How to Comply with Martyn's Law in Hospitality in the UK.

This article has been written by Pilla Founder, Liam Jones, click to email Liam directly, he reads every email.

Article Content

This article has been written by Pilla Founder, Liam Jones, click to email Liam directly, he reads every email.

TLDR; 

  • Martyn’s Law (Protect Duty) requires hospitality venues to assess and improve their protection against terrorism.
  • It applies to public venues with a capacity of 200+, including restaurants, hotels, pubs, bars, nightclubs, and event spaces.
  • There are three tiers:
  1. Exempt (1 + 199 capacity): No requirements
  2. Standard Tier (200–799 capacity): Requires a basic plan and staff training. 3. Enhanced Tier (800+ capacity): Requires a detailed security plan, risk assessments, and appointment of a “designated senior officer.”
  • There is a grace period of implementation until 2027 but you should getting ready now.
  • It's advisable that all businesses (even except businesses) carry out a terrorism risk assessment and staff training at a minimum. Use the pre-built Terrorism Risk Assessment Template in Pilla to decide on control measures. Then use the Terrorism Staff Briefing Template to record your staff training with teams.

With so much going on in hospitality at the moment, you may not have picked up on the new Terrorism laws in the UK. I'll use this article to lay out a brief history of how we got here over the last few years and then I'll explain what the law means for hospitality businesses and how you can comply in time.

Introduction: What is Martyn’s Law and Why Was It Introduced?

Martyn’s Law - formally the Terrorism (Protection of Premises) Act 2025 - is new UK legislation which aims to improve safety in public venues by requiring them to be prepared for terrorist attacks​.

It is often called the “Protect Duty” and is named in memory of Martyn Hett, one of the 22 people killed in the 2017 Manchester Arena bombing. Martyn’s mother, Figen Murray, campaigned for stronger venue security measures to prevent future tragedies, which was an important part of creating the legislation. The law is designed to boost security at public places after several terror incidents in the UK in recent years. Martyn’s Law will require those in charge of certain premises and events to consider the threat of terrorism and take appropriate steps to protect the public​. For hospitality businesses like restaurants, pubs, bars, hotels, nightclubs, and entertainment venues – this means security needs to be purposefully planned.

Martyn’s Law Timeline

Martyn’s Law became an Act of Parliament in 2025, but it is not immediately in force. Here’s the timeline of its development and when businesses need to comply:

  • 2017–2022: Following the Manchester Arena attack, public inquiries and campaigns highlighted the need for a “Protect Duty.” The government consulted with security experts, businesses, and victims’ families (including Martyn’s Law campaigners) to shape the law​. This groundwork ensured the law strikes a balance between improving security and avoiding undue burden on businesses​. 
  • May 2023: The government published a draft Terrorism (Protection of Premises) Bill (the basis of Martyn’s Law) and invited feedback. The draft was refined in response to public consultation and expert input.
  • September 2024: The Bill was formally introduced to Parliament. It went through the House of Commons and Lords with broad support.
  • April 2025: Martyn’s Law received Royal Assent on 3 April 2025, becoming law. At this point it is officially the Terrorism (Protection of Premises) Act 2025. However, the new duties do not apply immediately. The government has announced an implementation period of at least 24 months before the Act’s requirements come into force. This grace period (likely until 2027) allows time to set up the regulator and for businesses to prepare and train staff before the rules become legally enforceable.

What does this mean for hospitality owners? In 2025 and 2026, you should prepare for Martyn’s Law, but actual enforcement is only expected to begin around 2027. Use this lead time to get ready, as outlined below. The long lead-in reflects the scale of change – the Home Office estimates over 250,000 premises across the UK will be need to comply with Martyn’s Law​

Which Hospitality Businesses Are Affected? (Scope and Thresholds)

Martyn’s Law applies to “public premises” that meet certain criteria. In the hospitality sector, this includes a wide range of venues – but only if they are above a size threshold. The Act deliberately targets locations where a significant number of people gather. Key points about who is in scope:

