What is Martyn's Law?

Martyn’s Law is UK legislation designed to protect the public from terrorist attacks at public venues and events. Formally titled the Terrorism (Protection of Premises) Act 2025, the law was named after Martyn Hett, one of 22 victims killed in the bombing at Manchester Arena in May 2017. Following years of campaigning by Martyn’s mother, Figen Murray, the legislation received Royal Assent in April 2025.

The Act replaces voluntary counter-terrorism guidance with a statutory duty. Its central purpose, captured in the phrase “Protect. Prepare. Prevent.”, is to ensure venues take a structured, documented approach to counter-terrorism readiness. For the first time, businesses operating qualifying public premises are legally required to plan for a terrorist attack, not simply encouraged to do so.

For UK businesses, this marks a significant shift in how security strategy must be approached. Counter-terrorism preparedness is no longer advisory. It is a legal obligation with enforcement consequences for those who fall short.

Who Does Martyn's Law Apply To?

Martyn’s Law applies to venues and events in the United Kingdom where members of the public are admitted and the capacity reaches 200 people or more. The legislation creates two compliance tiers based on the maximum number of people a venue can hold, with different obligations applying to each.

The Standard Tier covers venues with a capacity of 200 to 799 people. Businesses in this tier must complete a formal security risk assessment and produce a written procedure detailing how staff will respond in the event of a terrorist attack. The focus is on building basic protective readiness and awareness across the venue.

The Enhanced Tier applies to premises with a capacity of 800 or more. These venues face more demanding requirements, including a full Terrorism Protection Plan, trained responsible persons, and documented procedures covering both prevention and active response. Events held at qualifying locations are also within scope, whether regular or one-off occasions.

Martyn's Law shifts counter-terrorism from a voluntary consideration to a legal duty. Businesses that prepare now will be better placed to protect people and meet their compliance obligations.

Centurion Security Consultant

How Martyn's Law Changes Your Security Strategy

For most businesses, Martyn’s Law requires a structured review of existing security provision. The legislation does not prescribe specific products but expects businesses to demonstrate that measures are proportionate, documented, and actively maintained. Five areas of your security strategy are most directly affected:

  • Security risk assessments: A formal, documented risk assessment is required under both compliance tiers. This should identify vulnerabilities across the premises and map response procedures against realistic threat scenarios.
  • CCTV and video security: Camera coverage of entry points, public areas, and perimeters supports threat detection and provides a record for post-incident review.
  • Access control: Controlled entry and exit points limit unauthorised access and enable faster lockdown responses when needed.
  • Intruder alarms and lockdown procedures: Systems must be capable of alerting staff and supporting a structured, practised lockdown procedure under pressure.
  • Emergency preparedness and response planning: Enhanced Tier venues must ensure trained, responsible persons are ready to execute an emergency response plan without delay.

Why an Incident Reporting System Matters

Under Martyn’s Law, businesses are expected to take a proactive and documented approach to security. A formal incident reporting system is central to meeting that expectation. Regulators will expect to see evidence of active security management, not just a plan on paper. Logging security incidents, near-misses, staff responses, and procedural activations creates an audit trail that demonstrates your organisation takes its protective duties seriously.

For Enhanced Tier venues, this is particularly important. The ability to produce documented evidence of how incidents were identified, reported, and acted upon will be central to any compliance review. A well-maintained incident reporting system helps identify recurring patterns and supports ongoing improvements to your procedures. It also provides a clear factual basis for any post-incident investigation.

Businesses that treat incident reporting as a routine administrative task miss its value. Used properly, it is one of the strongest tools for demonstrating genuine, sustained compliance with Martyn’s Law.

Crowd Management Strategies for Public Premises and Events

Martyn’s Law does not exist in isolation from broader public safety planning. For venues hosting large numbers of people, crowd management strategies are a practical and necessary part of Martyn’s Law compliance. The aim is to maintain effective control of how people move through and around a venue. This allows any emergency response to be executed quickly and safely.

