# Martyn’s Law Compliance: What Organizations in Scope Need to Do Now

> Learn how organizations can prepare for Martyn's Law compliance with threat awareness, risk assessment, preparedness procedures, and audit-ready security workflows.

**Published:** Jun 24, 2026  
**Topics:** Event and Executive Protection

---

In our previous post, [Martyn’s Law: Using Babel Street Insights for Threat Awareness and Preparedness](https://www.babelstreet.com/blog/martyns-law-using-babel-street-insights-for-threat-awareness-and-preparedness), we focused primarily on event venues. But the reality of Martyn’s Law is much broader. The Terrorism (Protection of Premises) Act 2025 applies to a wide range of publicly accessible premises and events, including shops, food-and-drink venues, entertainment and leisure sites, hotels, libraries, museums and galleries, visitor attractions, healthcare facilities, schools, further-education institutions, higher-education institutions, and public authorities, among others. [1]

That broader scope matters because many organizations do not operate one venue. They operate estates, portfolios, campuses, or multi-site footprints. For hospitality groups, universities, councils, healthcare providers, shopping-center owners, attraction groups, and other operators with multiple sites, Martyn’s Law is not just a site-level question. It is an organization-wide preparedness challenge that requires clarity on scope, ownership, procedures, and evidence. [2]

## Martyn’s Law is now law, and the preparation window is open

The Act received Royal Assent on April 3, 2025. [3] The government has also said there will be an implementation period of at least 24 months before the requirements come into force, and that the statutory guidance published in April 2026 is intended to help organizations understand what will be required and begin preparing now. [4]

The government’s goal is clear: those responsible for certain premises and events must take reasonably practicable steps to be prepared and ready to keep people safe in the event of an attack. For certain larger premises and events, that also means considering vulnerability to terrorism and, where appropriate, taking steps to reduce those vulnerabilities. [5]

## This is not just about arenas and concert halls

One of the biggest misconceptions about Martyn’s Law is that it is primarily a rule for major [event venues](https://www.babelstreet.com/osint-solutions-for-event-and-venue-protection). In fact, the Act’s scope reaches far beyond stadiums and festivals. Qualifying premises can include food-and-drink sites, hotels, healthcare settings, childcare and educational establishments, libraries, museums, galleries, visitor attractions, retail sites, and public-sector settings, provided the legal conditions for scope are met.

There are also important special cases. Early years, primary, secondary, and further-education settings remain in the standard tier even if 800 or more individuals are expected to be present, while higher-education establishments are treated in line with the general tiering framework. [6] Places of worship that qualify are treated as standard duty premises even if they would otherwise meet the enhanced-duty threshold.

## What organizations in scope need to do now

If your organization has not started preparing, the priority is not to buy technology; rather it’s to understand what is in scope across your estate and who is accountable for each qualifying premises or event. The Act uses a tiered approach based on the number of individuals it is reasonable to expect may be present at the same time. Standard duty premises are generally those where 200 to 799 individuals may be present, while enhanced duty premises are those where 800 or more individuals may be present. Certain qualifying events with 800 or more attendees and entry controls are also drawn into the enhanced framework.

From there, organizations should work through a practical sequence:

### 1. Determine what in your estate is in scope

Start with a portfolio view, not a single-building view. Identify which premises are publicly accessible, which uses fall under Schedule 1, and where expected attendance may move a site or event into standard or enhanced duty. [7]

### 2. Map each site or event to the right tier

For standard duty premises, the focus is on public protection procedures. For enhanced duty premises and qualifying events, the requirements go further and include considering vulnerability and taking appropriate public protection measures, as well as documentation and regulator-facing obligations.

### 3. Put the four core procedures into practice

For organizations in scope, the standard-tier baseline is operational readiness: evacuation, invacuation, lockdown, and communication. The government’s position is that these duties are intended to be simple and proportionate, especially in the standard tier, but they still need to work in practice. [8]

### 4. Pilot your approach on the highest-risk sites and events now

This is one of the most important initiatives to undertake during the implementation period. For multi-site operators, that means piloting your workflow on the sites, events, or periods of peak risk that matter most this season, then refining roles, escalation paths, reporting, and response before the legal duties become enforceable. This is a recommendation for execution and readiness, not a quoted legal requirement.

### 5. Build the habit of an audit trail

Organizations should be able to show a concrete system and workflow with sourced, timestamped, reviewable information. In practice, that means documenting [how risk was assessed](https://www.babelstreet.com/solutions/identity-risk-intelligence), when it was reviewed, what inputs informed the assessment, and what changed as conditions evolved. This helps move Martyn’s Law readiness from a static document to a repeatable operating discipline.

### 6. Don’t assume this is only a physical-security exercise

The government has said organizations do not need to engage consultants to comply, and many requirements are procedural rather than capital intensive. [9] But for enhanced-tier organizations in particular, the standard is moving beyond “can you react?” toward “can you assess and reduce vulnerability?” That is why many operators will need a stronger process for keeping their threat picture current across sites, communities, and events, especially when responsibility sits at group, estate, or corporate-security level rather than with a single GM or venue manager.

## What this means for different types of organizations

For hospitality groups, the challenge is often portfolio-wide consistency across hotels, pubs, bars, restaurants, and event-led sites rather than one-off venue readiness. For retailers and leisure operators, the issue is often that responsibility is shared across landlords, managing agents, operators, and tenants. For universities and healthcare organizations, the challenge is multiple buildings, multiple audiences, and public-facing activity that cannot simply be “locked down.” For councils, museums, and visitor-attraction groups, the question is how to stay open and welcoming while still proving a defensible approach to preparedness and risk reduction.

