Martyn's Law: Complete Guide to the Terrorism (Protection of Premises) Act 2025

• Updated May 2026 — This guide reflects the Section 27 statutory guidance published by the Home Office on 15 April 2026, the SIA's Section 12 enforcement consultation (open until 12 June 2026), and the Spring 2027 commencement window now being communicated by Government. Penalty figures and the four formal categories of public protection measures have been added throughout.

Martyn's Law — also widely referred to as the Protect Duty during its drafting and consultation stages — is the common name for the Terrorism (Protection of Premises) Act 2025, UK legislation aimed at enhancing preparedness against terrorist attacks at publicly accessible premises and qualifying public events. The Act received Royal Assent on 3 April 2025. After more than a year of anticipation, the long-awaited Section 27 statutory guidance was published by the Home Office on 15 April 2026, alongside three supplementary papers covering capacity calculation, illustrative scope examples and further training resources. Commencement is now being communicated as Spring 2027 (likely April 2027), subject to formal Parliamentary confirmation.

Why "Martyn's Law"? Figen Murray's campaign

The Law is named after Martyn Hett, one of 22 people killed in the 2017 Manchester Arena bombing. His mother, Figen Murray, has campaigned tirelessly since the attack — walking 200 miles from Manchester to 10 Downing Street, gathering cross-party support, and pushing successive governments to introduce statutory protective duties for publicly accessible premises. Figen Murray was awarded an OBE for her work, and the legislation that bears her son's name reflects more than seven years of advocacy. Anyone responsible for a venue that falls in scope owes a substantial part of the structure of the Act, and of the supporting ACT awareness training framework now embedded in the statutory guidance, to her campaign.

What's new in 2026

• Statutory guidance is live. On 15 April 2026 the Home Office published the Section 27 statutory guidance, a 129-page main document plus three non-statutory supplementary papers. HTML accessible versions were added on 27 April 2026. The guidance is the document the sector had been waiting on for over a year and provides the operational detail behind every duty in the Act. It is available on gov.ukhttps://www.gov.uk/government/publications/the-terrorism-protection-of-premises-act-2025).

• Commencement window has firmed up to Spring 2027. Earlier "at least 24 months" language has narrowed. The Home Office, the Security Industry Authority and most legal commentators are now consistently signalling Spring 2027 (likely April 2027). This is still subject to formal Parliamentary confirmation but is solid enough to plan against.

• SIA Section 12 enforcement consultation is open. On 15 April 2026 the SIA launched a public consultation on its draft Section 12 enforcement guidance. The consultation closes 12 June 2026 and is directly relevant to anyone deploying mass communication systems, integrated control platforms or other public protection technology.

• Penalty figures are confirmed. Standard tier non-compliance carries financial penalties of up to £10,000. Enhanced tier non-compliance carries the greater of £18m or 5% of global revenue, with daily penalties for continuing breaches. The regulator may also issue restriction notices that can prevent a venue opening or an event proceeding. Senior individuals at enhanced-tier organisations face personal criminal liability of up to two years' imprisonment where breaches involve consent, connivance or neglect. The guidance is explicit that statutory responsibility cannot be delegated.

Who does Martyn's Law apply to?

For a detailed breakdown of who falls under Martyn's Law scope, including capacity thresholds, venue types, exemptions, and how to determine if your organisation needs to comply, see our comprehensive guide: Who Does Martyn's Law Apply To?.

The Act applies to public venues and events where 200 or more people could reasonably be expected to gather at one time. These include stadiums, theatres, nightclubs, shopping centres, community halls, markets, and other publicly accessible premises (nalc.gov.uk). The Law sets two capacity thresholds:

Standard tier – premises with a capacity between 200 and 799 people. These venues must take basic steps, such as conducting risk assessments, training staff, and notifying the Security Industry Authority (SIA) that they are responsible for the premises (nalc.gov.uk).

Enhanced tier – premises or events where 800 or more people may be present (nalc.gov.uk). Enhanced‑tier premises have additional obligations, such as more comprehensive security measures and a designated senior individual to oversee compliance (protectuk.police.uk).

For both tiers, at least one building must be involved, the premises must be publicly accessible and used for specified purposes, and it must not be among the exclusions listed in Schedule 2 of the Act.

Standard vs. Enhanced Tier: Key Requirements

For a detailed breakdown of the differences between standard and enhanced tiers, including specific obligations, compliance tips, and practical guidance, see our comprehensive guide: Standard vs. Enhanced Tier: What's the Difference?.

