UK Facilities Management: 10 Key Statutory Compliances for 2025

Running facilities in the UK isn’t just about uptime and comfort—it’s about proving you’re on the right side of the law. Fines, prosecutions, and even custodial sentences sit on the table if compliance is missed. The legal landscape is shifting fast, with Martyn’s Law (Terrorism (Protection of Premises) Act 2025) now live and Building Safety Act governance rolling out.

This guide cuts through the noise. It lists the 10 mandatory statutory compliances every UK facility operator must track in 2025, with practical guidance on scope, evidence, and inspection cadence.

What Is Statutory Compliance in Facilities Management?

Statutory compliance in facilities management means ensuring that buildings, equipment, and operations meet all UK legal and regulatory requirements. Facilities managers must track inspections, maintain evidence like certificates and registers, and prove compliance during audits to protect occupants and avoid enforcement penalties.

Summary Table: Statutory Compliance Snapshot

Regulation / Act

Applies to

Evidence required

Review cadence

Authority

HSWA 1974

All workplaces

Policy, risk assessments, training records

Ongoing

HSE

MHSWR 1999

All employers

Risk register, competence records

Annual review

HSE

Workplace (HSW) Regs 1992

Offices, retail, education, etc.

Inspections, welfare checks

Routine / annual

HSE

Fire Safety Order 2005 + Fire Safety Regs 2022

All non-domestic premises

FRA, action plan, maintenance logs

Annual FRA, monthly system checks

Fire Authority

Building Safety Act 2022

Higher-risk residential buildings

Golden Thread, safety case, competence records

Ongoing digital

BSR

Terrorism (Protection of Premises) Act 2025

Public venues over capacity thresholds

Terrorism risk assessment, drills, staff training

Ongoing

Home Office

PUWER 1998 & LOLER 1998

Work equipment & lifting

Inspection logs, maintenance, operator training

At intervals / annual

HSE

Electricity at Work Regs 1989

All premises

EICR, remedials

5-yearly (commonly)

HSE

Control of Asbestos Regs 2012

Premises with ACMs

Asbestos register, plan of works

Re-inspection every 12 months

HSE

Legionella (HSE ACOP L8 / HSG274)

Water systems

Risk assessment, temperature & flushing logs

Ongoing / annual

HSE

1. Health and Safety at Work etc. Act 1974 (HSWA)

The Health and Safety at Work etc. 1974 Act is the cornerstone of UK workplace law. It puts the duty of care squarely on employers and controllers of premises to protect employees, contractors, and the public. For facilities managers, this means embedding safety into everything from contractor onboarding to cleaning schedules. 

Enforcement isn’t theoretical—HSE prosecutes thousands of cases annually, and fines are uncapped. This Act underpins all facilities management statutory compliance, making it a top priority in every building compliance checklist.

  • Evidence to maintain: Written health and safety policy, generic and site-specific risk assessments, accident logs, training certificates.
  • FM tip: Don’t just file risk assessments—make them live documents linked to work orders and training schedules.

2. Management of Health and Safety at Work Regulations 1999 (MHSWR)

The Management of Health and Safety at Work Regulations 1999 are where “do a risk assessment” stops being guidance and becomes a legal requirement. FMs must ensure risks are identified, mitigated, and reviewed. It also mandates competent persons to oversee health and safety—a point often missed in lean teams.

  • Evidence to maintain: Risk register, proof of consultation with employees, emergency plans, and competence records.
  • FM tip: Align risk register updates with quarterly compliance reviews to avoid drift.

3. Workplace (Health, Safety and Welfare) Regulations 1992

Workplace Regulations - 1992 cover the physical environment: ventilation, lighting, welfare facilities, and safe traffic routes. It’s the regulation most likely to be breached through oversight—broken toilets, blocked exits, poor ventilation. FMs often underestimate their reach until inspectors pick up seemingly “minor” failings.

