Codes and Standards

Documentation revisions in the 2025 NFPA 72 code

Updates to NFPA 72 introduce changes to definitions and documentation to enhance clarity and reliability.

NFPA 72 insights:

  • New sections in the 2025 version of NFPA 72 address emerging technologies and network-connected systems.
  • Cybersecurity concerns in fire alarm systems are addressed throughout multiple sections of the updated code.

This article has been peer-reviewed.The 2025 edition of NFPA 72: National Fire Alarm and Signaling Code introduces several distributed changes to documentation and definitions, focusing on enhancing clarity, accountability and system reliability. These updates include refined definitions for personnel roles, expanded requirements for shop drawings and completion records, and updates to testing and integration protocols. There are also entirely new sections to keep up with emerging technologies and network-connected systems. Collectively, these changes aim to ensure that fire alarm and emergency communication systems are modern, comprehensively documented and safely connected.

Clarifications for authorized and emergency personnel

The updated commentary for “authorized personnel” and “emergency personnel” in Sections 3.3.213.1 and 3.3.213.2 clarify roles and responsibilities, specifically for operational accountability. Authorized personnel are identified as individuals selected by property owners to manage and maintain fire alarm and safety equipment. These individuals, whether employees or external contractors, are required to possess specialized knowledge of the systems they oversee, ensuring that maintenance and troubleshooting are performed competently.

The definition of emergency personnel, originally introduced in the 2022 edition, has been further refined to distinguish the varying levels of training among individuals responding to emergencies. For example, a fire alarm vendor tasked with testing a fire alarm system has different expertise compared to a firefighter focused on extinguishing fires and rescuing occupants.

Shop drawing enhancements

Sections 7.4.7.1 and 7.4.7.2 list requirements for shop drawings. This section addresses a critical aspect of system design and documentation. Shop drawings shall include detailed information about control unit diagrams, equipment identification, locations, wiring, manual controls and connections to supervising stations or emergency safety systems. By standardizing the level of detail required in shop drawings, the code ensures that all stakeholders, from designers to installers, have a clear understanding of system configurations. These documents are vital for future troubleshooting, and including all locations of splices and junctions can speed repairs.

Figure1: Fire alarm systems are increasingly interconnected and new updates to NFPA 72 work to address this. Courtesy: IMEG Corp.
Figure1: Fire alarm systems are increasingly interconnected and new updates to NFPA 72 work to address this. Courtesy: IMEG Corp.

Testing updates for emergency responder systems

Section 14.4.10 provides updated testing requirements, reflecting the growing integration of emergency responder communication enhancement systems (ERCES) with fire alarm systems. Section 14.4.10.1 now mandates the monitoring of supervisory signals from ERCES through the fire alarm system. This addition underscores the importance of seamless integration between these systems, ensuring real-time oversight and enhancing emergency response capabilities. Designers must now ensure that ERCES monitoring is included in system configurations, aligning with the expanded scope of testing requirements.

Integration with life safety networks

The 2025 edition also addresses the growing complexity of integrating fire alarm systems into broader life safety networks. Revisions to section 21.2.4.1 differentiate between physical protection requirements for emergency control function conductors installed without raceway for three feet or in raceway for 20 feet. Section 21.2.11​ was reorganized to more clearly identify monitoring requirements for data communication paths. If a communication failure occurs, the system must trigger a trouble signal within 200 seconds, ensuring prompt detection and resolution.

In addition, the code clarifies that data from non fire alarm systems can only display status information and must not interfere with the functionality of the fire alarm system. This safeguard maintains the operational integrity of fire alarm systems while enabling interoperability with other life safety components. Designers must carefully evaluate system interfaces to ensure compliance with these stringent requirements, particularly in facilities with complex, interconnected safety systems.