  • Types of Venues Covered: The law covers venues “wholly or mainly used” for specified activities listed in Schedule 1 of the Act​. This list explicitly includes hospitality and leisure uses – for example, restaurants, cafes, bars, pubs, nightclubs, hotels, shops, theatres, cinemas, concert halls, sports grounds, and other entertainment or visitor attractions​. In practice, if your business invites the general public onto the premises for dining, drinking, accommodation, entertainment or similar, it is likely a qualifying use. (Even retail shops are included, but we will focus on hospitality settings here.) Hotels are included​ as well as clubs and live music venues - the Act uses examples like a sports ground or a hotel when defining responsible persons). This means everything from a large nightclub to a busy city-centre restaurant could be covered if it meets the size test.
  • Size Threshold “200+ People” Rule: A venue must be of a certain size before Martyn’s Law duties apply. The Act’s threshold is 200 people. This means the venue is included if it is reasonable to expect 200 or more people may be present at the same time (even occasionally)​. This headcount includes staff, customers, and guests. This is akin to the venue’s maximum occupancy or typical peak crowd size. If your restaurant, bar or hotel is small enough that it never holds 200 people at once, it will not be legally required to implement Martyn’s Law measures. For example, a cafe with 50 seats or a small B&B will be below the threshold. But a pub with a capacity of 250, or a mid-sized restaurant that can seat 200+ diners (including staff on site), would fall under Martyn’s Law. Many nightclubs, food halls, conference venues, and large restaurants easily cross 200 people on busy days.
  • Large Venue Threshold (800+): The law establishes a two-tier system based on venue size. Venues expecting 200–799 people are classed in the “Standard Duty” tier. Venues that can host 800 or more people at once are classed in the “Enhanced Duty” tier​. If your establishment’s capacity is 800 or above (including staff and guests), you will have additional obligations. In hospitality, examples of enhanced-tier premises could be large nightclubs, major concert venues, big hotels with conference centres, arenas, or huge restaurants in event spaces. The 800 threshold also applies to certain large temporary events – for instance, an outdoor festival or fair would be an “enhanced” qualifying event if 800+ people attend and entry is controlled (e.g. ticketed)​. Most hospitality businesses will either fall in Standard tier (if 200–799 capacity) or be excluded (if under 200), but the biggest venues will be Enhanced tier.
  • Public Access Requirement: The venue must be open to the public (or have a “qualifying paying audience”) to trigger Martyn’s Law. Private venues or events are not covered. For example, a private members’ club or an invitation-only wedding venue might be excluded if the general public cannot enter. Similarly, private office buildings or staff-only facilities are not included. Martyn’s Law is about publicly accessible locations. For most hospitality businesses this is straightforward – if you welcome members of the public or paying customers (whether walk-in or ticketed), it counts. The law also lists some exclusions in Schedule 2 (places that are excluded even if large), such as certain government facilities and transport hubs that are covered by other security regulations​. But typical hospitality venues are not excluded – they will have to comply if they meet the size criteria.

In summary: Hospitality and entertainment venues with a capacity of 200 or more people need to comply with Martyn’s Law​. Smaller businesses under that size are not legally obliged, though they may still consider voluntary good practices. Within those in scope, venues under 800 capacity have basic duties (standard tier) and the 800+ crowd venues have enhanced duties.

Martyn’s Law sets out specific security requirements that affected venues must fulfil. These can be seen as building on good safety practices many businesses already do (similar to fire safety or emergency planning, but focused on terror threats). The law’s requirements are proportionate to venue size:

Standard Tier Duties (Venues with 200–799 Capacity)

If your restaurant, pub, bar, hotel or other venue falls into the Standard Duty tier, you will be required to implement a few core measures aimed at improving preparedness. These are deliberately simple, low-cost actions that almost any business can take​. The focus is on planning and training, not expensive new equipment. Standard-tier hospitality venues must:

  • Register with the Regulator: Notify the authorities that your premises is included. The law will require the responsible person to notify the Security Industry Authority (SIA) (the designated regulator for Martyn’s Law) that they are responsible for a qualifying venue​. In practice, this likely means an online registration or form where you provide details of your venue. This creates an official record that your site falls under Martyn’s Law duties.
  • Have a Terrorism Response Plan (“Public Protection Procedures”): Every standard-tier venue must develop and maintain appropriate procedures to protect staff and guests in the event of a terrorist attack​. This is essentially an emergency plan specific to terrorism scenarios – very much like a fire emergency plan, but for intentional attacks. The law calls these “public protection procedures.” They should cover actions staff would take if an attack occurs either on the premises or nearby​. Key components of these procedures include: how to evacuate people to safety, how to invacuate or shelter-in-place (moving people to a secure area inside, if fleeing isn’t safe), how to lockdown the site (securing doors, shutting gates or shutters to prevent the attacker accessing more victims), and how to communicate with people on-site during the crisis​. Essentially, staff should know what to do immediately if an attack happens – for example, understanding routes for a quick evacuation, or how to secure customers in a back room behind locked doors until police arrive. The procedures need to be put in place “so far as reasonably practicable,” meaning they should be tailored to what makes sense for your venue’s layout and operations​.
  • Staff Training and Awareness: While the Act doesn’t specifically list “training” as a separate requirement, it’s implied – having a plan on paper is useless if your team doesn’t know about it. So, hospitality businesses will need to train their staff on the terrorism response procedures and possibly conduct drills or briefings, much as they do for fire evacuation. For instance, your staff should all know the signals or codewords for a lockdown, the locations of emergency exits and muster points, and how to guide customers to safety. The government is developing detailed guidance to help with this (and offers free training resources like the ACT Awareness e-learning). Industry experts note that mandatory security training for venue operators and staff is a key component of Martyn’s Law’s intent​. This may involve basic counter-terrorism awareness (spotting suspicious behavior or items) and knowing how to respond under stress. Make sure to include counter-terror scenarios in your existing emergency training program.
  • No Expensive Physical Measures Required: Importantly, standard-tier venues are not required to install new physical security infrastructure by law. The Act explicitly does not mandate any physical measures for standard duty premises. The emphasis is on procedural readiness (which largely involves time and training, not money). So, you won’t be forced to purchase metal detectors, hire security guards, or build new barriers if you’re in this tier. Of course, you may voluntarily enhance security, but Martyn’s Law does not compel smaller venues to implement equipment or structural changes. Simple, common-sense steps can be effective – for example, knowing how to quickly lock the front door and move people away from windows could save lives in an attack. As the official guidance notes, even low-cost actions like locking doors, closing shutters, or identifying safe hiding places can reduce harm in the event of terrorism.

Overall, for standard-tier hospitality businesses, compliance will mainly mean registering your venue, assessing terrorism risks, creating a plan, and training your staff on it. These measures are intended to integrate with your existing safety plans with minimal cost. The goal is to make sure that if the worst happens, your team isn’t caught completely off guard and can act swiftly to protect patrons.

Enhanced Tier Duties (Venues with 800+ Capacity)

If your venue is large enough to fall into the Enhanced Duty tier, the law imposes additional requirements on top of the standard ones. This reflects the greater potential impact of an attack on a crowded, high-capacity venue (and possibly the greater attractiveness such targets have to terrorists). Enhanced-tier hospitality venues (e.g. large nightclubs, concert halls, stadiums, big hotels with events spaces) must do all the standard-tier steps plus:

  • Implement “Public Protection Measures” (Security Mitigations) In addition to having emergency procedures, enhanced venues are required to take proactive steps to reduce the venue’s vulnerability to terrorist attacks​. The law calls these additional steps public protection measures. Essentially, this means doing a risk assessment and then putting in place security measures (whether physical or personnel/process measures) that are appropriate to your venue’s risks​. For example, an enhanced-tier nightclub or arena might install CCTV camera systems or improve existing ones for better monitoring of crowds​. They might establish bag checks or security screening at entry points to prevent weapons or explosives from being brought in. **Other measures could include alarm systems, secure door locks, blast-resistant bins (to mitigate bomb risk), vehicle barriers outside to prevent ramming attacks, hiring trained security staff or stewards, and so on – the exact measures should be driven by a terrorism risk assessment. The law requires that these measures be “appropriate and proportionate” and “so far as reasonably practicable”​ – meaning you should take sensible precautions that make sense for your venue, but you’re not expected to eliminate all risk or bankrupt the business with overly extreme measures. The key is to think ahead about how an attacker might target your venue and put layers of defence or deterrence in place (in addition to the response procedures).

