RPEEPs are about understanding residents and how they can evacuate safely – not about producing more paperwork. This only works if the resident engagement process is properly connected with building safety data.
Since April 2026, Residential Personal Emergency Evacuation Plans (RPEEPs) requirements apply to certain high-risk buildings in England, yet much of the conversation around them has been misdirected. Don’t overthink the requirements: RPEEPs are not about paperwork, they’re about people.
Government guidance largely focuses on high-rise social housing leaving misunderstanding and questions for those managing private blocks. In social housing, providers are often already familiar with their residents. In private blocks, you may know the leaseholders – but you need to know the residents too.
With an intelligent building safety system and meaningful resident engagement in place, RPEEPs become a natural extension of good building management. Without those foundations, however, they risk becoming more of what the sector doesn’t need: slow and inefficient processes that produce static and siloed data in the form of yet more documents.
Who and where RPEEP duties apply:
In England, the RPEEP duty applies to multi-occupied residential buildings that are at least 18 metres tall (or have seven or more storeys), and to buildings over 11 metres that operate a simultaneous evacuation strategy.
Responsibility sits with the Responsible Person under the Fire Safety Order, typically a freeholder, residents’ management company, right-to-manage company, or a managing agent acting on their behalf.
The RPEEP process: what you need, and when
The aim of the RPEEP process is to help residents feel safer and better able to evacuate in the event of fire – not to mass-produce static assessments.
It is easy to get bogged down in Person-Centred Fire Risk Assessments (PCFRAs) and Emergency Evacuation Statements, but the legislation is straightforward.
Most of the process is driven by the residents. There’s an ongoing requirement to understand who is living in the building, but that doesn’t mean every resident needs assessing. And there’s no obligation on residents to disclose personal information unless they choose to. Over-engineering the process not only makes things unnecessarily time consuming – it risks discouraging engagement altogether.
The PCFRA (Person-Centred Fire Risk Assessment) is a stage in the process. There’s no set format – it’s just about understanding how a resident would detect a fire, whether they can evacuate on their own, what the barriers are to that detection and evacuation, and finally what support or adaptations are realistic.
Although it must be offered (to Relevant Residents), the PCFRA shouldn’t be a default output. In most cases residents can clearly explain their circumstances without a formal written assessment to refine evacuation or reduce risk. Treating PCFRAs as a blanket requirement turns a personal duty into a bureaucratic one.
It’s not just about physical disabilities
In both the guidance and industry discussion, there’s a tendency to focus on visible disabilities – those with wheelchairs or using a stick. These residents are generally well aware of their needs and able to communicate them clearly. In developing RPEEP and resident engagement systems at RiskBase, it has been clear that greater care is required for the less obvious vulnerabilities: advanced dementia, other cognitive impairment, severe obesity, or temporary injuries, where risks may not be immediately recognised and communicated.
Where mitigation measures (for example, evacuation chairs) are required, responsibility will often fall to the resident to pay for these unless the benefit of them would also benefit the majority of the residents of that building (e.g. additional signage or lighting).
Data protection: getting it right, and proving you did it
The most serious risk arising from poorly implemented RPEEPs may not be fire safety at all, but data protection.
The RPEEP process handles highly sensitive personal data. This is something that really shouldn’t be stored in shared folders or on spreadsheets, or even on email. It’s not enough to have systems that only control who can access RPEEP information; they need to audit who has seen information.
The Data (Use and Access) Act 2025 can provide a lawful basis for processing sensitive information to safeguard vulnerable residents, particularly in emergencies, but it’s not a licence for informal storage, uncontrolled access, or poor lifecycle management.
From a process perspective it’s wise to record:
How residents were identified and surveyed
Who accepted or declined a PCFRA
The outcomes of Emergency Evacuation Statements
Whether consent was given to share information with the fire and rescue services (FRS)
How information was shared with the FRS and recorded in the SIB (secure information box)
How and when information is reviewed to remain current.
Keep it simple, keep it about people
The RPEEP process doesn’t need to be complicated. Resident engagement does not need to be complicated. Building safety does not need to be complicated. Responsible Persons can cut through compliance clutter and focus on what matters most: protecting residents and keeping buildings safe.
It starts with the right systems in place – and at RiskBase, we’re supporting that shift.
Find out more about RiskBase’s integrated and efficient resident engagement system.
If you’re ready to see it in action, book an Engage demo now.
