Policy paper

Flood risk activities: assessing environmental permit compliance

Updated 5 June 2026

Applies to England

This guide applies to permit holders with permits regulated under the Environmental Permitting (England and Wales) Regulations, carrying out flood risk activities.

If you also have a permit for a:

• waste operation or installation you must read the guide for waste operations and installations: assessing and scoring environmental permit compliance
• standalone discharge to surface water or to ground you must read the guide for discharges to surface water and groundwater: assessing environmental permit compliance - standalone means the activity is not part of another regulated facility such as a waste operation or installation

The Environment Agency must focus its resources where there is likely to be the greatest risk to human health, quality of life and the environment. This guide explains how we regulate flood risk activities with an environmental permit.

We do this in a way that is:

• consistent
• transparent
• proportionate

We use a generic approach which we then adapt according to the specific flood risk activities.

This guide includes:

• six principles which explain how the Environment Agency assesses and categorises permit breaches
• an explanation of what happens after a compliance assessment

We follow principles 1, 3, 4 and 6 in this guide.

Read about when we carry out assessments and inspections in the guide for how you’ll be regulated.

Principle 1: record all non-compliances

The results of a compliance assessment may be recorded on a Flood Risk Activity Compliance Assessment Report (FRACAR) form. We provide the permit holder with a copy of the form. The law requires us to put it on the Environment Agency’s public register.

We:

• record all non-compliances identified during the assessment on the FRACAR form
• only categorise non-compliances that relate directly to permit conditions

A permit may usually contain 20 to 60 conditions depending on the complexity. These are matched on the FRACAR form to 9 high level areas with 30 sub-criteria. The sub-criteria for flood risk activity permit conditions are:

a) Permitted activities 

1. Specified by permit

b) Infrastructure

1. Engineering for prevention and control of emissions and sediment management
2. Removal & site remediation
3. Site drainage engineering (clean and foul)
4. Containment of stored materials
5. Plant and equipment

c) General management

1. Staff competency and training
2. Management systems

d) Incident management

1. Site security
2. Accident, emergency and incident planning
3. Flood Alerts, River Levels & Response

e) Emissions

1. Air
2. Land & Groundwater
3. Water
4. Sewer
5. Waste

f) Amenity

1. Visual Integrity
2. Operational
3. Maintenance
4. Access
5. Method of work
6. Materials

g) Monitoring and records, maintenance and reporting

1. Monitoring of emissions, flood risk, and impact on the environment
2. Records of activity, site diary, journal and events
3. Maintenance, Operation and Access records
4. Reporting & notification

h) Environmental Harm

1. Terrestrial Habitat
2. Aquatic Habitat
3. Designated sites

i) Flood Risk Management

1. Flood Risk Management

We record all permit non-compliances on the FRACAR form under the relevant sub-criteria. Where we can record a non-compliance under more than one sub-criterion, we choose the one that best describes the non-compliance.

The completed form explains which of the sub-criteria and conditions we have assessed.

Compliance assessments vary in:

• frequency
• duration
• detail
• complexity

This depends on the type and scale of the activity and the likelihood of non-compliance. An inspection or desktop assessment may only focus on a few, specific conditions.

We record all permit condition breaches identified by our compliance assessments on the Compliance Classification Scheme (CCS).

Principle 2: consolidation

We record all non-compliances on the FRACAR form. For flood risk activities we do not consolidate them for the purposes of scoring.

Principle 3: assess the reasonably foreseeable impact

Permit conditions minimise impact on people and the environment. The CCS score we give a non-compliance reflects the potential impact it could have if it were not addressed promptly and adequately. Breaches of permit conditions can lead directly to harm to people or the environment.

Our assessment of the potential impact is known as the ‘reasonably foreseeable impact’. We assess this on a case-by-case basis. We do this using:

• knowledge
• evidence
• professional judgement
• common sense

For example, a non-compliance with a permit condition could have a significant potential impact in one location, but it may have a much lesser risk category if it happened somewhere else.

Assessing reasonably foreseeable impact takes account of:

• the proximity and vulnerability of the local population
• the sensitivity of the surrounding environment
• any procedures, resources and infrastructure that the permit holder has in place to mitigate the potential impact
• the responsiveness of the permit holder and site staff

The FRACAR form will explain how we have taken these factors into account when we arrive at a CCS score for the reasonably foreseeable impact.

Principle 4: assess the root cause of the original non-compliance

A non-compliance can often be the symptom of a wider underlying problem. Compliance assessments also identify, record and categorise a root cause non-compliance on the FRACAR form.

In most cases, we can trace back the root cause of a non-compliance to deficiencies in the management system. In some cases, the management system may be adequate, but the permit holder is not following it routinely.

The non-compliance of the management system may be caused by:

• inadequate training or staffing levels
• insufficient process controls
• ineffective contingency planning and accident prevention

We usually categorise root causes related to the management system condition against condition 1.1.1 in the permit.

