Why Issue 4 of NCP 109 Requires an Increased Level of Consideration for Access Control Compliance

Balancing security with life safety has never been more important.

9 minute read

As access control systems become more advanced, the responsibilities placed on designers, installers and building operators have become equally complex. The release of Issue 4 of NCP 109, the NSI Code of Practice for the Design, Installation, Commissioning and Maintenance of Access Control Systems, reflects this reality and the current standards that support it.

Contents

The Legal Foundation - Safety Comes First

There is no single UK law or regulation that dictates which type of electric release must be used on an access-controlled door.

Instead, compliance is shaped by a combination of building, fire-safety and product legislation/regulation, each of which sets performance requirements rather than prescribing specific hardware.

Designers and Responsible Persons must therefore choose solutions that achieve those outcomes in practice.

Building Standards across the UK

Although terminology differs across the four nations, all building standards require that doors on escape routes can be opened easily, immediately and without the use of a key or special knowledge.

Easily immediately no key or special knowledge
England

England

Approved Document B (Fire Safety) and Approved Document M (Access) provide guidance on ensuring escape doors are readily openable. ADB advises that where more than 60 people may need to use an exit, a panic exit device to BS EN 1125 is recommended.

Wales

Wales

The Building Regulations (Wales) use their own set of Approved Documents, which give equivalent guidance to England on ensuring doors are readily openable for escape.

Scotland

Scotland

The Building (Scotland) Regulations 2004 are supported by the Technical Handbooks (Domestic and Non-Domestic), which give guidance on escape-door operation and refer to BS EN 1125 and BS EN 179 as suitable panic/emergency exit devices.

Northern Ireland

Northern Ireland

The Building Regulations (Northern Ireland) 2012, supported by Technical Booklet E: Fire Safety, set the functional requirement that exits and escape routes must remain available and easy to use. Technical Booklet E references BS EN 1125 among its cited publications.

Fire-Safety Legislation

Across the UK, fire-safety law places a clear and consistent duty on the Responsible Person or Duty holder to ensure that escape routes and exits are:

fire safety door considerations

This duty arises under:

England and Wales

England & Wales

Regulatory Reform (Fire Safety) Order 2005

Scotland

Scotland

Fire (Scotland) Act 2005 and Fire Safety (Scotland) Regulations 2006

Northern Ireland

Northern Ireland

Fire and Rescue Services (Northern Ireland) Order 2006 and associated regulations

The Bottom Line

Across all four nations, the message is the same: whatever access-control system is installed, people must always be able to escape easily, immediately and without confusion or delay.

Whatever access-control system is installed, people must always be able to escape easily, immediately and without confusion or delay

The Role of Harmonised Standards

Three key British/European standards describe how compliant escape hardware should perform:

StandardTypical UseDescription
BS EN 179Staff or restricted areasA lever handle or push pad operated by trained users familiar with escape routes.
BS EN 1125Public areasA horizontal bar that allows intuitive, single-hand operation even in panic situations.
BS EN 13637Electrically controlled exit systemsCombines electronic control and safe egress within a single tested system.

BS EN 179 and BS EN 1125 have been in use since the 1990s and were adopted widely in the early 2000s as the recognised standards for emergency and panic exit hardware. BS EN 13637 was introduced in 2015 to address the growing need for controlled or supervised egress using electronic systems.

All three standards are harmonised under the Construction Products Regulation (EU 305/2011) and have been since 2004, which remains retained in UK law. Products tested to these standards must carry a CE or UKCA mark and be supported by a Declaration of Performance that details the scope and levels of compliance/conformance.

Although these standards have existed for many years, they are being discussed more frequently now because electronic locking is far more common than when many buildings were originally designed. As installers retrofit access control to escape doors, the interaction between electronic locks, Building Regulations, fire strategies and EN escape hardware has become much more significant. NCP 109.4 brings these long-standing requirements into focus and asks that they now be considered, helping ensure that escape performance and product certification are not unintentionally compromised.