As an example, a large sports arena might decide to use metal detectors and restrict bag sizes for spectators, whereas a big hotel might focus on CCTV, staff security training, and controlling access to back-of-house areas – each venue’s measures will differ. The Act specifically mentions “monitoring of the premises and their immediate vicinity” as an example requirement for enhanced sites​, implying that keeping an eye on what’s happening (via cameras or patrols) is a basic expectation at larger venues.

  • Document the Security Plan (Security Plan Document):** Enhanced-tier venues will need to create a written security plan or assessment document and provide it to the SIA regulator​. This document should detail the venue’s public protection procedures (the emergency response plan) and the public protection measures (the preventive security mitigations) that are in place or planned. Crucially, it must include an assessment or rationale explaining how these measures reduce the venue’s vulnerability and risks​. In practice, this is like a combined risk assessment and action plan. Hospitality operators will likely recognise this as similar to documentation they prepare for fire safety or health and safety audits – you’ll need to show you have thought through the threats and have a coherent plan. For example, the document might state: “We have assessed the risk of a person bringing an improvised explosive device into the club. To mitigate this, we have implemented bag checks and installed X-ray scanners at the entrance, which we believe will deter and detect such threats. In addition, our staff are trained in what to do if they spot a suspicious package…” etc. This written plan is submitted to the regulator, both as proof of compliance and so that the regulator can review if your measures seem adequate. It’s effectively a terrorism security risk assessment report for your venue. Keeping it up to date will also be important (e.g. if your venue undergoes major changes or new threats emerge).
  • Designate a Senior Officer for Compliance: For larger organisations (where the “responsible person” is not a single individual owner but a company or partnership), the Act requires assigning a “Designated Senior Individual” to oversee Martyn’s Law compliance​. This means in a corporate setting, someone at a senior level (e.g. a director or senior manager) must be named as accountable for ensuring the venue meets its security duties. In a hotel chain or nightclub group, for instance, a director of operations or a general manager might be designated. The idea is to embed responsibility at leadership level, not just leaving it to junior staff. In a smaller owner-operated venue, the owner or manager themselves would inherently be the responsible person. In any case, leadership should be engaged – making sure budgets, policies, and culture support the security measures and training needed. Many businesses may form internal “Protect Duty” teams or appoint their Security Manager or Health & Safety Manager to take on this role under senior oversight.

To summarise, enhanced-tier venues must go a step further by actively hardening their security (within reason) and maintaining documentation of their plans. They will effectively be expected to conduct a formal risk assessment of terrorist threats and implement reasonable security upgrades to address those threats​

You can use your fire safety maximum occupancy figures or past footfall data to determine if you meet 200 or 800 people thresholds​. If you run multiple smaller venues (franchise or chain sites), the law applies to each physical premises individually – you don’t sum up all your sites’ visitors. Also, an important nuance: if you host occasional large events (say your hotel usually has 150 guests, but once a year holds a 1000-person conference), the event itself might trigger enhanced requirements. The Act covers qualifying events too – a temporary event at a normally smaller venue could be treated as enhanced if it has 800+ attendees and controlled entry. So plan accordingly for big one-off happenings.

Practical Steps for Hospitality Operators to Prepare and Comply

Start preparing now so you are ready when the law comes into force. Here is a practical step-by-step guide:

Assess Your Venue’s Status: Determine if Martyn’s Law will apply to you. Check your venue type and capacity against the criteria: Is your venue open to the public or do you host public events? Do you reasonably expect 200 or more people on-site at once (including staff and customers) during peak times? If yes, you’re in scope (and if 800+ at once, you’ll be in the enhanced tier). If no, the law won’t mandate anything – though even out-of-scope venues may voluntarily adopt some safety measures as best practice. If you have multiple venues, do this for each location. Also consider any large events you run (fairs, festivals, etc).

