
The Building Safety Act has reshaped how landlords think about every component fitted to a high-rise block, and access systems sit closer to the centre of that conversation than most providers realise. Door entry, intercoms and controlled access aren’t peripheral kit anymore — they’re part of the safety case.
Why access systems are now a safety case issue
According to the Building Safety Regulator, every higher-risk building (HRB) over 18 metres or 7+ storeys must have a registered safety case demonstrating how risks are managed across the lifecycle of the structure. Access systems feed directly into that case because they govern who enters, when, and through which route.
Landlords running an intercom for housing associations at HRB stock can no longer treat door entry as a tenant-convenience product. It’s evidence. Regulators want to see who held a fob, when permissions changed, and how breaches were handled.
This is a documentation discipline as much as a hardware spec. This isn’t a paperwork exercise — the Regulator can issue compliance notices and, in serious cases, prosecute the Accountable Person.
A 2024 Inside Housing analysis found that almost a third of HRB landlords were still relying on spreadsheets or paper key registers when the new regime came in. That gap is what the Act closes.
What the Act actually requires
The Act doesn’t prescribe brands or models. It sets duties. For access kit, those duties cluster around four areas:
| Duty area | What it means for access systems | Where evidence sits |
|---|---|---|
| Identify safety risks | Map every controlled door, its route and its failure mode | Safety case report |
| Manage those risks | Maintain functioning hardware and current permissions | Maintenance + access logs |
| Communicate with residents | Tell tenants how access works and how to report faults | Resident engagement strategy |
| Keep records | Hold a digital trail of changes for the building’s life | Golden thread store |
According to gov.uk guidance on the safety case, the Accountable Person must be able to produce this evidence on demand. A system that can’t export an audit log in a sensible format becomes a liability fast.
Audit trails, evidence and the golden thread
The golden thread is the running digital record of a building’s safety information. Access systems contribute three feeds:
- Permission changes (fob issued, fob revoked, who authorised it)
- Door events (which doors opened, when, and via which credential)
- Maintenance actions (call-outs, replacements, firmware updates)
A modern building access control platform exports this data cleanly. Legacy kit — particularly hard-wired systems installed pre-2018 — often can’t. According to the National Housing Federation, members reporting golden thread readiness most often cite “ageing access infrastructure” as their largest evidence gap.
This is a strong argument for cloud-managed access platforms. This isn’t a reason to rip out functioning kit overnight; phased replacement aligned with planned maintenance cycles is usually the pragmatic route.
What good audit data looks like
| Data point | Captured? | Retention |
|---|---|---|
| Resident name + flat | Yes | Life of tenancy + 7 years |
| Fob/credential ID | Yes | Life of credential + 2 years |
| Door event timestamp | Yes | Minimum 90 days, ideally 12 months |
| Authoriser of change | Yes | Permanent (golden thread) |
| Reason for change | Free text | Permanent |
Fire service access and resident egress
Section 156 of the Act amends the Regulatory Reform (Fire Safety) Order 2005 and pulls access design into fire safety reviews. Two things matter:
Fire and rescue services need a way in that doesn’t depend on a single point of failure. According to the British Security Industry Association, access systems serving HRBs should support fire-service override credentials or break-glass routines that are themselves logged.
Residents need a way out that never depends on a powered lock holding. Fail-safe locking on escape routes is non-negotiable. Maglocks on stair doors that don’t release on alarm have already triggered enforcement action.
Practical checklist for housing providers
Run this against every HRB in your stock:
- Can you export a 12-month access log for any door in under 10 minutes?
- Is the audit log tamper-evident (not editable after the fact)?
- Does every fail-safe door release on alarm, verified at last test?
- Are credential issue/revocation events tied to a named authoriser?
- Is the access system listed in the building’s safety case?
- Do residents know how to report a faulty door entry handset?
If you’ve answered no more than twice, you’ve got a compliance gap worth scoping this quarter.
According to the Regulator of Social Housing, landlords falling short on Safety Standard requirements can expect regulatory judgements that name them publicly. Access kit failures have already featured in published cases.
FAQs
Does the Building Safety Act apply to all my stock? The HRB regime applies to residential buildings 18m+ or 7+ storeys. Other duties (Fire Safety Order, decent homes) apply across the rest of your portfolio, and access systems feature in those too.
How long do I need to keep access logs? There’s no single statutory retention period for access events, but golden thread principles point to keeping data for the life of the building. A practical baseline is 12 months of door events and permanent records of permission changes.
Can I rely on a paper key register? Not for an HRB. The Regulator expects digital records that can be exported and verified. Paper registers fail the tamper-evidence test.
What happens if a fob is reported lost? You need to be able to revoke it instantly, log the revocation against a named authoriser, and demonstrate that the revocation took effect across every affected door. Wireless platforms handle this in seconds; legacy hard-wired kit often can’t.
Who’s the Accountable Person for access systems? The Accountable Person is the duty-holder named in the safety case — usually the freeholder or the managing housing provider. They carry responsibility for access governance even where day-to-day operation sits with a contractor.



