Quick Answer
Let me be straight with you: Section 135 of the Building Safety Act 2022 quietly rewrote the rules of construction liability. Claims under the Defective Premises Act 1972 can now be brought against you 30 years after you finished the work, if that work was completed before 28 June 2022. New work carries a 15-year exposure. The Supreme Court confirmed in URS v BDW [2025] UKSC 21 that developers can chase subcontractors directly, even without a contract. If you cannot produce records to defend yourself, you lose. If you binned your job files after six years, you have already handed the claimant your defence. Run a records audit this month. Keep everything on residential work for 30 years. This is not optional.
Table of Contents
- What Section 135 actually did to your exposure
- URS v BDW: the case that made it real for subcontractors
- Who this covers, and no, it is not just HRBs
- The brutal reality: no records, no defence
- The records audit checklist: run this in the next 30 days
- What to keep and for how long
- BSA liability timeline: dates you need to know
- Insurance and subcontractor contracts
- My verdict
- What the industry is saying
- Videos worth watching
- FAQ
What Section 135 actually did to your exposure

When Parliament passed the Building Safety Act 2022, most of the trade press focused on the shiny bits. Higher-risk buildings. The Building Safety Regulator. Golden thread. Cladding. All of it important. But buried inside the Act is Section 135, and Section 135 is the one that should be keeping every tradesperson in England awake.
Here is what it did. Before 28 June 2022, if a homeowner wanted to sue you under the Defective Premises Act 1972, they had six years from practical completion. That was your window. After six years, you were done. You could destroy the file. You could sleep at night.
Section 135 amended the Limitation Act 1980. For work completed before 28 June 2022, that six-year window became a 30-year window. Retrospectively. For work completed on or after 28 June 2022, it is 15 years. The Court of Appeal has since confirmed that these extended limitation periods "are to be treated as always having been in force" (see the official text of Section 135).
Read that stat card grid again. Any job you finished between 1992 and June 2022 is now live in law, whether it was six months ago or twenty-nine years ago. If you did a rewire in 1998 and the current owner discovers a defect in 2027, they can sue. If you fitted a bathroom in 2010 and it caused water ingress that damaged the structure, they can sue. The clock never expired. It was simply reset.
And no, I am not being dramatic. This is the plain reading of the statute, and the courts have already confirmed it. The Ministry of Housing published a redress information sheet which spells it out in black and white.
Ignorance is not a defence
The retrospective effect of Section 135 means claims which would have been time-barred before 28 June 2022 have been revived. If you thought old jobs were safely behind you, they are not. And the Supreme Court has confirmed the Government intended this to happen.
URS v BDW: the case that made it real for subcontractors
For a while after Section 135 came in, some of the industry told itself the risk was theoretical. That developers would not chase subcontractors on old projects. That homeowners would not have the appetite to litigate. That comment was lazy at best and negligent at worst. And on 21 May 2025 the Supreme Court closed the door on it.
URS Corporation Ltd v BDW Trading Ltd [2025] UKSC 21 was a unanimous seven-justice decision. The facts matter, so pay attention. Structural engineer URS designed two high-rise residential blocks for developer BDW. After Grenfell, BDW reviewed its estate, found the structural design was defective, and paid to remediate the buildings even though it no longer owned them and no leaseholder had sued. BDW then went after URS to recover the cost.

URS ran four defences. All four failed. The court held that the developer's voluntary spend on remediation was still recoverable. That the retrospective 30-year period applied to negligence and contribution claims, not just the underlying DPA claim. That subcontractors owe duties under the DPA to developers who ordered the dwelling, even without a direct contract. And that BDW could pursue those claims without waiting for a homeowner to sue first.
What this means in plain English: if you were a subcontractor on any residential project since 1992, your name is on the golden thread of blame. The developer who engaged you can come after you at any time in the next 30 years for the cost of putting your work right. You never had a contract with them? Does not matter. The DPA duty is statutory. The Supreme Court confirmed it.
This is not a niche legal risk
URS v BDW is the only Supreme Court judgment so far on the interaction between the BSA and the DPA. It sets the precedent every county court will follow for the next decade. If you are a specialist subcontractor, whether electrician, plumber, roofer, cladding installer or groundworker, this case describes you.
