Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Martyn’s Law uncovered: Preparing businesses for compliance

published on 2025-10-02 15:15:14 UTC by Millie Marshall Loughran
Content:

Brian Ruddock, Director of Security Risk Management, Securitas UK discusses Martyn’s Law – the Terrorism (Protection of Premises) Act – and how businesses should prepare over the next two years to ensure full compliance when it comes into force.

Martyn’s Law

The Terrorism (Protection of Premises) Act, also known as Martyn’s Law, signals a pivotal movement for the UK’s security landscape.

The new legislation heralds a shift for many organisations from reactive counter-terrorism security to a culture of proactive preparedness.

The government estimates that 178,900 sites are potentially in scope across the UK.

It has also indicated ‘at least’ a 24-month implementation period before the act comes into force.

During this period, the regulator of the new law will issue ‘statutory guidance’ on how to comply and impacted venues can make the relevant adjustments to become fully compliant.

However, now is the time to investigate the scope of the new duties and put appropriate plans in place to ensure your organisation is prepared.

Step 1: Determine if your business is impacted

The act applies to organisations that manage:

  • ‘Standard Duty’ premises: Venues which consist of a ‘building’ (or part of) and can accommodate 200 to a maximum of 799 people, which are wholly or mainly used for specified purposes
  • ‘Enhanced Duty’ premises: Venues which can accommodate 800 or more people
  • ‘Qualifying Events’: Land or building(s) expecting 800 or more attendees where access is controlled via tickets, payment or membership. Such qualifying events then fall under the Enhanced Duty scope

Venues that could qualify under the act include restaurants, shops, entertainment and leisure, halls, places of worship and education and ‘qualifying’ events.

Invitation-only events like private celebrations, weddings and funerals are typically exempt, along with premises including open-air spaces like parks, gardens and recreation grounds (unless a ticketed or membership event with 200 or more attendees or it is a designated sports ground).

Premises with alternative established security protocols, such as the Houses of Parliament and transport (port facilities), aviation, the Channel Tunnel and railway services are also all exempt.

Some situations may be seemingly complex to interpret how the law applies, such as connected spaces, so specialist advice may be required.

Step 2: Get organised, stay informed

Each organisation will have its existing structure with functional responsibilities but impacted businesses should also draw together a group of stakeholders across functions, which could include operations, health & safety, compliance and legal, security and fire safety (if present), training and communications.

This group will need to maintain external contacts to ensure they remain informed, including updates and ‘statutory guidance’ from the Security Industry Authority (SIA), which is the regulatory body, as well as information from National Counter Terrorism Security Office (NaCTSO) and ProtectUK.

Liaising with the local police advisors, trade bodies, local business information groups and neighbouring businesses will also be crucial.

Step 3: Identify the responsible person and the senior individual

Though security should be a holistic approach for businesses, to ensure accountability for compliance with the law, there must be an appointed ‘Responsible Person‘, whether that’s an individual or a legal corporate body, who should take charge of fulfilling the duties and being the point of contact with the regulator.

Where the responsible person for enhanced duty premises or a qualifying event is not an individual (i.e., it is a legal corporate body), they must designate a senior individual.

This must be someone who has responsibility for managing the affairs of the relevant body, such as a director or partner, rather than a lower-level employee.

The primary function of the senior individual is to ensure that the responsible person complies with the relevant legislative requirements, which serves a wider objective of engaging senior management in decision-making relating to the requirements of the act.

Step 4: Developing a security plan for Standard Duty

Impacted premises with a capacity of 200 or over and qualifying events have a Standard Duty under Martyn’s Law.

