Understanding Martyn’s Law: What It Means for UK Businesses
This article at a glance:
Martyn’s Law, officially the Terrorism (Protection of Premises) Act 2025, introduces new legal duties for UK venues and businesses to assess and mitigate terrorism risks. Over the next two years, operators of publicly accessible sites must prepare to meet proportionate security and preparedness standards, from training and procedures to written plans and physical measures. For organisations in commercial real estate and security, it marks a shift from voluntary resilience to statutory responsibility, embedding safety, compliance, and trust at the heart of business operations.
Introduction
In the wake of the 2017 Manchester Arena bombing, the UK Government introduced legislation designed to strengthen security and preparedness across publicly accessible venues. Officially titled the Terrorism (Protection of Premises) Act 2025, but widely known as Martyn’s Law, this new framework represents one of the most significant steps in UK counter-terrorism strategy in recent years.
As the law begins to take shape, businesses, particularly those operating in commercial real estate, retail, events, and hospitality, must understand what’s required, what’s changing, and how best to prepare.
What is Martyn’s Law?
Martyn’s Law introduces a statutory duty for those responsible for certain premises and events to assess and mitigate the risk of terrorism.
Named after Martyn Hett, one of the 22 victims of the Manchester Arena attack, the law aims to ensure that security measures — such as evacuation procedures, communications plans, and access controls — are not just good practice, but a legal requirement.
According to the Home Office, the law is designed to ensure “better preparedness, protection and public safety” across all qualifying venues. It represents a shift from voluntary guidance to mandatory resilience, with an emphasis on proportionate and “reasonably practicable” measures for each site.
Who does it apply to?
The law applies to “qualifying premises” and “qualifying events” that are accessible to the public and meet certain thresholds:
- Standard Tier – Premises where 200 to 799 people are reasonably expected to be present. These sites must implement basic protective security and response procedures.
- Enhanced Tier – Premises or events where 800 or more people may be present. These locations require a formal risk assessment, a written security plan, and may need to implement physical protective measures where appropriate.
The Security Industry Authority (SIA) will act as the regulator, with powers to inspect, enforce compliance, and issue penalties for breaches.
Industries most likely to be affected
Commercial Real Estate and Workplaces
Large office buildings, mixed-use developments, and business campuses may need to meet the Standard or Enhanced Tier depending on occupancy and public access. For landlords and property managers, the legislation introduces shared responsibilities across tenants and building operators.
Retail and Shopping Centres
Shopping centres, supermarkets, and retail parks regularly host high footfall and operate across shared spaces. Martyn’s Law will formalise responsibilities around evacuation routes, tenant coordination, and staff readiness across diverse retailers.
Entertainment, Sports and Leisure
Arenas, stadiums, cinemas, theatres, and concert venues will almost always fall within the Enhanced Tier. Crowd control, ingress/egress planning, and real-time communications will become regulated expectations rather than operational choices.
Education and Public Institutions
Schools, universities, museums, libraries, and local authority buildings will have duties proportionate to their setting. Most educational institutions remain in the Standard Tier but are still required to demonstrate practical preparedness and well-drilled procedures.
Transport Hubs and Infrastructure
Rail stations, airports, bus terminals, and ferry ports face dynamic public flows and complex operations. Martyn’s Law will encourage consistency across agencies, operators, and contractors, promoting joined-up response planning.
Hospitality and Night-Time Economy
Hotels, restaurants, pubs, bars, nightclubs, and conference venues — depending on capacity — must ensure that public-facing staff are trained to respond to threats and that emergency procedures are documented and actionable.
This breadth reflects the Government’s ambition: to raise the national baseline for preparedness across every environment in which people gather — not just major venues.
How many UK locations will be affected
One of the most significant implications of Martyn’s Law is the sheer scale of premises likely to fall under its Standard or Enhanced Tier duties. While the Government has not published an official figure — and the Security Industry Authority (SIA) is still establishing the regulatory framework — several industry analyses point to a substantial nationwide impact.
Current estimates suggest that:
- Around 178,000 premises across the UK may fall within the scope of the legislation.
- Some assessments place the figure higher, suggesting up to 280,000 publicly accessible venues could be affected.
These ranges reflect the broad definitions within the Act and the diversity of sites that can “reasonably expect” 200 or more people (or 800+ for Enhanced Tier) at any given time. This includes retail spaces, entertainment venues, hospitality environments, transport hubs, public buildings, education institutions, and commercial real estate.
A precise number is difficult to determine for several reasons:
- Fluctuating occupancy: Many premises experience variable footfall, which may push them above or below tier thresholds at different times.
- No central register: Duty holders will only be formally recorded once they notify the SIA, meaning the complete scope will become clear gradually.
- Shared and mixed-use buildings: Multi-tenant properties or spaces with changing uses add complexity to determining applicability.
