Martyn’s Law: Pragmatism vs Panic
Earlier this month RiskPal Chief Operating Officer, Tom Bacon, spoke at the ASIS Summer Seminar about the Terrorism (Protection of Premises) Act 2025, commonly known as Martyn’s Law. The presentation focused on three key themes:
- Recognising the unknowns
- Avoiding the hype
- Aligning with existing risk management practices
Here we explore each idea a bit further.
Current Status of the Act
Martyn’s Law received Royal Assent in April 2025 and it is expected that the Act will be legally enforceable from April next year, concluding a 24-month consultation period.
Ambiguities remain, particularly about the role of the Security Industry Association (SIA) as the regulatory and inspection authority and how businesses will interact with it; a public consultation on this only concluded earlier this month. It is the expected that the outcomes of this consultation will cast light on some of these remaining unknowns.
Don’t Panic
Lots of Martyn’s Law readiness tools and consultations are being promoted at present, perhaps somewhat prematurely. While preparedness is key, it would be prudent to see the outcomes of the SIA consultation and await more detail before finalising your plans.
There is already a lot of free material available and guided templates may still emerge later this year.
Remember that Martyn’s Law is not intended to impose additional costs on businesses and proportionality (although loosely defined) is a key principle of the Act. We also expect an initial grace period will be effective once the law comes into force, especially for smaller businesses and those falling inside the standard tier.
Breathe, You Are Probably Doing a Lot Already
Alignment is key. If your site or event falls into the enhanced tier, it is very likely you are already doing much of the work. Aligning your existing risk management processes with Martyn’s Law is the smart way to work, as many industry practitioners are already demonstrating. This approach will minimise cost, save you time and keep proportionality in check.
Making sure that security plans and staff training consider terrorist threat is key, but you do not need to create a whole new process for you and your team. Invacuation and evacuation processes, emergency communications, site security measures are standard elements of a security plan or fire risk assessment, for example. Some modifications to existing documentation will be needed, but don’t try and recreate the wheel.
If required to produce a risk assessment, it should include a clear executive summary explaining the reasoning and rationale for your enhanced tier definition and the related security measures will be employed. Outline your review periods and the triggers that will drive these reviews, for example a change in the government terrorism threat level, a new event or change in function at your site, or even just temporal reviews such as every 6 or 12 months.
What Now?
We are not endorsing burying your head in the sand and waiting until next year to review the Act, but rather advocate a pragmatic approach that avoids getting swept up in the hype surrounding the legislation.
Here are five recommendations for where you can begin:
If you don’t know already, understand your existing venue capacity and tier eligibility as defined by the Act, protect UK have issued some great decision trees and visual guides to help you: www.protectuk.police.uk/martyns-law/resources
Map your current risk management activities and think about any gaps you need to address. Review existing training programmes and gather supporting resources. Protect can again help you here: www.protectuk.police.uk/catalogue
Identify and communicate with coordinators and third parties. Several venues will have series of separate businesses under one roof, that already coordinate evacuation procedures. Ask your vendors what they are doing around Martyn’s Law; it’s fair to expect security guards to have minimal training standards, for example.
Know your responsible persons. You cannot outsource this. Understand that it is the organisation, not an individual, that is ultimately responsible for compliance. Clear allocation of tasks to individuals is still essential, however. Know your responsible persons. You cannot outsource this. Understand that it is the organisation, not an individual, that is ultimately responsible for compliance. Clear allocation of tasks to individuals is still essential, however.
Track legislative developments and SIA notices in the next six months and first quarter of next year. More clarity will emerge to help guide you on this journey.
Taking the Next Step
As Martyn's Law moves closer to implementation, organisations should focus on preparation, not panic. The most effective approach is likely to be one that builds on existing security, safety and risk management practices, rather than creating entirely new processes from scratch. By understanding your obligations, identifying any gaps and taking proportionate action, you can be well positioned for compliance when the legislation comes into force.
