What you need to know about Martyn’s Law: A comprehensive guide

In today’s environment, organisations of all kinds face a growing duty to keep people safe — not just online, but in physical spaces too. With the introduction of Martyn’s Law, the UK government has taken a major step in formalising how public-facing venues prepare for serious incidents, including terrorist threats. Understanding this legislation — what it covers, who it applies to, and how to get ready — is essential for any organisation responsible for people, premises or events.

What is Martyn’s Law?

On 3 April 2025, the Terrorism (Protection of Premises) Act 2025 — commonly known as Martyn’s Law — received Royal Assent. The legislation builds on the UK’s wider counter-terrorism strategy and places a legal responsibility on those in charge of certain premises and events to take “reasonably practicable” steps to reduce the risk and impact of terrorist attacks.

In essence, Martyn’s Law means that organisations cannot simply assume they are safe — they must demonstrate preparedness, resilience and the ability to respond to a major security incident.

Who is in scope?

The Act introduces a tiered approach to compliance. Here are the key points:

• The “standard duty” applies to premises where it is reasonable to expect 200 to 799 individuals at one time.

• The “enhanced duty” applies to premises or events where 800 or more individuals may be present.

• Premises must meet certain criteria: they have at least one building or part of a building, are used for purposes in Schedule 1 of the Act, and are not excluded under Schedule 2.

• Importantly, the law recognises the concept of “reasonably practicable” — meaning the steps you take must be proportionate to the risk, size and nature of your organisation.

For many education, leisure, retail, hospitality and other public-facing organisations, this means they will fall under scope of Martyn’s Law — even if they’ve already implemented robust security measures.

What does the Act require?

While Martyn’s Law allows for flexibility, the core expectations include:

• Notification to the regulator (the Security Industry Authority – SIA) by those responsible for premises.

• Having documented procedures and measures in place to reduce vulnerability and risk of physical harm.

• Conducting a risk-based assessment of your premises, including the number of people present, likely incidents, and the surrounding environment.

• Being prepared to implement changes that are “reasonably practicable” — this does not mean requiring major structural change or unattainable standards, but rather proportionate, sensible preparedness.

Implementation timeline

The government intends for an implementation period of at least 24 months before full enforcement begins, allowing organisations time to plan, review and upgrade where needed. While enforcement is still ahead, this is the moment to act — waiting could result in rushed decisions, higher costs and greater risk.

Why it matters

Why should organisations care about Martyn’s Law? Because the consequences of not being prepared are serious:

• Lives and wellbeing may be put at risk if response systems are inadequate.

• Financial penalties of up to £10,000 for Standard Tier venues

• For Enhanced Tier venues, fines could rise significantly — potentially into the hundreds of thousands of pounds, depending on the scale and severity of the breach

• Regulatory scrutiny and enforcement may follow non-compliance.

• Reputational damage from incidents or being shown to be unprepared could be significant.

• Compliance isn’t only about major incidents: it boosts resilience, staff confidence and everyday safety.

In short, this law isn’t about creating fear — it’s about being ready. Good preparation reduces risk, reassures stakeholders and strengthens operational resilience.

Practical steps to prepare

Here are recommended actions to meet Martyn’s Law requirements and build a stronger protective posture:

1. Appoint a responsible person

Identify who in your organisation has responsibility for compliance, security and emergency planning when it comes to Martyn’s Law. This person should have oversight of procedures, training and documentation.

2. Conduct a risk assessment

Look at your premises and operations: how many people may be present at any one time? What are the likely threats? What is “reasonably practicable” in your context? Take into account neighbouring sites, visitor numbers, special events, and the nature of use.

3. Review and update procedures

Ensure your organisation’s emergency plans (lockdown, invacuation, evacuation) are up to date. Consider how you will alert staff, communicate across the site, manage visitors and coordinate with external responders. Good practice guidance, while non-statutory, exists for many sectors.

4. Implement proportionate measures

This might include improved communications systems, visitor management controls, zone monitoring or training staff in recognizing and responding to threats. What you do must make sense for your context, size and resources.

5. Train staff and test your systems

Preparedness is not a one-off exercise. Regular drills, clear roles and training help ensure when an incident arises, your team knows what to do, quickly and calmly. In a major incident, speed and coordination matter.

6. Document and monitor

Keep records of your risk assessment, plans, training, and any tests or drills. Being able to show you took considered, proportionate steps will be important. The SIA will need to see documentation for compliance.

What “reasonably practicable” means

One of the key legal phrases within the legislation is “reasonably practicable”. This means organisations should take steps that are sensible and proportionate to the level of risk — it doesn’t mean perfection, but it does require meaningful action from those responsible.

For example: a small venue with fewer than 200 attendees might be outside the main scope. But a larger facility with hundreds of people deserves robust planning. The steps you take should reflect the scale, nature and risk context of your site.

Looking ahead: what to expect

The SIA will act as regulator for Martyn’s Law, overseeing notification, guidance and enforcement. As the law becomes operational, organisations should expect:

• Publication of statutory guidance and factsheets to help define duties.

• Regulatory inspections focusing on documented planning, staff preparedness, communication systems and incident readiness.

• A shift from voluntary best-practice to legally mandated preparedness.

While large, high-capacity venues may face enhanced duties, many businesses and institutions will fall under standard duty requirements. The common theme: take action now rather than later.

Martyn’s Law represents a major change in how organisations across the UK prepare for serious incidents. Being prepared is not just about compliance — it’s about protecting people, reputation and continuity.

Whether you run a school, a large campus, a leisure venue or any site where the public and staff gather, now is the time to consider: “Are we ready?”

By acting now — identifying responsibilities, assessing risk, updating procedures, implementing appropriate measures and training staff — you’ll be ahead of the curve. Waiting until enforcement approaches means less time, more pressure and possibly higher cost.

In a world with unpredictable threats, being prepared is genuinely a competitive advantage. Let your organisation not just follow the law, but lead through resilience and security.