Brian Ruddock, Director of Security Risk Management, Securitas UK discusses Martyn’s Law – the Terrorism (Protection of Premises) Act – and how businesses should prepare over the next two years to ensure full compliance when it comes into force.
The Terrorism (Protection of Premises) Act, also known as Martyn’s Law, signals a pivotal movement for the UK’s security landscape.
The new legislation heralds a shift for many organisations from reactive counter-terrorism security to a culture of proactive preparedness.
The government estimates that 178,900 sites are potentially in scope across the UK.
It has also indicated ‘at least’ a 24-month implementation period before the act comes into force.
During this period, the regulator of the new law will issue ‘statutory guidance’ on how to comply and impacted venues can make the relevant adjustments to become fully compliant.
However, now is the time to investigate the scope of the new duties and put appropriate plans in place to ensure your organisation is prepared.
The act applies to organisations that manage:
Venues that could qualify under the act include restaurants, shops, entertainment and leisure, halls, places of worship and education and ‘qualifying’ events.
Invitation-only events like private celebrations, weddings and funerals are typically exempt, along with premises including open-air spaces like parks, gardens and recreation grounds (unless a ticketed or membership event with 200 or more attendees or it is a designated sports ground).
Premises with alternative established security protocols, such as the Houses of Parliament and transport (port facilities), aviation, the Channel Tunnel and railway services are also all exempt.
Some situations may be seemingly complex to interpret how the law applies, such as connected spaces, so specialist advice may be required.
Each organisation will have its existing structure with functional responsibilities but impacted businesses should also draw together a group of stakeholders across functions, which could include operations, health & safety, compliance and legal, security and fire safety (if present), training and communications.
This group will need to maintain external contacts to ensure they remain informed, including updates and ‘statutory guidance’ from the Security Industry Authority (SIA), which is the regulatory body, as well as information from National Counter Terrorism Security Office (NaCTSO) and ProtectUK.
Liaising with the local police advisors, trade bodies, local business information groups and neighbouring businesses will also be crucial.
Though security should be a holistic approach for businesses, to ensure accountability for compliance with the law, there must be an appointed ‘Responsible Person‘, whether that’s an individual or a legal corporate body, who should take charge of fulfilling the duties and being the point of contact with the regulator.
Where the responsible person for enhanced duty premises or a qualifying event is not an individual (i.e., it is a legal corporate body), they must designate a senior individual.
This must be someone who has responsibility for managing the affairs of the relevant body, such as a director or partner, rather than a lower-level employee.
The primary function of the senior individual is to ensure that the responsible person complies with the relevant legislative requirements, which serves a wider objective of engaging senior management in decision-making relating to the requirements of the act.
Impacted premises with a capacity of 200 or over and qualifying events have a Standard Duty under Martyn’s Law.
This means they are legally obliged to:
Premises in this category do not necessarily need to implement costly measures, but rather simple activities such as locking doors, closing shutters and identifying safe routes on the premises.
The law specifies that procedures put in place should be reasonably practicable, depending on the size and layout of the venue.
Training of employees across UK businesses that are impacted by the law is also crucial to remaining compliant.
This year, Securitas UK is taking part in the first cohort (provided by external supplier Mercury) that delivers dedicated training related to the act.
The Protective Security Advisor (L4 Apprenticeship) will run over the next two years, aligning with the current timings for business compliance.
Premises with 800 or more attendees and qualifying events have an Enhanced Duty, meaning that, in addition to the requirements of Standard Duty, there are further tasks to undertake for public protection.
These include:
Unlike Standard Duty, the Enhanced Duty places greater emphasis upon physical measures.
While these will vary depending on the type of venue and the nature of the event being held, they may include the installation of CCTV systems, controlled access points, metal detectors and hostile vehicle mitigation features such as traffic bollards.
Additional measures often include implementing bag search procedures, deploying security personnel to patrol both the site and its perimeter and introducing provisions aimed at reducing harm, such as automated external defibrillators (AEDs), first aid stations and trauma bleed kits.
The person responsible for Enhanced Duty must also ensure a separate document is maintained containing:
This document must be sent to the SIA as soon as practicable after it is prepared and within 30 days of each revision.
Although complete official guidance is still pending, the government has confirmed that the regulator appointed is the SIA.
As part of its role, it will offer support, advice and guidance to venues to enable them to implement the legislation’s requirements.
This will be done using secondary legislation (‘statutory guidance’), which will be approved by the Home Secretary.
The government says the guidance will assist those responsible in understanding the requirements set out in the legislation.
The SIA will also oversee compliance with the law and have enforcement powers that may include issuing fines or, in serious cases, shutting down venues that fail to comply.
This will be done through Compliance Notices and Restriction Notices.
Significant breaches may result in criminal prosecution, substantial fines or even imprisonment.
These new regulations may seem daunting, but venues need not face these new requirements alone.
To support the delivery of public protection and legal compliance, venues will benefit from trade and industry body briefings, local business forums, expert consultants and third-party security solution providers who can provide support to help them navigate the full scope of the new legislation.
The sooner organisations understand the key components of the new law and how it impacts their business, the longer they will have to become fully compliant.
Click to Open Code Editor