Gateway 3 is where many “digital” promises get stress-tested: what’s been modelled, captured, verified and kept up to date has to stand up as usable building information, not just a set of PDFs and a tidy BIM folder. By 2026, the market expectation is that clients, principal contractors and dutyholders will be far less tolerant of ad‑hoc document control when the conversation turns to the golden thread and structured fire safety information. That is pushing UK teams to reassess whether their current Common Data Environment (CDE) can genuinely support compliant information management, including the direction of travel set by BS 8644-1 digital fire information.
What Gateway 3 changes for information management in 2026
Gateway 3 is not “another handover milestone”. It forces the project to prove that the right information exists, is reliable, and is retrievable in a way that supports safe occupation and ongoing management. In practice, that means your CDE has to behave like an audit-ready information system, not merely a file share.
For many delivery teams, the hardest shift is cultural rather than technical: moving from “upload when you can” to controlled workflows, named accountability, and clear acceptance rules for what becomes part of the record. If you’re selecting a UK-compliant CDE in 2026, you’re selecting a process and governance model as much as a platform.
A useful way to think about it is this: Gateway 3 cares less about how impressive your model looks, and more about whether somebody who wasn’t on the job can find, trust, and use the critical information without guesswork.
Plain-English: the golden thread, a CDE, and BS 8644-1 fire information
The golden thread is essentially the maintained, accurate record of building safety information through design, construction and into occupation, with a clear line of sight from decision to evidence. A CDE is the controlled environment where that information is created, checked, approved, and retained with traceability.
BS 8644-1 is relevant because it reinforces the expectation that fire safety information is not just free-text narrative in O&M manuals. The direction is towards consistent, structured information that can be queried, updated and handed over cleanly, including relationships between assets, locations, fire strategy decisions and supporting evidence.
In CDE terms, that translates into capabilities such as:
– structured metadata and consistent classification
– controlled status codes and approvals (not “final_final_v7”)
– immutable audit trails for who changed what and why
– the ability to package, export and retain information without breaking links
– governance that survives the usual supply chain churn
A UK site scenario: where the CDE either carries you or exposes you
A principal contractor is delivering a mid-rise residential scheme in Greater Manchester under a design and build contract, with a partially novated design team and multiple specialist subcontractors for fire stopping, smoke control and cladding support. Two months before planned completion, the client’s building safety lead asks for a consolidated view of fire doorsets: locations, test evidence, installation checks, remediation records and sign-off status. The joinery subcontractor has uploaded certificates as scanned PDFs with inconsistent filenames, while the door schedule spreadsheet sits in a separate “Handover” folder updated by the site engineer. The fire stopping contractor keeps QA photos in a mobile app that exports zipped folders with no persistent identifiers. The design team’s model includes door types, but not the installed asset tags, and the O&M compiler is chasing data through email chains. Programme pressure means people start “just uploading something” to keep the tracker green, and suddenly the CDE is full, but confidence is low.
That’s the moment when CDE selection stops being an IT decision and becomes a Gateway 3 risk decision.
How to specify a CDE so it supports the golden thread and digital fire information
A UK-compliant CDE brief needs to go beyond “must be ISO 19650 compliant”. ISO 19650-aligned workflows are a baseline, but Gateway 3 will punish vague responsibilities and unclear acceptance criteria. Your specification should be clear on how information becomes trusted project record, and how fire safety information is structured, referenced and maintained.
Start with the outcomes you need at Gateway 3 and in occupation, then trace backwards into the CDE requirements. For fire information aligned to BS 8644-1 thinking, you generally want consistent data structures, traceable approval, and the ability to federate evidence across organisations without losing provenance.
Key requirements to write into your scope (and to test in demos) include:
– Role-based permissions that match UK dutyholder and supply chain responsibilities, including controlled authoring/approval routes for fire-critical information.
– Status and revision control that prevents “approved” records being overwritten, with a clear method for superseded information to remain discoverable.
– Metadata rules that are enforceable (not optional), including location, system, asset type, and a consistent coding structure across packages.
