The way food businesses are inspected in England is changing. Under a revised Food Law Code of Practice introduced this year, Environmental Health Officers are implementing a digital-first triage system that categorises food businesses by risk level and routes lower-risk premises away from routine physical inspections — in some cases to once every five years.
The shift has significant implications for hospitality operators who have historically relied on regular EHO visits to identify compliance gaps. Under the new framework, that external prompt largely disappears for businesses classified as low-risk, and the responsibility for maintaining food safety standards moves more completely in-house.
What the New System Does
Under the revised Code of Practice, EHOs conduct an initial remote triage assessment to assign a risk rating to each food business. Premises categorised as low-risk — which can include smaller cafes, dry goods retailers, home-based food businesses and some catering operations — are moved to Remote Official Controls. These involve digital submissions, document reviews and, in some cases, video inspections, rather than physical site visits.
High-risk premises — those handling raw meat, operating at scale, or with a history of enforcement action — continue to receive regular in-person inspection at the existing frequency.
For low-risk sites, physical inspection intervals extend to once every five years under the new framework, compared to the more frequent schedules many operators will have been used to.
The Compliance Risk
The industry concern is straightforward: digital triage and remote oversight can miss what a physical inspection catches. Pest activity, temperature abuse, undeclared allergen cross-contamination risks and deteriorating hygiene conditions in food contact areas are all things that present differently on a video call than in a kitchen.
For operators who maintained compliance partly because they knew an EHO visit was coming, the removal of that external check creates a genuine risk of standards drifting. A business can pass a document review while a serious structural hygiene issue goes undetected for years.
The counter-argument — and the stated intention of the revised Code — is that operators who build robust internal compliance systems should not need to be inspected frequently to remain safe. The digital framework is designed to reward businesses that invest in documented HACCP systems, training records and allergen management procedures.
What Operators Need to Do
The practical upshot is that the compliance burden now sits more completely with the operator, regardless of their risk rating. For food businesses in the hospitality sector, that means:
- HACCP documentation must be complete, up to date and demonstrably in use — not filed and forgotten. Remote inspections are review-led, and documents will be the primary evidence of compliance.
- Allergen management records need to be written, signed and traceable. Verbal systems that passed a physical inspection may not satisfy a remote audit.
- Temperature monitoring logs should be retained and accessible. Spot checks during a video call may require records to be produced immediately.
- Training records for all food handlers — not just a copy of a certificate — should be kept on site.
- Self-audit schedules should be implemented to replicate some of the discipline that regular EHO visits previously provided.
The Broader Shift
The 2026 overhaul reflects a broader direction of travel in UK food law enforcement: proportionate oversight, digital infrastructure and operator self-regulation for lower-risk businesses. Whether the framework reduces the actual incidence of food safety failures — or simply reduces the frequency with which they are discovered — will become clearer as the system matures.
Operators who want to understand where they sit in the new risk classification system should contact their local authority environmental health team directly.