Standard Tier

Notification and risk assessment: Responsible persons must notify the SIA of their premises and perform a terrorist risk assessment.

Training and procedures: They must implement staff training and have emergency procedures to reduce harm in the event of an attack (nalc.gov.uk).

Simple protective measures: The Act emphasises low‑cost, proportionate actions such as locking doors or identifying safe routes (protectuk.police.uk).

Standard tier penalty: financial penalties of up to £10,000 for non-compliance, plus daily penalties for continuing breaches once the duty is in force.

Enhanced Tier

All standard‑tier obligations, plus:

• Four formal categories of public protection measures (April 2026 guidance): the responsible person must consider monitoring (e.g. CCTV, observation arrangements), movement (control of access, queuing, vehicle management), physical safety and security (barriers, glazing, layout), and security of information. Measures may be implemented through people, policies and processes, and/or physical mitigations.

Comprehensive security measures such as CCTV, bag searches and perimeter checks (protectuk.police.uk).

• Designated senior individual: A senior individual must be designated where the responsible person is an organisation. Statutory responsibility cannot be delegated. The senior individual is personally exposed to criminal liability of up to two years' imprisonment where a breach involves consent, connivance or neglect.

• A "compliance document" — not a checklist. The April 2026 guidance is explicit that the document required from enhanced-tier responsible persons must construct a narrative: what's in place, why it's expected to reduce harm, and where measures differ from what would normally be expected, why.

Regular liaison with authorities: Enhanced‑tier premises are expected to engage with local counter‑terrorism police and maintain appropriate documentation.

Enhanced tier penalties: civil penalties up to £18m or 5% of worldwide revenue (whichever is higher), daily penalties for continuing breaches, restriction notices that can prevent a venue opening or an event proceeding, and personal criminal liability for designated senior individuals.

Capacity calculation: how to count

Supplementary Document A published with the April 2026 guidance formalises acceptable methods for calculating capacity. Responsible persons may use fire safety safe occupancy figures, historic attendance data or any other justified method, and the reasonable-expectation test must include staff and volunteers as well as members of the public. Operators should document the method they used and the assumptions behind it, particularly where peak attendance varies across events.

Coordination across shared spaces

The guidance explicitly addresses shared spaces (entrances, exits, public realm) and multi-responsible-person scenarios such as shopping centres, transport hubs and high-street parades, with a coordination duty between the parties involved. Although coordination is not itself new in law, it is newly emphasised and likely to be a focus of early SIA enforcement.

Implementation timeline and compliance checklist

The Home Office, the Security Industry Authority and most legal commentators are now consistently signalling Spring 2027 (likely April 2027) as the commencement date, subject to formal Parliamentary confirmation (gov.uk). With statutory guidance now published (15 April 2026), responsible persons can move from "watch and wait" into structured preparation. Key steps include:

Identify qualifying venues: Review your estate and determine which venues or events exceed the 200‑person threshold.

Conduct risk assessments: Evaluate vulnerabilities, considering factors such as crowd size, entry points, and existing security measures (nalc.gov.uk).

Train staff and volunteers: The expected baseline is ACT Awareness Training (Action Counters Terrorism) — the free, government-backed programme delivered through ProtectUK and referenced throughout the statutory guidance as the recognised training standard for the standard tier (nalc.gov.uk). Keep a register of who has completed the training and when.

Develop emergency response plans: Create clear procedures for lockdowns, evacuations and communication (nalc.gov.uk).

Engage with authorities: Liaise with local police and the SIA for guidance and to ensure compliance.

Plan for enhanced measures (if required): For venues likely to be in the enhanced tier, budget and plan for physical security measures such as CCTV, access control, and bag searches (protectuk.police.uk).

Special considerations for education settings

Education settings, schools, colleges and universities, are treated differently under Martyn's Law. Even if more than 800 people are present, these premises remain in the standard tier (gov.uk). The Law recognises that educational environments require a proportionate approach, though institutions should still consider basic protective measures and staff training.

How AV technology can help

Audio‑visual systems play a crucial role in meeting the requirements of Martyn's Law. Strive AV's Martyn's Law Compliance service page outlines several ways that technology can support preparedness.

Real‑time emergency communication: Integrated PA systems and digital signage can broadcast clear, multilingual instructions during an incident.

