Martyn’s Law is here. Are you ready? 

Overview 

The events and venues industry has faced significant disruption over the past decade from COVID-19 to the Manchester Arena attack in 2017. But while operational resilience has improved, counter-terrorism preparedness has remained inconsistent. 

Martyn’s Law changes that permanently and with legal force.  

The threat landscape remains complex and evolving, with a broad range of locations potentially at risk. It is not possible to predict where an attack may occur in the UK, or which premises or events may be impacted, whether directly or indirectly. 

Counter-terrorism preparedness in the UK has historically fallen behind areas like health and safety, where clear legal standards exist. Despite improvements across the sector, the absence of legislation has resulted in inconsistent approaches and uneven outcomes. 

The introduction of the Terrorism (Protection of Premises) Act 2025 commonly known as, Martyn’s Law, now addresses these standards. And it’s thanks to the tireless campaigning by Figen Murray, mother of one of the victims Martyn Hett, from the horrific Manchester Arena Attack in 2017, that this Act received Royal Assent on Thursday 3 April 2025. 

The industry must not only continue with their safety and security measures, but now they must demonstrate they have taken appropriate and reasonably practicable steps to reduce harm. 

Put simply, Martyn’s Law shifts security from something organisations should do to something they must prove they have done. 

Security was always expected but now it’s enforceable 

Martyn’s Law is set to transform the way public venues and events across the UK approach security and preparedness for terrorist threats. 

While we wait for the Act to come into force, venues and organisers have already started identifying which sites and activities fall within scope, what practical steps are needed for compliance, and how to ensure related technologies such as facial recognition, are secure and legally compliant. 

What Martyn’s Law requires 

Before Martyn’s Law, there was no consistent, enforceable standard for counter-terrorism preparedness across publicly accessible premises. 

Now, as set out by the UK Home Office, at its core, the legislation introduces a minimum legal standard for protective security across public venues and events. Crucially, this is not a one-time exercise it’s an ongoing obligation to maintain, evidence and improve preparedness. 

The legislation is not based on the likelihood of an attack, but on the assumption that an attack could occur anywhere, requiring consistent preparedness across all in-scope locations. 

Organisations responsible for publicly accessible locations must be able to demonstrate, clearly and consistently that they have taken the legally mandated steps to protect the public. 

Qualifying premises and events now fall into two tiers: 

• Standard Tier: 200–799 people (including staff) may be present at the same time 
• Enhanced Tier: 800+ people (including staff) may be present at the same time 

These thresholds apply where it is reasonable to expect these numbers “from time to time”, not just in peak or one-off scenarios.  

And with these classifications comes clear obligations. 

Baseline requirements for Standard Tier 

Organisations must: 

• Register and engage with the regulator. The Security Industry Authority (SIA)  
• Implement documented public protection procedures (evacuation, invacuation, lockdown, and communication), ensuring staff understand how to act 

Enhanced Tier requirements (higher risk environments) 

In addition to the Standard Tier requirements, larger venues and events, expectations increase significantly: 

• Implement public protection measures to reduce both vulnerability to attack and harm if an attack occurs 
• Assess and document the specific vulnerabilities of the premises or event
• Control movement and access 
• Secure information and physical environments 
• Document all procedures and provide them to the SIA 
• Assign a senior accountable individual 

This is a fundamental shift. Security is no longer just about having plans, it’s about being able to evidence them, operationalise them, and defend them. 

These requirements move organisations from planning for incidents to being accountable for how effectively they can respond to them. 

The timeline reality: compliance won’t be instant 

While the Act is now established, implementation is expected to be phased, with organisations needing time to: 

• Assess whether they fall into scope 
• Conduct vulnerability and risk assessments 
• Build and document mitigation plans 
• Train staff and embed procedures 

However, organisations should not wait for legal enforcement to begin (expected from April 2027). But they are strongly encouraged to begin aligning with the principle of acting “so far as reasonably practicable” in preparation for compliance. 