– Interoperable export that doesn’t trap you: you should be able to extract a usable information set at Gateway 3 and pass it into the building operator’s tools without rebuilding everything.
– Evidence linking: the ability to connect an asset or location to supporting test certificates, commissioning results, QA images and product data in a way that remains intact after handover.
– Audit logs that are readable by non-IT stakeholders, supporting accountability without “screen grabs of system logs”.
Checklist: selecting and proving a Gateway 3-ready CDE
– Map fire-critical information flows (doors, dampers, penetration seals, alarms, smoke control) and demand that the CDE workflow supports them end-to-end, not just at handover.
– Require structured metadata fields to be mandatory for fire-related records, with validation rules that stop incomplete uploads becoming “accepted”.
– Set an approval model that mirrors how site QA actually works, including staged acceptance and clear rejection reasons.
– Run a pilot using real subcontractor evidence (photos, certificates, installation checklists) and confirm it can be linked to locations and assets without manual renaming marathons.
– Confirm export and retention: prove you can produce an immutable Gateway 3 package and a maintainable “living record” for occupation.
– Build in supplier onboarding: templates, naming rules, and a minimum competency expectation for anyone uploading fire safety information.
Common mistakes
# Treating the CDE as a dumping ground
/> Teams allow uncontrolled uploads and rely on someone “sorting it later”, which is exactly how you end up with a full system and an empty audit trail.
# Assuming ISO 19650 compliance equals Gateway 3 readiness
/> A platform can support ISO 19650-style processes yet still fail on structured fire information, evidence linking, or immutable records for safety-critical elements.
# Letting each subcontractor keep their own evidence system
/> When fire-stopping, doors, and M&E each retain evidence in separate apps with no persistent identifiers, the reconciliation effort lands on site in the worst weeks of the programme.
# Building the data model around design intent only
/> If installed asset identifiers, locations and inspection outcomes are not captured as-built, you end up with a beautiful model and a weak record of what was actually installed and accepted.
Interfaces and risk: where CDE selection usually goes wrong on live jobs
The CDE is rarely the only system in play. You might have a field QA tool, a commissioning platform, a document controller’s workflow, and separate asset management requirements from the operator. The risk is that these systems create information silos and break traceability just when you need it most.
When you evaluate a CDE for 2026, pay attention to the “joins”:
– Can site QA evidence be ingested with consistent tags, or does somebody have to manually rename and refile everything?
– Can you maintain a single source of truth for asset identity from procurement through installation to handover?
– Does the platform support controlled change, so updates to fire strategy decisions are recorded with rationale, impact and evidence?
– Can you produce a coherent record when roles change mid-project (common under novation and package re-letting)?
Also consider commercial reality: subcontractors will push back on anything that slows progress or duplicates effort. If your chosen CDE requires heavy admin to upload evidence, you will either see non-compliance or “creative compliance” where records exist but can’t be trusted.
Your next week’s Gateway 3 readiness sprint
# One-week Gateway 3 information sprint
/>
1. Nominate a single fire information owner for the job and issue a written RACI that covers who can author, who can approve, and who can lock records in the CDE.
2. Extract one fire-critical asset set (for example, doorsets on one core) and force a complete evidence chain: product data, install QA, inspections, and sign-off linked to a location.
3. Configure mandatory metadata fields for fire-related uploads and switch on validation so incomplete records cannot reach “accepted” status.
4. Trial an export of the same asset set into a neutral handover pack and confirm that links, identifiers and revision history remain intact.
5. Hold a 30-minute subcontractor clinic on site to align naming, status codes and photo evidence rules, then apply it to that week’s inspections.
What to watch next in the UK market
Expect CDE discussions to shift from “which platform” to “which governance model”, with more clients demanding evidence of how structured fire safety information will be captured and maintained, not just promised. The winners in 2026 will be teams that can demonstrate a simple, enforceable method for turning site evidence into trusted, queryable records without suffocating delivery. In your next project meeting, ask three questions: can we trace a fire-critical element from design decision to as-built evidence in minutes, not days; can we lock and export a Gateway 3 record without manual rework; and who is accountable when the record is incomplete or inconsistent.