If an escape door is electronically controlled, the locking hardware should be certified to the appropriate harmonised standard (BS EN 179, BS EN 1125, or BS EN 13637) to maintain both product compliance and life-safety performance.

Fire-Safety Interfaces and BS 7273-4

BS 7273-4 explains how electrically locked or held-open doors should release when a fire alarm operates or when power fails.

It is the recognised way to demonstrate compliance with the Building Regulations and the Fire Safety Order, as well as the equivalent statutory requirements in Scotland (the Building (Scotland) Regulations and the Fire (Scotland) Act 2005) and Northern Ireland (the Building Regulations (Northern Ireland) and the Fire and Rescue Services (Northern Ireland) Order 2006), all of which require that escape doors open easily and immediately in an emergency.

Mechanical escape devices, such as those tested to BS EN 179 or BS EN 1125, already provide safe, single-action mechanical egress and do not rely on BS 7273-4 for handling the release, even when they are also operated electronically.

They work just like an ordinary handle or panic bar, and they still let you out even if the power goes off. A simple example is a hotel room door: you use your keycard to get into the bedroom corridor or your room, but when you want to leave, you just use the handle and walk out (a single simple action). The electronic system only controls who can enter; the handle always works normally from the inside, so you can get out quickly and safely at any time. This is why you rarely see maglocks in hotel bedroom corridors; the escape route always has to remain simple, single-action and intuitive.

When electronic secure egress (getting out) control is required on a door that would normally be fitted with or already has fitted a BS EN 179 or BS EN 1125 device, the system should comply with BS EN 13637, which defines electrically controlled exit systems and is referenced within BS 7273-4.

Electronic control may be justified where additional functions are necessary, such as:

Icon
Read-in and read-out access control, where movement through the door must be logged or restricted in both directions.
Icon
Zonal or timed access, where door release needs to be managed according to operational schedules or staffing.
Icon
Security monitoring or lockdown, for example, in schools, healthcare, or custodial environments.
Icon
Integration with alarm or building management systems, where automatic release or remote control is required during an incident.

In all cases, if electronic control is added, the escape function must remain single-action, and the system must interface correctly with the fire-alarm system in accordance with BS 7273-4

What issue 4 of NCP 109 adds – A Practical Framework

NCP 109 brings these requirements together into a single, practical process for design and verification.

Each access-controlled door must be:

  • assessed individually for its purpose, use and escape strategy
  • matched to the correct standard (BS EN 179, 1125 or 13637) where applicable
  • checked for interaction with fire and building regulations
  • documented through a survey, risk assessment and design proposal that shows compliance

A common misunderstanding and frequently incorrect statement is that magnetic locks are banned under NCP109.4. They are not.

They can be compliant if they are fitted on non-escape doors, released safely on fire alarm or power failure and allow single-action escape, however, if it is an escape door and a person must press an emergency button and then turn a handle to open the door, that is a double action and would not meet BS EN 179, BS EN 1125, BS 7273-4 or the Building Regulations.

Other types of electrical locks, such as rim releases, solenoid bolts, shear locks or electromechanical latches, may also be suitable, provided the risk assessment confirms that they do not restrict safe egress on escape routes and do not work against any emergency escape requirements or standards.

These are often used in low-risk or supervised environments, or where the door’s escape function remains purely mechanical.

Where both security and controlled egress are needed, a system built and tested to BS EN 13637 offers a proven solution.

This approach is widely used in settings such as:

  • prisons and secure facilities, where doors must stay locked under supervision
  • schools and nurseries, to prevent children from leaving unsupervised but still allow full evacuation on alarm
  • hospitals, care homes and mental-health units, to protect vulnerable people while maintaining safe escape
  • retail premises and warehouses, where exit control reduces theft without compromising safety

Whatever technology is chosen, the installation must never damage, weaken or impact any claim of compliance for the door set.

If the door is fire-rated, cutting, drilling or altering components outside the manufacturer’s approval can invalidate its fire certificate.

Installers should always confirm compatibility and keep written confirmation or test evidence from the door manufacturer.

