ProtectUK publication date
FAQ title

Scope

Am I in scope of Martyn's Law?

The Home Office has produced guidance which will help you identify if your specific premises or event is in scope along with a range of material on ProtectUK. Start with the premises flowchart because if premises are already in the enhanced tier, an event held there doesn’t need to make its own arrangements.

How do I determine which tier of requirements I should follow?

The Home Office guidance will help you identify if your specific premises or event is in scope and if so, the requirements that need to be met.

The four tests for premises are: what the premises are wholly or mainly used for, how many people are expected to be present at the busiest times, whether the premises are ‘a building, part of a building, or a building and other land’, and whether they are in a category included or excluded by the Act.

For most premises that are wholly or mainly used for a purpose in scope, if it is reasonably expected that between 200-799 people, including staff, will be present at the busiest times, the premises are likely to be in the standard tier. If at least 800 people will be present, they are likely to be in the enhanced tier.

An event will be a qualifying event, and therefore subject to the enhanced tier requirements, where there are specific entry controls in place, the event is not taking place at a location already in scope of the enhanced tier, the location is not excluded from the Act, and it is reasonable to expect that 800 or more people will be present at the same time. Events that are not publicly accessible or where there is no check on entry will not meet the criteria to be qualifying events. 

Are premises with fewer than 200 people completely out of scope?

Yes, premises that can reasonably expect fewer than 200 people are not within scope of the Act, provided the following have been considered.

Premises will only be qualifying premises if it is reasonable to expect that from time to time 200 or more individuals may be present on the premises at the same time, from time to time in connection with one or more uses specified in Schedule 1 to the Act.

Premises will not be in scope of the Act if the greatest number of individuals expected to be present on the premises at the same time, from time to time, is 199 or fewer. The reasonable expectation of individuals present may change over time. It is therefore possible for the premises to move from one tier to another or out of scope of the Act entirely based on how many individuals it is reasonable to expect will be present at the same time, from time to time.

A reasonable method must be used to make this assessment; the Act is not prescriptive. The Non-statutory supplementary document A: Methods for assessing the reasonable expectation of individuals present at the premises and events (accessible) - GOV.UK provides more information about how to assess reasonable expectation of people at premises and events. 

Does the Act apply to offices or workplaces not open to the public?

The criteria for ‘qualifying premises’ are set out in section 2 of the Act. Premises that satisfy all four criteria will be qualifying premises. Criteria includes that the premises are wholly or mainly used for one or more of the uses specified in Schedule 1 to the Act. An office space is not a Schedule 1 use.

Some premises may have buildings used wholly or mainly for uses not listed in Schedule 1 to the Act but have a separate part of the building that is used wholly or mainly for a Schedule 1 purpose. The separate part of the building may be in scope of the Act if the criteria are met.

Where the premises are not qualifying premises because they are not wholly or mainly used for Schedule 1 uses, the premises may still be in scope of the Act if a qualifying event takes place there. The premises would come into scope of the Act for the duration of the qualifying event taking place. For instance, if a stately home that is otherwise out of scope as a private residence is hired by an event organiser to host a one-off festival that meets the qualifying event criteria, then the parts of the property used for the event would be in scope for the purposes of holding that qualifying event. See chapter 4 and 5 of the Terrorism (Protection of Premises) Act 2025 Statutory Guidance for further details on qualifying premises and events.

Does a smaller venue have to follow the enhanced tier requirements if it hosts a large event?

Premises that would otherwise be standard tier premises may host events which either draw the premises into the enhanced tier as enhanced tier premises or the event may constitute a qualifying event.

If the premises are hosting a one-off event which will attract 800 or more individuals on a single occasion, the event would not result in the premises becoming enhanced tier premises. This is because it would not, in those circumstances, be correct to say that it can reasonably be expected that 800 or more individuals will be present from time to time at the premises. In such cases, the event will be a qualifying event if it meets the criteria in section 3 of the Act.

However, if qualifying premises host events where it can reasonably be expected that 800 or more individuals will at the same time, from time to time, be present, the premises will be in the enhanced tier. The term ‘from time to time’ is a common term and is generally understood to mean occasionally. This criterion will be met if there is a reasonable expectation that the threshold will be reached occasionally, for example, once a year, whether by hosting the same event or different events.

