No. There is no such thing as a statutory “Legionella certificate” in UK law, and nobody can issue you a legally binding one. What the law actually requires is a suitable and sufficient risk assessment, plus evidence that you are acting on what it found [1].
That gap — between the document people think they must buy and the duty they actually carry — is where most of the confusion, and a fair amount of mis-selling, lives. So let’s take the myths one at a time and replace each with what an HSE inspector would genuinely look for.
Myth: the law requires a certificate
The single most common belief is that there is a named certificate, like an annual gas safety record, that you obtain, file, and renew. There isn’t.
The legal duty comes from general health-and-safety law — chiefly the Health and Safety at Work etc. Act, the COSHH Regulations and the management regulations beneath them — distilled into the Approved Code of Practice, L8 [1]. None of that asks for a certificate. It asks you to identify and assess the risk, control it, and keep records [3].
A “certificate” with a logo on it is a commercial product, not a legal instrument. It might summarise a real assessment, or it might be a one-page tick exercise dressed up to look official. The paper itself proves nothing. The work behind it is what matters.
Myth: as a landlord I must buy one every year
Landlords are caught by the same duty as any other person in control of premises: you must assess and control the Legionella risk in the properties you let [2]. That is real, and it is widely under-appreciated.
What is not real is the “annual landlord Legionella certificate” that letting agents and tick-box providers sometimes push. There is no statutory yearly certificate for a domestic let. For most ordinary low-risk rentals — a house or flat on mains water with no stored hot water tank, no cooling tower, no spa — the assessment can often be straightforward, and HSE does not expect you to commission expensive testing as a matter of course [2].
The pragmatic call is this: do the assessment, record the simple controls (keep cylinders hot, don’t let infrequently used outlets stagnate, flush before re-letting), and review it when something changes. That is compliance. A glossy annual certificate on top of nothing is not.
Myth: a certificate proves I’m compliant
This is the most expensive misunderstanding, because it lets people stop too early.
The risk assessment is the start of compliance, not the proof of it. Identifying the risk is one duty; acting on it, monitoring it, and reviewing it are equally legal duties [3]. A pristine certificate filed away, with no temperature monitoring, no flushing of dead legs, and no review date, is a finding with no response — and that empty space is the first thing an inspector probes.
In my view, the word “certificate” actively misleads people here. It implies a finish line. Legionella control has no finish line; it is a chain — assess, control, monitor, record, review — and your defence is that chain being visibly joined up, with named people against each link.
Myth vs reality at a glance
| The myth | The reality |
|---|---|
| ”I need a Legionella certificate” | You need a suitable and sufficient risk assessment, kept current [1] |
| “It’s a legal document I renew yearly” | There is no statutory certificate or fixed legal renewal interval; you review when the risk changes [1] |
| “The certificate is my proof of compliance” | Your proof is the whole chain: assessment plus monitoring, records and review [3] |
| “Landlords must buy one every year” | Landlords must assess and control risk; no annual certificate is mandated [2] |
| “Any certificate means the job’s done” | A document with no controls underneath it satisfies nothing |
Why the myth persists
Two forces keep it alive. The first is commercial: “certificate” sells better than “suitable and sufficient risk assessment with ongoing monitoring”. It sounds finite, cheap, and reassuringly like the other certificates a landlord or facilities manager already buys. Some providers lean into that.
The second is honest confusion. People reasonably pattern-match Legionella onto gas and electrical safety, where named certificates really do exist. The water-hygiene world doesn’t work that way, and the language hasn’t caught up. So a request for “the Legionella certificate” usually means “show me your evidence” — and the right answer is to produce the assessment and the records behind it, not to go shopping for a badge.
What to do instead
Stop asking who can sell you a certificate. Start asking what evidence you could put in front of an inspector tomorrow.
A credible risk assessment, written to a recognised methodology such as BS 8580-1, is the foundation [4]. It should describe your actual system — stored water, pipework, the outlets nobody touches, the people who could inhale an aerosol — and set out the controls. Beneath it sit the living records: temperature checks at the frequency your assessment specifies, flushing logs for low-use outlets, and a review date that actually gets honoured.
If a provider hands you a one-page “certificate” and nothing else, that is your cue to ask what assessment it is based on and where the ongoing records are.
A note on what this is, and isn’t
This is an editor’s plain reading of published HSE guidance, not legal advice and not a survey of your premises. Whether your specific building, tenancy or water system is adequately assessed and controlled is a judgement for a competent person who has actually seen it, and enforcement ultimately rests with HSE and the courts. Use this to ask sharper questions of whoever is selling you paperwork.
Your next step
Pull out whatever you currently call your “Legionella certificate” and check what sits behind it. Is there a dated risk assessment describing the building as it is now? Is there a named responsible person? Are there any monitoring records at all since it was issued? If those are missing, the certificate is decoration.
Many duty holders find the honest answer is that their evidence lives in three different inboxes and a paper folder. Moving the assessment, the temperature logs and the review dates into a single digital logbook is what turns a one-off document into the joined-up, audit-ready chain the law actually wants.
FAQ
Is a Legionella certificate a legal requirement in the UK?
No. UK law has no statutory Legionella certificate. The legal requirement is a suitable and sufficient risk assessment, kept current, together with evidence that you are controlling the risk it identified [1].
Do tenants ever need to see a Legionella certificate?
A tenant can reasonably ask a landlord to confirm the risk has been assessed and managed, but there is no certificate a landlord is legally obliged to issue or display. The landlord’s duty is to assess, control and keep their own evidence [2].
How long is a Legionella certificate valid for?
The question doesn’t really apply, because there is no statutory certificate with an expiry. You review your risk assessment at the interval it sets and sooner whenever the system, its use or the people exposed change [1].
Sources
[1] HSE, “Legionnaires’ disease. The control of legionella bacteria in water systems - ACoP and guidance (L8)”. https://www.hse.gov.uk/pubns/books/l8.htm [2] HSE, “Legionella and landlords’ responsibilities”. https://www.hse.gov.uk/legionnaires/legionella-landlords-responsibilities.htm [3] HSE, “Legionnaires’ disease - what you must do”. https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm [4] BSI, “BS 8580-1:2019 - Risk assessments for Legionella control. Code of practice”. https://knowledge.bsigroup.com/products/water-quality-risk-assessments-for-legionella-control-code-of-practice-1