  • Evidence to maintain: Routine workplace inspections, cleaning schedules, air quality monitoring, accessibility assessments.
  • FM tip: Standardise inspections across your estate; don’t rely on ad-hoc site managers to catch issues.

4. Fire Safety Order 2005 + Fire Safety Regulations 2022

Fire Safety Regulations 2022 make every building operator a “Responsible Person.” That means commissioning a Fire Risk Assessment (FRA), implementing actions, and maintaining systems like alarms, sprinklers, and extinguishers. 

Since the Grenfell tragedy, regulators have zero tolerance for paper compliance—evidence of actions taken is just as important as the FRA itself. Every facility's compliance manager is classed as the Responsible Person or must support them

  • Evidence to maintain: Completed FRA, action tracker with sign-off, maintenance logs for alarms and extinguishers, and training records.
  • FM tip: Treat FRA actions as work orders in your CAFM/CMMS; that way you have timestamps for completion.

5. Building Safety Act 2022

Building Safety Act 2022 introduces the Golden Thread of digital safety information for higher-risk residential buildings. While it mainly targets residential towers, its governance model is spreading. FMs should expect demands for digital documentation, clear duty holder roles, and resident engagement evidence.

  • Evidence to maintain: Digital safety case file, record of dutyholder competence, resident engagement logs, inspection reports.
  • FM tip: Even if you don’t manage HRRBs, mirror the “Golden Thread” principle—it will likely become the compliance norm across sectors.

6. Terrorism (Protection of Premises) Act 2025 (Martyn’s Law)

Martyn’s Law came on 3 April 2025, marking a new era of compliance. Venues above certain capacity thresholds must put in proportionate protective security measures. For FMs, this isn’t just about bolting on security—it’s about embedding terrorism risk into daily operations. Expect checks on evacuation plans, staff training, and incident drills.

  • Evidence to maintain: Terrorism risk assessment, incident response plan, staff training logs, drill records.
  • FM tip: Treat it like fire safety—regular, documented drills are as important as the risk assessment itself.

7. PUWER 1998 & LOLER 1998

PUWER 1998 requires work equipment to be safe and suitable, while LOLER mandates inspections of lifting equipment. Think lifts, hoists, cranes, forklifts—all demand statutory inspection. 

FMs often stumble on contractor oversight: assuming lift companies track compliance when ultimate liability sits with the dutyholder. These checks are central to any facilities management statutory compliance calendar.

  • Evidence to maintain: Statutory inspection certificates, operator training records, maintenance logs, defect close-outs.
  • FM tip: Keep a central certificate register; don’t rely on suppliers emailing PDFs when auditors demand them.

8. Electricity at Work Regulations 1989

Electrical safety is enforced through the EICR (Electrical Installation Condition Report), typically every 5 years. It’s not enough to file the report—you must show remedials are actioned. Regulators increasingly request proof of completion within defined timeframes.

  • Evidence to maintain: Current EICR, remedial action tracker, PAT testing logs.
  • FM tip: Link remedial actions to POs and completion certificates—auditors want to see the full loop.

9. Control of Asbestos Regulations 2012

Under the Control of Asbestos Regulations 2012, if asbestos is present, the dutyholder must manage it. That means an asbestos register, management plan, and re-inspections at least every 12 months. 

The biggest compliance failure is poor contractor communication—if a contractor drills into ACMs without knowledge, liability lands on the dutyholder. This forms part of the mandatory building compliance checklist for UK facilities.

  • Evidence to maintain: Asbestos register, management plan, re-inspection reports, contractor sign-off.
  • FM tip: Digitise the asbestos register and make it accessible before every job permit is issued.

10. Legionella (HSE ACOP L8 / HSG274)

Legionella compliance is about risk control in water systems. That means flushing low-use outlets, temperature monitoring, and regular sampling. Prosecution history shows that missing even a handful of records can sink your defence.

