Martyn’s Law: Preparing charities for new public protection duties

Martyn's Law requires those "responsible persons", who are either in charge of certain premises to which the public have access, or in charge of events open to the public, to assess, plan for and mitigate the risk of terrorism.

It introduces clear statutory duties that will affect a wide range of charities, particularly those that operate venues or host public events.

The legislation received Royal Assent in April 2025, and the government intends for there to be an implementation period of at least 24 months before the Act comes into force, providing time for organisations to prepare and for statutory guidance on compliance to be issued.

Alongside this, the Charity Commission has published non-statutory guidance on "How charities can respond to the current hostile environment". While broader in scope than protective security alone, it offers helpful considerations for charities reviewing their operating practices and safety measures, and can usefully be considered alongside the new requirements of Martyn’s Law.

What is the scope of the duty?

Martyn’s Law applies to premises and events open to the public, including events held entirely on open land, where it is reasonable to expect that 200 or more individuals (including staff) may be present at the same time, even if this only occurs occasionally, such as at annual fundraisers or public exhibitions.

The Act imposes obligations on a "responsible person". Where the "responsible person" is a corporate body or group of individuals, charities must designate a senior individual with responsibility for ensuring compliance with the Act.

Importantly, responsibility under the Act is not limited to ownership. Charities that control or organise events on premises they do not own may still be the “responsible person”, depending on contractual and/or tenancy arrangements and operational control. Trustees should therefore look beyond property ownership and consider how responsibilities are shared in practice.

The Act mandates a risk assessment approach to protective security. In determining what is reasonably practicable to minimise risk, the "responsible person" will need to take into account their charity's particular circumstances, including the nature of the premises and the resources available to them. The measures in place at one location or event may not be appropriate and reasonably practicable at another.

Understanding the two tiers

The Act adopts a tiered framework based on the number of people reasonably expected to be present at a premises or event at the same time, with different duties attached to each tier.

Standard tier - 200 to 799 people

The "standard tier" applies where it is reasonable to expect between 200 and 799 people at a premises or event at any one time. Premises or events under this threshold are not generally within scope.

The responsible person will be required to:  

• Notify the Security Industry Authority (SIA) of their premises once the Act is in force.
• Develop appropriate public protection procedures, setting out how the charity will:
  • Evacuate, invacuate (move people to a safe place) and lock down the premises; and
  • Communicate effectively with people on the premises during an incident.
• Ensure staff and volunteers are trained or familiarised with these procedures so they can be implemented in practice.

For "standard tier" premises and events, the emphasis is on planning and procedural readiness. There is no requirement to make physical alterations to buildings or to purchase security equipment. The obligations are intended to be proportionate and operationally achievable, without prohibitive cost or disruption.

Enhanced tier - 800 or more people

The "enhanced tier" applies where it is reasonable to expect 800 or more people at a premises or event at any one time. This tier brings additional duties beyond the standard requirements.

In these higher risk circumstances, the responsible person must also: 

• Develop enhanced public protection measures to reduce the vulnerability of the premises or event and minimise the risk of harm. Depending on the nature of the premises or event, this may include:
  • Monitoring and surveillance, including CCTV or stewarding
  • Entry controls, searching or screening at events
  • Physical security enhancements to reduce identified vulnerabilities
  • Ensuring that sensitive information (for example, site and/or floor plans) is stored securely and that access to this information is restricted.
• Document the public protection procedures and measures and provide this document to the SIA. The document should include an assessment of how the procedures and measures reduce vulnerability and/or the risk of harm.

What charities should do now

1. Map premises and events:
   Review all venues, owned, leased or hired, to identify which they are deemed to control and where thresholds for the Act are met, based on both reasonable expected occupancy and historic attendance data where available.
2. Conduct initial risk assessments:
   This need not be complex but should be documented. Think about access points, crowd flow, emergency exits, communication plans and points of vulnerability.  Consider collaborating with local police forces for support with risk assessment and emergency planning.
3. Develop public protection procedures:
   Draft practical, scalable procedures for evacuation, invacuation, lockdown and communication, and consider proportionate protective measures for enhanced tier premises and events.
4. Train and build awareness:
   Ensure staff, volunteers and regular contractors understand the procedures and their role if an incident occurs. Simple awareness sessions or online training can be an early step.
5. Clarify responsibility in contracts and tenancy or licence agreements:
   Where venues are hired or shared with partners, document who is the responsible person under the Act and how duties will be coordinated.
6. Integrate into trustee oversight:
   Ensure terrorism preparedness is reflected in corporate risk registers, and that trustees regularly review progress and resourcing. 

Implications for arts and cultural charities

Arts and cultural charities are likely to be disproportionally affected by Martyn’s Law because of the nature of their activities. Theatres, galleries, concert halls, outdoor performance spaces and festivals frequently involve large, open-access audiences and variable crowd dynamics, all of which are central to the Act’s risk-based framework.

For these organisations, compliance will require careful consideration of:

• Peak audience capacity, rather than average attendance, when assessing whether premises or events fall within scope
• Crowd flow and congregation points, including foyers, interval spaces, temporary bars and outdoor queuing areas, as these areas can become critical in an emergency
• Operational realities, such as the use of volunteers, visiting artists, touring productions and temporary infrastructure. With multiple transient personnel, ensuring everyone is aware of safety procedures can be more challenging.

Conclusion

Martyn’s Law introduces a clear, enforceable statutory framework that supplements health and safety requirements and requires charities to adopt a more structured approach to terrorism risk and public protection. Under SIA oversight, charities must take proactive steps to ensure compliance, as failure to do so could result in civil sanctions or criminal penalties for severe breaches.

While further detail is awaited in statutory guidance, trustees should treat Martyn’s Law as a governance priority and use the implementation period to ensure their organisations are well prepared.

---

For more information or advice on how to meet the requirements of Martyn's Law, please contact Tabitha Cave or Natalie Wargent in our Regulatory Compliance team.