Conduct a Terrorism Risk Assessment: Treat this similar to a fire risk assessment, but focusing on malicious attack scenarios. Walk through "what if" scenarios for terror threats at your venue:

  • Identify potential threats relevant to your venue type – e.g. a bomb left in the lobby, a knife attack in the bar area, a vehicular attack on an outdoor seating area, a hostage situation, etc. Consider both internal threats and ones just outside that could spill in.
  • Evaluate vulnerabilities: How might an attacker exploit your venue? Do you have unsecured entry points? Crowded choke-points? Iconic status? List weaknesses.
  • Assess impact: Think about worst-case consequences (casualties, evacuation difficulties) in each scenario.
  • This doesn't need to be complex – you can use available templates or guidance. The goal is to highlight where your venue could improve security and to form the basis of your plan. Many venues may find they already have partial measures (like CCTV, emergency exits) and just need to formalise procedures.

Examples: Small vs. Large Venue Expectations

To illustrate the difference in practical expectations, let’s compare two hospitality scenarios:

  • Small Restaurant/Pub (Standard Tier): Imagine a restaurant that can seat 250 guests (plus staff) at full capacity. Under Martyn’s Law, it falls in the standard tier. The owners would prepare a simple terrorism response plan and train their team on it. For instance, if a violent incident happened at the front door, staff might be trained to hit a panic alarm and usher diners to the kitchen or out an emergency exit in the back. They could designate a cook or manager to quickly lock the front entrance and pull down any shutters to slow an attacker. They might not add any new hardware beyond what they already have – no metal detectors or extra guards – because the law doesn’t demand physical measures at this level​.

The main investment is staff time: discussing scenarios in staff meetings, doing a brief drill, and ensuring everyone knows the plan. The venue would then register with the SIA when required and keep its procedure document handy. In day-to-day operations, customers might not even notice anything different, except perhaps a staff member a bit more alert to unattended bags. The impact on the small venue’s budget is minimal, but there’s a cultural shift to be prepared. In the unfortunate event of an attack, these basic steps could save lives by enabling a rapid, confident response.

  • Large Nightclub/Music Venue (Enhanced Tier): Now consider a large nightclub that holds 1,200 people on a busy night, or an events venue hosting concerts for 1,000 attendees. This falls in the enhanced tier, so the expectations are higher. Management would likely conduct a thorough professional risk assessment – possibly consulting security experts – to identify vulnerabilities. They might decide to invest in robust security measures: for example, installing airport-style scanners or pat-down searches at entry, employing a team of SIA-licensed security personnel for every event, using metal-detecting wands, and expanding their CCTV coverage to eliminate blind spots​.

They would create a detailed security operations plan, coordinating with local police for major events (e.g. having police presence on standby). Regular training would be given to bouncers and staff on emergency evacuation and suspect detection. The venue might implement tech solutions like a people-counting system to avoid overcrowding (since overcrowding can amplify risk during evacuations). All these actions would be compiled into a security plan document that the venue submits to the SIA regulator, explaining how each measure addresses specific risks​. 

The nightclub’s patrons might notice some of these changes: maybe slightly longer entry queues due to security checks, or announcements about security procedures before a show. While these measures come at a cost (both financial and operational), they are now a compliance matter. In return, the venue drastically improves its readiness to prevent or respond to an attack – potentially deterring would-be attackers entirely due to visible security. Enhanced tier venues essentially operate with an added layer of professionalism in security, similar to what one might experience at a sports stadium or large festival. The law will ensure even night-time economy venues treat counter-terror security with the same seriousness as they do other safety rules.

These examples show that Martyn’s Law is scalable: a small business can comply with a modest effort, whereas a large venue will invest more in security infrastructure and planning. The overarching principle is that every public venue, big or small, should have a plan for terrorism – but the depth of measures should match the scale of risk.

