Protect Duty legislation, currently drafted as Terrorism (Protection of Premises) but more commonly known as Martyn’s Law, is being introduced to offer better protection to everyone in the UK against the continued and ever-evolving threat of terrorism.
Here we talk about how Martyn’s Law, which is currently a draft bill and subject to change, will likely affect businesses, public venues like village halls and sports clubs, local authorities, and those who organise events.
We’ll discuss how you can prepare now, whether your organisation is already on top of managing terrorism risk, or you have nothing in place.
What is Martyn’s Law (Protect Duty)?
On 22nd May 2017, 22 people were killed and 1,017 were injured by a suicide bomber who detonated a bomb after the Ariana Grande concert in Manchester. Amongst the victims was 29-year-old Martyn Hett.
Following the attack, Martyn’s mother, Figen Murray, together with other victims’ families lobbied the government for a more proactive approach to terrorism which would see tighter security and more robust plans against terror attacks.
Two years later, Figen Murray, along with Nick Holdsworth, who was protective security lead for Metropolitan Police Services counterterrorism at the time, addressed an audience of 400 security representatives. So compelling was Figen Murray’s address that she gained support from the defence and security industry representatives to back her campaign and begin the inception of Martyn’s Law.
It is the goal of Martyn’s Law to reduce the risk to UK citizens and our overseas interests from terrorism, so we can continue to go about our lives freely and confidently.
What responsibility does Martyn’s Law place on organisations?
In his address to security representatives, Nick Holdsworth highlighted that the evolving nature of terrorist threat means it is no longer possible to protect citizens through limited state-owned protective security resources.
Martyn’s Law will mean those responsible for public venues and spaces (duty holders) will have a duty of care to keep staff, customers, and visitors safe from terrorist attacks. They will be expected to take all necessary steps to assess and mitigate security risks.
The spaces where people live, work, and enjoy democratic freedom are so numerous that the state cannot provide security everywhere. Martyn’s Law aims to enhance public safety by reducing the vulnerability of crowded places to terrorist attacks.
Who will be responsible for complying with Martyn’s Law?
The duty holder of a premises will be responsible for compliance with Protect Duty. This is the person who owns the premises or has control of the premises or event.
What types of premises will be covered under Martyn’s Law?
Martyn’s Law will apply to a wide range of premises, including (but not limited to) stadiums, arenas, fairs, festivals, schools, sports grounds, leisure centres, village halls, student accommodation, university and college campuses, public parks, museums, tourist attractions, shopping centres, supermarkets, and restaurants.
Qualifying public premises may be located within other premises. For example, a retail store within a shopping centre.
The new legislation will also apply to events such as open-air music concerts and firework displays.
Will legal expectations be proportionate to the size of a venue?
The draft bill establishes two tiers based on the maximum occupancy of a premises, so the level of preparedness and security is proportional to the venue.
- Standard tier. This will apply to premises with a maximum occupancy of 100 or more.
- Enhanced tier. Premises with a maximum occupancy of 800 or more will fall under this tier.
Enhanced tier requirements will also apply to qualifying public events. These are events held at premises where express permission is required to enter the premises to attend the event, even if the venue is not a public space with a maximum capacity of 800 or more.
These tier thresholds determine the level of security and preparedness that a venue must have in place.
What measures will standard tier duty holders be expected to implement?
The draft bill states that the person responsible for qualifying premises (the duty holder) must ensure the premises is registered with the regulator.
Venues in the standard tier will be expected to:
- Duty holders will be expected to actively seek and engage with counterterrorism advice and training. This may include guidance on recognising and reporting suspicious behaviour, understanding potential threats, and implementing security measures.
- Awareness raising and cascading information to staff. Duty holders must ensure all staff members are aware of the potential risks associated with terrorism. Information should be regularly shared with staff to keep them informed about security protocols, procedures, and any updates relevant to the venue’s security.
- Staff training and preparedness. Duty holders are responsible for ensuring staff members are adequately trained and prepared to respond appropriately during a terrorist incident. This training may involve teaching staff how to secure doors and delay attackers from gaining access, guiding customers and fellow staff members to alternative exits, and administering first aid to injured individuals until emergency services arrive.
