Martyn's Law receives Royal Assent - act now, do not wait

The Terrorism (Protection of Premises) Bill – known as Martyn’s Law – has received Royal Assent (3 April), and is now the Terrorism (Protection of Premises) Act 2025. This means that what is expected to be at least a two year implementation period before the Act’s provisions come into force is now underway. But those two years are not a time to sit back and wait. Anyone responsible for qualifying premises and events (being those who have “control” of them) must start getting ready now or risk, if not physical damage to premises in the event of a terrorist attack, then at least causing reputational damage to their organisation. 

Named in memory of Martyn Hett, one of the 22 people who tragically lost their lives during the 2017 Manchester Arena attack, Martyn’s Law signifies a pivotal change for public safety in the UK and aims to enhance security measures at publicly accessible venues and events. The new legislation requires a wide range of businesses and public sector organisations to ensure protection “so far as reasonably practicable” against terrorist attacks for staff and the public. With the Act now having been passed, those organisations need to take immediate steps to understand and prepare for the legislation coming into force.

Do your premises qualify?

The first step is to understand whether an organisation’s premises fall within either a standard or an enhanced tier or are in fact otherwise excluded or exempt. Qualifying premises encompass a wide range of public commercial spaces, with standard tier premises requiring between 200 and 799 people to be present at the same time in connection with a qualifying use (as set out in the Act). The enhanced tier requires 800 or more people to be present at the same time. An early portfolio assessment is a must to get to the position of understanding which premises do qualify under Martyn’s Law and which are then in the standard or enhanced tier. 

Standard tier?

Requirements for standard tier premises are relatively simple and low cost - putting in place procedures to mitigate the risk of physical harm to people in the event of a terrorist attack. For many organisations in this tier, it will probably be the case that a lot of their premises already have a range of protection policies and measures in place under fire safety and health and safety laws, which will see them a long way towards complying with their new duties under Martyn’s Law. 

Enhanced tier?

Enhanced tier premises require more proactive counter-terrorism measures including preparing, maintaining and documenting regular risk assessments, updating security strategies and even potentially carrying out physical alterations to premises (e.g. installing barriers, safety glass, CCTV systems etc).Those responsible for enhanced tier premises, including their directors and other officers, are at risk of greater sanctions in the event of breach. 

Following the spirit rather than the letter of the law

As Martyn’s Law is about protecting the public from terrorism and maximising confidence in their safety when visiting public spaces, organisations (particularly those with large property portfolios or those that might not meet the legislative thresholds but could be considered at risk of terrorist attack) will need to decide whether to follow the spirit (as opposed to the letter) of the legislation or risk unfavourable PR implications in the event of a terrorist attack. 

Consider whether there is merit implementing the policy requirements across all public facing properties, irrespective of whether they reach the 200 (or 800) person threshold, to ensure best practice across an organisation's portfolio. But, where there is little to zero risk of premises coming anywhere near the 200 threshold, then discounting them will allow organisations to focus their resources on those premises that do (or nearly) qualify. It will be a bit of a balancing act and one that organisations need to be thinking about now and taking legal and other professional advice as soon as possible. 

Large scale events

It isn’t only qualifying premises that will be in scope for Martyn’s Law. Large scale events (800+ people) to which access is controlled will also be in scope and those responsible for (have “control” of) such events will also need to be taking immediate steps to assess regular and scheduled events and ascertain what protection procedures they will need to be putting in place to save lives, not waiting until they have to comply in two years’ time.

What other action is needed now?

1. Conduct security audits: evaluate existing safety measures and any counter terrorism policies in place. These will likely need revising once the regulations and guidance are published and as such understanding where these documents are and who has control of them will be essential. 

2. Budget for compliance: assess the potential costs of implementing new security measures, such as access controls, CCTV, or barriers for enhanced tier premises. 

3. Identify, appoint and train responsible personnel: designate individuals or teams within your organisation to oversee compliance efforts, particularly for enhanced tier premises or premises where there is likely to be a joint responsibility. 

4. Engage with stakeholders throughout the organisation: provide training to ensure anyone likely to have to play a part in the process are equipped to understand and implement the legal requirements. 

5. Consider documentation, such as leases, contracts and other agreements to ensure that they are fit for purpose: Where necessary, consider amendments or updates to standard wording and clauses- especially where in relation to enhanced tier premises and events or where there will be a joint responsibility.

For more about the scope of the Act please see our previous insight: Martyn's Law - Will you be affected? 

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at April 2025. Specific advice should be sought for specific cases. For more information see our terms & conditions.