What is a fire risk assessment and who needs one?
A fire risk assessment is a structured evaluation of premises or an environment to identify fire hazards, assess the risk they pose to people and assets, and determine what protective measures are needed. It is a legal requirement for most non-domestic premises and a fundamental component of any responsible fire safety strategy. The sections below answer the most common questions about fire risk assessment requirements, scope, frequency, and process.
Who is legally required to carry out a fire risk assessment?
Any person or organization responsible for non-domestic premises is legally required to carry out a fire risk assessment. This applies to employers, building owners, landlords, and anyone who controls a workplace, commercial property, or premises to which the public has access. In most jurisdictions, this duty falls on the “responsible person” as defined by fire safety legislation.
In practice, this covers an exceptionally wide range of organizations. Offices, warehouses, retail spaces, factories, hotels, schools, hospitals, data centers, and energy facilities all fall within scope. Even if a building is unoccupied for most of the time but contains equipment or materials that could pose a fire risk, the duty to assess that risk typically still applies.
The legal framework varies by country, but the underlying principle is consistent across most regulatory systems: whoever controls the premises or the activity taking place within it bears responsibility for identifying and managing fire risk. In the UK, this is governed by the Regulatory Reform (Fire Safety) Order 2005. In the EU, national transpositions of workplace safety directives impose equivalent obligations. Failure to comply can result in enforcement notices, fines, or, in serious cases, criminal prosecution.
What does a fire risk assessment actually cover?
A fire risk assessment covers five core areas: identifying fire hazards, identifying people at risk, evaluating and reducing or removing those risks, recording findings and implementing an emergency plan, and reviewing the assessment regularly. Together, these steps form a complete picture of the fire risk present in a given environment and the measures needed to control it.
Within each of these areas, the assessment examines specific factors in detail:
- Ignition sources: Electrical equipment, heating systems, machinery, hot work processes, and any other sources capable of generating heat or sparks
- Fuel sources: Combustible materials including paper, packaging, textiles, flammable liquids, and, in increasingly common environments, lithium-ion battery systems
- Oxygen sources: Air circulation, ventilation systems, and oxygen-enriched atmospheres
- People at risk: Employees, visitors, contractors, and any individuals who may be particularly vulnerable, such as those with mobility limitations or those working in isolated areas
- Existing controls: Current detection systems, suppression equipment, escape routes, signage, and staff training
A thorough fire safety assessment also considers the specific nature of the equipment and assets present. In environments containing server racks, electrical switchgear, high-voltage cabinets, or battery energy storage systems, the assessment must account for the unique fire behavior of those assets, including the risk of internal faults that produce smoke before an open flame develops.
How often does a fire risk assessment need to be reviewed?
A fire risk assessment must be reviewed whenever there is reason to believe it is no longer valid, and at regular intervals even if nothing has changed. Most fire safety guidance recommends a formal review at least once a year, though high-risk environments or those subject to frequent change may require more frequent reassessment.
Specific triggers that require an immediate review include:
- Structural changes to the building or layout
- Introduction of new equipment, processes, or materials that alter the risk profile
- Changes in occupancy, such as a significant increase in the number of people on site
- A fire incident or near-miss event
- Changes in legislation or updated guidance from fire authorities
- Feedback from a fire safety inspection
The review process is not simply a repeat of the original assessment. It should compare current conditions against previous findings, identify what has changed, and update the documented findings accordingly. Organizations that treat the fire risk assessment as a one-time exercise rather than a living document leave themselves exposed both legally and practically.
What happens if a fire risk assessment identifies gaps in protection?
When a fire risk assessment identifies gaps in protection, the responsible person is required to take action to reduce or eliminate those risks to an acceptable level. The assessment itself does not resolve the risk; it is the starting point for a remediation plan that must be implemented within a reasonable and proportionate timeframe.
Identified gaps commonly fall into one of several categories. Some relate to physical infrastructure, such as missing or inadequate fire detection, the absence of suppression systems in high-risk enclosures, or blocked escape routes. Others relate to organizational factors, including insufficient staff training, outdated emergency procedures, or a lack of documented maintenance records for fire safety equipment.
For each identified gap, the assessment should record the nature of the risk, the recommended corrective action, the person responsible for implementing it, and a target completion date. Priority should be given to risks that combine high likelihood with high potential impact, particularly in areas where a fire could damage irreplaceable equipment, cause extended downtime, or endanger life.
In environments where critical equipment operates inside enclosed cabinets or enclosures, a common finding is that general area detection systems provide insufficient protection at the asset level. Smoke may be contained within a cabinet for a significant period before it reaches a ceiling-mounted detector, allowing damage to escalate before suppression is triggered.
Can you do a fire risk assessment yourself or do you need a professional?
You can carry out a fire risk assessment yourself if you have sufficient knowledge, experience, and competence to do so reliably. There is no legal requirement in most jurisdictions to hire an external assessor, provided the person conducting the assessment is genuinely capable of identifying hazards, evaluating risk, and implementing appropriate controls. For small, low-risk premises, a competent in-house person is often sufficient.
However, for larger, more complex, or higher-risk environments, engaging a qualified fire risk assessor is strongly advisable. Complexity increases significantly in premises that contain:
- High-voltage electrical infrastructure or battery energy storage systems
- Mission-critical IT or telecommunications equipment
- Large numbers of occupants or vulnerable persons
- Multiple occupancies or complex building layouts
- Specialist processes or materials with unusual fire behavior
The key legal standard is competence, not qualification. A responsible person who lacks the technical knowledge to assess a specific risk, such as the fire behavior of lithium-ion batteries or the adequacy of suppression coverage inside a server enclosure, should seek specialist input for that element of the assessment even if they handle the broader assessment themselves.
A professional assessor will also be familiar with current standards, testing certifications, and the latest guidance on emerging risks, which is particularly relevant given the rapid growth of battery storage and high-density electrical infrastructure across industries in 2026.
How ExxFire supports fire risk assessment findings
When a fire risk assessment identifies gaps in object-level protection for enclosed equipment, ExxFire provides a direct, certified solution. ExxFire’s integrated fire detection and suppression systems are purpose-built for exactly the environments where standard area detection falls short: server racks, ICT cabinets, switchgear enclosures, and battery energy storage systems.
Key features that address common assessment findings include:
- Aspirating smoke detection: Detects smoke at the earliest possible stage, inside the enclosure itself, before heat or flame develops
- Nitrogen-based suppression: Extinguishes fire using non-pressurized inert gas that leaves no chemical residue and causes no secondary damage to sensitive electronics
- PFAS-free technology: A clean, environmentally compliant alternative to legacy suppression agents, supporting sustainability and regulatory requirements
- Easy self-installation: Pre-engineered systems require no special certification to install, reducing cost and complexity
- Integration with existing fire panels: Built-in relays allow seamless connection to existing fire safety infrastructure
- Certified performance: Systems are tested and validated by CNPP France and DMT, part of TÜV Nord
If your fire risk assessment has highlighted unprotected critical equipment, contact ExxFire to find out how its combined detection and suppression systems can close that gap and support your business continuity.
Related Articles
- What fire suppression agents have the lowest environmental impact?
- What are the health risks of PFAS in fire suppression foam?
- What are the long-term costs of using high-GWP fire suppression agents?
- Are traditional fire suppression agents harmful to the environment?
- What is the difference between suppression and prevention in fire safety?