 

Why the Industry Needs to Take This Seriously

Modern access control has outpaced many older building designs. Doors installed decades ago are often retrofitted with electronic locks or readers without checking how this affects the ability to escape. That can leave the Responsible Person or Duty holder unknowingly non-compliant with fire safety legislation or Building Regulations.

NCP 109 Issue 4 addresses this by requiring a proper, site-specific assessment.

It doesn’t dictate which lock to use. It simply asks installers to think, to understand the risks, and to record the reasoning behind every design decision, as well as listen and understand the fire and escape risk strategy from the client.

staff-temp

Putting It into Practice

Good practice under NCP 109.4 begins with a thorough understanding of each door’s role and certification.

  1. Survey each door carefully.
    Identify whether it forms part of an escape route, a fire compartment line, or a secure zone. Record how it is used, who uses it, and what function it was originally designed and certified for. Any new locking or access-control solution must maintain that intended design performance, whether fire resistance, smoke control, acoustic rating, or escape classification and must not compromise its certification or safe operation.
  2. Check CE or UKCA marks and Declarations of Performance.
    Confirm that components used on the door, including electronic hardware, are tested and certified to the relevant BS EN standard and compatible with the door manufacturer’s certification.
  3. Apply BS EN 179, 1125 or 13637 as appropriate.
    Match the hardware standard to the door’s intended use and occupancy type, ensuring single-action egress and correct interface with access-control equipment.
  4. Apply BS 7273-4 for any door that is electrically locked and linked to a fire alarm as appropriate.
    Ensure automatic release on alarm or power failure and confirm that the wiring and control meet the category required by the fire strategy.
  5. Protect the integrity and certification of all fire-rated door sets.
    Avoid cutting, drilling, or modifying any component of the door set beyond the manufacturer’s tested design, and keep documentation or approval evidence for all work carried out.
  6. Maintain clear records.
    Keep copies of all risk assessments, design proposals, installation details and test results.
    These records demonstrate compliance and show that the Responsible Person has exercised due diligence providing defensible proof of meeting their legal obligations under the Fire Safety Order and Building Regulations.

 

 

The NSI Perspective

NCP 109 Issue 4 is not about adding bureaucracy or making life difficult for installers. Its purpose is to provide a framework to help them make confident, well-informed decisions, protect themselves, and deliver safer outcomes for their clients. By setting out how existing laws, regulations, and standards fit together, the Code provides a clear route to compliance and helps installers avoid the uncertainty that often surrounds complex escape and access-control situations.

It gives companies/specifiers and interested parties a framework they can rely on, ensuring that the systems our certified companies design and install are both secure and legally defensible.

NCP 109 is there to support the industry, not restrict it.

It helps installers find the right solutions, demonstrate competence, and show clients that they take safety and compliance seriously.

But yes, it may also prevent the wrong or cheapest solution from being fitted when that choice could compromise safety, compliance, or integrity.

In that respect, the Code protects everyone involved, the installer, the client, and the building’s occupants.

Working with an NSI Certified company gives purchasers, building owners and duty-holders confidence that their systems are designed, installed, and maintained by professionals who are independently audited for technical competence, documentation, and adherence to recognised codes of practice.

nsi-logo-2025

Frequently Asked Questions

Q1. Does NCP 109 ban the use of magnetic locks?
No. Magnetic locks are not banned, but their use must be carefully assessed. They can only be fitted where the door is not required to comply with BS EN 179, BS EN 1125 or BS EN 13637, or where they operate in a way that still allows single-action escape.
If the lock needs a separate “press to exit” button or break-glass before the door can be pushed open, that would not meet those standards or the intent of the Building Regulations for single-action escape.

Q2. What types of locks can be used under NCP 109?
NCP 109 allows a range of locking solutions, including magnetic locks, rim releases, solenoid bolts, shear locks and electromechanical latches.
The key is that the lock must be appropriate for the door’s use, the escape strategy and the fire risk assessment.
The risk assessment should clearly show why the chosen lock is suitable and how it supports safe egress.

