Contextual Background

The Terrorism (Protection of Premises) Act 2025, commonly referred to as Martyn’s Law, is designed to improve organisational preparedness and strengthen protective security across the United Kingdom to reduce the risk of terrorism. This legislation serves as a tribute to Martyn Hett, a victim tragically killed in the Manchester Arena attack and seeks to ensure that lessons learned from such incidents are implemented to better protect public spaces and prevent future tragedies. For the first time, the Act creates a legal duty for certain premises and events to take proportionate steps to prepare for, and reduce harm from, potential terrorist incidents.

Legislative Status

The Act received Royal Assent on 3 April 2025 and is now law across the United Kingdom. Its main duties and enforcement provisions will take effect following an implementation period of at least 24 months, allowing organisations time to prepare for compliance. During this period, the Home Office will issue statutory guidance to support those responsible in meeting the Act’s requirements.

Overview

Purpose and Objectives of the Act

The Act establishes a legal framework to enhance public safety by reducing vulnerabilities to terrorist acts at certain premises and events. Its key objectives include:

1. Reducing Impact: Minimising harm during terrorist incidents.

2. Clarifying Responsibility: Establishing clear security obligations for premises within scope.

3. Improving Consistency: Ensuring standardised security practices across all locations.

4. Enhancing Support – Providing tools, training and resources to aid security implementation.

Scope and Applicability

The Act applies to qualifying premises and qualifying events, as defined in Sections 2 and 3. It outlines security obligations for venues accessible to the public, focusing on preparedness and mitigation strategies to counter terrorism risks.

• Qualifying Premises include those used for public gatherings or activities, specified under Schedule 1 of the Act.

• Qualifying Events are events held on premises not already classed as qualifying premises, where 800 or more people are expected to be present at one time, and entry is by ticket, invitation, or pass.

• Exclusions for specific premises or events are detailed in Schedule 2.

Strategic Alignment with the Act:

The Act’s objectives should be reflected in venue’s approaches to security planning. The Key strategic and policy objectives addressed include:

• Keeping Citizens Safe – Strengthening security to minimise vulnerabilities.

• Clarifying Responsibilities – Assigning clear roles for security management.

• Improving Consistency – Adopting standardised security practices.

• Enhancing Support – Leveraging training and tools to ensure resilience

Framework

Key Provisions of the Act:

• Part 1 - Public Protection Requirements (Sections 1-33): Defines responsibilities for qualifying premises and events, establishing the framework for public protection duties and risk mitigation measures.

• Section 4 - Responsible Persons: Identifies accountable persons for compliance.

• Sections 5–10 - Security and Preparedness Requirements: Set out detailed requirements for implementing public protection procedures (standard and enhanced duty) and public protection measures (enhanced duty), scaled to each premises’ or events’ risk and resources.

• Sections 11–26 - Tribunal, Enforcement and Penalties: Cover tribunal determinations, investigatory powers, and enforcement mechanisms, and the Security Industry Authority’s (SIA) role as regulator, including compliance and penalty powers.

• Sections 27–33 - General Provisions: Provides general provisions, including interpretation, disclosure of information, service of notices, civil liability and commencement provisions.

Schedules:

• Schedule 1 - Specified Uses of Premises: lists qualifying premises including but not limited to shops, hospitality venues, entertainment venues, sports grounds, visitor attractions, hotels, museums, galleries, places of worship, transport hubs, education and healthcare facilities.

• Schedule 2 – Excluded Premises and Events: Lists exemptions from the requirements.

• Schedule 3 – Investigation Powers: grants the SIA authority to inspect premises, require documents and issue compliance notices.

• Schedule 4 – Licensing and Disclosure of Plans: amends the Licensing Act 2003 and Licensing (Scotland) Act 2005, limiting public disclosure of detailed plans that could assist terrorists.

Analysis

The following sections provide a concise legal analysis pertaining to each section of the Act while summarising the core obligations and principles established under law.

Introductory

This section defines the terms qualifying premises, qualifying events and responsible persons, essential for determining which laws regulate specific premises and events and identifying who is responsible for compliance. They are defined as follows:

Qualifying premises: Include buildings, land or a combination of both, encompassing parts of buildings or groups of buildings. These premises must meet certain criteria under the legislation, such as their use, public access and risk profile. Premises are further categorised into Enhanced Duty Premises and Standard Duty Premises, which determine the level of security and protective measures required. Standard Duty Premises are those where it is reasonable to expect 200 or more individuals to be present at the same time, while Enhanced Duty Premises are those where it is reasonable to expect 800 or more individuals to be present. Enhanced Duty Premises require comprehensive protective security and preparedness measures, while Standard Duty Premises must implement proportionate public protection procedures.

Qualifying event: An event held on premises that are not classified as Enhanced Duty Premises or part of such premises. For an event to qualify, members of the public must have access, and it must be reasonable to expect 800 or more individuals will be present at the same time. Attendees must either pay for entry or possess invitations or passes. The event must not fall within the excluded events listed in Schedule 2.

