Running a small fire and security business has always involved keeping pace with regulation. That’s understood. But what’s happened over the past 18 months isn’t a standard cycle of updates, it’s several major changes arriving at once, and the pace is not slowing.
BS 5839-1:2025 came into force in April 2025, replacing the 2017 standard for fire detection and alarm systems across all non-domestic buildings. BS 8674:2025 followed in August, establishing for the first time a national competency framework for fire risk assessors with mandatory accreditation signalled as the next step. The Fire Engineers Advisory Panel published an authoritative statement in December 2025 confirming that fire engineering will become a regulated profession. The London Fire Brigade stopped responding to daytime automatic alarm activations in most commercial buildings in October 2024, shifting liability directly onto building owners and their contractors. And in April 2026, new legislation requiring Personal Emergency Evacuation Plans in residential buildings above 11 metres came into force.
Any one of these would warrant attention. Together, they represent the most compressed regulatory shift the sector has seen since the Regulatory Reform (Fire Safety) Order 2005.
Most of what’s been written about these changes is aimed at building owners and facilities managers. If you’re running a fire and security business, the compliance demands you face aren’t the same as theirs, and the advice that applies to them often doesn’t apply to you.
Why so much has changed so fast
The answer, almost entirely, is Grenfell.
The Phase 2 inquiry report, published in September 2024, contained 58 recommendations and a damning verdict on systemic failures across the construction and fire safety industries: inadequate competence, fragmented accountability, and records too incomplete to support any meaningful audit trail. The government accepted all 58 recommendations in February 2025 and began legislative implementation.
The Building Safety Act 2022 had already changed the structural framework — creating the Building Safety Regulator, establishing the concept of duty holders, and introducing the “golden thread” requirement that every safety-critical decision about a building must be documented, traceable, and maintained across its lifetime. The standards and regulations arriving since then are, in many cases, the secondary legislation flowing from that Act.
Dave Claydon, a health and safety compliance consultant who works with businesses across multiple sectors, put it plainly on the Norfolk Business Show: “A lot of things changed and we had to get re-qualified. There’s such a call for it now from insurance companies.”
That observation holds across fire and security. The pressure isn’t purely regulatory. Insurers are increasingly using compliance evidence as an underwriting criterion. Clients, particularly housing associations, facilities managers, and local authorities — are asking harder questions at tender stage. And if something goes wrong, enforcement has teeth. Unlimited fines and up to two years’ imprisonment are already available under existing fire safety law. Post-Grenfell, nobody is treating those provisions as theoretical.
Fieldmotion Brochure
See how Fieldmotion helps field service teams manage jobs, schedule staff, create invoices, and communicate with customers — all from one easy-to-use system.
What’s actually changed, and what it means for your business
BS 5839-1:2025 — the fire alarm standard your engineers work to every day
The 2017 edition of BS 5839-1, which governed the design, installation, commissioning and maintenance of fire detection and alarm systems in non-domestic buildings, was withdrawn on 30 April 2025. The 2025 edition is now the standard against which all new work and any modifications to existing systems will be assessed.
The changes that matter most in practice:
- Sleeping areas. Heat detectors are no longer acceptable in areas where people sleep. Smoke or multi-sensor detectors are now required. This applies to care homes, hotels, student accommodation, and any other building where sleeping occupancy exists. The standard isn’t retrospective for existing systems that remain unmodified but the moment an upgrade or extension is made to an existing system, the new work must comply with BS 5839-1:2025.
- Cabling. All fire alarm wiring, including the mains supply, must now use fire-resistant cable. Mains cabling must be red for clear identification. Non-fire-resistant cable is no longer compliant even where it’s mechanically protected.
- Documentation. Every system design must be carried out or formally verified by a competent person, and a Design Certificate must be issued under the updated model form. Clause references in certificates need updating to reflect the new numbering structure, which has been completely reorganised from the 2017 format.
- False alarm investigation. The standard now requires all false alarms to be investigated by the user, and the commissioning organisation must provide written guidance on how this is to be done. A mandatory “False Alarm” notice must be displayed on panels that automatically connect to the Fire and Rescue Service.
- Zone plans. The omission of a zone plan where an addressable system is not in use is now classified as an unacceptable variation, not a minor deviation.
- Servicing intervals. Weekly user tests and inspections by a competent contractor every five to seven months are now explicitly expected. High-risk sites may need quarterly inspections.
For engineers who’ve been working to BS 5839-1:2017, many of the practical procedures are the same. But the documentation requirements are stricter, the certificate references need updating, and the competency expectations are more explicit. If your engineers haven’t reviewed the changes formally, that’s where to start.
