that releases water vapour to cool buildings or industrial processes. Cooling towers are high-risk and must be notified to the local authority.

Do I need to notify anyone about my cooling tower?

Yes. Cooling towers and evaporative condensers must be registered with your local authority by law.

What records do I need to keep?

The risk assessment, control measures, monitoring results, and any actions taken. Keep them for at least five years.

Can I be prosecuted if someone catches Legionnaires' disease?

Yes. If you can't show you assessed and managed the risk, you can face fines, prosecution, or imprisonment.

What's the real purpose of a legionella risk assessment?

To stop people catching Legionnaires' disease. Everything else is just paperwork to prove you tried.

---

Need the technical version? Read the legionella guide for professionals →