Martyn’s Law, formally known as The Terrorism (Protection of Premises) Act 2025 offers better protection to everyone in the UK against the continued and ever-evolving threat of terrorism.
Here we talk about how Martyn’s Law affects businesses, public venues like village halls and sports clubs, local authorities, and those who organise events.
We will discuss what steps you can take, whether your organisation is already on top of managing terrorism risk, or you have nothing in place.
What is Martyn’s Law?
On 22nd May 2017, 22 people were killed and 1,017 were injured by a suicide bomber who detonated a bomb after the Ariana Grande concert in Manchester. Amongst the victims was 29-year-old Martyn Hett.
Following the attack, Martyn’s mother, Figen Murray, together with other victims’ families lobbied the government for a more proactive approach to terrorism which would see tighter security and more robust plans against terror attacks.
Two years later, Figen Murray, along with Nick Holdsworth, who was protective security lead for Metropolitan Police Services counterterrorism at the time, addressed an audience of 400 security representatives. So compelling was Figen Murray’s address that she gained support from the defence and security industry representatives to back her campaign and begin the inception of Martyn’s Law.
It is the goal of Martyn’s Law to reduce the risk to UK citizens and our overseas interests from terrorism, so we can continue to go about our lives freely and confidently.
What responsibility does Martyn’s Law place on organisations?
In his address to security representatives, Nick Holdsworth highlighted that the evolving nature of terrorist threat means it is no longer possible to protect citizens through limited state-owned protective security resources.
The Martyn’s Law bill means those responsible for public venues and spaces (duty holders) have a duty of care to keep staff, customers, and visitors safe from terrorist attacks. They are expected to take all necessary steps to assess and mitigate security risks.
The spaces where people live, work, and enjoy democratic freedom are so numerous that the state cannot provide security everywhere. Martyn’s Law aims to enhance public safety by reducing the vulnerability of crowded places to terrorist attacks.
Who is responsible for complying with Martyn’s Law?
The duty holder of a premises will be responsible for compliance with Martyn’s Law. This is the person who owns the premises or has control of the premises or event.
What types of premises are covered under Martyn’s Law?
Martyn’s Law applies to a wide range of premises, including (but not limited to) stadiums, arenas, fairs, festivals, schools, sports grounds, leisure centres, village halls, student accommodation, university and college campuses, public parks, museums, tourist attractions, shopping centres, supermarkets, and restaurants.
Qualifying public premises may be located within other premises. For example, a retail store within a shopping centre.
The new legislation also applies to events such as open-air music concerts and firework displays.
Are legal expectations proportionate to the size of a venue?
Martyn’s Law establishes two tiers based on the maximum occupancy of a premises, so the level of preparedness and security is proportional to the venue.
- Standard tier. This applies to premises where 200 to 799 people are expected at any one time.
- Enhanced tier. Premises or events where 800 or more people are expected fall under this tier.
These tier thresholds determine the level of security and preparedness that a venue must have in place.
What measures are standard tier duty holders expected to implement?
Venues and events in the standard tier are expected to take the following action:
Register the premises
Responsible persons must register their premises with the Security Industry Authority (SIA).
The registration process ensures the organisation is recognised as part of the wider national effort to improve preparedness which means the organisation receives relevant updates, resources, and compliance information. It also establishes accountability for implementing appropriate protective measures.
Conduct a basic risk assessment
A basic terrorism risk assessment must be completed to identify how a terrorist attack could impact the premises. While this is not intended to be a complex or technical exercise, it should reflect a thoughtful consideration of potential threats and vulnerabilities. For example, you might consider how people enter and exit the building, areas where crowds gather, and the likelihood of different types of attacks.
Implement procedures
Once the risks have been assessed, reasonably practicable procedures must be implemented to reduce those risks, respond effectively in an emergency, and protect staff and members of the public. These procedures should be proportionate to the size and use of the premises. Examples might include creating clear evacuation or lockdown plans, improving access controls, identifying safe areas, or ensuring staff know how to alert others. The emphasis is on taking sensible, achievable steps to improve safety and resilience.
Raise staff awareness
It is essential that staff are aware of how to respond if a terrorist incident occurs. This can be achieved through Martyn’s Law training courses, regular briefings, and guidance materials that explain what to do in different scenarios.
Staff should know how to recognise suspicious behaviour, raise the alarm, and follow the premises’ emergency procedures.
What is expected of enhanced tier duty holders?
Duty holders in the enhanced tier will be expected to go beyond the measures required in the standard tier and take the following additional actions:
Conduct a comprehensive risk assessment
Enhanced tier duty holders must carry out a thorough and formal terrorism risk assessment. This assessment goes further than the basic evaluation required in the standard tier. It should analyse the types of terrorist acts that are most likely to affect the premises or event, identify specific vulnerabilities, and evaluate the potential consequences.
The assessment must also consider reasonably practicable measures to reduce both the likelihood of an attack occurring and the risk of physical harm to individuals should an incident take place.
Maintain a security plan
Based on the findings of the risk assessment, duty holders must develop and maintain a detailed security plan. This plan should explain how identified risks will be managed and mitigated and must include emergency response protocols for scenarios such as evacuation or lockdown.
The security plan must be regularly reviewed and updated to reflect changes in threat levels, operations, or the layout of the premises. It acts as a blueprint for coordinated action in the event of a threat or attack.
Implement physical and personnel measures
While specific physical and personnel measures will vary depending on the size, type, and function of the premises or event, they are likely to include enhancements such as access controls, surveillance systems, perimeter security, and on-site monitoring. These measures help to deter and detect suspicious activity.
Personnel measures might involve designated security roles, coordination with law enforcement and emergency services, and clearly defined responsibilities in the event of an incident.
