How to identify, support, and protect vulnerable consumers on your heat network. Ofgem requirements for Priority Services Registers under AC B8.
Heat is not a discretionary service. For many consumers, particularly the elderly, disabled, chronically ill, and those with young children, losing their heat supply or being unable to afford it has immediate and serious consequences for health and wellbeing. Ofgem's regulation of heat networks places significant emphasis on the identification and protection of vulnerable consumers, reflecting the approach established in the gas and electricity sectors over many years.
Who this guide is for. The Priority Services Register and vulnerability duties under AC B8 sit on the supplier in the regulated activity of supply, in respect of domestic consumers. On most heat networks the operator and supplier are the same legal entity, so this guidance applies to operators in that capacity. Where operation and supply are split, the PSR and vulnerability duties sit on the supplier. References to "the supplier" below should be read as "the supplier — who on your network may also be the operator".
Suppliers must establish a Priority Services Register (PSR) to identify consumers who may be vulnerable due to age, disability, chronic illness, mental health conditions, language barriers, financial difficulty, or other circumstances. The PSR must be actively maintained, not simply a form that consumers can fill in if they happen to know about it. Suppliers are required to take proactive steps to identify consumers who may be eligible, offer tailored support measures, train staff to recognise and respond to vulnerability, and handle personal data relating to vulnerability with appropriate safeguards.
Support measures may include advance notice of planned supply interruptions, priority restoration during unplanned outages, accessible billing formats, additional support during billing disputes, and referral to external support services where appropriate.
Having a list of names is not the same as having a vulnerability policy. Ofgem expects suppliers to have documented procedures covering how consumers are identified and added to the register, what specific support measures are available, how staff are trained to recognise vulnerability indicators, how the register is reviewed and updated, how consumer data is protected, and how the effectiveness of the arrangements is monitored. This is a living system, not a one-off exercise.
Suppliers need an internal vulnerability and PSR policy, a staff training framework, a consumer-facing guide explaining what support is available and how to request it, and data handling procedures specific to the sensitive personal information involved. Our platform generates all of these documents, tailored to your network type and consumer base, addressing the key requirements of AC B8.
PSR records are personal data under the UK GDPR and Data Protection Act 2018. Collecting and processing this data requires a lawful basis — typically legitimate interests or the performance of a contract, depending on your network structure. Suppliers must have appropriate retention rules, access controls, and a privacy notice that covers PSR processing. These data-protection obligations run alongside the Authorisation Condition requirements and are not displaced by them.
PSR policy, staff training framework, and consumer-facing guide — tailored to your network type, key AC B8 requirements addressed.
Generate your vulnerability documentationLast checked against official sources: 28 May 2026.