Legionella risk assessments for landlords: the one certificate almost everyone forgets

I've spoken to dozens of UK landlords in the last year. Almost all of them are confident about their gas safety certificate. Most have an EICR filed somewhere. But when I ask about their legionella risk assessment?

Blank stares. Or: "I didn't know that was a thing."

It's a thing. And it's legally required.

What is Legionella?

Legionella pneumophila is a bacterium that thrives in water systems at temperatures between 20°C and 45°C. When it multiplies in a domestic water system and is then inhaled — typically through water mist from a shower — it can cause Legionnaires' disease, a potentially fatal form of pneumonia.

The illness mostly affects older people, smokers, and those with compromised immune systems. But it can affect anyone.

Is a legionella risk assessment legally required for landlords?

Yes. Under the Health and Safety at Work Act 1974 and the Control of Substances Hazardous to Health Regulations 2002 (COSHH), landlords have a duty to assess and control the risk of Legionella in their properties' water systems.

The HSE's Approved Code of Practice (ACoP L8) sets out specifically how landlords must do this.

This isn't a grey area. The HSE has confirmed explicitly that private landlords of residential properties are duty holders and must carry out a suitable and sufficient risk assessment.

Who can carry out the assessment?

For simple domestic properties with conventional water systems (a hot water cylinder, cold water tank or combination boiler, standard showers), the assessment can be carried out by a competent landlord themselves. You don't need to pay a specialist £400 for a straightforward two-bedroom flat.

"Competent" means: you understand what you're looking for, you've read the HSE guidance, and you document what you found.

The HSE provides a free landlord checklist at hse.gov.uk specifically for residential properties. It takes 30–45 minutes to complete for a typical property.

For more complex systems — multiple properties sharing water supplies, cooling towers, spa facilities, or old pipe networks — a specialist is required.

What does a compliant assessment look like?

At minimum, your risk assessment should record:

1. The property address and date of assessment
2. The water system layout (where cold water enters, where hot water is heated, where it exits)
3. Any identified risk factors (e.g. little-used outlets, stored water above 20°C, shower heads not cleaned regularly)
4. Control measures in place (e.g. setting the hot water cylinder to 60°C+, regular flushing of unused outlets)
5. Who is responsible for ongoing controls
6. Date of next review

The record must be written down. A mental note is not a risk assessment.

How often does it need renewing?

There's no fixed legal interval. The HSE guidance says "at regular intervals" and "whenever there are reasons to believe it may no longer be valid."

In practice: every 2 years is the accepted industry standard, and whenever:

• The water system is altered
• There is a suspected Legionella case in the property
• The property has been empty for an extended period

Properties empty for more than a month — which is common in short-let portfolios between peak seasons — should be flushed thoroughly before guests arrive.

What does a specialist assessment cost?

For a simple domestic property: £80–£150. For multi-property portfolios, companies often offer per-property rates that reduce significantly at volume.

What Sorted BNB does

Your legionella risk assessment sits in your compliance dashboard alongside your gas safety certificate and EICR. You set the review date, and the system counts down. When you're within 60 days of the review window, it goes amber. You can upload the written record directly — so it's accessible from your phone, not buried in a filing cabinet.

Most operators who start using Sorted BNB tell us the legionella slot is the first one they fill — because it's the one they didn't know was empty.