Crowd management: Surveillance cameras and occupancy analytics help monitor crowd flow and identify potential bottlenecks or vulnerabilities.

Staff and visitor education: Interactive displays and training platforms can be used to educate staff and visitors about security protocols and evacuation routes.

Surveillance integration: CCTV systems, including video walls in command centres, provide situational awareness for security personnel.

Accessible communication: Solutions such as hearing‑assisted systems ensure everyone can receive alerts and instructions.

Compliant record‑keeping: Digital systems can log compliance activities, such as risk assessments and training sessions, to facilitate audits and demonstrate due diligence.

Next steps

Martyn's Law marks a significant shift in how UK venues approach public safety. This pillar page outlines the Law's purpose, who it affects, its tier structure, and key compliance steps. To dive deeper into specific questions, explore our supporting posts on:

Who does Martyn's Law apply to?

Standard vs. Enhanced Tier: What's the difference?

Implementation timeline and compliance checklist

Effects on education settings

AV technology and Martyn's Law

If you're unsure where to begin or would like expert guidance on security‑oriented AV solutions, contact the Strive AV team. We can help you assess your premises, implement the right technologies and ensure you are ready when Martyn's Law comes into force.

Frequently Asked Questions

What is Martyn's Law?

Martyn's Law is the common name for the Terrorism (Protection of Premises) Act 2025, UK legislation that requires publicly accessible premises and events to assess terrorism risks and put proportionate protective measures in place. It is named after Martyn Hett, one of the victims of the 2017 Manchester Arena bombing. The Act received Royal Assent on 3 April 2025 and will be enforced after a minimum 24-month implementation period.

Who does Martyn's Law apply to?

Martyn's Law applies to publicly accessible premises and events expecting 200 or more people at any one time. Venues expecting 200–799 people fall under the standard tier; those expecting 800 or more fall under the enhanced tier. Schools, colleges and universities remain in the standard tier even if more than 800 people are present. Private offices, residential buildings and venues under 200 capacity are generally outside scope.

What is the difference between standard and enhanced tier?

The standard tier (200–799 people) focuses on basic preparedness — risk assessments, staff training, simple emergency procedures, and notifying the Security Industry Authority. The enhanced tier (800+ people) adds physical security measures (CCTV, bag searches, vehicle checks), a senior responsible individual, comprehensive emergency planning and documented compliance evidence.

When does Martyn's Law come into force?

Martyn's Law received Royal Assent on 3 April 2025. The Home Office, the SIA and most legal commentators are now consistently signalling Spring 2027 (likely April 2027) as the commencement date, subject to formal Parliamentary confirmation. The Section 27 statutory guidance was published on 15 April 2026 (with HTML accessible versions following on 27 April 2026), and the SIA's Section 12 enforcement consultation runs until 12 June 2026. Organisations should use the remaining window to move from awareness into structured preparation.

Who enforces Martyn's Law and what are the penalties for non-compliance?

The Security Industry Authority (SIA) is the regulator. Standard tier non-compliance carries financial penalties of up to £10,000. Enhanced tier non-compliance carries the greater of £18m or 5% of global revenue, with daily penalties for continued non-compliance after deadline, restriction notices that can prevent a venue opening or an event proceeding, and criminal offences with up to two years' custodial sentence for senior individuals where a breach involves consent, connivance or neglect. Statutory responsibility cannot be delegated.

Who is the responsible person under Martyn's Law?

The responsible person is the individual or organisation in control of the premises for its principal use — typically the venue operator, landlord, headteacher, building manager or event organiser. They are accountable for risk assessments, staff training, implementing public protection procedures and (for enhanced-tier venues) appointing a designated senior individual to oversee compliance.

How can AV technology support Martyn's Law compliance?

AV systems are central to the Act's communication requirements. Digital signage networks can override regular content to broadcast emergency alerts. PA and voice evacuation systems deliver clear instructions across large or noisy venues. Integrated control platforms tie signage, PA, CCTV and access control into a single interface so security teams can issue simultaneous, coordinated alerts. Visual alarms, captioning and multilingual templates also support the Act's emphasis on inclusive, accessible communication.

Are schools and universities exempt from Martyn's Law?

No, but they are treated differently. Schools, colleges and universities remain in the standard tier even when expected attendance exceeds 800 people, in recognition of the unique nature of educational environments. Events held on educational premises do not become enhanced-tier events simply because they draw large crowds. Educational settings are still required to conduct risk assessments, train staff and develop emergency procedures.