Martyn’s Law: what implementation really means for UK businesses

Martyn’s Law, now enacted as the Terrorism (Protection of Premises) Act 2025, marks an important development in UK public-safety legislation. It aims to improve preparedness and help organisations better protect the public from the impact of terrorism. For businesses responsible for publicly accessible premises or events, it introduces new duties that will need to be understood, owned and managed in practice.

Martyn’s Law changes how many businesses will need to think about security risk. For some organisations, it will introduce formal duties they may not previously have had to consider, particularly around preparedness, public protection procedures and clear ownership of responsibility.

For a fuller breakdown of who is in scope and what each tier requires, see our detailed Martyn’s Law guide. This article focuses on what implementation looks like in practice for businesses preparing now.

Who must comply

Martyn’s Law can apply to organisations responsible for publicly accessible premises and events, depending on the type of site and the number of people reasonably expected to be there. This includes venues such as:

• Retail centres

• Hospitality and leisure sites

• Visitor attractions

• Sports facilities

• Places of worship

• Education premises

• Public events and festivals

The legislation introduces two main tiers of duty based on how many people can reasonably be expected to be present at the same time: Standard Duty and Enhanced Duty. Standard Duty premises must meet foundational preparedness requirements, while Enhanced Duty premises and qualifying events must demonstrate more comprehensive security planning.

What compliance requires in practice

For Standard Tier premises, the focus is on practical, proportionate preparedness, including:

• Notifying the regulator when required

• Clear procedures for evacuation, invacuation, lockdown and communication

• Making sure relevant workers understand what to do in an incident

• Keeping those procedures suitable for the premises and how it operates

Enhanced Tier premises and qualifying events face broader obligations, including:

• Documented public protection procedures

• Additional reasonably practicable protective measures

• Measures designed to reduce vulnerability and the risk of physical harm

• A compliance document that explains what is in place and why

• Clear senior-level accountability where the responsible person is an organisation

For many organisations, implementation is likely to mean clearer ownership, stronger documentation, sharper staff briefings and better co-ordination across operations, facilities, security and leadership.

In practice, implementation is less about buying a generic compliance package and more about answering clear operational questions: who owns the duty, how expected attendance is evidenced, how shared or hired spaces are managed, and whether existing emergency procedures would actually work in a terrorism scenario.

The role for insurers and risk managers

For insurers, Martyn’s Law introduces new considerations in general liability, public liability and business interruption risk. Organisations that cannot demonstrate a clear approach to compliance may face closer scrutiny of governance and risk-management practices following an incident.

Risk managers and brokers supporting clients should help them understand:

• Whether they fall under Standard or Enhanced Duty

• How to interpret the Act’s requirements in operational terms

• What constitutes proportionate and demonstrable preparedness

• How incident-response plans link to wider resilience and BI considerations

Importantly, the focus for Martyn’s Law is on helping organisations with public facing premises understand what proportionate preparedness looks like, so they are better placed to protect people effectively.

A roadmap for readiness

For most organisations, the starting point is straightforward:

1. Work out whether you are in scope

2. Identify who is responsible and which tier may apply

3. Build clear, practical procedures that fit the site, the people using it and the way it operates

With structured support from insurers, brokers and risk partners, businesses can use the implementation period to get ready, strengthen resilience and contribute to safer public environments across the UK.

Need a clearer view of what Martyn’s Law means for your organisation? Read our full Martyn’s Law guide for a practical overview of who is in scope, how the Standard and Enhanced tiers work, and what businesses can do now to prepare.