Persons responsible for qualifying premises or event: The individual or entity controlling the premises in connection with its relevant use, as specified in Schedule 1. If premises have multiple uses, the principal use will determine the relevant responsible party, as defined by regulations set by the Secretary of State. For qualifying events, the responsible person is one who controls the premises during its use for the event. In cases where premises or events have multiple responsible individuals, all share accountability and may act jointly to fulfil legal obligations.

Compliance and Oversight

Sections 5 to 10 establish the compliance framework to ensure appropriate public protection procedures and measures are in place, safeguarding individuals in venues susceptible to terrorist threats.  These public protection procedures, which apply to both Standard and Enhanced Duty premises and qualifying events, and public protection measures, which apply to Enhanced Duty premises and qualifying events, must be followed by venue personnel and kept under review to ensure they remain current and reasonably practicable. These sections outline additional mandatory requirements, including training, co-operation, notifications, designation of responsible persons, documentation and record-keeping. These measures ensure public safety and risk mitigation are maintained through consistent oversight.

Enforcement responsibilities

Sections 12 to 16 assign enforcement responsibilities to the Security Industry Authority (SIA), which is responsible for ensuring compliance, investigating breaches and overseeing enforcement actions. These sections provide specific details on the SIA’s investigative functions and enforcement procedures, including the authority to issue compliance and enforcement notices. These notices can be varied or withdrawn by the SIA and can be subject to appeal to a tribunal. These provisions are intended to hold entities accountable while ensuring transparency in enforcement processes.

Monetary Principles

Section 17-23 outlines the regulations governing penalties for non-compliance. These sections detail the issuance of notices, maximum amount penalty amounts, the contents of notices and procedures and requirements for variation, withdrawal and recovery. For Enhanced Duty premises, the maximum penalty is £18 million or 5 % of global turnover, whichever is greater. Additionally, criminal offences may apply for serious or persistent non-compliance. This framework ensures penalties are consistently applied while providing mechanism for appeal and review, ensuring transparency and compliance in the enforcement process.

General  

Sections 24 to 33 establish the core obligations necessary to enforce and protect the provisions of the Act. These sections outline the requirements to be published by the Secretary of State before Parliament, ensuring transparency and accountability. They include governance provisions under data protection legislation, which govern the disclosure of information and the authorisation for such disclosures. The sections also specify the acceptable methods for serving notices and grant the Secretary of State the authority to make further regulations related to notices, including the power to amend the Act with supporting interpretations.

Importantly, these provisions prevent any right of action in civil proceedings related to the enforcement of the Act. These measures ensure the legal validity of the Act and its enforceability in a court of law.

Part 2

This section amends the Licensing Act 2003 and the Licensing (Scotland) Act 2005, introducing provisions about including and disclosing plans in public registers. It authorises the secretary of state to set regulations on the format and content of these plans, with the power to restrict disclosure if the information could assist in terrorism-related activities.

Part 3

This ‘General’ section establishes the logistical aspects of the Act, detailing the legal and obligations necessary for administrative compliance. Specifically, this section grants the power to make regulations under any provision of the Act, allowing for consequential, supplementary, incidental, transitional or saving provisions and permits different provisions for different purposes or areas and outlines section which require approval or accept annulled by Houses of Parliament. Additionally, it specifies that parts of the Act will come into force on a day appointed by the Secretary of State, following an implementation period of at least 24 months after Royal Assent.

Schedules

Schedule 1: Specified use of Premises

Identifies the types of premises subject to regulation under the Act. These include shops, food and drink establishments, nightclubs, entertainment venues, sports grounds, recreational facilities, libraries, museums, galleries, halls, visitor attractions, hotels and places of worship. It categorises premises based on their primary use and public accessibility, determining whether they qualify as standard or enhanced duty premises

Schedule 2: Excluded Premises and events

Specifies premises and events that are exempt from the Act’s requirements. Examples may include certain small-scale venues, private events or locations with limited public access. The exclusions ensure that regulatory focus is placed on high-risk or high-capacity premises.

Schedule 3: Investigation powers

Outlines the powers granted to enforcement authorities, such as the Security Industry Authority, to investigate compliance. These powers include inspecting premises, accessing documents and issuing notices for non-compliance. The aim is to ensure that premises meet the public protection requirements stipulated by the Act.

Schedule 4: Licensing: disclosure of plans of premises

Addresses the regulation of licensing practices to protect sensitive information. It limits the disclosure of plans for licensed premises to prevent their misuse in planning terrorist activities. It also allows the Secretary of State to regulate the form, content and access to such plans to enhance security.

Additional Notes on Implementation

Those responsible for qualifying premises or events will not be required to notify the SIA of their premises or events until the relevant sections of the Act take effect. The Home Office and SIA will release details of the notification process and implementation timetable before the duties commence.

The SIA will not charge fees for inspections or compliance advice. Where inspections identify areas of concern, the regulator will normally seek voluntary compliance before using any enforcement powers. For enhanced-tier premises or events operated by a company or organisation, a senior individual must be appointed to oversee compliance with the Act’s requirements.