The Construction (Design and Management) Regulations 2015 — commonly known as CDM 2015 — place formal duties on all parties involved in a construction project to plan, manage, and coordinate health and safety from the earliest design stages through to project completion. Security, including surveillance such as construction site CCTV systems, sits within the broader health and safety framework that CDM establishes, and understanding where CCTV fits into CDM compliance is increasingly important for principal contractors, clients, and site managers.
This article explains what CDM 2015 requires in terms of site security and surveillance, where CCTV supports compliance obligations, and what construction professionals should consider when specifying systems.
The Construction (Design and Management) Regulations 2015 replaced the previous 2007 version and introduced a clearer duty holder structure. There are three principal duty holders under the regulations:
The Client — the organisation or individual commissioning the construction work. The client has overarching responsibility for ensuring that the project is properly managed and that suitable welfare and safety arrangements are in place.
The Principal Designer — responsible for planning, managing, and coordinating health and safety during the pre-construction phase, including identifying and eliminating risks during the design stage.
The Principal Contractor — responsible for planning, managing, and coordinating construction phase health and safety, including the preparation and maintenance of the Construction Phase Plan.
The Construction Phase Plan is one of the central documents under CDM 2015. It must be prepared before the construction phase begins and maintained throughout the project. Among other requirements, it must address:
The explicit inclusion of site security in the Construction Phase Plan means that CCTV deployment — or the absence of it — is a documented decision with regulatory context. A project that has suffered repeated security breaches without having made a documented case for the adequacy of its security arrangements is in a more exposed position from a compliance standpoint.
No. CDM 2015 does not specifically require CCTV to be deployed on construction sites. It requires that security arrangements are suitable and proportionate to the risks identified. What constitutes suitable arrangements depends on the nature, size, and location of the project.
However, in practice, the HSE (Health and Safety Executive) and principal contractor frameworks increasingly treat visible surveillance as a standard expectation on medium to large sites. The NBCC (National Business Crime Centre) Construction Site Security Guidance — which provides the police-endorsed framework for construction security — explicitly recommends CCTV as part of a layered security strategy.
Where CCTV is deployed, its existence should be documented in the Construction Phase Plan as part of the site’s security arrangements.
CDM 2015 requires principal contractors to take reasonable steps to prevent unauthorised access to the site. An unmonitored perimeter — particularly on large sites with open boundaries during groundworks — is difficult to control through physical means alone. CCTV, combined with appropriate fencing and signage, provides a verifiable layer of access control that can be documented in the Construction Phase Plan.
Beyond security, CCTV footage is increasingly used on construction sites to support health and safety investigation. Where a workplace accident occurs, footage from site cameras can be crucial evidence in understanding the sequence of events, identifying contributing factors, and informing safety improvements.
Under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR), certain incidents must be reported to the HSE. Having footage that documents the circumstances of a reportable incident supports the accuracy of that reporting and protects the principal contractor during any subsequent investigation.
CDM 2015 includes requirements around protecting workers who may be working alone or in isolated areas of a site. CCTV systems with monitoring capability contribute to lone worker oversight, although they should be considered alongside (not instead of) dedicated lone worker devices and procedures.
Any deployment of CCTV on a construction site must comply with UK data protection law. Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, construction site operators using CCTV must:
Display clear signage at all entry points and in areas where cameras are operating. Signage must inform individuals that CCTV is in operation, identify the data controller (typically the principal contractor or client), and provide contact details or a reference to a full privacy notice.
Limit camera coverage to areas where surveillance is genuinely necessary. Cameras should not be positioned to unnecessarily capture footage of workers in welfare facilities or areas where a reasonable expectation of privacy exists.
Retain footage appropriately. There is no fixed legal requirement for how long construction site CCTV footage must be retained, but the principle of data minimisation under UK GDPR means that footage should not be kept longer than necessary for the purposes it was captured. A commonly adopted approach is 30 days, unless footage relates to a specific incident under investigation.
Secure access to footage. Only authorised individuals should be able to view or retrieve recorded footage, and access should be logged.
Failure to comply with these requirements exposes the data controller to enforcement action by the Information Commissioner’s Office (ICO). In a construction site context, the principal contractor is most commonly the data controller for CCTV operated during the construction phase.
Under CDM 2015, the Principal Designer’s role during the pre-construction phase includes identifying foreseeable security risks and taking steps to reduce them through design. This might include:
Incorporating CCTV into the site security design at the pre-construction stage — rather than as a reactive measure after the site is established — is both more effective and more aligned with the spirit of CDM 2015’s planning requirements.
Document your security arrangements in the Construction Phase Plan. This should include what systems are in place, where they’re positioned, what they cover, and how they’re monitored. If CCTV is not being deployed, document the reasoning and what alternative measures are in place.
Review security arrangements as the project programme changes. The Construction Phase Plan is a living document. As phases change and site conditions evolve, the security section should be updated to reflect current arrangements.
Ensure your CCTV provider can supply compliance documentation. Reputable providers will supply data processing agreements, privacy notice templates, and signage that meets ICO requirements as part of their service.
Treat CCTV as one layer, not the whole security strategy. CDM 2015’s risk-based approach means that CCTV should be part of a proportionate overall security strategy that includes physical perimeter controls, access management, lighting, and procedural measures.
CDM 2015 does not mandate CCTV, but it does require principal contractors to demonstrate that site security arrangements are adequate and properly documented. CCTV is now widely considered a standard element of a compliant security strategy on medium to large construction sites, and its deployment should be reflected in the Construction Phase Plan.
Veritech Security works with principal contractors across the UK to deliver CDM-compliant CCTV solutions, including fully documented data processing arrangements, compliant signage, and construction phase plan support. Contact us to discuss your project’s requirements.
Veritech Security works with principal contractors and site managers to ensure that CCTV deployment supports — rather than complicates — CDM 2015 compliance. We provide data processing agreements, ICO-compliant signage, and written documentation of your surveillance arrangements suitable for inclusion in your Construction Phase Plan.
If you’re unsure whether your current security arrangements meet your CDM obligations, or if you’re setting up a new site and want to get it right from the outset, our team is happy to review your programme and advise without obligation.
Call: 0800 799 9800 (available 24/7) Email: info@veritech-security.com Or request a free compliance consultation online.
Related Articles
Head Office
18-20 Millbrook Road East,
Southampton, Hampshire, SO15 1HY
Tel: 0800 799 9800
Email: info@veritech-security.com
Hours: Monday - Sunday: Open 24 Hours
© 2026 Veritech Security is a trading name of Veritech Systems Limited | Company Registration No. 07095234 | Social Responsibility Policy | Sitemap | Privacy Policy | Policies and Procedures | Veritech Systems Limited holds SIA approved contractor status for Security Guarding, CCTV and Keyholding security services.
Simply complete our quick survey below
