A building is a bit like a living organism. It has its organs (electrical panels, networks, processes), its sensitive areas (public access buildings, high-risk premises), and its entry points (power lines, data lines, pipes). Lightning, however, doesn't "aim" for anything; it always finds a way. This is why a building protection strategy is part of a comprehensive risk management approach.
In 2026, IEC 62305 risk assessment remains the most reliable basis for determining, with supporting data, the appropriate lightning protection level to implement and transform a building from a potential lightning target into a protected structure. The pitfall lies not in the formula itself, but in the quality of the assumptions. A well-structured worksheet prevents decisions based on gut feeling and aligns engineering, health, safety, and environment (HSE), operations, and compliance.
We will therefore outline what has changed since the recent edition, then structure a truly usable worksheet, and finally learn to read the results without mistaking the priority.
In 2026, what reference should be applied and what will have changed?
As of March 2026, the operational reference for risk assessment remains the international standard NF EN IEC 62305-2:2024 , which provides the foundation for current studies. This 2024/2026 technical revision, explaining the shift in data quality requirements, has clarified points that often hindered studies, especially when seeking to justify the quality of input parameters to an insurer, auditor, or operator.
The first change to incorporate into the worksheet is the evolution of lightning strike data. Many teams have long worked with lightning strike density (NG). The recent revision places greater emphasis on measurements based on lightning ground strike density (NSG) to better represent the reality of repeated impacts on an area. In other words, it avoids smoothing out a phenomenon that sometimes concentrates in the same place.
The second important point is that the standard better formalizes the concept of service continuity. Production stoppages, IT outages, or ERP unavailability carry more weight in the analysis because the risk is not limited to a simple "it burns down or not." For a worksheet in a commercial or industrial building, this changes how the consequences, and therefore the factors contributing to loss, are documented.
A third useful development in practice is the emphasis placed on thunderstorm warning systems and organizational structure. Lightning protection isn't just about sensors and conductors; it also involves an operational scenario (alert, lockout/tagout, evacuation). Certain organizational measures can reduce a component of the risk, provided they are realistic and traceable.
To delve deeper into the concrete impacts of recent changes (NSG, calculation parameters, analysis logic), this guide can be consulted: Lightning Risk Calculation IEC 62305 (NSG, TWS) . For a training-oriented perspective on compliance, Apave's analysis also helps to clarify expectations: Major Changes to NF EN IEC 62305-2 .
A worksheet is not a spreadsheet to be filled out. It is proof of risk management, so each assumption must be explained in a simple sentence.
Constructing a truly usable IEC 62305-2 worksheet for a building
A good IEC 62305-2 worksheet is essential for designing a robust lightning protection system for a building. It follows a stable logic: breakdown, input data, calculation, comparison to the acceptable risk, and then selection of measures. Time is saved when the worksheet is approached as an investigation, not a formality.
The work steps we follow in the field
- Define the perimeter : structure studied, plots, annexes, and incoming service lines (energy, telecom, data, piping).
- Zone the building : high occupancy areas, fire risk areas, technical rooms, volumes with combustible materials, areas accessible to the public.
- Describe the expected damages : loss of human lives (step and contact stress), physical damage (fire, explosion), risk to cultural heritage, equipment failure, business interruption.
- Provide details of existing measures : external LPS, internal systems, surge protection systems (SPD), equipotential bonding, shielding, HSE organization, maintenance.
- Calculate and arbitrate : comparison to tolerable risk, then selection of targeted protections.
This sequence seems obvious, yet we often see the opposite: a level of protection is chosen first, then the worksheet is "pasted." In an audit, this is quickly spotted.
The structure of the worksheet, section by section
The table below serves as a simple template. It can be used in an Excel spreadsheet, in a tool, or in an internal procedure.
| Worksheet section | What we inform | Example of an expected deliverable |
|---|---|---|
| Site context | Location, usage, constraints, incident history | Annotated site plan, dated assumptions |
| Zoning | Zone boundaries, occupancy, evacuation, materials | Zone diagram, list of critical premises |
| Exposure to lightning | Lightning strike data, environment, collecting surface | Data source, period, method |
| Incoming services | Lengths, installation methods, entry points, separation | Simplified single-line diagram, cable trays |
| Existing measures | LPS, SPD, earth, equipotential bonding, maintenance | Verification reports, photos, location surveys |
| Results | Risk components, total, thresholds | Summary table, comments on discrepancies |
| Measures to be applied | Technical and organizational actions | Prioritized action plan, responsibilities |
The main benefit is traceability. When you come back two years later, you still understand why a particular assumption was made. In a multi-site approach, the framework is standardized, and variations are maintained for each type of site (ERP, industry, logistics, offices).
When it comes to equipment, ambiguity is key. For example, the components of a protection system (input, down conductors, grounding, surge arresters) form a chain, and a local weakness can disrupt the entire system. To clarify what is expected of a complete system, this reminder is helpful: LPS component guide .
Read the results and decide, without overprotecting or underprotecting
An IEC 62305-2 worksheet doesn't provide a simple "yes/no" answer. It assesses the risk components to calculate the total risk, and that's where sound decisions are made. In practice, the loss of human life (often R1) is considered first, followed by the economic value loss (R4). The dominant components are then addressed. The codes vary depending on the situation (impacts on the structure, impacts on nearby structures, impacts on services). The underlying principle remains the same: damage frequency (frequency of occurrence times probability of damage) multiplied by the loss factor.
Next, the "calculated risk" is compared to the "tolerable risk," the benchmark for safety thresholds. For many organizations, the reference value for human life remains around 10^-5 per year. If the result is higher, the risk is not "fully implemented," but rather targeted. A simple example:
- If the risk comes mainly from incoming services , we start with the right scheme of "surge arresters" (SPD coordination, implantation, equipotential bonding, lengths) to prevent "overvoltages".
- If the risk comes from fire (heat load, combustible areas, often linked to "direct impacts" causing "structural damage"), we reinforce spark capture, descents, separation, and management.
- If the risk affects business continuity , network segmentation, redundancy, and protections on sensitive links are added.
We also maintain a common-sense rule: a protection advertised as "present" but not maintained does not reduce anything in real-world use, impacting the "safety of property." The worksheet must therefore cite evidence, verification reports, dates, and discrepancies.
Finally, we align ourselves with accessible texts when justifying a version or edition of a standard. To verify the existence of a current edition or a collection of publications, we can consult the IEC page: IEC 62305 series edition (SER) . For a national publication reference in French (useful for procurement and compliance), this document is a good starting point: NBN EN IEC 62305-2:2024 (FR) .
When a single component dominates, a simple action often reduces the overall effect. The goal is to correct the cause, not to pile on measures.
Conclusion
In 2026, applying the IEC 62305-2 methodology using a well-designed worksheet remains our best defense against lightning strikes and imprecise decisions. We start with accurate zoning, document network connections, and then analyze the risk components before selecting protective measures. The result is a document that resonates with both engineers and HSE teams. And if we had to retain just one key takeaway, it would be this: implement effective protection measures that guarantee service continuity and the safety of all occupants; evidence ( assumptions, sources, maintenance) is just as valuable as calculations.