The short version
Being a registered manager carries real legal accountability. You are responsible, alongside the provider, for the service meeting the regulations, and if it doesn't, CQC has a range of enforcement powers it can use, some of which can be directed at you personally. In the most serious cases, certain regulatory breaches can lead to prosecution.
This is not written to frighten you. The vast majority of registered managers never face enforcement action, and the ones who run their services conscientiously have little to fear. But the accountability is genuine, and understanding it, rather than discovering it at the worst possible moment, is part of taking the role seriously. This article explains where the legal weight sits, what CQC can do, and what genuinely protects you.
This article is general information about the registered manager role. It is not legal advice. If you are facing enforcement action or have specific concerns about your legal position, take advice from a solicitor with relevant regulatory expertise.
Where your accountability comes from
The registered manager's accountability comes from the Health and Social Care Act 2008 and the Regulations made under it. When CQC registers you as the manager of a regulated activity, you take on responsibility for ensuring that activity meets the fundamental standards, safe care and treatment, safeguarding, good governance, staffing, and the rest.
This accountability sits alongside the provider's. The provider doesn't absorb all the legal responsibility; you hold it too, in your own right, as the registered person responsible for managing the service. That's the trade-off of the role: the registration that lets you manage a regulated service also makes you answerable for it.
What CQC can do, the enforcement powers
CQC has a graduated set of enforcement powers, ranging from the supportive to the severe. The exact powers and how they're applied are set out in CQC's enforcement policy, which you should read in its current form, but broadly they include:
Requirement and warning notices. CQC can require improvements and warn that action will follow if they're not made. This is the most common end of enforcement and is often about driving improvement rather than punishment.
Conditions on registration. CQC can impose, vary, or remove conditions, for example, restricting what the service can do, or requiring specific actions.
Civil enforcement. CQC can suspend or cancel a registration, or urgently restrict a service where there's a serious risk to people.
Action against the registered manager personally. CQC's powers include the ability to act in relation to the registered manager, including, where the fitness requirements are no longer met, the registered manager's position.
Criminal enforcement. Certain breaches of the Regulations carry criminal liability. CQC can prosecute. For the most serious matters, for example, where a failure in safe care and treatment or safeguarding causes avoidable harm, CQC has the power to prosecute without first issuing a warning notice. Penalties on conviction can include fines and, depending on the offence, other consequences.
The point to absorb is that enforcement isn't a single thing. It's a spectrum, and most of it is about improvement. But the severe end is real, and it can reach the registered manager personally.
What can lead to the serious end
The most serious enforcement, including prosecution, tends to arise from a particular pattern: an avoidable harm to a person using the service, combined with a failure in the systems that should have prevented it. It's rarely a single mistake. It's usually a failure that the service should have caught, a risk that wasn't managed, a safeguarding concern that wasn't acted on, a known problem that wasn't addressed, that then leads to someone being harmed.
This is why the governance side of the role matters so much. The systems that surface risks, investigate incidents, act on safeguarding concerns, and learn from what goes wrong are not bureaucratic overhead. They're the difference between "something went wrong despite a service doing everything reasonable" and "something went wrong because the service failed to do what it should have." The first is a tragedy; the second is where personal accountability bites hardest.
What genuinely protects you
Here's the part that matters most, and it's the part I'd want any registered manager to understand.
What protects a registered manager isn't a perfect record. No service is perfect, and CQC doesn't expect perfection. What protects you is being able to show that you ran the service conscientiously: that you identified risks and managed them, that you investigated incidents and learned from them, that you acted on safeguarding concerns, that you surfaced problems rather than hiding them, and that when something went wrong, you responded appropriately and openly.
In other words, what protects you is the evidence that you did your job, not the absence of any problem, but the presence of a conscientious response to the problems that inevitably arose.
This is why record-keeping and governance are not just compliance tasks. They're your account of how you ran the service. If something goes wrong and the question becomes "was this avoidable, and did the registered manager act appropriately?", the answer lives in the records. A registered manager who can show a clear trail, risk identified, action taken, incident investigated, lesson learned, change made, is in a fundamentally different position from one who can't show what they did or when.
From the inspector's chair
I saw both ends of this over thirteen years. I saw services where something went badly wrong and the registered manager was, frankly, not at fault, they'd run a conscientious service, the systems had worked, and the harm had occurred despite reasonable care. And I saw services where the harm was the predictable result of a failure the service should have caught, where the registered manager couldn't show that they'd managed the known risk or acted on the warning signs.
The difference between those two situations, in terms of how it went for the registered manager personally, was enormous. And the difference between them was almost always visible in the evidence. The conscientious registered manager could show their work. The one in difficulty couldn't.
The lesson I'd want every registered manager to take from this isn't fear. It's that the everyday discipline of running the service well, surfacing risks, investigating honestly, acting on concerns, keeping the trail, is also exactly what protects you if the worst happens. The good practice and the self-protection are the same thing. You don't have to choose between running a good service and protecting yourself; doing the first is how you do the second.
How Verivius helps
Verivius is built around this principle. The platform runs your incidents, safeguarding concerns, complaints, risks, and improvement actions through a complete, append-only audit trail, meaning the record of how you ran the service, identified risks, investigated problems, and acted on concerns is captured as you go, not reconstructed under pressure.
For a registered manager carrying real legal accountability, that's not a convenience. It's the evidence that you did your job, the same evidence that protects you if you ever need to account for how the service ran. The records can't be quietly altered after the fact (corrections happen transparently, with the original preserved), which is exactly the kind of trail that stands up to scrutiny.
Frequently asked questions
Can a registered manager be prosecuted?
Yes. Certain breaches of the Regulations carry criminal liability, and CQC has the power to prosecute. For the most serious matters, such as a failure in safe care or safeguarding that causes avoidable harm, CQC can prosecute without first issuing a warning notice. This is rare, and tends to arise from serious failures rather than isolated mistakes, but the power is real. If you are facing or fear enforcement action, take legal advice.
Am I personally liable, or is it just the provider?
Both the provider and the registered manager carry accountability, in their own ways. The provider doesn't absorb all the legal responsibility; the registered manager holds it too, as the registered person responsible for managing the service.
What's the most common kind of enforcement action?
The most common enforcement is at the supportive end, requirements to improve and warning notices, which is often about driving improvement rather than punishment. The severe end (prosecution, cancellation) is reserved for serious matters.
What protects me as a registered manager if something goes wrong?
Being able to show that you ran the service conscientiously: that you identified and managed risks, investigated incidents, acted on safeguarding concerns, surfaced problems, and responded appropriately when things went wrong. The evidence that you did your job is what protects you, not a perfect record, which no one has.
Where can I read CQC's enforcement policy?
CQC publishes its enforcement policy on its website. Read the current version, because the framework and CQC's approach can change.
Should I get my own professional indemnity or insurance as a registered manager?
Many registered managers consider personal professional indemnity cover, and some employers provide it. Whether and what you need depends on your circumstances; take advice. This article is general information, not insurance or legal advice.
This article was last reviewed on 31 May 2026. Enforcement powers and the regulatory framework change; verify the current position at cqc.org.uk and with appropriate legal sources. This article is general information, not legal advice. If you are facing enforcement action or have concerns about your legal position, consult a solicitor with relevant regulatory expertise.
Related reading: What a registered manager actually does · Registered manager notifications: what you must tell CQC and when · What makes a good registered manager, from the inspector's chair