What is Martyn’s Law

The Terrorism (Protection of Premises) Act 2025 (the Act), establishes a statutory framework aimed at improving public protection against terror attacks. It was introduced in response to the 2017 Manchester Arena attack and is named in honour of one of the victims, Martyn Hett.

While the regime has not yet come into force, organisations should use the implementation period to assess whether their premises and/or events fall within scope and to identify the practical steps required to implement reasonably practicable measures to prepare for, and react to, potential terrorist incidents.

What the Home Office Guidance says

On 15 April 2026, the Home Office published statutory guidance, which further clarifies the criteria for establishing whether a business is in scope of the Act through decision trees and illustrative examples. The guidance also provides clear steps for businesses to follow in the event of a terror attack to protect both staff and visitors at the premises.

A business may be in scope if it operates:

• Qualifying premises (generally publicly accessible premises where it is reasonable to expect that 200 or more individuals may be present at the same time), and/or
• Qualifying events where 800+ individuals may be present at the same time.

Many hospitality businesses will fall within scope, particularly halls, stadia and venues hosting large or ticketed events. Martyn’s Law has deliberately broad application, however, and is not confined to obvious high‑risk settings such as large entertainment venues or major public events. Instead, it captures a variety of publicly accessible premises and events meeting the relevant capacity thresholds even occasionally. A wide range of businesses,from retail and hospitality operators to healthcare providers, educational institutions and sporting institutions, are in scope.

Duties fall on the ‘responsible person’, which is usually the individual or organisation with control in relation to the relevant use of the premises or event.

The Act requires in-scope businesses to put in place public protection procedures to reduce the risk of harm to individuals if an act of terrorism were to occur on the premises. These procedures must be proportionate and risk based. Enhanced duty premises will also be subject to additional requirements, including more formal risk assessments and documentation obligations

Public protection procedures are procedures to effect:

Upcoming guidance from the Security Industry Authority (SIA)

Additional guidance from the SIA on how it intends to carry out its role as regulator is expected in Spring 2027 and has been published for consultation. Under the Act, the SIA will be responsible for exercising the investigatory powers and taking such enforcement action as it deems necessary. Such enforcement action may be in the form of civil penalties or compliance notices.

Steps to take now

Although we remain within the 24-month implementation period before the legislation comes into force, and there is currently no legal duty to comply with the Act, there is a clear regulatory expectation that businesses use this time to familiarise themselves with the requirements and consider what steps to take to ensure compliance.

1. Determine whether you are in scope

• Assess whether your premises or events are in scope.
• Identify the senior individual for enhanced-duty premises and qualifying events
• Coordinate with other duty holders to align on roles and responsibilities.

2. Conduct a vulnerability assessment and gap analysis

• Review current practices and assess vulnerability to terrorist attack.
• Consider what public protection procedures should be implemented and how.
• Ensure policies accurately reflect procedures in place.

3. Training

• Ensure relevant individuals including any appointed senior individual are equipped to carry out their duties.
• Conduct training sessions including drills for employees on the new public protection procedures.
• Embed training into induction processes.

4. Prepare for scrutiny

• Keep records of compliance decisions, procedures, safety audits and training.
• Be ready to respond quickly to SIA information requests.

Compliance with Martyn’s Law: How we can support you

Our experts can help you stay ahead and avoid last-minute compliance challenges. We can assist with:

• Scoping advice
• Contractual arrangements with third parties
• Internal policies
• Tailored training sessions.
• Template compliance checklists for safety measures.
• Strategic advice on SIA and Home Office engagement and enforcement risk mitigation.

If you’re unsure whether your operations fall in scope or would like further information or advice on compliance, please get in touch with Stuart Ponting or Michael Cordeaux.