  • Evidence to maintain: Legionella risk assessment, temperature logs, flushing records, and maintenance evidence.
  • FM tip: Automate temperature monitoring where possible—manual logs are too easy to miss.

Beyond the Law: Building Codes and Standards Alignment

Statutory compliance is the legal baseline. But the real measure of a resilient operation is code alignment—meeting both the letter and the spirit of UK building and safety standards.

  • Fire and Building Codes: FMs must demonstrate compliance not just with the Fire Safety Order but also with BS 9999 (non-residential) and BS 9991 (residential) codes. Regulators now expect to see alignment between fire strategies, design documents, and maintenance regimes.
  • Workforce Licensing: Gas Safe, NICEIC, and other certification schemes are legally required for specific works. If unlicensed workers perform regulated tasks, liability lands squarely on the employer or FM provider.
  • Documentation Chains: Building control sign-offs, commissioning certificates, and test results should tie back to your maintenance logs. Gaps between design, install, and maintenance records are a common reason compliance cases collapse in court.

In short: Building safety now extends beyond compliance to competency, traceability, and interoperability.


SFG20: The Operational Backbone of Compliance

If statutory law defines what must be done, SFG20 defines how to do it. It’s the UK’s definitive standard for planned maintenance, mapping each legislative requirement into a set of tasks, methods, and frequencies.

For facilities management teams, SFG20 is the bridge between legislation and daily operations. It covers all the acts listed above—from HSWA to Legionella—ensuring maintenance regimes remain compliant by design.

  • Codified maintenance schedules: Every SFG20 task is linked to a legislative driver.
  • Dynamic updates: When laws or standards change, SFG20 schedules update automatically.
  • Universal alignment: Adopting SFG20 ensures every engineer, contractor, and site operates from the same rulebook.

Smart FM providers now treat SFG20 as a compliance engine, not just a maintenance library. It’s the foundation for standardised, auditable, and evidence-based operations across estates.


How Facilio Elevates Compliance With SFG20 Integration

For multi-site portfolios juggling hundreds of assets and audits, paper and spreadsheets are obsolete. Facilio’s CMMS brings compliance into one digital command centre.

Here’s how it transforms compliance management:

  • Seamless SFG20 Integration: Facilio’s partnership with SFG20 means your maintenance schedules, frequencies, and statutory tasks automatically sync with the latest standards—no manual updates required.
  • Unified Compliance Dashboard: Fire safety actions, EICRs, asbestos reports, and Legionella logs all live in one place. Every certificate, register, and inspection is traceable to an asset or site.
  • Evidence on Demand: Auditors or insurers ask, and you show—instant access to signed-off work orders, certificates, and remedial histories.
  • Real-Time Insights: Dashboards highlight overdue actions, upcoming statutory inspections, and contractor performance gaps.
  • End-to-End Accountability: From technician mobile check-ins to leadership dashboards, every Responsible Person sees compliance health in real time.

Whether it’s fire safety, EICRs, or legionella checks, Facilio gives you the digital “golden thread” across your estate—so when regulators knock, you’ve got the proof in seconds, not days.

FAQs

Is Martyn’s Law in force now?

Yes. It’s officially the Terrorism (Protection of Premises) Act 2025, with phased enforcement based on capacity thresholds.

What EPC/MEES obligations apply in 2025?

The EPC-B target has been delayed; EPC E is still the floor for lettings. Consultations are ongoing.

How often is an EICR needed?

Normally every 5 years, though some insurers or risk profiles demand shorter cycles.

Who counts as the “Responsible Person” under fire safety law?

Usually the employer, owner, or person with control. For FMs, that often means implementing compliance on the employer’s behalf but holding equal accountability for delivery.

What is a facilities compliance manager?

A facilities compliance manager oversees statutory and regulatory obligations across sites. They manage inspections, keep evidence like registers and certificates, and ensure compliance tasks are completed and logged.