The aim is to make sure staff have the skills and knowledge to take lifesaving actions, protect themselves and others, and minimize the impact of a terrorist incident. It is vital to rehearse plans to keep people’s knowledge and skills fresh and to instil confidence.
What will be expected of enhanced tier duty holders?
Duty holders in the enhanced tier will be expected to go beyond the measures required in the standard tier.
An enhanced risk assessment must be completed, which will be more detailed than a standard terrorism evaluation. It will cover the types of acts of terrorism that are most likely to affect the premises or event. It will include reasonably practicable measures that could reduce the likelihood of the types of terrorism identified occurring. It will also detail measures to reduce the risk of physical harm to individuals if a terrorist attack occurs.
While the specific requirements may vary depending on the unique venue, they are likely to include measures such as enhanced access control, surveillance systems, perimeter security, monitoring, emergency response protocols, staff training, and collaboration with law enforcement and emergency services.
An individual must be appointed as designated senior officer for the premises.
If your organisation is going to fall under the enhanced tier, it’s likely that security measures will already be included as part of your risk management system. However, Martyn’s Law is a reminder to review policies and procedures to ensure they are fit for purpose, as terrorist strategies continue to evolve and become more dangerous.
In the case of a qualifying event notification must be given before, or as soon as reasonably practicable after details of the event are made public.
What happens if an event takes a venue over standard tier capacity?
If, for example, a rugby club has a capacity of 100 people (so it falls under standard tier) but on Bonfire Night 1,000 people attend, the rugby club will come under the enhanced tier for that evening.
Venues that move between one tier and another will need to prepare an enhanced tier risk management. Most people who organise events like this will be used to planning and risk assessing, so it’s about making sure the plan clearly addresses the terrorism risk.
What are the penalties for non-compliance?
A new regulator will be formed with proposed powers to issue a contravention, or restriction notice to a person who the regulator has reasonable grounds to believe has contravened a relevant requirement.
A contravention notice will require the duty holder to address certain requirements within a given period. A restriction notice will restrict the ways in which the premises may be used. If non-compliance continues this could result in:
- Fines. The draft bill indicates that penalty notices for standard premises could be set at £500 a day, with a maximum fine of £10,000. For enhanced premises, which are likely to be the majority of locations covered by the bill, the penalty could be £18 million or 5% of the organisation’s qualifying worldwide revenue.
- Closure. Non-compliance may result in closure of the establishment. The specific circumstances and duration of the closure is likely to depend on the severity of non-compliance.
- Criminal sanctions. The draft bill suggests that criminal sanctions could be imposed against an organisation for non-compliance, although the specific nature and extent of these sanctions will be clarified in the final version of the bill.
In addition, non-compliance could damage the reputation of an organisation as the public may question its commitment to security and safety.
So many venues are going to fall under the scope of Protect Duty that it’s unlikely the regulator will be able to inspect them all. The regulator is more likely to focus on large organisations that fall under the enhanced premises first, particularly those where there is clear exposure and a clear risk.
The response to non-compliance is likely to be proportionate to the venue and circumstances. The regulator is unlikely to target small voluntary organisations, like a cricket club for example, with excessive penalties.
When will Martyn’s Law come into effect?
At the time of writing, July 2023, we are unaware of when Martyn’s Law will come into effect. Draft legislation is currently undergoing scrutiny, so the length of time it takes to become formal legislation depends on how long this process takes. You can see updates on Gov.uk.
There is now a window of opportunity to start thinking and preparing for Martyn’s Law. Certain elements of the bill are unlikely to change. Specifically, those related to venue capacity, risk assessments and training provision.
How will Martyn’s Law affect insurance?
As with all health and safety legislation, insurance will provide a level of protection for organisations and management if claims are brought against them.
Penalties issued for non-compliance will not be covered by insurance, but there may be legal support to cover organisations subject to investigations.
Smaller organisations and those run by charities or volunteers, such as local sports clubs, may not have considered terrorism insurance before. Martyn’s Law will not make additional insurance cover a legal requirement. However, organisations may decide to take out insurance to protect their property, assets and revenue based on the level of risk.
