UK Facilities Management: 10 Key Statutory Compliances for 2025
Running facilities in the UK isn’t just about uptime and comfort—it’s about proving you’re on the right side of the law. Fines, prosecutions, and even custodial sentences sit on the table if compliance is missed. The legal landscape is shifting fast, with Martyn’s Law (Terrorism (Protection of Premises) Act 2025) now live and Building Safety Act governance rolling out.
This guide cuts through the noise. It lists the 10 mandatory statutory compliances every UK facility operator must track in 2025, with practical guidance on scope, evidence, and inspection cadence.
What Is Statutory Compliance in Facilities Management?
Statutory compliance in facilities management means ensuring that buildings, equipment, and operations meet all UK legal and regulatory requirements. Facilities managers must track inspections, maintain evidence like certificates and registers, and prove compliance during audits to protect occupants and avoid enforcement penalties.
Summary Table: Statutory Compliance Snapshot
1. Health and Safety at Work etc. Act 1974 (HSWA)
The Health and Safety at Work etc. 1974 Act is the cornerstone of UK workplace law. It puts the duty of care squarely on employers and controllers of premises to protect employees, contractors, and the public. For facilities managers, this means embedding safety into everything from contractor onboarding to cleaning schedules.
Enforcement isn’t theoretical—HSE prosecutes thousands of cases annually, and fines are uncapped. This Act underpins all facilities management statutory compliance, making it a top priority in every building compliance checklist.
- Evidence to maintain: Written health and safety policy, generic and site-specific risk assessments, accident logs, training certificates.
- FM tip: Don’t just file risk assessments—make them live documents linked to work orders and training schedules.
2. Management of Health and Safety at Work Regulations 1999 (MHSWR)
The Management of Health and Safety at Work Regulations 1999 are where “do a risk assessment” stops being guidance and becomes a legal requirement. FMs must ensure risks are identified, mitigated, and reviewed. It also mandates competent persons to oversee health and safety—a point often missed in lean teams.
- Evidence to maintain: Risk register, proof of consultation with employees, emergency plans, and competence records.
- FM tip: Align risk register updates with quarterly compliance reviews to avoid drift.
3. Workplace (Health, Safety and Welfare) Regulations 1992
Workplace Regulations - 1992 cover the physical environment: ventilation, lighting, welfare facilities, and safe traffic routes. It’s the regulation most likely to be breached through oversight—broken toilets, blocked exits, poor ventilation. FMs often underestimate their reach until inspectors pick up seemingly “minor” failings.
- Evidence to maintain: Routine workplace inspections, cleaning schedules, air quality monitoring, accessibility assessments.
- FM tip: Standardise inspections across your estate; don’t rely on ad-hoc site managers to catch issues.
4. Fire Safety Order 2005 + Fire Safety Regulations 2022
Fire Safety Regulations 2022 make every building operator a “Responsible Person.” That means commissioning a Fire Risk Assessment (FRA), implementing actions, and maintaining systems like alarms, sprinklers, and extinguishers.
Since the Grenfell tragedy, regulators have zero tolerance for paper compliance—evidence of actions taken is just as important as the FRA itself. Every facility's compliance manager is classed as the Responsible Person or must support them
- Evidence to maintain: Completed FRA, action tracker with sign-off, maintenance logs for alarms and extinguishers, and training records.
- FM tip: Treat FRA actions as work orders in your CAFM/CMMS; that way you have timestamps for completion.
5. Building Safety Act 2022
Building Safety Act 2022 introduces the Golden Thread of digital safety information for higher-risk residential buildings. While it mainly targets residential towers, its governance model is spreading. FMs should expect demands for digital documentation, clear duty holder roles, and resident engagement evidence.
- Evidence to maintain: Digital safety case file, record of dutyholder competence, resident engagement logs, inspection reports.
- FM tip: Even if you don’t manage HRRBs, mirror the “Golden Thread” principle—it will likely become the compliance norm across sectors.
6. Terrorism (Protection of Premises) Act 2025 (Martyn’s Law)
Martyn’s Law came on 3 April 2025, marking a new era of compliance. Venues above certain capacity thresholds must put in proportionate protective security measures. For FMs, this isn’t just about bolting on security—it’s about embedding terrorism risk into daily operations. Expect checks on evacuation plans, staff training, and incident drills.
- Evidence to maintain: Terrorism risk assessment, incident response plan, staff training logs, drill records.
- FM tip: Treat it like fire safety—regular, documented drills are as important as the risk assessment itself.
7. PUWER 1998 & LOLER 1998
PUWER 1998 requires work equipment to be safe and suitable, while LOLER mandates inspections of lifting equipment. Think lifts, hoists, cranes, forklifts—all demand statutory inspection.
FMs often stumble on contractor oversight: assuming lift companies track compliance when ultimate liability sits with the dutyholder. These checks are central to any facilities management statutory compliance calendar.
- Evidence to maintain: Statutory inspection certificates, operator training records, maintenance logs, defect close-outs.
- FM tip: Keep a central certificate register; don’t rely on suppliers emailing PDFs when auditors demand them.