Q3. What about doors on escape routes or fire exits?
If a door functions as an emergency or panic exit and is already equipped with a device certified to BS EN 179 or BS EN 1125, the escape mechanism is mechanical, single-action and will operate even during a power failure. Any access control added to these doors must also comply with the same standards.

Where no existing hardware is installed (i.e., the door is free-flowing), the selection of a locking system should be based on a risk assessment and the building occupancy type, and may require integration with the fire alarm system in accordance with BS 7273-4.

If egress control is required and EN179, EN1125 compliance is determined as required (for example, where readout is required on an escape door), the system must also comply with BS EN 13637.

Q4. When did the escape standards (BS EN 179, BS EN 1125 and BS EN 13637) first come into effect, and why are we only hearing about them now?

BS EN 179 and BS EN 1125 are not new at all, they were first published in the 1990s and became widely adopted in the early 2000s as the recognised standards for emergency and panic exit devices. They became even more significant when the Construction Products Regulation (and previously the Construction Products Directive) made them harmonised standards, requiring CE-marked, tested escape hardware for relevant door sets. BS EN 13637 arrived later, in 2015, to provide a standard for electrically controlled exit systems where controlled egress is required. In essence, BS EN 13637 is optional as it only needs to be applied if you want to control egress from the building.

The reason many people are only hearing about these standards now is not that the standards have changed, but because the industry has changed, and awareness around escape from buildings in emergencies has changed. Access control is far more common today than when many buildings were originally designed. As installers add electronic locking to more escape doors, the interaction between access control, Building Regulations, fire strategies and EN escape hardware has become much more important. In addition, BS 7273-4 was amended in 2023 and now includes a reference to BS EN 13637. NCP 109.4 brings these long-standing requirements together and requires them to be considered during system design, which is why they are being discussed more widely. In short, the standards have been in place for decades; what’s new is the increased awareness, the growth in electronic locking, and the greater need to demonstrate compliance clearly and consistently.

Q5. Does NCP 109 make life harder for installers?
That is certainly not the intention; NCP 109 is designed to help installers, not restrict them. It gives guidance on how to make safe and compliant choices and provides documentation to prove that work meets legal and technical standards.
It may prevent the wrong or cheapest solution from being fitted when that would risk safety or non-compliance, but the goal is to protect both installers and their clients.

Q6. What should I do when fitting locks to fire-rated doors?
Always check the door manufacturer’s certification and instructions.
Any drilling, cutting or component changes outside that approval can damage the door’s fire integrity and invalidate its certificate.
Use compatible hardware and keep written confirmation or test evidence to show that the door’s performance is maintained.

Q7. If an ACS was installed under a previous version of NCP 109, does the company maintain it to that older version, or do they need to apply the new requirements?

Systems installed under earlier versions of NCP 109 can continue to be maintained as originally designed, provided they remain safe, suitable and compliant with current legal requirements, including the Fire Safety Order and Building Regulations.

However, when maintaining an older system, the installer must still follow the principles of NCP 109.4. This means:

  • Identifying any risks created by building changes since the original installation
  • Checking that the system is still appropriate for today’s escape strategy and occupancy
  • Highlighting any non-compliant hardware or configurations that would not meet current standards (i.e. 2 action escape)
  • Documenting findings and advising the Responsible Person of any recommended improvements

Maintenance does not mean ignoring new safety expectations.
Installers should not automatically upgrade a system, but they must inform the client where an older design now presents a risk or falls short of current requirements.

Q8. If doors or escape routes have been upgraded/changed since the ACS was installed, what are the installer’s responsibilities during maintenance?

If the building has changed, such as new fire doors, altered escape routes, modified door hardware or updated fire strategies, the installer must reassess the access control system to ensure it still operates safely and compliantly.