Elevator emergency recall requirements

Updates to Section 21.3 reorganize requirements for elevator emergency recall operations, particularly in facilities without a required building fire alarm system. Section 21.3.2 specifies that initiating devices for Elevator Phase I Emergency Recall Operation must connect to either a non-required fire alarm system or a dedicated “elevator recall and supervisory control unit.” These units must be permanently labeled and documented in record drawings, providing clear identification of their purpose and ensuring compliance during inspections or system modifications.

Expanded carbon monoxide detection standards

The definition of “carbon monoxide source” (3.3.39) has been updated to reflect that CO production is not limited to fuel-burning appliances. This broader definition requires designers to consider CO detectors in locations beyond those traditionally associated with fuel-based systems. To support this change, a new definition for “unconditioned areas” (3.3.329) has been added. This definition addresses spaces such as attics, crawlspaces and garages, where environmental conditions may pose challenges to CO detector placement and operation.

Figure 2: NFPA 72 addresses increased cybersecurity concerns along with functionality and reliability issues. Courtesy: IMEG Corp.
Figure 2: NFPA 72 addresses increased cybersecurity concerns along with functionality and reliability issues. Courtesy: IMEG Corp.

Chapter 17 now reflects these updated definitions, with Section 17.14.1 removing references to fuel-burning sources and focusing on CO sources generally. This revised language introduces references to laws, codes and standards, ensuring that installations align with broader regulatory frameworks. Section 14.4.4.6 is the new home for mandatory testing requirements for CO detection devices.

New detection technologies

The 2025 edition incorporates significant advancements in detection technologies, including acoustic and thermal image detectors. Section 17.11 introduces acoustic leak detection systems, defined in 3.3.79.1 as devices that identify ultrasonic sounds from high-pressure gas leaks. Unlike conventional gas detectors, which sense the presence of gas directly, acoustic systems detect sound patterns associated with leaks, making them particularly effective in industrial environments or locations with rapid gas dispersion. To ensure proper implementation, design documentation must outline performance objectives and provide engineering evaluations for detector placement and spacing. These systems must also align with manufacturer recommendations to mitigate interference and meet the performance requirements outlined in relevant code chapters.

Thermal imaging fire detectors, defined in 3.3.79.26 and addressed in Section 17.12, represent another technological addition. 14.4.3.4 added these devices to the list of testing requirements. These devices detect temperature changes and fire signatures using thermal imaging technology. They require clear lines of sight to potential hazards and must produce alarms for temperature rate-of-rise within their field of view. Supervisory signals are also required to notify system operators of obstructions that may impair detection. Controls and software must be secured against unauthorized modifications, ensuring system integrity.

Clarifications for smoke detection systems

The spacing requirements for smoke detectors have been updated in Section 17.7.4.2.3.1 to extend the prescriptive coverage area maximum to 40 feet high ceilings. For higher mounting heights, performance-based calculations shall be used. Staying with the theme of ceiling mounted detection, section 17.7.4.2.4.2 now includes the definition of “girder” to clarify ceiling type descriptions, ensuring consistent application of spacing guidelines across various architectural configurations. Additionally, Section 17.7.6.6.5.1 revises the requirements for placing smoke detectors near doorways. Previously, devices were required to be located on the exact centerline of the door opening, which proved overly rigid in many applications. The updated code now allows placement within 12 inches of the centerline, balancing practical installation concerns with functional performance.

Suppression system signage requirements

Section 17.17.3 introduces a new requirement mandating signage for manual operation of releasing agent suppression systems. This change addresses a long-standing issue where many existing installations lacked adequate signage, potentially hindering system operation or causing accidental discharge.

Emergency control function interfaces

The 2025 edition revises the guidelines for emergency control function interface devices, as detailed in Section 21.2.4. These devices link detection systems with controlled components, such as ventilation or suppression systems. The revised code permits devices to be installed up to 20 feet from the controlled component if conductors are protected in metal raceways or armored cables. Without such protection, the installation must still remain within three feet of the component.