More generally, where premises would otherwise fall below the 200 threshold, planned and expected occurrences that take the premises over the threshold of either tier, from time to time, will draw the premises into scope under the relevant tier if it meets the criteria in section 2 of the Act. In contrast, if premises only expects to meet the 800 threshold on a single occasion by hosting a single event, the event would not result in the premises becoming enhanced tier premises. In such cases, the event may be a qualifying event if it meets the criteria in section 3 of the Act.

Do large, free, non-ticketed events in parks or town centres fall within scope, for example, community events, fairs or carnivals?

To be in scope of the Act as a qualifying event, the event must have measures in place to check that members of the public wishing to access the event satisfy a condition of entry. This criterion will only be met if there are measures in place to check that members of the public have paid, have a ticket or pass, or are members (or guests) of a club, association or similar body to gain access. For entry controls to be in place, the event will need a well-defined and secure perimeter so that the entry check will be meaningful.

This criterion applies both to paid-for events and to free events where there is a specific check on entry as described above. Entry checks can include, but are not limited to, tickets, wristbands, membership cards, emails, QR codes or barcodes which are checked for access to the premises where the event is taking place.

This means that not every kind of entry condition is covered. Other forms of entry conditions – for example, having specific search criteria or a dress code – do not meet this criterion. In addition, a suggested entry charge or donation does not satisfy this criterion, as it would not be a measure to check that someone has paid to enter the event, nor does it satisfy the other entry criteria listed above.

How should multi-site events (e.g. marathons, road-based events) be assessed under the Act?

Some events may be a mix of open-access areas, such as streets and towpaths, and other locations where entry is controlled – for example, at some marathons, triathlons, carnivals, festivals and parades. Where parts of these events fulfil the criteria set out in section 3 of the Act, the Act will apply to each part separately.

Each area that has entry controls and reasonably expects 800 or more individuals to be present at the same time will be in scope of the Act’s requirements. This will be the case even if the other elements of the larger event do not fall in scope of the Act. Areas with no entry checks (for example, pavements, towpaths and open roads) will not be in scope of the Act, unless they are within the immediate vicinity of the qualifying event. 

For more information please refer to chapter 5 of the Home Office guidance The Terrorism (Protection of Premises) Act 2025 - GOV.UK

If my premises is already in scope of the Act, do I need to treat each event at the qualifying premises separately as a qualifying event?

When qualifying premises host different organisations and activities, such as when they are hired out, the responsible person remains the same. The responsible person will continue to oversee the requirements for the premises, and it is their responsibility to ensure that appropriate public protection procedures and/or measures are in place, so far as reasonably practicable, in accordance with the requirements of the Act. However, there is an exception to this. The responsible person will change if an event meets the criteria to be a qualifying event at standard tier premises, and the responsible person for the premises outside of the event is different to the responsible person for the event. 

What happens if my attendance/capacity fluctuates at my premises or event?

The criteria for ‘qualifying premises’ and ‘qualifying events’ are set out in chapter 4 and 5 of the Terrorism (Protection of Premises) Act 2025 Statutory Guidance. To be in scope of the Act, premises must meet all the criteria and reasonably expect that from time to time 200 or more individuals may be present on the premises at the same time in connection with one or more uses specified in Schedule 1 to the Act. 

Where it can be reasonably expected that between 200 and 799 individuals will be present on the premises at the same time, from time to time, the premises will be in the standard tier. If the figure is 800 or more individuals, the premises will be in the enhanced tier.

The term ‘time to time’ is used to recognise that this number can vary due to many factors over time such as fluctuations due to the time of day, the day of the week, or the season (for example, increases in numbers during the Christmas period).

Qualifying events are referred to as being ‘in the enhanced tier’; as they will only be in scope where they meet certain conditions, including where 800 or more individuals may be present on the premises at the same time in connection with their use for the event.

The reasonable expectation of numbers is an assessment of the greatest expected number of individuals at the premises at the same time and for qualifying events it is an assessment of the highest number of attendees at any point during the event. 