Despite these variables, the estimates illustrate the scale of the change ahead. Martyn’s Law will affect a significant proportion of the UK’s public-facing environments, underscoring the importance of early preparation for organisations with diverse estates or high visitor volumes.
Implementation timeline
While the Act received Royal Assent in April 2025, the Government has confirmed a grace period of around 24 months before full enforcement begins. This gives organisations time to:
- Audit their premises and events
- Establish which tier they fall into
- Update or develop emergency and communication procedures
- Begin risk assessments and staff training programmes
Early action during this preparation period will help organisations demonstrate compliance readiness and avoid costly disruption later.
Jan 2026 Update: Current Status of Martyn’s Law and What’s Changed
Since this article was first published, there have been important clarifications around the timing, guidance and regulation of Martyn’s Law that businesses should be aware of.
Although the Terrorism (Protection of Premises) Act 2025 received Royal Assent in April 2025, the legislation is not yet in force. The Government has confirmed a minimum 24-month implementation period, meaning the legal duties are not expected to become enforceable until 2027 at the earliest. This period is designed to give organisations sufficient time to prepare and to allow supporting frameworks to be put in place.
Crucially, statutory guidance is still forthcoming. The Home Office and the Security Industry Authority (SIA) are developing detailed guidance that will explain how duty holders are expected to meet their obligations in practice, including what “reasonably practicable” measures look like across different sectors and environments. Draft guidance is expected to emerge during 2026, ahead of full enforcement.
In parallel, the Security Industry Authority (SIA) is actively preparing for its new role as regulator. This includes establishing a dedicated Martyn’s Law regulatory function, recruiting specialist staff, and developing inspection, enforcement and case-management processes. Until the legislation is commenced, the SIA’s focus remains advisory and preparatory, rather than enforcement-led.
Some sector-specific clarifications have also begun to emerge — particularly for education settings — indicating that duties will be applied proportionately depending on use, occupancy and risk profile. This signals how future statutory guidance is likely to balance consistency with flexibility.
What this means for businesses:
While compliance is not yet mandatory, organisations should not delay preparation. The current period represents a critical window to assess exposure, strengthen procedures, train staff, and modernise systems so that compliance can be demonstrated clearly once enforcement begins.
(Correct as of January 2026)
What it means for businesses over the next few years
Short Term (0–2 years): Preparation and Planning
- Conduct audits to identify sites and capacities
- Update existing emergency and security procedures
- Begin training staff on lockdown, evacuation, and communication processes
- Budget for any physical or procedural upgrades needed for compliance
Medium Term (2–5 years): Compliance and Integration
- Implement the formal duties under the law
- Embed security plans into day-to-day operations
- Align Martyn’s Law requirements with fire safety, health and safety, and business continuity plans
Long Term (5+ years): Continuous Improvement
- Regularly review and test security measures
- Keep pace with evolving terrorist threats and new statutory guidance
- Integrate Martyn’s Law compliance into wider ESG and corporate governance frameworks
Implications for Commercial Real Estate and Security Teams
For property owners, landlords, and building operators, Martyn’s Law represents a structural shift in how risk is shared and managed. Security preparedness will become a visible standard of professionalism — influencing tenant relations, insurance costs, and reputation.
For security teams, the law reinforces the value of connected incident management systems. Platforms like Zinc can help automate procedures, standardise EOPs and SOPs, record actions taken, and demonstrate compliance through auditable logs. This is essential for both regulatory and operational resilience.
As outlined in our related article, Martyn’s Law: A Call to Evolve Technology for Public Protection, technology will play a critical role in supporting businesses to meet their new duties. From live communications and data-led threat intelligence to automated audit trails, the future of compliance will depend on how effectively organisations connect people, systems, and data.
Challenges to consider
- Resource and cost pressures, particularly for smaller venues adapting to new duties
- Complex accountability in multi-tenant or shared spaces
- Evolving guidance, statutory details and enforcement mechanisms may still be refined over time
- Maintaining consistency across distributed estates or large workforces
Despite these hurdles, the benefits of compliance go beyond regulation, enhancing public confidence, operational safety, and organisational reputation.
Looking ahead
As The Guardian notes, Martyn’s Law will “require venues with 200-plus capacity to have robust terror safety plans in place,” signalling a major shift in how security and preparedness are prioritised across the UK.
Over the coming years, resilience will move from best practice to baseline expectation. For businesses, landlords, and operators, preparedness will no longer be measured by intent alone, but by the ability to demonstrate clear procedures, trained people, and auditable actions.
Now is the time to act.
Organisations should use the implementation period to assess their exposure, clarify responsibilities, and modernise how they manage security, incidents, and compliance.
Get in touch to understand how Zinc can help your business prepare for Martyn’s Law and stay compliant — from standardising procedures and improving readiness to providing the auditability and oversight required under the new legislation.
+44 (0)20 3989 4859 
info@zinc.systems 