8. Electricity at Work Regulations 1989
Electrical safety is enforced through the EICR (Electrical Installation Condition Report), typically every 5 years. It’s not enough to file the report—you must show remedials are actioned. Regulators increasingly request proof of completion within defined timeframes.
- Evidence to maintain: Current EICR, remedial action tracker, PAT testing logs.
- FM tip: Link remedial actions to POs and completion certificates—auditors want to see the full loop.
9. Control of Asbestos Regulations 2012
Under the Control of Asbestos Regulations 2012, if asbestos is present, the dutyholder must manage it. That means an asbestos register, management plan, and re-inspections at least every 12 months.
The biggest compliance failure is poor contractor communication—if a contractor drills into ACMs without knowledge, liability lands on the dutyholder. This forms part of the mandatory building compliance checklist for UK facilities.
- Evidence to maintain: Asbestos register, management plan, re-inspection reports, contractor sign-off.
- FM tip: Digitise the asbestos register and make it accessible before every job permit is issued.
10. Legionella (HSE ACOP L8 / HSG274)
Legionella compliance is about risk control in water systems. That means flushing low-use outlets, temperature monitoring, and regular sampling. Prosecution history shows that missing even a handful of records can sink your defence.
- Evidence to maintain: Legionella risk assessment, temperature logs, flushing records, and maintenance evidence.
- FM tip: Automate temperature monitoring where possible—manual logs are too easy to miss.
Beyond the Law: Building Codes and Standards Alignment
Statutory compliance is the legal baseline. But the real measure of a resilient operation is code alignment—meeting both the letter and the spirit of UK building and safety standards.
- Fire and Building Codes: FMs must demonstrate compliance not just with the Fire Safety Order but also with BS 9999 (non-residential) and BS 9991 (residential) codes. Regulators now expect to see alignment between fire strategies, design documents, and maintenance regimes.
- Workforce Licensing: Gas Safe, NICEIC, and other certification schemes are legally required for specific works. If unlicensed workers perform regulated tasks, liability lands squarely on the employer or FM provider.
- Documentation Chains: Building control sign-offs, commissioning certificates, and test results should tie back to your maintenance logs. Gaps between design, install, and maintenance records are a common reason compliance cases collapse in court.
In short: Building safety now extends beyond compliance to competency, traceability, and interoperability.
SFG20: The Operational Backbone of Compliance
If statutory law defines what must be done, SFG20 defines how to do it. It’s the UK’s definitive standard for planned maintenance, mapping each legislative requirement into a set of tasks, methods, and frequencies.
For facilities management teams, SFG20 is the bridge between legislation and daily operations. It covers all the acts listed above—from HSWA to Legionella—ensuring maintenance regimes remain compliant by design.
- Codified maintenance schedules: Every SFG20 task is linked to a legislative driver.
- Dynamic updates: When laws or standards change, SFG20 schedules update automatically.
- Universal alignment: Adopting SFG20 ensures every engineer, contractor, and site operates from the same rulebook.
Smart FM providers now treat SFG20 as a compliance engine, not just a maintenance library. It’s the foundation for standardised, auditable, and evidence-based operations across estates.
How Facilio Elevates Compliance With SFG20 Integration
For multi-site portfolios juggling hundreds of assets and audits, paper and spreadsheets are obsolete. Facilio’s CMMS brings compliance into one digital command centre.
Here’s how it transforms compliance management:
- Seamless SFG20 Integration: Facilio’s partnership with SFG20 means your maintenance schedules, frequencies, and statutory tasks automatically sync with the latest standards—no manual updates required.
- Unified Compliance Dashboard: Fire safety actions, EICRs, asbestos reports, and Legionella logs all live in one place. Every certificate, register, and inspection is traceable to an asset or site.
- Evidence on Demand: Auditors or insurers ask, and you show—instant access to signed-off work orders, certificates, and remedial histories.
- Real-Time Insights: Dashboards highlight overdue actions, upcoming statutory inspections, and contractor performance gaps.
- End-to-End Accountability: From technician mobile check-ins to leadership dashboards, every Responsible Person sees compliance health in real time.
Whether it’s fire safety, EICRs, or legionella checks, Facilio gives you the digital “golden thread” across your estate—so when regulators knock, you’ve got the proof in seconds, not days.
FAQs
Is Martyn’s Law in force now?
Yes. It’s officially the Terrorism (Protection of Premises) Act 2025, with phased enforcement based on capacity thresholds.
What EPC/MEES obligations apply in 2025?
The EPC-B target has been delayed; EPC E is still the floor for lettings. Consultations are ongoing.
How often is an EICR needed?
Normally every 5 years, though some insurers or risk profiles demand shorter cycles.
Who counts as the “Responsible Person” under fire safety law?
Usually the employer, owner, or person with control. For FMs, that often means implementing compliance on the employer’s behalf but holding equal accountability for delivery.
What is a facilities compliance manager?
A facilities compliance manager oversees statutory and regulatory obligations across sites. They manage inspections, keep evidence like registers and certificates, and ensure compliance tasks are completed and logged.