The Terrorism (Protection of Premises) Act 2025, which received Royal Assent on 3rd April 2025, introduces significant new obligations for venues and event organisers to implement anti-terrorism measures. This landmark legislation, commonly known as "Martyn's Law" (following campaigning after the Manchester Arena attack), will affect a wide range of businesses and organisations.
Who is affected?
The Act applies to:
-
Standard duty premises: Venues that can accommodate 200-799 people
-
Enhanced duty premises: Venues that can accommodate 800+ people
-
Qualifying events: Events expecting 800+ attendees where access is controlled via tickets, payment or membership
This includes shops, restaurants, entertainment venues, sports grounds, museums, exhibition halls, hotels, educational institutions and more.
Key requirements
For all qualifying premises and events:
- Public protection procedures: Implement protocols for evacuation, sheltering, lockdown and communication in case of a terrorist incident
Additional requirements for enhanced duty premises and qualifying events:
- Public protection measures: Implement and regularly review security measures for monitoring, controlling access and securing premises
- Documentation: Prepare and maintain detailed documentation of all procedures and measures
- Senior responsibility: Designate a senior individual responsible for compliance (for organisations rather than individuals)
- Notification requirements: Notify the Security Industry Authority (SIA) when becoming responsible for premises or events
Enforcement
The Security Industry Authority (SIA) will enforce the legislation through:
-
Investigatory powers: Including access to premises and information
-
Compliance notices: Formal requirements to implement specific measures
-
Restriction notices: Ability to restrict venue operations
-
Monetary penalties: Up to £18 million or 5% of qualifying worldwide revenue for serious breaches
-
Criminal offences: For failing to comply with notices or providing false information
Practical tips for compliance:
-
Assess your status:
- Assess maximum occupancy to determine if you fall under standard or enhanced duty
- For event organisers, evaluate whether your events will be classified as qualifying events
- Consider multiple connected spaces and how they might be treated as single premises
-
Risk Assessment:
- Conduct a comprehensive terrorism vulnerability assessment
- Identify potential attack methods relevant to your premises
- Map entry/exit points and areas of vulnerability
- Assess existing security measures against new requirements
-
Procedure Development:
- Create clear, actionable evacuation procedures with multiple exit routes
- Develop protocols for moving people to safer areas within premises when evacuation isn't possible
- Establish lockdown procedures including communication cascades
- Design communication templates for different emergency scenarios
-
Staff training:
- Develop role-specific training materials for security, management and front-line staff
- Create testing and drill schedules to ensure procedures are workable
- Implement regular refresher training programmes
- Establish clear responsibility chains during incidents
-
Designate responsibility:
-
Identify who will be responsible for compliance in your organisation
For Enhanced Duty Premises
Premises falling under this designation should also further consider the following in addition to the above:
- Security Measures Implementation
- Review and enhance monitoring systems (CCTV, staff positioning, etc.)
- Evaluate access control mechanisms and crowd management approaches
- Assess physical security features (barriers, bollards, security doors)
- Implement document security protocols
-
Documentation Preparation
- Begin drafting your compliance documentation
- Conduct and record detailed vulnerability assessments
- Document all procedures with clear responsibilities and timelines
- Develop methods to keep documentation current
-
Leadership Structure
- Identify senior personnel who will take responsibility for compliance
- Ensure they have appropriate authority and resources
- Create reporting structures to support compliance activities
While this legislation has now been enacted, implementation dates will be set through regulations. This gives businesses time to prepare, but we recommend starting that process now.
