--- title: "Legionella and insurance: does your policy require a risk assessment?" source_url: https://legionella.io/articles/legionella-and-insurance-does-your-policy-require-a-risk-assessment/ canonical_url: https://legionella.io/articles/legionella-and-insurance-does-your-policy-require-a-risk-assessment/ pillar: "UK Legionella Law & Compliance" summary: "A Legionella risk assessment is a legal duty whatever your cover says - but a missing or stale one can also let an insurer cut or refuse a claim. Here's how." primary_keyword: "Legionella insurance" date_published: 2026-04-02 date_reviewed: 2026-06-26 author: "Legionella.io editorial team (REMOTE TECH LTD)" reviewed_against: "HSE L8 and HSG274 guidance" region: "United Kingdom" license: "(c) REMOTE TECH LTD. Quote freely with attribution and a link to source_url." --- # Legionella and insurance: does your policy require a risk assessment? A Legionella risk assessment is a legal duty whether or not you carry insurance. Health and safety law puts it on you the moment you control premises with a water system; no policy creates it and no policy removes it [1]. So the honest answer: your insurer usually does not "require" the assessment the way the law does. What it can do is make the absence of one far more expensive — by reducing or refusing a claim when you cannot show the assessment existed and was acted on. Insurance does not invent the duty; it raises the price of ignoring it. ## The legal duty comes first, and it is not negotiable Under the Health and Safety at Work etc. Act and the Control of Substances Hazardous to Health Regulations, anyone running a business or in control of premises must identify and assess the risk from Legionella and put proportionate controls in place; the Approved Code of Practice L8 sets out what "adequate" looks like [1][2]. Residential landlords sit under the same framework — a clear duty to assess and manage the risk in rented property, even for a simple domestic hot and cold system [3]. That is the floor. If you do nothing else, do the assessment and act on it. The basics of what an assessment is and why it exists are covered in [Legionella risk assessment basics](https://legionella.io/articles/legionella-risk-assessment-basics-what-it-is-and-why-you-need-it/). Insurance sits on top of this floor — and it is where a lot of otherwise sensible owners get caught out. ## How a Legionella gap can bite at claim time Commercial property, landlord and liability policies cover the unexpected, not a building the policyholder knowingly neglects. Many include general conditions about complying with statutory obligations, and a "reasonable precautions" clause asking you to take reasonable care to prevent loss or injury. Wording varies enormously between insurers, so I will not tell you what *your* policy says — read it, and ask your broker if it is unclear. What I can say is how the mechanism tends to work. If someone contracts Legionnaires' disease and a claim lands on your public or employers' liability cover, the insurer will check whether you met your obligations before they pay. A current risk assessment, a written scheme of control, and records showing the controls were running are the evidence that you took reasonable precautions. If that evidence is missing, the insurer has room to argue the claim — and a confirmed work-related case can also be reportable under RIDDOR, putting the same records under official scrutiny at the same time [4]. The cost of an outbreak runs well past the immediate claim, as set out in [The cost of an outbreak](https://legionella.io/articles/the-cost-of-an-outbreak-health-legal-and-reputational-damage/). A reduced or refused claim turns that exposure into one you carry yourself. ## What nobody tells you about insurance and Legionella Three things rarely make the generic "do you need an assessment?" piece, yet they decide how a claim goes. **A "condition" and a "warranty" are not the same animal.** In insurance these are technical terms, not consumer-guarantee language. A policy condition — sometimes a *condition precedent* to liability — sets something you must do for cover to respond; breach it and the insurer may decline that claim. A warranty is a stricter promise about a state of affairs. The law on warranties has been reformed in recent years, so a breach no longer automatically voids a policy the way it once might have — but the precise effect depends on the wording and on legal advice, not on what you assume. The practical point: do not skim past clauses headed "conditions" or "warranties". They are the levers an insurer reaches for first. **After an incident, a loss adjuster reads your logbook, not your intentions.** When a claim is investigated, the adjuster or the insurer's expert asks for documents: the current risk assessment, the written scheme, the monitoring records (temperatures, flushing of low-use outlets, tank and calorifier checks), and proof that the remedial actions it raised were closed out. They are building a timeline. Gaps in it — a six-month hole in temperature records, a high reading with no action logged, a recommendation marked "open" for two years — are where a claim gets challenged. Good intentions do not appear in the file. Dated records do. **"We had it assessed once in 2019" is not a maintained record.