Who this covers, and no, it is not just HRBs
Right. This is where the industry keeps getting it wrong. The 30-year exposure under Section 135 is not limited to higher-risk buildings. It is not limited to blocks of flats over 18 metres. It is not even limited to new build. Section 1 of the Defective Premises Act, which is what Section 135 amended, covers any person taking on work "for or in connection with the provision of a dwelling."
Let me spell out what that includes. New build houses. New build flats. Extensions that create a new dwelling. Conversions of commercial premises into residential. Loft conversions where a self-contained flat is formed. Refurbishment work that materially affects the dwelling's fitness for habitation (the courts have now extended DPA reach into refurbishment, following Rendlesham Estates plc v Barr Limited and subsequent case law).
The duty is broad and personal
The DPA duty applies to any person "taking on work" for the provision of a dwelling. That is not just the main contractor. That is subcontractors, specialist trades, designers, and anyone else whose work goes into making that dwelling fit for habitation. There is no de minimis threshold. A sole trader doing a domestic rewire owes the same statutory duty as a Tier 1 principal contractor.
If you have ever wired, plumbed, roofed, plastered, or built any part of a residential dwelling in England or Wales since 1992, you fall inside the scope. The Northern Ireland industry is now being asked to adopt equivalent legislation and is publicly worried about the SME impact. The Construction Industry Council response spells out exactly why. Their concerns are your concerns. Read them.
The brutal reality: no records, no defence

Here is the part that frustrates me most. The industry has been binning records for decades because the perceived risk was six years. If you are also thinking about the wider BSA compliance costs to budget for in 2026, add records retention and cloud storage into the same line-item review. Retention policies were built around that. Cloud storage costs made it feel wasteful to keep everything. Some firms outsourced their filing to a cheap document destruction service the moment the six-year window closed.
All of those firms are now naked in front of any claim. And it is worse than that. Faced with a claim in 2028 about work done in 1998, the claimant will produce photographs, expert reports, and a homeowner witness statement. You will produce nothing, because you binned the file in 2004. The court does not care that this was reasonable at the time. The court cares whether your work complied with the Building Regulations in force when you did it.
If you cannot show what you installed, how you installed it, and to what standard, you are on the back foot from the first hearing. Legal experts have been warning about this for years. Herbert Smith Freehills Kramer put out a note in June 2022 titled "Don't throw away those old records just yet". That headline was not clickbait. It was a straight professional warning that the industry largely ignored.
Automatic destruction policies are now a liability
If your firm has a records retention policy that triggers automatic destruction at seven, ten, or fifteen years, review it this week. Automatic destruction of documents in the middle of a live limitation period will not be treated kindly by a court. It looks, at best, like negligence and, at worst, like intentional spoliation of evidence.
When I was managing electrical services for a local authority, I sat on my lounge floor going through hundreds of Periodic Inspection Reports. Each one had the same problems. Certificates issued with missing details. No test results attached. No photographs of the installation. The contractor had done the job, taken the money, and moved on. Twenty years later, if a landlord tenant faces a claim over a fire in that property, the paperwork trail either defends the contractor or hangs them. There is no third option.
The records audit checklist: run this in the next 30 days
Enough theory. This is a checklist article, so here is the checklist. Run it against your own business. If you cannot tick every box, you have work to do.
Print this section and use it as an internal audit sheet
Take a working day. Close the diary. Sit down with your project files and go through every single question. Do not delegate this to an admin who does not understand the underlying risk. This is a director-level exercise.
Part 1: What you currently hold
- Locate all job files for residential projects completed between 28 June 1992 and today. Yes, all of them. Paper, digital, email inboxes, WhatsApp archives, dropbox, that old PC in the loft, everywhere.
- For each project, confirm you can produce: a signed contract or scope of works, the design or specification documents you were working to, the client's instructions and any variations, certificates and test results, photographs of the finished work, supplier and material data (make, model, batch, source).
- Identify any project where the file is incomplete or missing. Write down what is missing. Do not assume you can find it later. If the file is thin, that is a risk exposure.
- Check what you have for jobs completed before 2015. Most firms have almost nothing from this era. Note it honestly. Do not fake completeness.
Part 2: What you retain going forward
- Draft a retention policy that keeps residential work records for a minimum of 15 years from practical completion. For higher-risk buildings and any project with unusual complexity, keep them for 30 years.
