Thu 21 May 2026

Martyn's Law

The Terrorism (Protection of Premises) Act 2025 ("the Act") establishes a new statutory framework for protective security at publicly accessible premises and events in the United Kingdom. 

The Act is commonly referred to as Martyn's Law after one of the victims of the Manchester Arena attack, Martyn Hett. Martyn's mother Figen Murray has played a pivotal role in driving the legislation forward. The legislation reflects a policy decision to place terrorism preparedness on a similar footing to other areas of regulatory risk management, such as health and safety.

Although the Act has received Royal Assent, its substantive duties are not yet in force. However, the publication of statutory guidance in April 2026 and the ongoing development of the regulatory regime make this an appropriate point for organisations to review their position and begin preparatory work.
Section 5 of the Act confirms that the objective of the Act is to reduce the risk of physical harm being caused to individuals if an act of terrorism were to occur at certain premises or events.

Legislative Status and Implementation Period

Martyn's Law received Royal Assent on 3 April 2025. The Government has confirmed that there will be an implementation period of at least 24 months before the statutory duties become enforceable.

During the implementation period:

  1. organisations are not legally required to comply with the Act's duties;
  2. no enforcement action or penalties will be imposed; and
  3. responsible persons have an opportunity to familiarise themselves with the regime and to take proportionate preparatory steps.

The Home Office published statutory guidance under section 27 of the Act on 15 April 2026. This guidance is likely to be treated as highly persuasive when compliance is assessed in due course.

Scope of the Act

Section 2 - Qualifying premises

The Act applies to publicly accessible premises where it is reasonable to expect that 200 or more individuals may be present at the same time.

This definition is broad and encompasses many premises that would not traditionally consider themselves within the remit of counter-terrorism legislation, including retail premises, hospitality venues, entertainment venues, educational establishments and places of worship. The full list of qualifying premises can be found at Schedule 1 of the Act.

Section 3 - Qualifying events

Certain controlled access public events with 800 or more attendees will also fall within scope. Such events are automatically treated as subject to the higher tier of duties.

Section 4 - Responsible Person

The Act imposes duties on the "responsible person", which is, broadly speaking, the person, company or organisation with control of the premises or event for the purposes of the activities carried on there. If there are multiple Schedule 1 uses at the same premises the responsible person will be deemed to be the person in control for the purpose of the primary use.

Tiered Structure of Duties

The Act adopts a tiered and proportionate approach, with duties varying by reference to the size of the premises or event.

Standard tier (200-799 persons)

Responsible persons for standard tier premises will be required to:

  1. notify the Security Industry Authority (SIA) that they are responsible for a qualifying premises; and
  2. ensure, so far as is reasonably practicable, that appropriate public protection procedures designed to reduce the risk of physical harm in the event of a terrorist attack occurring at, or in the immediate vicinity of, the premises.

The four public protection procedures are:

  1. for evacuating individuals from the premises or event;
  2. for moving individuals to a place on the premises or at the event where there is less risk of physical harm being caused to them;
  3. for preventing individuals entering or leaving the premises or event;
  4. for providing information to individuals on the premises or at the event.

Enhanced tier (800+ persons and qualifying events)

Responsible persons for enhanced tier premises and qualifying events will be subject to all standard tier requirements and must:

  1. have in place appropriate public protection measures to reduce both vulnerability to terrorism and the risk of physical harm being caused if a terrorist attack were to occur and to ensure that the measures are, so far as is reasonably practicable, in place; and
  2. maintain documented records of procedures and measures which are to be provided to the Security Industry Authority.

The Act does not impose a fixed list of required measures. Instead, it envisages site-specific solutions which may include surveillance, access control, physical security or information-management measures, where such steps are reasonably practicable.

Regulation and Enforcement

The Security Industry Authority is designated as the regulator under the Act. Its stated approach is to regulate on a supportive, proportionate and risk-based basis, particularly during the early stages of implementation.

Once the Act is in force, the SIA will have a range of regulatory and enforcement powers, including:

  1. the ability to request information and documentation;
  2. the issuance of compliance or restriction notices; and
  3. the imposition of civil financial penalties in cases of serious or persistent non-compliance.

Financial penalties may be substantial for large organisations. For an enhanced duty premises or qualifying event the maximum amount for a non-compliance penalty is the greater of £18 million and 5% of the responsible person's qualifying worldwide revenue. Criminal sanctions are available under the Act but are intended to be reserved for the most serious cases.

Recommendations

Security of events and the safety of the public is of the utmost importance. The risk of terrorism should be considered when organising a large-scale event. Martyn's Law provides some structure around what organisations are required to do. It also provides for penalties for failure to comply with the Act. We recommend that organisations begin work now to prepare for full implementation.

Related Insights

View All

Make an Enquiry

From our offices we serve the whole of Scotland, as well as clients around the world with interests in Scotland. Please complete the form below, and a member of our team will be in touch shortly.

Are you contacting us as an individual or business? *


Are you an existing client? *


How would you like us to contact you?


Morton Fraser MacRoberts LLP will use the information you provide to contact you about your inquiry. The information is confidential. For more information on our privacy practices please see our Privacy Notice