Notification appliance circuits and voice instruction overrides

Section 18.3.7.1 has been revised to separately address alternating current and direct current circuits powering notification appliances. It’s vital to ensure voltage drop is adequately controlled for proper operation of notification appliances. The two calculation methodologies listed are end-line-loaded and point-to-point (PTP). The former is the most conservative, because it assumes all of the devices are at the end of the total wire length. All else equal, we expect the PTP method to look more favorable and result in smaller wire sizes. Designers should specify the type of calculation method to be used and carefully review the calculation method used in the shop drawing submittal.

Section 24.5.12.6 was rearranged to emphasize the importance of life safety voice instructions overriding any previously initiated or automatically initiated signals. This ensures that critical information delivered during emergencies is not hindered or obscured by other ongoing alerts. For engineers, this necessitates system designs where voice instruction capabilities are seamlessly integrated and prioritized, particularly in facilities with complex emergency scenarios or diverse occupant needs.

Mass notification and emergency communication systems

Section 24.7.1 addresses the use of distributed recipient mass notification systems (DRMNS). DRMNS cannot replace required audible and visual notification systems, though it encourages integration with mass notification systems (MNS) whenever possible. This reinforces the role of traditional notification systems as the foundation for emergency communication, with DRMNS serving as a supplementary tool for delivering targeted and specific messages. The revisions ensure that redundancy and flexibility are built into notification system designs to enhance overall reliability.

Section 24.9.1 introduces a requirement for fire alarm systems to monitor all supervisory signals related to emergency responder communication enhancement systems (ERCES). This update increases the number of required monitoring points, necessitating systems capable of handling additional complexity. By strengthening oversight of ERCES, the revisions improve the integration of communication systems with fire alarms, which ensures seamless operation during critical events.

Supervising stations and pathway survivability

Requirements for proprietary supervising stations, detailed in Section 26.4.3.4.3, mandate the inclusion of emergency lighting capable of providing at least 26 hours of illumination during primary lighting failures. This requirement, along with adherence to Chapter 14 testing standards, ensures that supervising stations remain operational even during extended power outages.

The integrity of communication pathways between fire alarm systems and supervising stations is addressed in Sections 26.6.3.3, 26.6.3.11, 26.6.3.12 and 26.6.3.13. These revisions account for the behavior of internet service providers during outages, introduce requirements for trouble indications on fire alarm control units in the event of communication loss and mandate secondary power for communication equipment. Additionally, Section 26.6.5.1.2 provides stricter supervision and control requirements for radio transmission equipment, to ensure the continuous operation of remote communication systems. Together, these changes reflect a concerted effort to address real-world connectivity challenges, reinforcing the reliability of communication systems under various conditions.

Section 27.8.7 also updates pathway survivability for public emergency alarm reporting systems. The code now requires connections between these systems to achieve level two or level three survivability, significantly improving their reliability during extreme conditions.

Audible alarm characteristics and restricted audible mode operation

The characteristics of audible alarms are refined in Sections 10.10.4 through 10.10.8, which were revised for clarity. These sections require distinct and recognizable sounds for supervisory, trouble, evacuation alarm and pre-alarm signals. These updates enhance clarity and reduce confusion, particularly in facilities where multiple alarm types may need to operate simultaneously.

The introduction of restricted audible mode operation (RAMO) in Section 18.4.8 addresses the need for tailored auditory environments in sensitive spaces, such as neurodiverse facilities or early education classrooms. RAMO allows for reduced sound levels in private-mode notifications but is restricted to areas with trained, awake and mobile staff. The code includes detailed documentation requirements for RAMO zones, outlined in Section 7.3.4.7, and mandates annual testing and occupancy reviews to verify compliance with the intended use.

Figure 3: Regular checks on the functionality of alarm systems is key to ensure safety during an emergency event. Courtesy: IMEG Corp.
Figure 3: Regular checks on the functionality of alarm systems is key to ensure safety during an emergency event. Courtesy: IMEG Corp.