- Include in the retention scope: contracts, drawings, specifications, RAMS, competency evidence for every operative on site, test certificates, commissioning records, handover packs, all correspondence with the client, subcontractor invoices and their competency records too.
- Use immutable digital storage. Cloud storage with version history and tamper-evident timestamps. Physical archives get lost, wet, or shredded. Digital is cheaper and more defensible if the platform is set up correctly.
- Assign one named person as records controller. Somebody who knows where everything is, has access rights, and can produce it on demand.
Part 3: Contracts and insurance
- Amend all subcontractor contracts so that the subcontractor's obligation to keep records mirrors your own retention period. If your subbies do not have records, and the developer sues you, and you try to pass liability down the chain, you need their evidence too.
- Check the run-off period on your professional indemnity and products liability policies. A standard six-year run-off is now inadequate for residential work. Speak to your broker.
- Confirm your director-level personal liability position. Directors and secretaries can now be personally prosecuted under the Building Safety Act for breaches of Building Regulations. Check your D&O cover.
Part 4: Competency records
- Prove operative competency for every job. Names, qualifications, certificates, dates. If your electrician's 2394 was still in date when the job was done, prove it with a copy of the certificate on file for that project.
- Keep training and CPD logs for every operative for the same 15-year window. If an operative left the firm in 2012, you still need to be able to show what qualifications they held when they did work for you.
- Document supervision. Who signed off the job. Who inspected it. Who tested it. When. Signed. Dated. Countersigned.
Records cost pennies; claims cost fortunes
A cloud storage plan that holds every job you have done since 2015 will cost less than the excess on your PI policy. The cost calculus is not close. Get this sorted.
What to keep and for how long
Different documents have different retention rationales. Here is the practical breakdown for a residential trade.
| Document | Minimum retention | Why |
|---|---|---|
| Signed contract and scope of works | 15 years (30 for pre-June 2022) | Defines what you were paid to do. Sets the yardstick for any defect claim. |
| Design drawings and specifications | 15 years (30 for pre-June 2022) | Proves what you were instructed to build. Critical if the defect turns out to be a design fault. |
| Test certificates (EIC, EICR, gas safe, MCS, pressure test) | 15 years minimum | Statutory proof the work met the standard in force at the time. |
| Photographs of installation (in-progress and finished) | 15 years minimum | Only evidence a court will accept of what was actually installed behind plaster or above ceilings. |
| Supplier invoices and material data sheets | 15 years minimum | Under the Construction Products regime, product provenance is now claimable liability. |
| Operative competency records for the job | 15 years minimum | You will be asked to prove competency at the point the work was carried out, not now. |
| Subcontractor records and PI cover | 15 years minimum | If you cannot prove your subbie was insured and competent, you may inherit their liability. |
| Client correspondence, variations, sign-offs | 15 years minimum | Homeowner claims often hinge on what was authorised versus what was done. Emails and texts count. |
None of this is optional. The Gov.uk golden thread guidance is explicit about the retention obligation for higher-risk buildings, but the underlying limitation period exposure applies to all residential work regardless of building height. If you are already juggling Building Control notifications for your projects, records retention sits alongside that as part of the compliance ecosystem, not on top of it.
BSA liability timeline: dates you need to know
Earliest reach-back date
Any residential work completed on or after this date is now within the 30-year retrospective limitation window under Section 135.
Section 135 came into force
The extended limitation periods began to apply. New work completed from this date carries a 15-year exposure.
New building control regime launched
Dutyholder duties (Client, Principal Designer, Principal Contractor) began to apply to all building work under Building Regulations, not just HRBs.
Criminal liability extended to directors
Breaches of Building Regulations now carry personal criminal liability for company directors, managers and secretaries, including unlimited fines and up to two years' imprisonment.
URS v BDW Supreme Court judgment
Unanimous decision confirmed subcontractors owe DPA duties to developers and the 30-year limitation applies to contribution and negligence claims.
Common Assessment Standard v4.1
Subcontractors expected to demonstrate BSA competency through the Common Assessment Standard, backed by Tier 1 contractors including Balfour Beatty, BAM and Kier.
Latest possible claim date for pre-2022 work
The retrospective window closes for work completed on 28 June 2022. Retain records until at least this date if the work is residential.
Insurance and subcontractor contracts
If you take one action after reading this article, make it a phone call to your broker. The extension from six years to fifteen or thirty is not a rounding error on your insurance risk profile. It is a fundamental repricing of construction PI, product liability and directors' and officers' cover across the market.
