Fire Safety Logbooks

Martyn's Law (Protect Duty): A UK Venue Operator's Complete Guide (2026)

A UK venue operator's complete guide to Martyn's Law — the 200/800 capacity thresholds, standard vs enhanced tier duties, protection plans, training records, and regulator action.

Jamie Dawson

Jamie Dawson

4 min read
Share
Crowd at a UK venue — Martyn's Law (Protect Duty) requires terrorism protection plans at qualifying premises.
Photo by Marc Fanelli-Isla on Unsplash
Quick answer: The Terrorism (Protection of Premises) Act 2025 (Martyn's Law) requires UK premises and events with 200+ capacity to have a Standard tier protection plan, and those with 800+ to have an Enhanced tier plan plus staff training, risk assessment, and named responsible person. Royal Assent was April 2025; the Act takes effect April 2027. The SIA is the regulator and can issue penalties up to £18 million for enhanced-tier breaches. Most operators should be preparing plans now — retrofitting in 2027 will be too late.

Martyn's Law is the most significant change to UK venue safety since the Regulatory Reform (Fire Safety) Order 2005. It is named after Martyn Hett, one of 22 people killed at the Manchester Arena in 2017. Martyn's mother, Figen Murray, led the nine-year campaign to put legal duty on premises owners to prepare for, and reduce the risk of, terrorist attacks.

Who does the Act apply to

Two tiers, set by maximum occupancy across any 24-hour period (not average footfall):

  • Standard tier — premises where 200 or more people can be present. Covers most pubs, restaurants, shops, offices, community centres, places of worship, schools, leisure venues.
  • Enhanced tier — premises where 800 or more can be present. Covers major retail, conference venues, large theatres, stadiums, major places of worship, arenas, theme parks, hospital trusts.

Premises below 200 are exempt. Events (not premises) above thresholds are also captured — the Act applies to both the physical premises and any qualifying event held there.

Standard tier duties

For premises in the 200–799 range, the duties are proportionate:

  • Notify the SIA of responsibility as a responsible person
  • Have simple, written procedures to reduce harm in the event of an attack
  • Cover: evacuation, invacuation (shelter in place), lockdown, communication
  • Review the procedures at least annually and after any material change
  • Train staff in line with the procedures

The Act explicitly does not require physical security upgrades at Standard tier — it's about planning and training.

Enhanced tier duties

At 800+ capacity, Standard duties plus:

  • Complete a documented terrorism risk assessment
  • Maintain a written security plan (the "public protection measures")
  • Identify a responsible person with sufficient authority and resources
  • Implement reasonably practicable risk mitigation measures
  • Document staff training, drills, and near-miss learning
  • Provide the SIA with the security plan on request

The protection plan — what it contains

At minimum: evacuation procedures, invacuation procedures, lockdown procedures, communication plan (internal and external), roles and responsibilities, training requirements, exercise schedule, and review dates.

Enhanced tier plans additionally cover: risk assessment evidence, reasonably practicable security measures, CCTV and access control considerations, physical security review, contractor and event partner coordination, and scenario-specific response (marauding attack, vehicle-as-weapon, bomb threat, bladed attack).

Training records

Every member of staff at qualifying premises must be trained — not just security staff. Front-of-house, cleaners, contractors with regular site presence, all need awareness. Training records must show who was trained, when, content covered, and refresher intervals. NaCTSO's ACT e-learning modules are a widely accepted baseline.

Records the SIA expects

  1. Notification of responsibility (standard and enhanced)
  2. Written procedures (both tiers)
  3. Risk assessment (enhanced only)
  4. Security plan (enhanced only)
  5. Training register with dates and content
  6. Drill/exercise records with outcomes and lessons learned
  7. Review log showing annual review and post-incident updates
  8. Communication log with police/SIA on any incident or advice

Fire safety overlap

Evacuation planning under the RRO 2005 and invacuation planning under Martyn's Law should be coordinated. A plan that says "evacuate" for a fire and "shelter in place" for a marauding attack needs integrated thinking, decision trees, and staff training. The Responsible Person under both Acts is often the same individual.

What the SIA can do

  • Compliance notices — putting things right by a set date
  • Restriction notices — restricting use of premises until compliant
  • Monetary penalties — up to £10,000 daily for standard tier breaches
  • Monetary penalties — up to £18 million or 5% worldwide turnover for enhanced tier breaches
  • Prosecution of the responsible person (individual or corporate)

Common planning mistakes operators make

  1. Assuming the Act only affects mass-events or ticketed venues — it applies to any 200+ capacity premises
  2. Treating the Protect Duty as a one-off document rather than a living plan
  3. Training only security staff, not front-of-house
  4. Not exercising the plan — unexercised plans fail at point of use
  5. Missing the review trigger — material change to the premises, layout, capacity, or use requires plan review

FAQs

Does a community hall need a Protect Plan?

If its maximum capacity exceeds 200, yes. Community halls, village halls, places of worship are explicitly in scope.

Do I need physical security upgrades at Standard tier?

No. The Act explicitly limits Standard tier to procedural and training requirements. Enhanced tier requires "reasonably practicable" measures, which may include physical upgrades.

Can one plan cover multiple venues?

A framework plan can cover a chain; each venue still needs site-specific annexes (evacuation routes, assembly points, local threat context).

What if my venue is just below 200 capacity?

You're out of the Act's legal scope. Most operators near the threshold still adopt the Standard tier framework voluntarily — it's good practice and simplifies things if capacity grows.

Sources and further reading

This guide is written by Jamie Dawson, who also runs Gemini AM/PM, a UK fire and security installer — the operator perspective in this guide comes from day-to-day site work.

Last reviewed 2026-04-22 by Jamie Dawson, Editor. Corrections: corrections@logbook.co.uk

Read more

Logbook.co.uk is an independent UK publication edited by Jamie Dawson. Guides are checked against current UK legislation and primary sources from gov.uk, HSE, ICO, DVLA, DVSA, CAA and trade bodies. Always confirm against the underlying source before acting. Nothing on this site is legal advice.