Conduct practical drills
All staff must receive regular training that enables them to identify suspicious behaviour, understand potential terrorist tactics, and know how to respond during an incident.
Training should cover evacuation and lockdown procedures, communication protocols, and their role in implementing the security plan. In addition to classroom or online learning, practical drills and exercises should be conducted to reinforce procedures and build staff confidence.
What happens if an event takes a venue over standard tier capacity?
If, for example, a rugby club has a capacity of 100 people (so it falls under standard tier) but on Bonfire Night 1,000 people attend, the rugby club will come under the enhanced tier for that evening.
Venues that move between one tier and another will need to prepare an enhanced tier risk management. Most people who organise events like this will be used to planning and risk assessing, so it’s about making sure the plan clearly addresses the terrorism risk.
What are the penalties for non-compliance?
The Security Industry Authority (SIA) has powers to issue a contravention, or restriction notice to a person who the regulator has reasonable grounds to believe has contravened a relevant requirement.
A contravention notice will require the duty holder to address certain requirements within a given period. A restriction notice will restrict the ways in which the premises may be used. If non-compliance continues this could result in:
- Fines. The penalty notices for standard premises are up to £10,000. For enhanced premises, which are the majority of locations covered by the bill, the penalty is up to £18 million or 5% of the organisation’s qualifying worldwide revenue, whichever is greater.
- Closure. Non-compliance may result in closure of the establishment. The specific circumstances and duration of the closure will depend on the severity of non-compliance.
- Criminal sanctions. Criminal sanctions could be imposed against an organisation for non-compliance.
In addition, non-compliance could damage the reputation of an organisation as the public may question its commitment to security and safety.
So many venues are going to fall under the scope of Martyn’s Law that it is unlikely the regulator will be able to inspect them all. The regulator is more likely to focus on large organisations that fall under the enhanced premises first, particularly those where there is clear exposure and a clear risk.
The response to non-compliance is likely to be proportionate to the venue and circumstances. The regulator is unlikely to target small voluntary organisations, like a cricket club for example, with excessive penalties.
It is important to note that while the Act has been passed, there is an implementation period of at least 24 months before it comes into force. This period allows the SIA to establish its new functions and gives duty holders sufficient time to understand and prepare for their obligations.
How will Martyn’s Law affect insurance?
As with all health and safety legislation, insurance provides a level of protection for organisations and management if claims are brought against them.
Penalties issued for non-compliance will not be covered by insurance, but there may be legal support to cover organisations subject to investigations.
Smaller organisations and those run by charities or volunteers, such as local sports clubs, may not have considered terrorism insurance before. Martyn’s Law does not make additional insurance cover a legal requirement. However, organisations may decide to take out insurance to protect their property, assets and revenue based on the level of risk.
Can community organisations and charities support each other to implement Martyn’s Law?
Educational establishments, community organisations, charities, and voluntary organisations, among others, may collaborate and support each other to implement Martyn’s Law.
Collaboration between organisations can facilitate the sharing of best practices, resources, and expertise. It can also help identify common challenges and develop effective strategies to address the risks detailed in Martyn’s Law.
By working together, organisations can pool their knowledge and experience to streamline their processes and create comprehensive security plans and risk assessments that align with the law’s requirements.
Industry-specific boards or associations may play a role in providing guidance, training, and support to their members. These entities can help organisations understand their responsibilities and offer practical assistance in implementing security measures.
How does Martyn’s Law affect contractors?
A contractor working on someone else’s premises, for example at a hospital, is not responsible person under Martyn’s Law. Compliance is the responsibility of the duty holder at the premises.
However, contractors need to be aware of the policies, procedures, and practices in place so that they know what to do in the event of a terrorist attack. Ideally, the duty holder will engage with the contractor before they start work, but contractors also need to be proactive and ask questions.
Does Martyn’s Law impact schools when they host public events?
If a school opens its premises to the public for events such as fairs, open days, or hires out facilities to external community groups like Cubs or Scouts, those areas may be classified as qualifying premises under the Act.
The legislation applies to publicly accessible premises where 200 or more individuals may reasonably be expected at any one time. If that threshold is met during public-facing events, the relevant Standard Tier duties under Martyn’s Law will apply.
That said, the Act acknowledges the need for a proportionate and practical approach, particularly for venues like schools where public access is limited to specific times or parts of the premises.
To support compliance, the health and safety eLearning sector is expected to offer tailored training for education professionals, volunteers, and parents involved in organising or supporting school events. This will help schools understand their responsibilities and implement practical measures that align with the unique nature of school environments, while still enhancing safety and preparedness for everyone on site.
Do offices need to comply with Martyn’s Law?
Offices generally will not be required to comply with Martyn’s Law unless the premises meets specific criteria related to public accessibility. Offices are not considered publicly accessible spaces, as access is typically restricted to employees and visitors.
The most likely situation where an office would be in scope would be when hosting a qualifying event.
What does Martyn’s Law mean for hiring village halls?
The duty holder, in this case the parish council or entity responsible for the village hall, will have overall responsibility for the coordination and response to a terrorist attack.
When a village hall is hired, the duty holder needs to ensure hirers are aware of security procedures and policies. This could involve providing information to hirers about relevant security measures, emergency protocols, and any specific requirements or guidelines related to the use of the venue.
Learn more about Martyn’s Law
Our webinar, Martyn’s Law – what it means for your organisation, was created in partnership with Blockphish, the leading Managed Security Service Provider (MSSP).
In the webinar, I talk to Ben Harris, Director at BlockPhish, and Andy Golborne, Divisional Director at Howdens Sport and Entertainment. Drawing on their unique insights and experiences, we discuss how Martyn’s Law is part of the government’s wider counter-terrorism strategy and the implications for different types of organisations.