The CCS score for a root cause does not have to be the same as that of the original non-compliance. The root cause may have the potential for greater impact than the original non-compliance. For example, an inadequate management system could have a greater reasonably foreseeable impact than the failure that led to its discovery.

Principle 5: suspend scores

Permit non-compliances for flood risk activities are not given scores that contribute to an annual compliance band for the permitted activity. Therefore we do not apply principle 5.

Principle 6: assess the category of non-compliance

There are 4 categories of non-compliance. They reflect the severity of the reasonably foreseeable impact of the non-compliance.

Risk category 1

A non-compliance with the potential to cause major flooding to property or infrastructure, a major impact on people or major environmental harm or that requires major intervention.

Risk category 2

A non-compliance with the potential to cause significant flooding to property or infrastructure, a significant impact on people or significant environmental harm or that requires significant intervention.

Risk category 3

A non-compliance with the potential to cause minor flooding to property or infrastructure, or minor impact on people or minor environmental impact and requires no or very limited intervention. 

Risk category 4

A non-compliance with no reasonably foreseeable impact on flooding or potential flooding or environmental harm.

Duration of impact

If there is a link between duration and flood risk and/or environmental impact, then we take into account the length of a continuing non-compliance when we determine the CCS category. This is because the duration may increase the reasonably foreseeable impact.

Severity of impact and sensitivity of receptors

The more sensitive the receptor (due to its proximity or type) the more severe the potential impact will be. This sensitivity will be reflected in the CCS category we allocate.

Sensitive receptors for flood risk activities include:

• people
• non-human species in protected habitats, such as Special Areas of Conservation, Special Protection Areas, Ramsar Sites, Sites of Special Scientific Interest and Marine Conservation Zones.

Use Magic maps to find habitat designations.

We assess the risk category on a case-by-case basis – reflecting the relative sensitivity of the receptors and the nature and scale of the non-compliance.

Explaining the outcomes of a compliance assessment

If they are available, we do a site visit for a compliance assessment when the operator or their suitable representative is present. This is so we can make them aware of any non-compliances. We discuss with them the actions needed to remedy the non-compliance and the timeframe for undertaking them. We summarise the discussion on the FRACAR form.

We tell the operator or their suitable representative what risk category we are likely to give the non-compliance.

If, on reflection, we later change the indicative risk category, we record this as a correction on the CAR form along with an explanation of why we made the correction.

We record a non-compliance identified during an assessment on the CAR form along with an explanation of:

• what is wrong
• the actions the permit holder needs to take to correct the problem
• the date by which they must complete the actions
• what enforcement action (if any) we may take in response to the non-compliance.

Where we have given the permit holder a period of time in which to complete actions, we may make several re-inspections during, or at the end of this period. We do this in order to monitor progress and to confirm that the permit holder has addressed the non-compliance. We record progress updates and satisfactory completion of actions on the FRACAR form.

We send the permit holder the FRACAR form outlining the results of a compliance assessment. This is usually within 14 days of the assessment or receiving any monitoring data to assess. We do this even when we have not identified any non-compliances. In exceptional circumstances, it may take us longer than 14 days to send the permit holder the FRACAR form. Where this happens, we let the permit holder know the reason for the delay and also the date when we will send the FRACAR form.

If a permit holder disagrees with the FRACAR form, they can raise their concerns with the officer or team which issued the inspection form. This must be done within 14 calendar days of receipt. If the response does not resolve the licence holder’s concerns, they can request an appeal of the regulatory decision. This request must be made within 28 calendar days of receipt of the response.

How we use data from a compliance assessment

Published data

The Environment Agency publishes data which is available to everyone to access, use and share.

Data which relates to assessing and scoring permit compliance includes the Compliance Classification Scheme.

Privacy notice: how we use your personal data

The Environment Agency runs the Flood Risk Activity Permitting System (FRAPS). We use FRAPS to store electronic copies of FRACAR forms.

We are the data controller for these services. A data controller determines how and why personal information is processed.

Our personal information charter explains your rights and how we deal with your personal information.

Personal data we need

The personal data we process about you includes your:

• name
• job title
• address
• information on permitted activities.

We are allowed to process your personal data because we have official authority as the environmental regulator. The lawful basis for processing your personal data is to perform a task in the public interest that is set out in law.

We use your personal data to process and reference our compliance assessments.

What we do with your personal data

The information from our compliance assessments is stored on the FRAPS database. FRACAR forms, which are sent to permit holders of permitted sites following a compliance assessment, are stored on our electronic document and records management system.

How long we keep your personal data

We keep your personal data for 7 years after the end of your permit. The end of your permit means it has been surrendered, transferred or revoked. This is our standard information retention policy.

Where your personal data is processed and stored

We store and process your personal data on our servers in the UK.