The Building Safety Act 2022, explained for FM and estates teams

The Building Safety Act 2022 (“BSA”) is the most significant piece of building safety legislation in a generation. It was a direct legislative response to Grenfell, and it fundamentally rebalances accountability for safety in higher-risk buildings. For UK FM and estates teams, the practical impact is this: the regulator is now empowered, the duty-holder model is named, and the evidence bar has moved from “we have a system” to “produce the record on demand.”

This post is for compliance managers, heads of estates, facilities directors and building safety leads who need to brief a board, a client or themselves on what actually changed and what to do about it. It is not legal advice; the consolidated text and statutory guidance are the authority.

What the Act actually changed

Before April 2022, building safety enforcement in England relied on the Building Regulations and a fragmented assurance regime. The BSA introduced four structural changes that materially raise the operational burden on duty-holders:

• The Building Safety Regulator, a new regulator within the HSE empowered to issue compliance notices, prosecute and intervene on higher-risk buildings (HRBs).
• Higher-risk buildings (HRBs) defined: generally, residential buildings 18m+ or 7+ storeys with at least two residential units. HRBs require formal registration, gateway approvals and a named Accountable Person (AP) and Principal Accountable Person (PAP).
• The golden thread of information: duty-holders must keep a continuous, structured record of building safety information from design through construction into occupation. The information must be accurate, accessible and handed over at every transition.
• Resident voice and reporting: APs must demonstrate active engagement with residents and have working channels for safety concerns.

Why this matters even if you don’t manage HRBs

The HRB regime is the strictest layer, but the cultural and procedural changes ripple into every estate. Three reasons:

• Board appetite for ambiguity is gone. Trusts, FTSE estates and large corporate property portfolios are extending HRB-grade evidence requirements to non-HRB buildings as a matter of governance hygiene. The bar has moved system-wide.
• Insurers and lenders are aligned with the regulator. Premiums and cover increasingly turn on documented evidence of compliance, not on policy alone.
• Personal liability is now real. The named Accountable Person and senior managers can be individually prosecuted for safety failings under the BSA and, indirectly, the Health and Safety at Work etc. Act 1974.

The golden thread, in operational terms

The golden thread is the BSA’s requirement that building safety information is maintained as a single, accessible, accurate and continuous record across the building’s life. The MHCLG and HSE guidance emphasises ten properties: it must be accurate, up-to-date, sharable, structured, secure, accessible, verifiable, complete, defined and traceable.

In practice, the golden thread cannot live in spreadsheets and shared drives. The regulator’s test is whether information is structured, queryable and verifiably current. That is a software requirement, not a filing requirement.

What estates teams should be evidencing

• Statutory inspection records, with named inspector, date, defect classification and remediation status.
• Fire safety: FRA, fire door inspections, alarm tests, emergency lighting, sprinkler/suppression maintenance, compartmentation surveys.
• Electrical: EICRs and any remediation evidence with closure trail.
• Mechanical: gas safety, pressure systems (PSSR), HVAC LCA records, water hygiene (L8 risk assessment, sampling, tank cleans, TMV servicing).
• Lift safety: LOLER thorough examination certificates and remedial actions.
• Asbestos register and management plan with re-survey cadence.
• Working at height equipment: ladders, MEWPs, anchor points, edge protection.
• Construction Design and Management (CDM) records for any works above the relevant thresholds.

The operational gap most teams have

Across the UK estates we have audited in the past 24 months, the same three failure patterns recur:

1. Evidence exists but cannot be produced quickly.The certificate is on a contractor’s laptop, in a shared drive folder no one has opened in 18 months, or attached to an old email. The status is “compliant” right up to the moment someone asks for the document.
2. Expiry tracking lives in someone’s head. The compliance calendar is a personal Excel file owned by one person. When that person is on leave or moves on, certificates lapse silently.
3. Actions and statuses are conflated.A C2 electrical observation is logged as “non-compliant” until it is closed, but the closure evidence (the remedial certificate) is not linked. The status flips back to green without proof.

What “defensible compliance” looks like

Defensible compliance is the operational expression of the golden thread. It has five properties:

• Binary status logic. Every compliance line item is compliant, due, expired or missing. No half-states.
• Evidence linked to status. The certificate, inspection report or test record is attached to the status. Status without evidence is not compliant.
• Actions tracked separately. Remedial actions raised by audits or inspections are distinct from compliance status, so closure of an action and the resulting evidence are clearly traceable.
• Audit trail of every change.Who uploaded what, when, why. The regulator’s starting question is “show me the timeline”.
• Multi-tenant safety where relevant. Tenant- and landlord-held evidence must be requestable, trackable and chase-able without manual email rotation.

How Zerix is built around this

Zerix Compliance is engineered around the defensibility test. Compliance status is binary. Evidence is required for status to flip green. Actions raised by audits are tracked separately and closed with linked evidence. The audit log captures every action by every user. AI document analysis (Zerix AI Assistant) extracts structured data from certificates, RAMS and inspection reports, including BS 7671 observation classes and re-inspection dates, and automatically populates the record.

The platform also runs on a modern database engine with native Row-Level Security at the database engine level, which means AI features can be deployed safely across multi-tenant data without risk of cross-tenant leakage. That matters because the BSA-era duty-holder structures often involve multiple parties in a single building.

Where to start, this quarter

1. Stand up a single compliance register. One source of truth, by building, by category, with named owners and binary status logic.
2. Reconcile evidence to status.If you can’t produce the document, the status is not green. This will hurt before it gets better.
3. Move to automated expiry tracking. Spreadsheet calendars are the single biggest preventable failure mode. Every alert should be tied to an owner, not an inbox.
4. Audit your golden thread quarterly.Pretend the regulator is arriving on Monday. Run the “produce in an hour” test on five random buildings.
5. Brief your board on personal liability. If your APs and senior estates leadership do not understand the BSA accountability regime, that is a governance problem, not a compliance one.

Further reading

• MHCLG: The golden thread and information management
• Building Safety Act 2022: full text
• HSE: Building Safety Regulator

If you’d like a walk-through of how Zerix handles defensible compliance against your real building, book a demo.