To assess the maximum number of individuals who can reasonably be expected to attend premises and events use the Non-statutory supplementary document A: Methods for assessing the reasonable expectation of individuals present at the premises and events (accessible) - GOV.UK.

Where the numbers of individuals that are reasonably expected to be present differ significantly from one time to another, such as when the premises are closed to the public or are not being used for their Schedule 1 use, it may be appropriate for public protection procedures or measures to vary.

Are events under 799 persons, or private invite-only events, in scope of the Act?

Events must satisfy several criteria to be in scope of the Act as a qualifying event. This includes, but is not limited to, reasonably expecting that 800 or more individuals will be present at the event at the same time, at some point during the event. This figure must include staff working at the event. Only those attending or working in the part of the premises connected with the event should be included in the figure.

Events will not be qualifying events under the Act where the condition for entry is private or personal to the attendees and, as a result, access is not open to the public. Some examples include where access is restricted to relatives and friends invited to a wedding reception or employees invited to a corporate event that is not open to the public. Such events are not considered publicly accessible because the general public do not have the option to attend.

However, events that are under 799 persons and/or not open to the general public might take place at premises that already fall in scope of the Act as qualifying premises – for example, at hotels and places of worship. In such cases, the premises will remain in scope of the Act due to the broader activities that take place there. The responsible person for the premises will continue to be the person in control of the premises and control will not transfer to the organiser of the event. 

If premises are hired out, will the hirer be responsible under the Act?

The responsible person is whoever has control of the premises for its relevant Schedule 1 use. If the premises are mainly used as a hall or event space that is hired out, the person in control will usually be the premises operator, not the hirer.  Contracts to hire qualifying premises may contain terms and conditions for the hirer relevant to the requirements under the Act, but responsibility under the Act does not pass to them.

What happens in multi-use premises or events?

The Home Office Section 27 guidance covers these and other examples in chapter 4 (4.17-4.19).

FAQ title

Responsibility

When will I need to comply?

The Act received Royal Assent on 3 April 2025, and it is expected that the implementation period will be at least 24 months from Royal Assent. This period will enable those responsible for premises and events to have sufficient time to understand their new obligations, and to plan and prepare accordingly. This also allows time for the new regulator function of the Security Industry Authority (SIA) to be established.

While there is no legal requirement to comply until the Act comes into force, you may wish to start considering what you need to do.

On 15 April 2026, the Home Office published guidance and will continue to build on materials already available on ProtectUK to raise awareness.

These include:

  • the section 27 statutory guidance 
  • there is a range of supporting information on the ProtectUK Resources webpage
  • There will also be engagement activities, such as webinars, during the implementation period to help you understand the requirements.

Who is the responsible person for qualifying premises and qualifying events?

The responsible person is a matter of fact not choice – they are the person who is legally responsible for compliance with the Act as outlined in the Home Office section 27 guidance, chapter 6.

For qualifying premises, the responsible person is the individual, organisation or company with control of the qualifying premises for the purpose of their Schedule 1 use. For example, if a person leases a building for retail use as a shop and is in control of the building for that use, they will be the responsible person.

For the purposes of the Act, a person in control will ordinarily have physical possession of the premises at the relevant time, with the right and the ability to make decisions regarding their management and use, particularly as to who may or may not remain on site. The principle of control does not necessarily require the individual, company or organisation to be the owner of the premises or have exclusive rights and could, for example, be held by a leaseholder or licence holder.

For qualifying events, this is the individual, organisation or company with control of the premises at which the qualifying event is taking place, for the purposes of the event.

The responsible person must ensure that the requirements of the Act are met.

For enhanced tier premises and qualifying events, if the responsible person is not an individual, they have to designate a senior individual to ensure compliance. It will be for the company or organisation to assess which member of staff is appropriate and ensure that they are of sufficient seniority to ensure the premises or event are compliant with the Act. There is more detail on this in the Home Office section 27 guidance, chapter 8 (8.69 – 8.73).

Those responsible do need to be a protective security expert or have any particular qualification.

