Home Office issues new guidance on ‘Martyn’s Law’

The Home Office has issued new guidance on the Terrorism (Protection of Premises) Act 2025, known as ‘Martyn’s Law’ – presenting an opportunity for businesses and events organisers alike to start putting plans in place for the reforms taking effect. 

Contributors: Martin Bourne and Alisdair Williams. 

What is changing?

The Terrorism (Protection of Premises) Act 2025 – commonly known as ‘Martyn’s Law’ after one of the victims of the Manchester Arena terrorist attack – received Royal Assent in April 2025. Its purpose is to ensure that businesses and events organisers are better prepared so that, in the event of a terrorist attack, lives may be saved. 

While the Act is not expected to come into effect until 2027, the Home Office issued extensive guidance for businesses on 15 April 2026, providing worked examples and flowcharts to help premises operators and event organisers identify whether they fall within the scope of the Act, and understand their obligations – effectively marking the beginning of the countdown to formal implementation.  

Alongside the Home Office guidance, a public consultation has been launched by the appointed regulator, the Security Industry Authority, on its own Section 12 guidance on Martyn’s Law. The draft guidance sets out information on the Authority’s functions, including the use of its investigatory and enforcement powers.  

If you would like to contribute to the public consultation on the Security Industry Authority’s Section 12 guidance, you can do so here until 12 June 2026 (this consultation only relates to the Authority’s guidance, excluding the wider Home Office guidance issued on the same day). 

How could the changes impact your business?

The Act will affect qualifying businesses which have at least one building that is publicly accessible – including, but not limited to, retail, leisure, entertainment and healthcare settings. Obligations are split into ‘standard tier’ requirements (for those routinely expected to have 200 people or more on site, including staff), and additional ‘enhanced tier’ requirements (for those which host 800 or more people).  

Notable exemptions are provided for events held at premises wholly or mainly used for worship, childcare, primary, secondary, or further education which, due to special considerations, are not in-scope for qualifying events. However, the premises themselves may still be classed as qualifying premises for the purposes of the standard tier duty. 

If you are an operator of qualifying premises, or the organisers of any qualifying events, you will be under a legal duty to: 

• Notify the Security Industry Authority that you have become responsible for qualifying premises or a qualifying event (or that you have ceased to be responsible). 
• Ensure appropriate public protection procedures are in place, which must include procedures for evacuation, invacuation (within a premises), lockdown, and communication (alerting people to danger). 
• Co-ordinate with other responsible persons as required. 

If you are responsible for enhanced tier premises and qualifying events, you must additionally: 

• Ensure appropriate public protection measures are in place – including measures for detecting suspicious activity, plans for controlled movement of people, physical safety and security measures to mitigate against a theoretical attack, and ensuring security of operational information. 
• Document the procedures and measures that are in place, or that you plan to put in place, including an assessment of how they are expected to reduce the risk of physical harm to individuals and/or reduce the vulnerability of the premises or event. 
• Designate a senior individual within your organisation with responsibility for ensuring compliance (where the responsible person is an organisation). 
• Co-operate with the responsible person as required where you have control of premises but are not the responsible person. 

If you operate a premises that can reasonably expect fewer than 200 people at any given time, you may fall outside of the scope of the Act. However, even relatively modest operators with variable attendance numbers should think carefully about whether they exceed this threshold, even if only occasionally. 

While the Security Industry Authority is likely to use guidance, advice and warning notices to encourage compliance in the first instance and to promote a collaborative approach, it should be noted that there will be a civil penalty regime to deal with non-compliance. The Authority is also empowered to issue compliance notices (to compel compliance with the requirements) and restriction notices (to prohibit activities or events where there are serious deficiencies). Ignoring such notices can amount to a criminal offence – as can the provision of false or misleading information to the Security Industry Authority. While only summary, these offences are imprisonable – although an unlimited fine is more likely to be the usual consequence. 

What steps should you take to prepare?

Reviewing the Home Office’s official guidance is a vital preparatory step for any affected business ahead of the Act’s implementation. You should therefore: 

• Apply the known facts about the premises or event to the definitions and flowchart tests set out within Chapters 4 and 5 of the guidance to work out whether you meet the threshold and, if so, which tier applies. 
• Identify who is in control and has responsibility for complying with the Act if you operate in premises with different owners and occupiers, or premises with two or more uses; note that the Act expects parties to cooperate and coordinate in said circumstance, rather than trying to delegate responsibility. 
• Designate a senior individual within your organisation to be responsible for ensuring compliance and drafting policies and procedures. 
• Give serious thought to your obligations, and how these can best be met to reduce undue risk and disruption to your operations – for example, preparing relevant policies and procedures in good time ahead of the Act being formally implemented, noting that if you are subject to ‘enhanced tier’ obligations, significant preparation will be required. 
• If you are a qualifying business, it may also be prudent to check how your insurance policies may be impacted, and whether cover will be dependent on meeting specific standards. 

Key takeaways

1. Identify whether your premises or event falls within the scope of the Home Office guidance. 
2. Consider which personnel will be responsible for compliance with the Act. 
3. Start reviewing your policies and procedures ahead of the Act’s implementation. 

Please be advised that this is an update which we think may be of general interest to our wider client base. The insights are not intended to be exhaustive or targeted at specific sectors as such, and whilst we naturally take every care in putting our articles together, they should not be considered a substitute for obtaining proper legal advice on key issues which your business may face.