The 2025 edition also updates Sections 18.4.1.5, 18.4.1.6 and 18.4.1.7 to align with RAMO requirements, further integrating these systems into the broader framework of fire alarm notification standards.

Incorporating cybersecurity provisions

The 2025 edition of NFPA 72 expands the chapter on cybersecurity, establishing enforceable standards to safeguard fire alarm and signaling systems from unauthorized access and cyber threats. Building on the guidance provided in Annex J of the 2022 edition, this chapter consolidates and expands the cybersecurity framework, addressing vulnerabilities in system access, configuration and implementation.

The 2025 edition draws upon well-established frameworks to provide a solid foundation for cybersecurity practices. New references to the International Society of Automation (ISA) and the National Institute of Standards and Technology (NIST) emphasize best practices for securing industrial automation and control systems. These standards, referenced in Sections 2.3.6 and 2.3.8, encourage the integration of systematic and comprehensive security protocols to mitigate risks associated with network connectivity.

Several new and revised definitions in the 2025 edition of NFPA 72 provide essential clarity for implementing cybersecurity measures. The term auxiliary service provider (ASP) refers to an entity that processes signals from fire alarm systems and relays them to supervising stations, ensuring that signals do not bypass critical security checkpoints. The definition of network connectable equipment encompasses components capable of connecting to external networks via wired or wireless protocols, highlighting the importance of securing these interfaces. The code also introduces cybersecurity software, which protects systems against cyberattacks without disrupting their primary functionality. Updates to the definitions of emergency response agency and emergency response facility align with the 2022 edition of NFPA 1225: Standard for Emergency Services Communications, ensuring consistency across standards. These clarified terms provide a structured vocabulary for designing and implementing secure systems.

Auxiliary service providers

Section 26.2.11 details the role of ASPs and establishes requirements to enhance signal reliability and supervision. ASPs are often cloud-based entities responsible for monitoring and retransmitting signals from protected premises to supervising stations. To address potential vulnerabilities, ASPs must ensure continuous supervision of communication pathways, retransmit signals without delay and notify stakeholders of any operational changes within 30 days. They are also required to retain signal records for at least one year and comply with UL 827 standards for security and reliability.

Implementing maintenance plans for networked systems

Section 7.6.7 introduces a new requirement for maintenance plans tailored to network connectable equipment. These plans must document personnel with access to the system and outline procedures for removing access credentials promptly when personnel changes occur. This focus on access management reduces the likelihood of unauthorized system interactions and ensures that only qualified individuals can control critical system components.

Gateway reporting system qualifications

Section 10.5.7 introduces qualifications for personnel managing gateway reporting systems, emphasizing the need for expertise and accountability. Individuals responsible for designing, installing, maintaining or servicing these systems must be trained, certified and qualified according to standards established by state, national or manufacturer guidelines. Furthermore, documentation of these qualifications must be kept up to date and made available to the authority having jurisdiction upon request.

Mandatory cybersecurity provisions in Chapter 11

Chapter 11, which is mostly new in the 2025 edition, consolidates cybersecurity practices into a comprehensive framework of mandatory requirements. It replaces the optional guidance previously outlined in Annex J, addressing vulnerabilities in system access and configuration identified in foundational research. The chapter includes protocols for securing system access points, protecting system configurations from tampering and implementing best practices during system deployment. By shifting from optional recommendations to enforceable standards, Chapter 11 underscores the importance of prioritizing cybersecurity as a fundamental aspect of system design and operation.

Figure 4: Auditorium spaces like this one at the University of Florida have specific considerations for fire and life safety. Courtesy: IMEG Corp.
Figure 4: Auditorium spaces like this one at the University of Florida have specific considerations for fire and life safety. Courtesy: IMEG Corp.