Effective crowd management strategies include clear entry and exit routes, staff positioned at key points, and access control systems to regulate occupancy. For events, pre-event briefings, visible marshalling, and signage directing people away from potential risk areas all contribute to a safer environment.

These measures support Martyn’s Law compliance and the wider goal of keeping people safe. They reduce confusion and delay in any type of emergency, not only in response to a terrorist incident.

Martyn's Law Preparation Checklist for UK Businesses
01
Conduct a security risk assessment
Document vulnerabilities across your premises and identify measures to reduce the risk of a terrorist attack.
02
Establish a written security procedure
Both tiers require a formal written procedure covering how staff will respond to a terrorist incident.
03
Audit CCTV and access control systems
Ensure camera coverage and access restrictions meet the standard required for your venue compliance tier.
04
Implement an incident reporting system
Log all security incidents and near-misses to build an audit trail and support ongoing compliance.
05
Deliver Martyn's Law training to relevant staff
Enhanced Tier venues must designate trained, responsible persons who are ready to lead an emergency response.
06
Review and test emergency response plans
Procedures should be practised and updated regularly so staff can respond quickly under pressure.

Why Businesses Should Prepare Now

The Terrorism (Protection of Premises) Act 2025 is now in force. Businesses that meet the venue capacity thresholds have a legal obligation to comply. The Security Industry Authority has the power to issue improvement notices and fines to those that fall short. Enforcement activity is expected to increase as the law beds in.

Preparing ahead of enforcement gives businesses time to carry out a thorough risk assessment and identify gaps in current security provision. Changes can then be made in a considered, prioritised way rather than under pressure. It also creates an opportunity to upgrade systems that may have been overdue for review, including CCTV coverage, access control, and emergency communications.

Centurion supports businesses across the United Kingdom in building Martyn’s Law compliance into practical, proportionate security strategies. Whether you need a risk assessment, a system review, or a full compliance programme, our team is ready to help.

Frequently Asked Questions About Martyn's Law
Common questions from UK businesses preparing for Martyn's Law compliance.

Martyn's Law is the Terrorism (Protection of Premises) Act 2025, a UK law requiring venues and events above set capacity thresholds to put formal counter-terrorism protective measures in place. The legislation received Royal Assent in April 2025.

The law applies to venues and events where members of the public are admitted and the capacity is 200 or more. This includes retail spaces, hospitality venues, entertainment facilities, sports grounds, places of worship, and events. Premises below the 200-person threshold are not within scope.

The Standard Tier applies to venues with a capacity of 200 to 799 people and requires a security risk assessment and written response procedure. The Enhanced Tier applies to venues with a capacity of 800 or more and requires a full Terrorism Protection Plan with trained, designated responsible persons.

Depending on their tier, businesses must conduct a formal security risk assessment, produce a written procedure for responding to a terrorist attack, review their physical security measures, and ensure relevant staff are trained. Enhanced Tier venues face additional requirements around planning depth and personnel responsibilities.

Enhanced Tier venues must designate trained, responsible persons who understand the security plan and can lead an emergency response. Martyn's Law training typically covers threat recognition, evacuation procedures, lockdown protocols, and communication during an incident. Standard Tier venues should consider awareness training as good practice.

Compliance requirements vary by venue but commonly involve reviewing CCTV coverage, access control points, intruder alarm systems, and lockdown capabilities. Businesses should ensure their systems can support a rapid, coordinated response to a security threat.

Non-compliance can result in enforcement action from the Security Industry Authority, the designated Martyn's Law regulator. Penalties include improvement notices, prohibition notices, and fines. Serious or repeated failures may attract more significant sanctions.

Yes. Martyn's Law applies to events as well as permanent premises, provided the expected attendance exceeds the relevant capacity threshold. Event organisers must demonstrate that protective security measures and emergency procedures are in place for the duration of the event.