The real risk: non-compliance is no longer theoretical 

Historically, failure in protective security often resulted in reputational damage but now under Martyn’s Law, the consequences can be far greater. 

Organisations will face enforcements carried out by the Security Industry Authority (SIA), including powers to issue compliance notices, restriction notices, potential criminal liability for senior leadership and financial penalties. 

In the event of an incident, organisations could face broader legal exposure, as failure to take reasonable steps may lead to criminal prosecution, negligence claims, health & safety enforcement, and insurance complications. 

The hidden challenge: it’s not about plans, it’s about people 

Most organisations already have risk assessments, emergency procedures and security policies but when an incident occurs can you confidently demonstrate that those plans will be executed and prove it under scrutiny? Because under the Act: 

• Staff must be trained and competent  
• Contractors must be vetted and controlled  
• Procedures must be understood and actionable 
• Evidence must exist to demonstrate all the above, at the point of inspection or investigation

As often quoted by The National Counter Terrorism Security Office (NaCTSO)…

“No matter how much you spend on physical measures, it is your people who can either let you down or provide your best defence.” 

This reflects the Act’s emphasis on procedures being practical, understood, and executable by staff, not just documented. 

And it is the point at which having the right partner, organisations can identify any gaps or challenges in planning and execution to ensure staff are well-trained, training is validated and compliance is continuous. 

Where Accredit OS and Induct come in

Martyn’s Law doesn’t prescribe specific technologies, but it does create a requirement for: 

• Workforce readiness 
• Training validation 
• Audit-ready documentation 
• Clear accountability across all parties 

This is where structured accreditation and induction systems become critical, providing organisations with control, consistency, and the evidence required to demonstrate compliance. 

In practice, effective approaches enable organisations to:   

• Ensure every individual is trained before access is granted 
• Maintain real-time records of competence and induction status 
• Control contractor onboarding and compliance 
• Provide instant audit evidence during inspections or investigations 

This is particularly important in environments like events and venues where workforces are temporary and high-volume, roles change frequently and multiple organisations operate simultaneously 

Without a structured system, compliance becomes fragmented and is not defensible under scrutiny.  

The opportunity: from obligation to operational advantage 

Organisations that treat Martyn’s Law as a compliance exercise or as another regulatory burden will meet the minimum. But those that treat it as an operational framework will gain a measurable advantage. 

When it’s done properly, compliance delivers: 

• Clear visibility of who is on-site and why 
• Faster, more consistent onboarding 
• Reduced insider risk 
• Improved coordination across teams and partners 
• Confidence at leadership level 

This aligns with a broader shift already happening in the industry from managing credentials to governing trust across the workforce. It also reinforces the need for a strong security culture, driven from leadership and embedded across all staff and partners.  

Martyn’s Law simply accelerates that shift and platforms like Accredit OS  and Induct enable this at scale turning workforce compliance into a controlled, auditable system rather than a fragmented administrative process. 

Final thought: compliance is about confidence 

The spirit of Martyn’s Law is about preparedness and prevention, and it exists because history showed that voluntary action wasn’t enough. So, now, organisations have a choice: 

• Treat compliance as a checkbox exercise 
• Or treat it as a foundation for operational control and leadership confidence 

Under Martyn’s Law, systems that manage workforce readiness, accreditation, and evidence are no longer operational nice-to-haves, they’re becoming core components of a defensible security strategy. 

If you’re assessing your readiness for Martyn’s Law, start with one question, ‘can you evidence, in minutes, who was trained, vetted, and authorised at any given time?’ 

If not, that’s where your risk begins and it’s where the right system becomes critical.  

To discuss further or for more information, visit https://www.accredit-solutions.com/accredit-induct/ 

Coming soon: Our free quick self-assessment checklist to help you see how prepared you are for Martyn’s law 

Resources 

Protect Duty UK 

Home Office