Enforcement, Penalties and Inspections

Martyn’s Law will be backed by legal enforcement to ensure businesses take the duty seriously. Compliance is not optional – once in force, venues that ignore the requirements could face consequences. Here’s how enforcement will work:

  • **Regulator: **The UK Security Industry Authority (SIA) will serve as the regulator for Martyn’s Law​. A new regulatory function within the SIA is being established specifically for this law. The SIA is the body that already regulates security guards and contractors; under Martyn’s Law it will also oversee venue security compliance. The SIA’s role will be twofold: support and guidance to help businesses comply, and compliance monitoring and enforcement actions when needed​.
  • Support First: The intention is for the regulator to educate and support businesses rather than immediately punish. The SIA will provide advice, publish guidance, and likely have outreach programs for industries like hospitality to raise awareness​. During the implementation period (the first 2 years), expect a focus on helping venues get up to speed. The regulator will develop statutory guidance (approved by the Home Secretary) on how it will exercise its powers​– so there will be clarity on what is expected and how compliance will be measured.
  • Inspections and Information Requests: Once the law is in force, the SIA will have the power to inspect premises to check if Martyn’s Law measures are in place. Much like a fire officer or health inspector might visit a site, SIA inspectors (or authorized personnel) can visit your restaurant, hotel, or club to review your security plan, inspect physical measures, and interview management/staff about procedures. They might also perform audits of documentation – for enhanced tier venues, they will review the submitted security plan documents. Spot checks or visits could be random or triggered by specific intelligence/complaints. It’s wise to keep your documentation updated and accessible, and ensure staff are practicing the procedures, in case of an inspection. Enforcement Actions: If a venue is found to be non-compliant (e.g. not having any plan at all, failing to train staff, or not implementing required measures), the SIA can issue enforcement notices. Under the Act, the regulator’s tools include: Compliance Notice: Essentially an official warning requiring the venue to fix an issue by a certain deadline​. For example, if an inspector finds you have no documented procedures, they might give you a notice to create one within a few weeks. Remedial Action/Improvement Notice: Similar to above, possibly detailing specific steps to take. Monetary Penalty: The SIA can impose fines for serious or persistent non-compliance​ The exact fine levels are expected to be set out in regulations or guidance. While we don’t have the figures yet, these could potentially be significant (for instance, health & safety law can levy fines in the tens of thousands or more for breaches). Fines act as a deterrent and punishment if a business blatantly disregards the law. Restriction or Closure Notice: In extreme cases, the regulator can issue a “restriction notice” which might place limitations on the venue’s operations​. This could even force a venue to temporarily close or reduce its capacity until security improvements are made (for example, prohibiting a nightclub from hosting events above 200 people if it hasn’t complied with enhanced measures). This is a powerful tool to prevent unsafe events from continuing. Criminal Offences: The Act also includes certain criminal offences for the most severe breaches​. While details are to be confirmed, this likely means if someone willfully fails to comply with a compliance notice or obstructs the regulator, they could face prosecution. This could lead to a court-imposed fine or other penalties. It’s akin to how willful breaches of fire safety can result in criminal charges against owners/operators. The inclusion of criminal sanctions underscores that the government views this duty as critically important – ignoring it could be treated with the same severity as neglecting other life-safety laws.- Compliance Notice: Essentially an official warning requiring the venue to fix an issue by a certain deadline​. For example, if an inspector finds you have no documented procedures, they might give you a notice to create one within a few weeks.
  • Remedial Action/Improvement Notice: Similar to above, possibly detailing specific steps to take.
  • Monetary Penalty: The SIA can impose fines for serious or persistent non-compliance​. The exact fine levels are expected to be set out in regulations or guidance. While we don’t have the figures yet, these could potentially be significant (for instance, health & safety law can levy fines in the tens of thousands or more for breaches). Fines act as a deterrent and punishment if a business blatantly disregards the law.
  • Restriction or Closure Notice: In extreme cases, the regulator can issue a “restriction notice” which might place limitations on the venue’s operations​. This could even force a venue to temporarily close or reduce its capacity until security improvements are made (for example, prohibiting a nightclub from hosting events above 200 people if it hasn’t complied with enhanced measures). This is a powerful tool to prevent unsafe events from continuing.
  • Criminal Offences: The Act also includes certain criminal offences for the most severe breaches​.. While details are to be confirmed, this likely means if someone willfully fails to comply with a compliance notice or obstructs the regulator, they could face prosecution. This could lead to a court-imposed fine or other penalties. It’s akin to how wilful breaches of fire safety can result in criminal charges against owners/operators. The inclusion of criminal sanctions underscores that the government views this duty as critically important – ignoring it could be treated with the same severity as neglecting other life-safety laws.
  • Proportional Enforcement: The enforcement approach will be risk-based and proportional. Venues that earnestly try to comply should not fear draconian action for minor slip-ups. The SIA’s first aim is to “support, advise and guide” those responsible​. Expect that if you can show you’re making efforts – you’ve notified the SIA, you have a plan, you train staff – the regulator will act as a partner to help you improve further. Penalties are more likely if a venue is ignoring the law or has repeated, serious failings. For example, a nightclub that refuses to implement any security, and then has a near-miss incident, would attract strong enforcement.
  • Licensing and Insurance Implications: While not directly part of Martyn’s Law, it’s worth noting that compliance might become tied into other systems. Local authorities that issue event licenses or alcohol licenses may incorporate Martyn’s Law requirements into their conditions in the future. Insurers may also expect venues to comply as part of public liability coverage. In short, beyond avoiding fines, following Martyn’s Law could be important for keeping your license to operate and maintaining insurance.