## This is a preparation window, not a waiting period

Martyn’s Law is already law. The statutory guidance is published. The implementation period exists so organizations can determine scope, establish procedures, assign responsibility, test workflows, and improve how they assess and document risk before [enforcement begins](https://www.babelstreet.com/solutions/strategic-threat-intelligence/criminal-investigations).

For organizations that have not started, the most practical path forward is straightforward: confirm whether you are in scope, prioritize the highest-risk sites and events first, test your process now, and build an audit-ready workflow that can stand up to scrutiny. The teams that handle Martyn’s Law best will not be the ones with the prettiest policy document. They will be the ones that can show how preparedness actually works across the real world of their sites, staff, visitors, and events.

**Endnotes**

1. UK Home Office, Terrorism (Protection of Premises) Act 2025: Scope (Premises), updated April 22, 2025. [https://www.gov.uk/government/publications/terrorism-protection-of-premises-act-2025-factsheets/terrorism-protection-of-premises-act-2025-scope-premises](https://www.gov.uk/government/publications/terrorism-protection-of-premises-act-2025-factsheets/terrorism-protection-of-premises-act-2025-scope-premises)
2. UK Legislation, Terrorism (Protection of Premises) Act 2025, Schedule 1 / Explanatory Notes, accessed via legislation.gov.uk. [https://www.legislation.gov.uk/ukpga/2025/10/schedules/enacted](https://www.legislation.gov.uk/ukpga/2025/10/schedules/enacted)
3. UK Home Office, Martyn’s Law Factsheet, April 3, 2025 (updated 2026). [https://homeofficemedia.blog.gov.uk/2025/04/03/martyns-law-factsheet/](https://homeofficemedia.blog.gov.uk/2025/04/03/martyns-law-factsheet/)
4. UK Home Office, Terrorism (Protection of Premises) Act 2025: Statutory Guidance, published April 15, 2026 and updated May 18, 2026. [https://www.gov.uk/government/publications/the-terrorism-protection-of-premises-act-2025](https://www.gov.uk/government/publications/the-terrorism-protection-of-premises-act-2025)
5. UK Legislation, Terrorism (Protection of Premises) Act 2025 (as enacted). [https://www.legislation.gov.uk/ukpga/2025/10/enacted](https://www.legislation.gov.uk/ukpga/2025/10/enacted)
6. Department for Education, How Martyn’s Law will affect education settings, updated October 10, 2025. [https://www.gov.uk/government/publications/martyns-law-for-education-settings/how-martyns-law-will-affect-education-settings](https://www.gov.uk/government/publications/martyns-law-for-education-settings/how-martyns-law-will-affect-education-settings)
7. UK Legislation, Terrorism (Protection of Premises) Act 2025, Explanatory Notes / Schedule 1, legislation.gov.uk.  
[https://www.legislation.gov.uk/ukpga/2025/10/notes/division/7/index.htm](https://www.legislation.gov.uk/ukpga/2025/10/notes/division/7/index.htm)
8. UK Government, Martyn’s Law: the SIA’s new regulatory role, updated June 4, 2026.  
[https://www.gov.uk/government/publications/martyns-law-the-sias-new-regulatory-role/martyns-law-the-sias-new-regulatory-role](https://www.gov.uk/government/publications/martyns-law-the-sias-new-regulatory-role/martyns-law-the-sias-new-regulatory-role)
9. UK Home Office, Martyn’s Law Factsheet, April 3, 2025 (updated 2026). [https://homeofficemedia.blog.gov.uk/2025/04/03/martyns-law-factsheet/](https://homeofficemedia.blog.gov.uk/2025/04/03/martyns-law-factsheet/)

## Frequently asked questions

**What is Martyn’s Law?**
Martyn’s Law is the UK’s _Terrorism (Protection of Premises) Act 2025_, which requires organizations responsible for publicly accessible premises and events to prepare for terrorist incidents and take steps to keep people safe.

**Who must comply with Martyn’s Law?**
Martyn’s Law applies to the person or organization in control of publicly accessible premises or events where 200 or more people may be present, including venues across hospitality, retail, education, healthcare, and public sectors.

**When does Martyn’s Law take effect?**
The law received Royal Assent on April 3, 2025, but its requirements are expected to become enforceable after an implementation period of at least 24 months, likely no earlier than 2027.

**What are the core requirements of Martyn’s Law?**
Organizations must:

- Put in place public protection procedures (evacuation, invacuation, lockdown, communication)
- Be prepared to respond effectively to a terrorist incident
- For larger premises (800+), assess and reduce vulnerabilities and implement additional protective measures

**How can organizations prepare for Martyn’s Law?**
Organizations should:

- Determine whether their premises are in scope and which tier applies
- Conduct a risk assessment of threats and vulnerabilities
- Develop and test response procedures and train staff
- Document decisions and build an audit-ready process
- Use the implementation period to test and refine plans before enforcement

## You may like

- **Martyn's Law: Preparedness Across Every Site**: One law. Many places. One responsibility.
- **Faster Than Threats: AI-Powered Intelligence for Modern Events**
- **Using Babel Street to Improve Security for Corporate Executives and Employees **
- **Using Babel Street to Protect Employees from Digital Threats**
- **How to Protect Your Event Before It Starts**: From physical to digital security, take a holistic approach to securing your venue
- **How to Protect Your Event Before It Starts**: From physical to digital security, take a holistic approach to securing your venue