Why a UXO find on a low risk site can mean the regime is working exactly as designed.

In the first piece in this series, I argued that “low risk” is one of the most misunderstood phrases in UK UXO risk assessments. I closed by saying Plymouth wasn’t a failure of the system. It was a demonstration of what the system was always built to expect.

That deserves an explanation. Because at first read it sounds like a piece of sector defensiveness, and I want to show why I actually believe it. The framing matters for any duty holder trying to make sense of what a UXO risk assessment is doing for them.

The short version: UK UXO methodology is built on the explicit acceptance that residual risk cannot be eliminated. A find on a “low risk” site is not evidence the assessment was wrong. It is, in many cases, evidence the system is operating exactly as designed.

What the guidance actually says

CIRIA C681, the foundational UK guidance on UXO risk management, is unambiguous on this point. In its discussion of UXO detection surveys, the document states:


“No current UXO detection survey technology can provide complete assurance that every buried UXO item has been detected, located and removed. Even the most reasonably practicable method, other than shifting all the soils beneath a site, will leave some level of residual risk.”


Read that carefully. The guidance is not saying that residual risk is a regrettable limitation of the methodology. It is saying that residual risk is the methodology’s starting point. The whole framework is built on the premise that some UXO will not be detected, will not be anticipated, and will only be found when works disturb them.

C785, the 2019 quick-reference handbook, carries this assumption forward. Its glossary defines residual UXO hazard as ordnance that “has not been cleared by post-war clearance efforts, subsequent cycles of development or UXO survey.” The hazard is, by definition, what survives all the prior efforts to remove it. Some quantity of it is expected to remain at any site with relevant historical exposure.

This isn’t an obscure footnote in either document. It is the conceptual foundation both documents are built on.

Why the framework is built this way

The alternative would be a framework that aims for zero residual risk. Such a framework is technically possible. It would require excavating every cubic metre of soil to depth of penetration on every potentially exposed site before any other works that took place. The cost would be in the billions per major project. The disruption would shut down UK construction. And it would still find UXO during the excavation itself.

No regulator, on any reasonable reading of the cost-benefit case, would mandate this. The Health and Safety Executive certainly does not. The duty under the Health and Safety at Work Act is to reduce risk so far as is reasonably practicable, not to eliminate it. The Edwards v National Coal Board judgment, which underpins the entire SFAIRP and ALARP framework in UK health and safety law, established in 1949 that the duty stops where further risk reduction would be grossly disproportionate to the benefit gained.

UK UXO methodology operates inside that framework. It is a system designed to reduce risk to a level where the cost of further reduction would be grossly disproportionate to the safety benefit. That level is not zero. It cannot be zero. The residual that remains is, by design, what the duty holder is expected to manage on site.

A risk assessment that promised to eliminate residual risk would be either dishonest or commercially indefensible. Probably both.

What a “low risk” find actually demonstrates

When a UXO is found on a site that was assessed as low risk, the descriptor reflected a professional judgement that the likelihood of encounter was low. It did not reflect a judgement that the likelihood was zero. Two things can be simultaneously true:

The original assessment was technically correct. The likelihood of encounter was indeed low. A 1-in-5,000 probability is low. A 1-in-50,000 probability is low. Neither is zero.

A UXO was found on the site. The low-probability event materialised. This is what residual risk means: a small but non-zero chance that something the assessment correctly judged unlikely actually occurs.

These two statements are not contradictory. They describe a system working as designed. The framework anticipated that some low-probability events would materialise. When they do, the response is not to declare that the framework failed. It is to do exactly what CIRIA itself recommends: revise the assessment in light of new information, communicate the revised position to all parties, and continue managing the residual.

C785 makes this explicit through its case studies. In its discussion of a moderate-risk site where two HE bombs were subsequently found in backfill, the guidance notes approvingly that “the DRA was revised for a high risk of further encounters following the first incident.” The risk assessment is treated as a live document, not a verdict that becomes wrong when reality intervenes.

That is how the regime is designed to operate. Find triggers revision. Revision triggers updated mitigation. Updated mitigation manages the now-higher residual. The system is iterative, not predictive.

Why this matters to the duty holder

If residual risk is foundational to the regime, the practical question for any duty holder is what the assessment is telling them about the residual they are expected to manage.

A descriptor (low, moderate, high) tells them very little. It assigns a category but does not articulate what residual remains, how much it depends on the proposed works, or what would change it. It gives the duty holder a sense of how worried they should be, but it does not give them an operational basis for managing the residual the framework expects to leave behind.

Which leads to the part of the regime that is least well understood, and most important: under CDM 2015, the duty for managing UXO risk on a project sits with the duty holder. It cannot be transferred to the consultancy. The consultancy advises. The duty holder owns the residual.

That is not a small administrative point. It is the architecture of the entire regulatory framework. And it has commercial consequences for how UXO advice is procured, what duty holders should expect from it, and what the right answer looks like when something is found on a low-risk site.

Part 3 takes up the question that follows: under CDM, the duty holder owns the residual. What does the consultancy actually need to give them to manage it?

Previous: Part 1 – What “low risk” actually means
Next: Part 3 – Who carries the duty?

For regular updates, project insights, and industry guidance, follow Brimstone UXO on LinkedIn, Facebook, Instagram, and YouTube.

UXO Find

"*" indicates required fields

Join the Brimstone Members Club

The Brimstone Members Club is more than just a mailing list – it’s your gateway to insider content, fun giveaways, company updates and an exclusive welcome discount*. Find out more

Name*
Privacy*
Marketing*
Remnant
This field is for validation purposes and should be left unchanged.