Hospitality businesses should view the regulator not as an enemy but as a resource. By engaging with the SIA’s guidance and complying with notices, you not only avoid penalties but also make your venue safer. In fact, demonstrating a good security culture could become a competitive advantage, reassuring your guests that you prioritize their safety.

Official Guidance and Resources

As Martyn’s Law moves from legislation to implementation, hospitality businesses are encouraged to consult official resources for detailed guidance. Here are some key references and tools:

UK Government Factsheets and Legislation: The Home Office has published Martyn’s Law factsheets that summarise the Act’s provisions. These are available on GOV.UK and outline scope, requirements, and enforcement in plain language. The full text of the Terrorism (Protection of Premises) Act 2025 can also be found via official websites, which provides legal definitions (Schedule 1 lists all the types of premises in scope, Schedule 2 lists exclusions, etc.). While the legal text is dense, the accompanying explanatory notes and factsheets are very helpful for practical understanding.

ProtectUK Website: ProtectUK (managed by the National Counter Terrorism Security Office) is an online portal with advice on protective security for businesses. They have a section dedicated to Martyn’s Law updates and will be a primary source of guidance going forward. ProtectUK offers free e-learning (the ACT courses), toolkits, and news updates on threats. It’s wise to sign up for ProtectUK bulletins or check their “Martyn’s Law Hub” for new guidance documents, templates for risk assessments, and best practices tailored to different sectors (including hospitality).

National Protective Security Authority (NPSA): NPSA (formerly known as CPNI) provides guidance on physical and personnel security. Their website has guidance on protecting crowded places and has noted the introduction of the Bill. They also maintain the Catalogue of Security Equipment (CSE) – useful if you’re considering investing in things like screening equipment or blast-resistant materials.

Industry Associations: Organisations such as UKHospitality, the British Hospitality Association, and the Night Time Industries Association are actively engaged with the government on Martyn’s Law. They often publish sector-specific advice, case studies, or host webinars on compliance. Joining these associations or at least following their updates can provide practical insights from a business perspective. Some have been lobbying for clarity on how the law applies to smaller venues, so they may have FAQs or templates once the regulator issues guidance.

