A Guide on Martyn’s Law for the OSH Professional | What You Need to Know

After nearly four decades working in occupational health and safety, I've witnessed countless legislative shifts, some incremental, others transformative. The Terrorism (Protection of Premises) Act 2025, better known as Martyn's Law, falls firmly into the latter category. Having received Royal Assent on 3 April 2025, this legislation represents a fundamental recalibration of how we approach protective security in publicly accessible venues across the United Kingdom.

For health and safety professionals, this isn't simply another compliance box to tick. It's a genuine opportunity to embed counter-terrorism preparedness within our existing risk management frameworks, and crucially, we're uniquely positioned to lead this work.

What Is Martyn's Law?

Named in tribute to Martyn Hett, one of 22 victims of the 2017 Manchester Arena attack, Martyn's Law places legal duties on those responsible for certain publicly accessible premises and events. As Figen Murray, Martyn's mother, powerfully stated: "I realised to my horror that security at venues is literally only a recommendation and I thought I need to change it."

The Manchester Arena Inquiry revealed devastating failings in security coordination, threat detection, and venue preparedness. The legislation emerged directly from these findings, establishing a tiered approach based on venue capacity that requires duty holders to implement proportionate security measures reducing vulnerability to terrorist attacks.

Understanding the Two-Tier System

Martyn's Law operates on a proportionate, capacity-based approach. The tier your premises falls into determines your specific obligations.

Standard Tier | 200-799 Capacity

The philosophy here closely mirrors fire safety planning, staff need to know where to direct people, how to communicate alerts, and how to protect customers during an incident. Requirements centre on four key procedural elements:

• Evacuation – safe routes out of the premises
• Invacuation – moving people to safety inside when evacuation isn't appropriate
• Lockdown – securing areas to prevent access
• Communication – alerting staff and emergency services

Critically, there's no requirement to implement physical security measures at this tier. The focus is on procedural readiness and staff awareness, low-cost, high-impact preparedness that should integrate seamlessly with your existing emergency procedures. Maximum penalties sit at £10,000 for fixed penalties, with daily penalties of £500 for ongoing non-compliance.

Enhanced Tier | 800+ Capacity

Beyond standard tier obligations, enhanced tier premises must conduct formal vulnerability assessments and implement reasonably practicable physical security measures. Examples include vehicle barriers, access control systems, CCTV monitoring, bag search policies, or crowd flow design modifications.

Key additional requirements:

• Produce a written security document detailing procedures, measures, and reasoning
• Submit documentation to the SIA and update within 30 days of any changes
• Appoint a designated senior individual (where the responsible person is an organisation)
• Implement appropriate physical protection measures based on vulnerability assessment

The enforcement regime reflects the higher risk profile: civil penalties can reach £18 million or 5% of global turnover, whichever is higher, for serious breaches.

What This Means for OSH Professionals

Here's what strikes me about Martyn's Law: it's remarkably congruent with the risk management principles we already apply daily. The concept of "reasonably practicable" mirrors language found throughout health and safety legislation, particularly in the Health and Safety at Work Act 1974 and fire safety regulations.

With over 250,000 premises potentially affected by the new regulations, OSH professionals are uniquely positioned to lead implementation. Your existing competencies in risk assessment, emergency planning, and staff training provide exactly the foundation required.

Understanding the Threat Landscape

To conduct effective risk assessments under Martyn's Law, we need to understand the methodologies terrorists might employ:

• Marauding attackers (bladed weapons or firearms)
• Vehicles as weapons (road, rail, aircraft)
• Improvised explosive devices (person-borne, vehicle-borne, or placed)
• Fire as a weapon
• Chemical, biological, or radiological attacks
• Emerging threats (cyber attacks, drones)

This isn't about becoming counter-terrorism specialists overnight. Rather, it's about applying our systematic approach to hazard identification and control to a broader threat spectrum. The hierarchy of controls we use for occupational hazards translates effectively here.

Your Implementation Roadmap

The Security Industry Authority has been appointed as the regulator, with at least 24 months before enforcement begins. Here's how to use this implementation period strategically:

Step 1: Assess Your Portfolio

Conduct a comprehensive review to determine which premises fall under your responsibility and their respective tier classification. Consider capacity at peak times, not just average occupancy.

Step 2: Audit Existing Procedures

Review your current emergency procedures through a counter-terrorism lens:

• Do evacuation routes account for compromised exits?
• Have you considered invacuation scenarios where securing doors might be safer than evacuating?
• Can communication systems function if primary routes are disrupted?
• Are there procedures for lockdown situations?

For many organisations, existing fire evacuation plans, lockdown procedures, and health and safety protocols already provide a framework that can be enhanced rather than rebuilt entirely.

Step 3: Build Your Evidence Base

While formal documentation isn't legally mandated for standard-tier premises, I strongly recommend evidencing your procedures and training. When the SIA inspector arrives, you'll want clear records demonstrating compliance. For enhanced tier premises, this documentation becomes a legal requirement; start building those records now.

Step 4: Embed Training and Awareness

The Manchester Arena Inquiry revealed inadequate attention to the terrorism threat level despite it being 'severe' at the time. This highlights threat habituation, when levels remain elevated for extended periods, complacency creeps in.

Counter this by embedding security awareness into induction training, team briefings, and emergency drills. Staff at all levels need to understand not only what to do but also why these procedures matter.

Looking at the Bigger Picture

From a strategic perspective, Martyn's Law aligns with the Protect and Prepare strands of the UK's counter-terrorism strategy, CONTEST. The legislation represents a shift from reactive emergency response toward proactive preparedness, a philosophy that should resonate strongly with health and safety professionals.

The estimated cost of the 2017 terrorist attacks in the UK was approximately £171.8 million in direct costs, with indirect costs estimated at £3.5 billion. Martyn's Law would have applied to two of those five attack locations. These figures underscore the genuine economic and human cost of inadequate preparedness.

Your Next Steps

Free guidance and training will be available through ProtectUK during the implementation period. The SIA explicitly states that compliance shouldn't require third-party products or services; the focus is on sensible, proportionate measures that align with your existing capabilities.

For OSH professionals looking to deepen their foundational knowledge of risk assessment and protective measures, the NEBOSH General Certificate provides a comprehensive grounding in systematic risk management principles that translate effectively into the context of terrorism preparedness. These core competencies, identifying hazards, evaluating risks, and implementing proportionate controls, form the bedrock of compliance with Martyn's Law.