For your service agreement customers: any system they’re running under a maintenance contract should be assessed at the next service visit against the 2025 requirements. Where a system was installed or last modified before April 2025, any modifications made after that date must comply with the new standard. Recording that assessment, and the advice given, protects both your customer and your business.
BS 8674:2025 — competency for fire risk assessors is about to become mandatory
Until August 2025, there was no nationally recognised framework defining what “competent” meant for a fire risk assessor. A building owner appointing someone to carry out their statutory fire risk assessment had no consistent benchmark to assess whether that person was genuinely qualified for their specific building type. The Grenfell inquiry identified this gap directly: assessments in complex buildings had been carried out by people whose competence wasn’t equal to the risk.
BS 8674:2025, published by BSI in August 2025, establishes that framework for the first time. It defines three levels of competence:
- Foundation: assessors working in low-risk premises — small offices, shops, simple commercial spaces
- Intermediate: medium-complexity buildings — hotels, schools, mid-size residential blocks, public venues
- Advanced: complex, multi-occupancy buildings — high-rise residential, care homes, large commercial premises where major fire engineering solutions may be required
Competence under BS 8674 isn’t just about qualifications. It also covers experience (with specific building types at each level), professional behaviours, and continuing professional development. Certification against the standard through a UKAS-accredited scheme such as the IFSM Tiered Fire Risk Assessor Register, is what the Home Office has confirmed will become a mandatory legal requirement.
The timeline for mandatory accreditation hasn’t been legislated yet, but the direction is unambiguous. The Building Safety Act 2022 already requires that fire risk assessments be carried out by competent persons. BS 8674 now defines what competent means. The gap between “clearly signalled” and “legally required” is closing.
What does this mean for a fire and security contractor?
If your business carries out fire risk assessments as part of your service offering, your assessors need to be working toward BS 8674 certification and clients will increasingly ask for evidence of that. If your assessors aren’t yet on a UKAS-accredited register, check which body aligns best with the building types you work in.
If you don’t carry out assessments yourself but work alongside assessors on new installations, system upgrades, or compliance visits, BS 8674 is going to affect who your clients can use and, increasingly, who they’ll accept as a referral. Building those relationships now, with the right accreditation behind both parties, positions you for the contracts that less-prepared businesses won’t win.
The LFB response change — and what it actually transferred onto you
From 29 October 2024, the London Fire Brigade stopped attending automatic fire alarm activations in most non-residential commercial buildings during daytime hours (7am to 8:30pm) unless the fire is confirmed by a 999 call. The statistics that drove the decision: in 2023/24, LFB attended 52,000 false alarm calls from automatic fire alarms. Less than 1% were actual fires.
Most other fire and rescue services across England, Scotland, Wales, and Northern Ireland had already moved to some version of this approach — Belfast introduced it in February 2024, the Scottish Fire and Rescue Service in July 2023. London was the last major hold-out.
This matters for fire and security contractors because of what it transferred. A business that previously had an automatic connection between its alarm receiving centre and the fire brigade now needs a confirmed human call to generate a response. The burden of that confirmation falls on the building’s staff — and the burden of keeping the false alarm rate low enough to prevent system erosion falls, in practice, on whoever maintains the system.
Practically, for your maintenance customers:
Their fire risk assessments need to reflect the new response protocol. Staff training needs to include what to do when the alarm activates during the day and who is responsible for calling 999 if the fire is confirmed. If your customer’s alarm system is connected to an Alarm Receiving Centre via BT RedCare — that service was withdrawn in August 2025. Any customers still on RedCare need an alternative alarm signalling provider as a matter of urgency.
The liability argument for good system maintenance has also sharpened. A poorly maintained system that generates regular false alarms creates a building culture where alarms are ignored — not investigated. In a scenario where no automatic brigade response is coming, that’s not an abstract risk. Make that case explicitly when you’re discussing maintenance contracts with commercial customers, because it changes the conversation from “what does the contract cost” to “what does a gap in response capacity cost if the alarm cries wolf once too often.”
Fire engineers as a regulated profession — earlier than most businesses expect
In December 2025, the Fire Engineers Advisory Panel issued an authoritative statement confirming that fire engineering will become a regulated profession in the UK. Legislation is expected to follow, though the timeline hasn’t been confirmed.
This development sits slightly further from the day-to-day operations of most fire and security contractors than the other changes above — but the direction matters. What’s already clear is that the broader industry is moving toward formal regulation of everyone whose work affects fire safety. Fire risk assessors are being brought under a competency framework. Fire engineers are headed toward regulated professional status. The principle underpinning the Building Safety Act — that roles which carry safety responsibility must carry demonstrable, verifiable competence — is being extended progressively through the sector.