Local Authorities and Police CTSAs: Your local council’s licensing department might provide briefings about Martyn’s Law, especially if you run large events. More directly, your regional Counter Terrorism Security Advisor (CTSA) – a police liaison officer – is available to help businesses. They can conduct a site security survey and recommend measures (this service is usually free). Consider reaching out to them; they are at the forefront of helping venues adapt to the Protect Duty.

Training Programs: Look into accredited training related to Martyn’s Law. The government is working on a “Competent Person” scheme to certify those responsible for implementing Martyn’s Law. Updates can be found via Pool Re. This may include a Level 3 qualification for individuals in charge of security in their organisation, and a register of security specialists you can consult. While details are emerging, it signals that there will be formal training courses and recognised experts to help businesses. In the meantime, the free ACT (Action Counters Terrorism) Awareness e-learning and ACT Security training modules are excellent resources to train staff in recognising and responding to threats.

Draft to Final Legislation Changes: If you had been following the draft Bill (2023 version), note that some details like thresholds were updated. For instance, the capacity threshold was set to 100 in earlier discussions but raised to 200 in the final Act (to exclude very small venues). ProtectUK has the most up-to-date information. The final Act and Home Office factsheet reflect the current requirements, so rely on those official sources over older draft info.

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is the difference between Standard and Enhanced Tier venues under Martyn's Law?
Martyn's Law categorises venues into Standard and Enhanced Tiers based on their capacity.
Read more →
Which hospitality businesses must comply with Martyn's Law?
Hospitality businesses that anticipate hosting 200 or more individuals, including staff and customers, simultaneously must comply with Martyn's Law.
Read more →
What is Martyn's Law and why was it introduced?
Martyn's Law, officially known as the Terrorism (Protection of Premises) Act 2025, is UK legislation aimed at enhancing security in public venues to mitigate terrorist threats.
Read more →
When does Martyn's Law come into force?
Martyn's Law, officially known as the Terrorism (Protection of Premises) Act 2025, was granted Royal Assent on 3rd April 2025. However, its requirements will not become enforceable immediately.
Read more →
How should hospitality operators prepare for Martyn's Law?
To prepare for Martyn's Law, hospitality operators should understand the law's requirements and implement compliance measures.
Read more →
Who should be responsible for Martyn's Law compliance?
Responsibility for Martyn's Law compliance typically falls to key figures such as the owner, licensee, general manager, or event organiser in a hospitality business.
Read more →
How should hospitality businesses train staff under Martyn's Law?
Hospitality businesses must ensure staff are comprehensively trained to respond to terrorism threats under Martyn's Law.
Read more →
What are the Enhanced Tier requirements for large venues under Martyn's Law?
Under Martyn's Law, large venues that can host 800 or more people must comply with Enhanced Tier security requirements.
Read more →
What are the Standard Tier requirements for hospitality venues under Martyn's Law?
If your hospitality venue, such as a restaurant, bar, or hotel, accommodates between 200 and 799 people at any one time, it is required to adhere to the Standard Tier of Martyn's Law.
Read more →
What practical steps can venues take to comply with Martyn's Law?
To comply with Martyn's Law, venues should start by assessing if they fall under the law based on capacity and public access.
Read more →
How will Martyn's Law be enforced?
The UK Security Industry Authority (SIA) will oversee the enforcement of Martyn's Law, including monitoring compliance and ensuring that venues meet the law's requirements.
Read more →
What documentation is needed to demonstrate compliance under Martyn's Law?
Under Martyn's Law, all venues are required to maintain essential documentation to demonstrate legal compliance.
Read more →
What are the potential consequences for hospitality businesses that fail to comply with Martyn's Law?
Hospitality businesses that do not comply with Martyn's Law can face stiff penalties including fines, enforcement notices, and possible closure.
Read more →
How does compliance differ between small and large venues under Martyn's Law?
Under Martyn's Law, the compliance requirements differ based on the venue size.
Read more →
How can hospitality operators stay informed about Martyn's Law?
Hospitality operators should stay informed about Martyn's Law by regularly checking official websites like GOV.UK and ProtectUK, and subscribing to updates from relevant authorities.
Read more →