** A one-off assessment with an empty logbook behind it is the most common weak spot. L8 expects an assessment to be reviewed when there is reason to think it is no longer valid — after changes to the system, occupancy or use — and ongoing monitoring of the controls in between [2]. A five-year-old PDF with no monitoring since does not show "reasonable precautions maintained"; it shows you did it once and stopped. To an insurer, and to the regulator, those read very differently. ## Three situations where the policy and the logbook collide The landlord with a tidy certificate. A residential landlord commissioned an assessment when they bought the flat, filed the report, and never looked at it again. Then a tenant falls ill and the liability cover is tested. The assessment exists — but there is no evidence of the simple controls it recommended (flushing after voids, checking water does not sit lukewarm), so nothing shows the risk was managed since. The facilities manager whose monitoring lapsed. A capable FM runs a proper regime, but a contractor changeover left an eight-month gap in the temperature logs. The assessment is current and the scheme sound; the hole is purely in the records — and that is what an adjuster zeroes in on, because it is the part you cannot reconstruct after the fact. The owner who outsourced and assumed. A commercial landlord pays a water-treatment contractor and assumes that covers everything. The contractor samples and services, but the remedials they flag — a redundant dead leg, a failing thermostatic mixing valve — sit unactioned because no one on the client side owns the close-out. The duty, and the claim risk, stays with the owner regardless of who holds the spanner. What non-compliance costs is laid out in [The cost of non-compliance](https://legionella.io/articles/the-cost-of-non-compliance-legal-and-business-impacts/). In my view the real choice is not "assessment versus no assessment" — almost everyone clears that bar. It is between an assessment that lives and one that sits in a drawer. The living version costs a little attention each month; the drawer version costs nothing until the day it costs everything. This is general guidance, not legal, insurance or medical advice. What your specific policy requires is a matter of its own wording — read it and check with your broker. What controls your building needs is a matter for a competent person working from a current, site-specific Legionella risk assessment. We do not advise on policy interpretation, claims or system design; those belong to your broker, your legal adviser and your competent assessor respectively. ## What to do this week Pull two documents side by side: your insurance schedule and your Legionella file. In the schedule, find the general conditions and any clause about statutory compliance or reasonable precautions, and note anything unclear to raise with your broker. In the Legionella file, check three dates — when the assessment was last reviewed, when monitoring was last recorded, and whether the last remedial action was closed out. If any of the three is stale, you have found the gap an insurer would find first. Fixing it is unglamorous: book the review, restart the monitoring, close out the open actions, and keep the records where they cannot quietly lapse again. A maintained, date-stamped trail is the cheapest evidence you will ever buy — and keeping it visible, rather than scattered across spreadsheets and inboxes, is exactly what a digital logbook is for. ## FAQ ### Does my insurance legally require a Legionella risk assessment? Not in the way the law does. The requirement to assess and control Legionella comes from health and safety legislation, not your policy [1]. Many policies do contain conditions about meeting your statutory duties and taking reasonable precautions, so a missing assessment can still affect whether a claim is paid. Read your wording and ask your broker. ### Can an insurer refuse a claim if I have no risk assessment? An insurer can investigate whether you met your obligations before settling a liability claim, and the absence of a current assessment and records gives them grounds to reduce or dispute it. Whether they can refuse outright depends on the policy clauses and the relevant law — which is why the exact wording matters and legal advice is worth taking. ### Is a one-off assessment from a few years ago enough? Usually not. An assessment should be reviewed when there is reason to believe it is no longer valid, with monitoring of the controls in between [2]. A dated report with no records behind it does not show the risk has been managed since, which is the part an insurer and the regulator both look for. ## Related reading - [Legionella risk assessment basics: what it is and why you need it](https://legionella.io/articles/legionella-risk-assessment-basics-what-it-is-and-why-you-need-it/) - [The cost of an outbreak: health, legal and reputational damage](https://legionella.io/articles/the-cost-of-an-outbreak-health-legal-and-reputational-damage/) - [The cost of non-compliance: legal and business impacts](https://legionella.io/articles/the-cost-of-non-compliance-legal-and-business-impacts/) ## Sources [1] HSE, "Legionnaires' disease - what you must do". https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm [2] HSE, "Legionnaires' disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)". https://www.hse.gov.uk/pubns/books/l8.htm [3] HSE, "Legionella and landlords' responsibilities". https://www.hse.gov.uk/legionnaires/legionella-landlords-responsibilities.htm [4] HSE, "RIDDOR - Reporting of Injuries, Diseases and Dangerous Occurrences Regulations". https://www.hse.gov.uk/riddor/