29 January 2026
From April 2025, a new piece of UK legislation quietly but significantly changed the expectations placed on organisations that operate publicly accessible premises. Known as Martyn’s Law, officially the Terrorism (Protection of Premises) Act 2025, the legislation aims to improve public safety by ensuring that venues and event organisers are better prepared to prevent, respond to and recover from terrorist incidents.
While full enforcement will not begin until April 2027, the message from regulators is clear: this is not a law to leave until the last minute.
Why Martyn’s Law matters now
Although there is a 24-month implementation period, organisations are already being encouraged to assess their exposure and begin preparations.
For many businesses, this will represent a shift in mindset - from viewing security as a specialist concern to recognising it as a core operational and risk management issue.
The law applies to a wide range of publicly accessible premises, including retail spaces, hospitality venues, schools, healthcare settings, places of worship and large events.
If members of the public can freely access your premises, there is a strong chance the legislation will apply.
Understanding the tiers of responsibility
Martyn’s Law introduces a tiered approach, based on capacity:
Standard tier (200 - 799 people)
Organisations will be required to put proportionate public-protection measures in place. This includes having clear procedures for evacuation, lockdown and communication, as well as ensuring staff are appropriately trained.
Enhanced tier (800+ people)
Larger venues will face more extensive requirements. In addition to the standard measures, this includes formal risk assessments, steps to reduce vulnerabilities (such as access control or monitoring systems), and maintaining documented evidence of compliance.
The intention is not to create a one-size-fits-all security model, but to ensure measures are realistic, proportionate and aligned with the level of risk.
The role of the Security Industry Authority
The Security Industry Authority (SIA) has been appointed as the regulator for Martyn’s Law. It will provide guidance and support to duty holders, as well as enforce compliance once the law is fully in force. Sanctions for non-compliance can be significant.
Penalties may reach £10,000 for standard-tier premises, and for enhanced-tier organisations, fines could extend to £18 million or up to 5% of global turnover, with additional daily penalties for ongoing breaches.
Steps organisations may want to consider during the implementation period
With enforcement still just over a year away, businesses have a valuable window to prepare without pressure. Practical steps to consider now include:
Confirming whether your premises or events fall within scope and identifying the applicable tier
Reviewing existing emergency and security procedures and identifying gaps
Considering whether additional training, risk assessments or physical measures are appropriate
Ensuring documentation is clear, proportionate and ready for future registration requirements
Early preparation not only reduces future compliance risk, but can also strengthen overall resilience, improve staff confidence and demonstrate a proactive approach to duty of care.
A proactive approach to a changing risk landscape
Martyn’s Law reflects a broader shift in how organisations are expected to manage safety and security risks. Those that act early will be better placed to adapt smoothly, avoid disruption and protect both people and reputation.
If you have questions about how Martyn’s Law may affect your organisation, or would like support assessing your readiness, our Risk Management Team would be happy to help.
Gayle Bennouir, BA (hons) IRMCert TechIOSH Cert CII
Risk Management Director