This means they are legally obliged to:

  • Appoint a ‘Responsible Person’ who is required to ensure appropriate security measures are in place for the venue
  • Notify the Security Industry Authority (SIA) of the premises and the responsible person
  • Put in place appropriate procedures to reduce the risk of physical harm to individuals
  • Undertake a terrorism risk assessment to determine which types of terrorism attacks the organisation or business may be subject to and which procedures are required. These could include evacuation, in-vacuation (moving individuals to where there may be less harm) and lockdown (preventing individuals from entering or leaving) protocols
  • Communicate information to individuals on the premises or at the event, provide terrorism awareness training to staff, continually review security plans, ensuring clear communication (to individuals, emergency services, neighbours)
  • Cooperate, coordinate and provide preparedness training and exercises to know how to respond

Premises in this category do not necessarily need to implement costly measures, but rather simple activities such as locking doors, closing shutters and identifying safe routes on the premises.

The law specifies that procedures put in place should be reasonably practicable, depending on the size and layout of the venue.

Training of employees across UK businesses that are impacted by the law is also crucial to remaining compliant.

This year, Securitas UK is taking part in the first cohort (provided by external supplier Mercury) that delivers dedicated training related to the act.

The Protective Security Advisor (L4 Apprenticeship) will run over the next two years, aligning with the current timings for business compliance.

Step 5: Introducing further measures for Enhanced Duty

Premises with 800 or more attendees and qualifying events have an Enhanced Duty, meaning that, in addition to the requirements of Standard Duty, there are further tasks to undertake for public protection.

These include:

  • Measures in relation to monitoring the premises or event and controlling the movement of individuals into, out of and within the event
  • The implementation of physical safety and security measures of the premises or event
  • Safety measures for the protection of the venue’s security information, which could assist in the planning, preparation or execution of acts of terrorism
  • Responsible Persons providing information to the SIA, informing them what procedures and measures are in place to mitigate risk and deliver public protection

Unlike Standard Duty, the Enhanced Duty places greater emphasis upon physical measures.

While these will vary depending on the type of venue and the nature of the event being held, they may include the installation of CCTV systems, controlled access points, metal detectors and hostile vehicle mitigation features such as traffic bollards.

Additional measures often include implementing bag search procedures, deploying security personnel to patrol both the site and its perimeter and introducing provisions aimed at reducing harm, such as automated external defibrillators (AEDs), first aid stations and trauma bleed kits.

The person responsible for Enhanced Duty must also ensure a separate document is maintained containing:

  • A statement of the procedures in place
  • An assessment of how the procedures may be expected to reduce the risk
  • A statement of the measures in place or proposed to be put in place
  • An assessment of how those measures may be expected to reduce the vulnerability and risk

This document must be sent to the SIA as soon as practicable after it is prepared and within 30 days of each revision.

Step 6: Remaining compliant

Although complete official guidance is still pending, the government has confirmed that the regulator appointed is the SIA.

As part of its role, it will offer support, advice and guidance to venues to enable them to implement the legislation’s requirements.

This will be done using secondary legislation (‘statutory guidance’), which will be approved by the Home Secretary.

The government says the guidance will assist those responsible in understanding the requirements set out in the legislation.

The SIA will also oversee compliance with the law and have enforcement powers that may include issuing fines or, in serious cases, shutting down venues that fail to comply.

This will be done through Compliance Notices and Restriction Notices.

Significant breaches may result in criminal prosecution, substantial fines or even imprisonment.

Step 7: Seeking the appropriate support

These new regulations may seem daunting, but venues need not face these new requirements alone.

To support the delivery of public protection and legal compliance, venues will benefit from trade and industry body briefings, local business forums, expert consultants and third-party security solution providers who can provide support to help them navigate the full scope of the new legislation.

The sooner organisations understand the key components of the new law and how it impacts their business, the longer they will have to become fully compliant.

Article: Martyn’s Law uncovered: Preparing businesses for compliance - published 12 days ago.

https://securityjournaluk.com/martyns-law-uncovered-preparing-businesses/   
Published: 2025 10 02 15:15:14
Received: 2025 10 03 01:23:26
Feed: Security Journal UK
Source: Security Journal UK
Category: Security
Topic: Security
Views: 11

Custom HTML Block

Click to Open Code Editor