This includes checking:

  • Whether the existing locking hardware is compatible with the new door set certification
  • Whether EN 179, EN 1125 or EN 13637 now applies due to the change in use or occupancy
  • Whether BS 7273-4 release requirements are still met
  • Whether the system continues to support single-action escape where required
  • Whether any older equipment now creates a safety or compliance gap

If any issues are found, the installer must clearly inform the Responsible Person and advise on corrective actions.
The system does not have to be replaced automatically, but it must remain safe, suitable, and compliant in the context of the upgraded building.

Q9. If the client has not provided any assessment of door types, is it the installer’s responsibility to identify them?

Yes. Under NCP 109.4, the installer must carry out their own assessment of each door.
This is because the door type and purpose directly affect which locking standards apply and how the ACS should be designed.

The installer should determine:

  • Whether the door is on an escape route
  • Whether it is used by staff, the public, or mixed occupancy
  • Whether it is a fire-resisting doorset
  • Whether EN 179 or EN 1125 applies
  • Whether controlled egress is required (and therefore EN 13637 is required)
  • Whether existing hardware is compatible with access control equipment

Clients, building managers or architects may not know this information or may make assumptions.
The installer, as the competent party, is responsible for identifying door types and ensuring the ACS design is correct and safe.

If uncertainty remains, installers should default to the safer applicable standard and request clarification from the Building control, the Responsible Person, a fire risk assessor, or a fire safety consultant.

Q10. Will Martyn’s Law affect access control decisions under NCP 109?

Yes. When it comes into force, Martyn’s Law (Protect Duty) is likely to influence how organisations assess risk and design access control systems, particularly in publicly accessible locations. While the legislation will not change the technical escape standards themselves, such as BS EN 179, BS EN 1125, BS EN 13637 or BS 7273-4, it will place stronger emphasis on security risk assessments, protective measures, and the ability for buildings to implement effective dynamic lockdown procedures.

This means more sites may need to review whether controlled egress is appropriate, whether certain doors should support lockdown functionality, and whether electronic systems need to integrate with wider security plans. Where controlled egress is justified on an escape route, BS EN 13637 remains the only compliant route for providing single-action escape while still allowing electronic control. Installers may therefore find greater demand for solutions that balance both life safety and security requirements.

Importantly, Martyn’s Law will not override or relax life-safety expectations. Escape must still be possible in one action, and Building Regulations, the Fire Safety Order and EN standards continue to apply. What Martyn’s Law adds is a heightened duty to document decisions, justify chosen locking methods, and clearly demonstrate that both safety and security have been considered together. This strengthens the value of using NSI Certified companies who can evidence competence and robust risk-based system design.

Q11. How does a “hide-in-place” strategy affect which type of lock should be used?

A hide-in-place strategy works effectively with doors fitted with EN 179 or EN 1125 hardware, where the access control only manages entry, and the escape function is entirely mechanical (turn the handle/push the bar). In this configuration, the door does not rely on power to open in an emergency, so it does not automatically unlock when the fire alarm activates. This allows the space to remain secure during a hide-in-place or dynamic lockdown situation while still ensuring that people inside can always escape in a single action if needed.

Because the escape action is mechanical, these doors remain compliant with Building Regulations, the Fire Safety Order, and the EN standards, while also avoiding the risks associated with fail-safe unlocking. This makes EN 179/1125 hardware with controlled entry an ideal solution for environments that must balance both rapid fire evacuation and secure lockdown, such as schools, offices, healthcare rooms and other publicly accessible spaces.

Disclaimer

The information provided in this document reflects our understanding of current standards and best practice at the time of publication. While every effort has been made to ensure accuracy, guidance and legislation may change, and interpretations can vary. This document is not intended to constitute legal advice or serve as a definitive installation guide.

As an independent third-party certification body, we cannot provide consultancy advice or recommend specific solutions for individual applications.

Where there is any uncertainty regarding the type of locks or systems to be used, readers should seek clarification from Building Control Officers, qualified fire safety consultants, or obtain independent legal advice to ensure compliance with all applicable laws and regulations.

We accept no responsibility or liability for any loss, damage, or consequences arising from reliance on the information contained in this document.