Some brokers are already telling small contractors that they cannot economically cover 30-year run-off for residential work. That is a real problem. If your firm dissolves in 2030 and a claim lands in 2045 for work you did in 2015, who pays? If your PI policy has a six-year run-off and you retired in 2032, the answer might be your personal estate.
Talk to your accountant too
Company structure decisions matter more now. A properly structured limited company still offers some protection for pre-2022 work in most claims, but the criminal liability changes since April 2023 mean that directors can be pursued personally on BR breaches. Speak to your accountant and lawyer about your exposure before you rely on the veil. Some of my colleagues in the trade press have taken this seriously. The CDM regime sits alongside the BSA duties, and if you understand one you should be planning for the other.
On subcontractor contracts, the industry standard forms (JCT, NEC) were not written with a 30-year window in mind. Standard warranties expire before your exposure does. Standard indemnities are subject to statutory limitation that has now been extended beyond the practical life of the subcontractor's company. Fix your bespoke terms this year. The IBB Law guidance on retention is a decent starting point for the conversation with your lawyer.
And if you are being asked to sign onto a project as a specialist subcontractor, read the collateral warranty and the professional appointment carefully. If the developer's own contract has a 30-year duty to the ultimate owner, you can be sure your name has been added into the appointment as a duty transferee. That is not paranoia. That is what the URS v BDW judgment gave developers the legal room to do.
My verdict
Compliance is not assurance. Assurance is documentation.
The Building Safety Act did something legislatively rare and, frankly, brutal. It extended a limitation period retrospectively, revived time-barred claims, and pinned personal criminal liability on directors. If you have been dining out on the fact that your work was signed off years ago and everyone moved on, that comfort is gone. The industry has fifteen to thirty years of live exposure sitting on its books, and most tradespeople still have not run a records audit. Do the audit. Fix the retention policy. Amend the contracts. Have the conversation with your broker. And stop pretending Section 135 is somebody else's problem, because it is yours, and the Supreme Court has made that unambiguous. The tradespeople who take this seriously in 2026 will still be trading in 2046. The ones who do not will discover in a very expensive way that the parapet they never stuck their head above has now been demolished from underneath them.
What the industry is saying
Videos worth watching
Frequently asked questions
No. The Defective Premises Act, which Section 135 amended, applies only to dwellings. Commercial work sits under different limitation rules, usually six years for contract and twelve years for deeds. But if you do mixed-use projects, the residential parts are caught. And do not forget that CDM, Building Regulations and health and safety law still expose you regardless of the DPA.
Yes, and arguably more than to a limited company. Section 1 of the DPA covers "any person" taking on work in the provision of a dwelling. Sole traders have no corporate veil. Personal assets are exposed. If you have been doing domestic rewires or bathroom fits since the 1990s, you are inside this regime.
A claimant can apply to have a dissolved company restored to the register in order to bring proceedings. It happens more than most tradespeople realise. Dissolving a company is not a magic reset button. If you were a director or shadow director, you may still be personally on the hook for any negligence or breach of statutory duty.
You are relying on witness memory, supplier invoices you can subpoena, and any luck you have. It is not impossible to defend a claim without your own records, but it is much harder and much more expensive. Reconstruct what you can from bank statements, supplier accounts, and photographs stored on old phones or clients' cameras. Any evidence is better than none.
No. Building control approval is confirmation that the work satisfied the inspecting officer at that time. It is not a warranty and it does not extinguish DPA liability. Courts have repeatedly held that a contractor's obligations under the DPA are independent of building control certification. You can be fully compliant with building control and still liable under the DPA if the dwelling is unfit for habitation.
Two things. First, stop any automatic document destruction policy that is currently running. Second, put every job file you can find into cloud storage with a proper folder structure organised by client, address and completion date. That is a weekend's work for most small firms. Everything else on the audit checklist can follow after that.
The two key documents are Section 135 of the Building Safety Act 2022 and the Defective Premises Act 1972. For the caselaw, look up URS Corporation Ltd v BDW Trading Ltd [2025] UKSC 21. All three are free to read on legislation.gov.uk and the Supreme Court website. Do not take a summary from an AI or a blog as your primary source. Read the actual text.










