Skip to main content
Linkedin Instagram

Protect Duty “Martyn’s Law” Update

An image of Martyn Hett

Protect Duty “Martyn’s Law” Update

We are pleased to announce that the Terrorism (Protection of Premises) Act 2025 — commonly referred to as “Martyn’s Law” or the “Protect Duty” — has now received Royal Assent and therefore formally becomes law.

The Government has indicated that there will be a minimum 24-month implementation and transition period before the new legal duties take full effect. This period allows organisations and premises in scope to become aware of, understand, plan for and implement the required changes.

In practical terms, this means that while the Act is now on the statute book, there is no immediate requirement for full compliance until the commencement of the defined enforcement phase. During the implementation period, stakeholders should begin preparatory work — such as assessing whether they fall within scope, monitoring forthcoming statutory guidance, and building internal awareness and processes.

We recommend that all relevant teams begin to map out their transition plan now in order to meet the new obligations within the forthcoming timeframe.

Introduction:

The Kerslake Report, published following the Manchester Arena attack, underscored the importance of preparedness and clear communication as essential components in both deterring attacks and responding effectively when they occur. In parallel with the report’s findings, the tireless advocacy of Figen Murray—mother of Martyn Hett, who tragically lost his life in the attack—has played a central role in shaping and advancing this legislation. Her work is the reason the legislation is widely known as “Martyn’s Law.”

This development marks a continued evolution of the UK’s approach to addressing the complex and shifting terrorism landscape, in which hostile actors adapt their methods to influence public behaviour and policy.

With the Terrorism (Protection of Premises) Act now having received Royal Assent, the Protect Duty will proceed to implementation. The legislation is designed to enhance the preparedness of a broad range of premises, venues, and event locations that have increasingly become targets in recent years.

The aim of the law is to establish a clear, structured duty of security consideration. Once in effect, these requirements are expected to reduce harm and ultimately save lives by ensuring that robust planning is in place and that key partners understand their roles and responsibilities should an attack occur.

There are three core elements to understand (outlined below). If you have any questions or require further clarification, please contact HornerSalus.

1. What is Martyn’s Law?

Martyn’s Law, officially the Terrorism (Protection of Premises) Act, is UK legislation aimed at improving public safety by requiring certain venues and events to take proportionate measures against terrorist threats. Named after Martyn Hett, a victim of the 2017 Manchester Arena attack, it became law following Royal Assent.

Its purpose is to enhance preparedness, risk awareness, and staff readiness at public venues, thereby strengthening national security and reducing the risk to the public from terrorism.

The legislation defines the criteria of premises it applies to and identifies a responsible person for each venue or event. This individual is mandated to follow security guidance, consider the threat from terrorism, and implement appropriate and proportionate mitigation measures.

By doing so, the law ensures that parties are prepared, able to respond, and know exactly what to do in the event of an attack. The overall aim is to establish consistent and clear requirements and improve preparedness across all affected locations.

When will this become law?

The Bill was introduced on 12 September 2024 and has now progressed through Parliamentary scrutiny. While the legislation has received Royal Assent, implementation is listed as “at least 24 months” before the Act comes into force – This means April 2027, this allows for a formal lead-in period for those captured by the duty, sufficient time to prepare for implementation. The exact commencement date will be communicated once the Parliamentary timetable is confirmed.

Support for duty holders

Dedicated guidance and support will be provided to ensure that all duty holders understand what is required and how best to implement the measures to comply with the law.

2. Who will it affect?

Martyn’s Law applies to publicly accessible premises and events that meet certain criteria:

  1. Premises in scope

  • Large venues and public buildings: stadiums, arenas, theatres, concert halls, shopping centres.

  • Event locations: temporary or permanent sites hosting significant gatherings.

  • Other public-facing premises where crowds gather.

Smaller venues may have lighter obligations, but all qualifying premises are required to assess and manage their security risks.

The Bill establishes two key criteria for a premises to fall under its scope:

  1. Premises as defined in the Terrorism (Protection of Premises) Act:

    • A ‘premises’ includes a building (or part of a building), a group of buildings, or a building and other associated land.

    1. Use and thresholds:

    • Wholly or mainly used for one or more qualifying activities.

    • Meets the threshold for the number of individuals present.

Exclusions

Parks, gardens, recreation grounds, sports grounds, and other open-air premises used for recreation, exercise, or leisure are excluded—unless staff are present to check public access.

Responsible person

The responsible person is usually the operator of the building, not necessarily the freeholder. This could be a leaseholder, tenanted occupier, or hirer of the space. For designated event spaces, the operator would normally be the responsible person rather than the hirer.