Will community organisations and charities support each other to implement Martyn’s Law?
It is expected that educational establishments, community organisations, charities, and voluntary organisations, among others, will collaborate and support each other to implement Martyn’s Law.
Collaboration between organisations can facilitate the sharing of best practices, resources, and expertise. It can also help identify common challenges and develop effective strategies to address the risks detailed in Martyn’s Law.
By working together, organisations can pool their knowledge and experience to streamline their processes and create comprehensive security plans and risk assessments that align with the law’s requirements.
Industry-specific boards or associations may play a role in providing guidance, training, and support to their members. These entities can help organisations understand their responsibilities and offer practical assistance in implementing security measures.
How will Martyn’s Law affect contractors?
A contractor working on someone else’s premises, for example at a hospital, will not be the responsible person under Martyn’s Law. Compliance will be the responsibility of the duty holder at the premises.
However, contractors will need to be aware of the policies, procedures, and practices in place so that they know what to do in the event of a terrorist attack. Ideally, the duty holder will engage with the contractor before they start work, but contractors also need to be proactive and ask questions.
Will Martyn’s Law impact schools when they host public events?
If a school is sometimes open to the public for events like a fair, or hired to community groups like cubs, it may be a qualifying premises under Martyn’s Law. The draft bill suggests that premises or parts of premises to which public access is permitted would fall under the scope of the legislation.
Having said that, when it comes to nuanced situations like public access in a school, there may be a need for a proportionate and appropriate response. The bill is likely to provide guidance on how to ensure security measures are in place while considering the unique circumstances of each location.
The health and safety e-learning sector is likely to provide training tailored to individual duty holders and the specific activities they undertake. So, there will be training offered to education professionals, volunteers and parents who plan to run school fetes, sports days etc.
Will offices need to comply with Martyn’s Law?
In the draft bill, offices generally will not be required to comply with the Protect Duty legislation unless the premises meets specific criteria related to public accessibility. Offices are typically not considered publicly accessible spaces, as access is typically restricted to employees and visitors.
The most likely situation where an office would be in scope would be when hosting a qualifying event.
What does Martyn’s Law mean for hiring village halls?
It is likely that the duty holder, in this case the parish council or entity responsible for the village hall, will have overall responsibility for the coordination and response to a terrorist attack.
When a village hall is hired, it is expected that the duty holder will need to ensure hirers are aware of security procedures and policies. This could involve providing information to hirers about relevant security measures, emergency protocols, and any specific requirements or guidelines related to the use of the venue.
Under the draft bill, we do not yet know whether the duty holder will need to be present when a village hall is hired. However, it is reasonable to assume that the duty holder will need to assess the risk associated with the event size and make appropriate arrangements for security and response. This may include having someone present to coordinate this.
Will there be any Martyn’s Law training?
The duty holder will be required to undertake appropriate terrorism protection training, and ensure relevant staff receive training.
It is expected that the government will provide some level of mandatory free or low-cost training for duty holders and other personnel. Training is likely to focus on how to complete and review a terrorism risk evaluation or risk assessment, identify security vulnerabilities, implement security measures, and communicate procedures to follow in the event of an attack.
Comprehensive training needs to cover all aspects of responding to a terrorist attack including specialist first aid and understanding psychological stress so people can manage themselves and others if an incident happens.
The health and safety training industry will address gaps in government training and provide training that is tailored to particular types of venues, organisations and events.
Terrorism training and awareness is a valuable, transferable skill. All training you receive in your workplace can be applied to any venue you visit. In this way we all share responsibility for preventing terrorism as part of the larger community, which is the essence of Martyn’s Law.
Learn more about Protect Duty
Our webinar, Martyn’s Law – what it means for your organisation, was created in partnership with Blockphish, the leading Managed Security Service Provider (MSSP).
In the webinar, I talk to Ben Harris, Director at BlockPhish, and Andy Golborne, Divisional Director at Howdens Sport and Entertainment. Drawing on their unique insights and experiences, we discuss how Protect Duty is part of the government’s wider counter-terrorism strategy and the implications for different types of organisations.