The introduction of these cybersecurity provisions highlights the increasing complexity of fire alarm and emergency communication systems in the context of networked environments. For engineers and designers, these updates necessitate a proactive approach to system security, including the incorporation of redundant communication pathways, robust access controls and comprehensive personnel training programs. Additionally, integrating cybersecurity software during the design phase helps protect system integrity while ensuring compliance with the new standards.

Design considerations for replacing existing fire and life safety systems

When designers are tasked with replacing existing fire alarm systems, the first step is understanding the project scope. There are two primary types of fire alarm upgrades. The first is a notification-only upgrade, where the client seeks a code-compliant audiovisual layout. Many existing fire alarm systems fall short of meeting the visual layout requirements of  NFPA 72: National Fire Alarm and Signaling Code, particularly in strobe device placement. A subset of this type involves transitioning to a fully voice-capable fire alarm notification system, which requires new device locations and additional installations, significantly increasing costs. This type reuses the existing initiating devices, such as manual pull stations, smoke detection, heat detection, etc. The reuse of initiation devices saves cost and hassle, and is suitable for installations that are code-compliant for initiation but not notification. The second type of upgrade involves complete replacement of the entire fire alarm system, with no reuse of existing components.

Both types necessitate a site visit to assess space utilization and current conditions. NFPA 72’s notification coverage requirements depend heavily on how a space is used, and relying solely on room names often fails to capture actual usage. For instance, in multi-occupant offices, if specific occupants are known, the facility must determine whether any are deaf or hard of hearing considerations may require supplemental visual coverage. In spaces with rotating occupancy, visual coverage is mandatory since the hearing ability of all potential occupants cannot be vetted. Over time, space utilization evolves to maximize facility efficiency, making site visits critical to verify that the life safety plans reflect actual conditions.

The existing fire alarm system is typically inadequate to support modern notification and detection standards. This shortfall is often due to outdated wiring and insufficient capacity to handle the number of devices required by modern codes. As devices are added, power supply and battery backup requirements also increase. Adding visual devices is one of the simplest upgrades, as it can usually be accomplished by installing a notification appliance control unit or extender panel, which provides the necessary power for additional devices. However, upgrading to a voice system requires amplifiers and entirely new notification appliance circuit wiring. If the existing system lacks voice capability, the designer will likely need to replace all fire alarm control units and add cabinets to house amplifiers.

Physical locations for new fire alarm components and supporting circuits introduce further challenges. During site visits, designers must not only determine space utilization but also verify power sources. Identifying visual devices is straightforward, but many fire alarm components, such as monitor modules and addressable relays, are concealed above ceilings. These components are often linked to fire and smoke dampers, door operators and other fire alarm interfaces. To gauge the extent of these components, designers can request a point list export from the fire alarm system manufacturer, providing a comprehensive inventory of devices and the project’s physical scope.

Once design begins, detailed discussions between the designer and client are essential to plan the new fire alarm system’s implementation. Existing systems cannot typically be deactivated while the building remains occupied. This may necessitate temporary systems or maintaining the current system until the new one is fully commissioned. In this approach, two systems operate concurrently, with a clear cutoff during the transition. This method facilitates commissioning and minimizes disruptions, but it increases costs due to the added effort of demolishing the old system. Alternatively, temporary wireless fire alarm components can be deployed, particularly in large facilities, allowing phased installation and removal to reduce costs.

Commissioning fire alarm systems is crucial to ensure compliance with codes and that systems are installed and programmed as intended. Coordination with the client during commissioning is necessary to prevent shortcuts that could compromise the system’s functionality. Commissioning inevitably causes some disruption, making it vital for the engineer and client to collaborate closely. The process should verify that the system meets all requirements for visual and audible coverage, including speech intelligibility for voice systems. If the fire alarm system also provides mass notification, additional requirements must be thoroughly tested. Whether for distributed recipient notification or wide-area notification, all aspects of the mass notification system must be fully verified to ensure proper programming, wiring, and functionality.