For a small fire and security business, the practical implication isn’t that you need to employ a fire engineer. It’s that the clients and specifiers you work alongside are operating in an environment of increasing professional accountability, and the businesses that can document their own competence clearly will have a growing advantage over those that can’t.
RPEEPs — residential buildings from April 2026
From 6 April 2026, legislation requiring Residential Personal Emergency Evacuation Plans came into force for buildings with two or more residential units that are either over 18 metres tall, or over 11 metres with a simultaneous evacuation strategy.
If you’re working in the residential high-rise sector — installing systems, carrying out inspections, maintaining existing installations — your clients who are Responsible Persons under the Fire Safety Order are now subject to new duties: identifying residents who need evacuation support, carrying out person-centred fire risk assessments, agreeing emergency evacuation statements, and sharing specified information with their local fire and rescue service.
The practical implication for contractors in this space: your clients are working through compliance with regulations that are new, complex, and in places unclear. Their fire risk assessments need to be current, and the systems you’ve installed need to support rather than complicate their evacuation strategies. If their building has sleeping areas and the existing system uses heat detectors in those zones, that’s now a conversation you should be initiating — not waiting to be asked about.
What happens when multiple changes land at once
Each of the changes above has its own requirements, its own timeline, and its own documentation trail. The challenge for a small fire and security business isn’t understanding any one of them in isolation. It’s managing the aggregate burden across an active job diary.
Dave Claydon, reflecting on the same pattern in the health and safety sector, put the risk clearly: “You’ve got organisations where health and safety takes a bit of a back seat. Not deliberately. But they’re so caught up in the business.”
In fire and security, that dynamic plays out in a specific way. An engineer on a maintenance visit has a long familiarity with a site. They know what’s there, they know the customer, and the visit can start feeling routine. But a system installed and signed off under BS 5839-1:2017 that now has a modification made to it — even a minor one — needs to be assessed against the 2025 standard for that modification. The certificate reference format has changed. The documentation requirement has changed. The engineer who does the work correctly but records it under the old format has created a compliance gap they may not be aware of.
This is the kind of gap that causes problems. Not the dramatic failures. The paperwork that was close enough, until it wasn’t.
The same applies to competency records. If you’ve sent engineers on training, but you can’t produce a training matrix showing who has been trained on what, when, and by whom, you can’t evidence the competence your contracts require. Clients working within Building Safety Act frameworks — particularly in the higher-risk building sector — are now expected to maintain and evidence the competence of every contractor working on their building. If your records can’t support that, you’re a liability to them.
The golden thread, in practice
The Building Safety Act introduced the “golden thread” principle: every piece of safety-critical information about a building must be documented, traceable, and maintained throughout the building’s life. That concept was designed primarily for higher-risk residential buildings, but it reflects a broader shift in how all fire safety work is being assessed and evidenced.
For fire and security contractors, the golden thread question is: if a client, an insurer, or an enforcement officer asked for a complete record of every asset in a building, every service visit, every test result, every recommendation made and every action taken — how long would it take to produce that, and how complete would it be?
Businesses still running on paper job sheets, or on digital systems where records are filed in disconnected places, will struggle to answer that question well. Not because the work wasn’t done. Because the evidence doesn’t exist in a form that can be retrieved and presented quickly.
The businesses that are least exposed are those where every visit creates a timestamped record, every asset has a documented service history, and every recommendation is captured and traceable — whether acted on or not. That’s what a defensible compliance position looks like in 2026.
What to actually do
Rather than a generic checklist, here are the specific areas where preparation is worth prioritising:
Review your engineers’ training records against BS 5839-1:2025. The change in standard isn’t just a document update — certificate clause references have changed, documentation requirements have been tightened, and competency expectations are more explicit. If your engineers were trained on the 2017 standard and haven’t formally reviewed the 2025 changes, address that now. Keep a record of that review.
Assess your service agreement customers’ systems. At every planned maintenance visit, the system should be assessed against BS 5839-1:2025 — particularly sleeping areas, cabling, and zone plan provision. The advice given and the customer’s response should be documented. This protects you if a customer later claims they weren’t informed about changes that affected their system.
Check which of your commercial customers are still on BT RedCare. That service ended in August 2025. Any customer still relying on it for alarm signalling has a gap in their fire safety provision. Identifying and addressing that is a service to them and a business opportunity for you.