2. Events in scope

Events must satisfy all four criteria to fall within the Bill:

  1. The event takes place in a premises as defined in clause 3 of the Act.

  2. Hosts at least 800 attendees at the same time.

  3. Meets the ‘express permission’ criteria for public access*: entry is verified by staff (paid tickets, invitations, or passes).

  4. Is accessible to members of the public.

Note: ‘Express permission’ relates to staff or volunteers checking attendees meet entry conditions; private events without public access are excluded.

Additional note on qualifying events

  • A qualifying event may occur within a premises already subject to the standard duty.

  • For the duration of the event, the event organiser becomes the responsible person under the enhanced approach.

  • Outside of the event period, the premises remains under the standard tier of duty.

3. What do qualifying premises need to do?

Qualifying venues and events have a legal duty to implement protective measures to reduce the risk of terrorist attacks. The legislation requires owners, operators, and responsible persons to take proportionate steps based on the size, nature, and risk profile of the premises or event. The ultimate aim is to reduce harm and save lives by ensuring venues and staff are prepared and know how to respond if an attack occurs.

Key Responsibilities for Duty Holders

  • Risk Assessment – Identify threats and vulnerabilities specific to the venue or event.

  • Protective Planning – Develop and maintain proportionate security plans, including physical and procedural measures.

  • Staff Training – Ensure all staff, volunteers, contractors, and hirers understand how to recognise threats and respond effectively.

  • Ongoing Monitoring – Regularly review and update security measures and risk assessments.

Proportionality is a fundamental principle of the legislation. To reflect this, the law establishes a tiered model based on the capacity and activity of the premises or event:

Standard Tier

  • Applies to: Qualifying premises with a maximum capacity of 200–799 people, including staff.

  • Typical locations: Larger retail stores, bars, restaurants.

  • Duty holder requirements:

    • Implement basic but effective protective security and preparedness measures.

    • Ensure evacuation, invacuation, lockdown, and communication procedures are in place and communicated to all relevant personnel, including staff, volunteers, contractors, and hirers.

    • Procedures should be reviewed annually and scaled appropriately to the premises’ nature and resources.

    • No physical alterations or investment in equipment are required under the Standard Tier.

Enhanced Tier

  • Applies to: Premises or events with a capacity of 800+ attendees and higher assessed risk.

  • Typical locations: Live music venues, theatres, department stores, and defined public spaces with boundaries and controlled access (e.g., ticketed entry).

  • Duty holder / Designated Senior Individual (DSI):

    • In organisations, a DSI may be appointed to oversee management and implementation of the Protect Duty obligations.

Enhanced Tier requirements include:

  1. Monitoring and reporting suspicious behaviour – Increase staff vigilance, update security systems, and maintain a centralised control approach.

  2. Controlling movement – Robust entry and exit procedures, search procedures, entry conditions, and staff awareness/training.

  3. Physical security measures – CCTV, barriers, locks, hostile vehicle mitigation (HVM), cordons, and securing external areas.

  4. Securing sensitive information – Restrict access to key safety and security information, including floor plans and operational procedures.

These measures may require additional resources or changes to the premises or event space, commensurate with identified risk.

Documentation and Compliance

For both tiers, duty holders must document all steps and actions, which may include:

  • A risk assessment and security plan meeting a reasonably practicable standard.

  • Submission of plans to the regulatory body, the Security Industry Authority (SIA) (formal processes still to be finalised).

Role of the Security Industry Authority (SIA)

The SIA will have powers to:

  • Inspect premises and verify compliance with submitted plans with 72 hours’ notice.

  • In cases without consent, inspectors may apply for a warrant to carry out inspections.

  • Observe procedures, review documentation, and conduct interviews to assess compliance.

Enforcement options may include:

  • Compliance notices, restriction notices, civil sanctions, and monetary penalties.

  • Offences may include failure to comply, providing false information, or obstructing the SIA.

  • Offences may be civil or criminal, potentially resulting in fines or criminal conviction.

Note: The SIA does not have powers under the Regulation of Investigatory Powers Act 2000 (RIPA).

Links to original content from the UK Government and Police federation can be found below:

Gov.UK – Home Office Martyn’s Law Fact sheet 

Gov.UK – Terrorism (Protection of Premises) Bill 2024: factsheets

Police – Protect Uk Martyn’s Law

HornerSalus are registered at ProtectUK (since 2022) following developments and looking to be at the front of its impact on the events industry for both venues and event organisers.