Get clear on your firm’s position on BS 8674. If you offer fire risk assessments, your assessors need a clear pathway to accreditation. If you don’t offer assessments but work alongside assessors, identify which accredited assessors you’d confidently refer clients to — and get those relationships in place.
Build your job records to answer the golden thread question. Whatever system you’re using — paper, spreadsheet, or dedicated software — ask honestly whether it would let you reconstruct the complete service history of any asset, for any customer, on demand. If the answer is no, that’s the operational change that matters most.
How Fieldmotion supports compliance in the fire and security sector
Fieldmotion’s fire and security software is built around the documentation and compliance requirements of the sector. Engineers complete job sheets digitally on site — capturing asset conditions, test results, photos, and notes in real time, with GPS timestamps and customer signature. Certificates are generated and sent without anyone returning to the office. The full service history of every asset is available immediately.
For businesses managing planned maintenance contracts, the planned maintenance scheduling tools keep contracted visits in the diary automatically. Nothing gets missed because it was in someone’s head or on a spreadsheet that didn’t get updated. When a visit is completed, the job record is created and stored against the asset — so the history builds automatically over time.
The asset management features give you a view of every asset across every customer: what’s been tested, when, what was found, what was recommended, and what’s coming up for service. For businesses whose clients are operating under Building Safety Act frameworks, this is what the golden thread looks like in practice — a complete, retrievable record that supports compliance rather than undermining it.
For businesses building or expanding service agreements — which, in the current environment, is one of the strongest ways to create stable recurring revenue — our guide to service agreements in field service covers how to structure them and price them well. And if you’re thinking about how compliance capabilities can support your positioning when tendering for commercial contracts, the fire and security digital compliance piece covers how data-led businesses are winning work their competitors aren’t.
Book a demo to see how the platform works for a business at your scale, in your specific corner of the sector.
Book Your Free Demo
Discover how our job management software can streamline your operations, reduce paperwork, and keep your field teams on track.
FAQs
Does BS 5839-1:2025 apply to systems installed before April 2025?
Existing systems that remain unmodified don’t need to be immediately upgraded to comply with the 2025 standard. However, any modifications, extensions, or upgrades made after 30 April 2025 must comply with BS 5839-1:2025 for the new or modified elements. The 2017 standard has been withdrawn, so there’s no option to certify new work against the old edition.
Is BS 8674:2025 accreditation currently a legal requirement?
Not yet as a formal legislative requirement, though that change has been publicly signalled by the Home Office. The Building Safety Act 2022 already requires that fire risk assessments be conducted by competent persons. BS 8674 now defines the national benchmark for what competence means, and certification through a UKAS-accredited scheme is widely expected to become mandatory. Businesses offering fire risk assessments should treat this as an urgent operational priority rather than something to address once legislation arrives.
What should I do if a maintenance customer still has BT RedCare for alarm signalling?
BT RedCare was withdrawn in August 2025. Any customer still relying on it no longer has a functioning alarm signalling connection. You should identify any affected customers immediately and discuss alternative alarm signalling providers as a matter of urgency.
How does the London Fire Brigade change affect buildings outside London?
Most fire and rescue services across England, Scotland, Wales, and Northern Ireland had already moved to a similar approach before London’s change in October 2024. The principle is the same wherever you operate: automatic alarm activations in non-residential commercial buildings during daytime hours will not generate an automatic brigade response unless a fire is confirmed by a 999 call. Your maintenance customers need to have staff procedures in place for alarm investigation and 999 escalation.
What does the golden thread mean for a small fire and security contractor?
The golden thread requirement under the Building Safety Act applies formally to higher-risk residential buildings, but it reflects the direction of the whole compliance environment. In practice, it means every contractor working on a building needs to be able to evidence what they’ve done, when, and to what standard. For a small fire and security business, that means complete, retrievable job records — paper files and disconnected spreadsheets won’t cut it. Clients operating under Building Safety Act frameworks will increasingly require this evidence from their contractors.
Do the Residential PEEP regulations affect fire and security contractors directly?
The PEEP regulations place duties on Responsible Persons — building owners and managers — rather than on contractors directly. But contractors working in the residential high-rise sector need to understand the context: clients are subject to new evacuation planning requirements, systems need to support those plans, and any sleeping area where a heat detector is still in use needs to be flagged proactively. Being the contractor who identifies and addresses these issues ahead of enforcement is a considerably better position than being the one whose installation is cited when something goes wrong.
For more on the commercial and operational changes facing fire and security businesses, see our related pieces on service agreements and navigating BS 9991:2024.