Further information on responsibility for qualifying premises and qualifying events can be found in chapter 6 of the section 27 statutory guidance.

Can responsibility be delegated to security contractors or security providers?

All qualifying premises and qualifying events will have a responsible person with the responsibility for ensuring the requirements of the Act are met. The identity of the responsible person is the individual, organisation or company that has control over the qualifying premises for the purpose of their Schedule 1 use, or control over the premises for the purposes of the qualifying event.

The determination of the responsible person is defined in the Act and is therefore not a matter of choice. The responsible person cannot delegate their legal responsibility to a contracted service provider, for example, but may delegate tasks.

Where the responsible person for enhanced tier premises or qualifying events is an organisation or company, rather than a named individual or single person, the Act requires that the responsible person must designate a senior individual to ensure that the responsible person complies with the Act’s requirements. The senior individual may delegate actions or tasks to others, such as a security manager or contracted security lead. However, they will maintain overall responsibility for compliance on behalf of the responsible person.

The responsible person remains liable for ensuring that premises or events are compliant with the Act and should therefore be satisfied that any support provided by providers, contractors or consultants is suitable to meet their requirements, properly resourced and effectively delivered.

Can a local authority or other organisations act as the responsible person across multiple sites (e.g. schools), or must it be site-specific?

All qualifying premises and qualifying events will have a responsible person with the responsibility for ensuring the requirements of the Act are met. The identity of the responsible person is the individual, organisation or company that has control over the qualifying premises for the purpose of their Schedule 1 use, or control over the premises for the purposes of the qualifying event.

The responsible person may be the same individual, organisation or company for several premises – for example, a company operating a chain of restaurants or shops, or a governing body for an educational or medical trust. If this is the case, the responsible person should consider how the Act’s requirements can be met at each individual premises, avoiding a one-size-fits-all approach.

Who is responsible for events on third-party land such as local authority land (e.g. parks highways or town centres)?

For qualifying events, the responsible person is the individual, organisation or company which has control of the premises in connection with their use for the event. The responsible person can be different to the individual, organisation or company which has control of the premises outside of their use for the event.

For example, a concert, which meets the criteria to be a qualifying event under the Act, is being held in a park. The park is owned by a local authority. The company putting on the event takes control of an area of the park for the purposes of holding the concert. The company has a contractual agreement with the local authority (for example, a contract to rent or hire the site) giving over control of that area for the purposes of delivering the concert. This means the company putting on the event, not the local authority, is the responsible person for the event.

However, if the local authority were to remain in control of the area of the park in which the concert takes place, the local authority would be the responsible person. This would be the case even if the local authority contracted organisations to deliver aspects of the event, for example, to provide stewarding and security or to sell and check tickets.

There may be instances where, to comply with requirements of the Act, the responsible person for a qualifying event requires permission, support or other co-operative steps from another individual, organisation or company with control of the premises or event to any other extent but who is not the responsible person. For example, a landowner who has given permission for a qualifying event to take place on their land. The landowner in this example must, so far as is reasonably practicable, co-operate with the person responsible for the event for the purposes of ensuring the responsible person’s compliance with the requirements of the Act.

What training is expected of responsible persons and staff?

There is no legal requirement to complete a specified training module to demonstrate compliance with Martyn’s Law. However, anyone involved in implementing public protection procedures must understand those procedures, know their role, and have the knowledge and tools to carry them out effectively. The Home Office provides more information on this in chapter 7 of the section 27 guidance starting paragraph 7.51.

Is the responsible person the same as the competent person?

The 'responsible person' is defined in the Act. It is for the responsible person to consider how the Act’s requirements can be met. The Act makes no mention of a competent person more commonly seen in health and safety or fire regimes.

Do we need to engage with the competent person scheme to be Martyn’s Law compliant?

No. The Competent Persons Scheme was a working title from a project led by the National Counter Terrorism Security Office (NaCTSO) looking at two things - a Level 3 Award in Counter - Terrorism, Protective Security and Preparedness and a competency-based register for counter terrorism experts. Martyn’s Law makes no requirements to hold the qualification or to belong to the register.

What counts as "appropriate and reasonably practicable," particularly for non-profit or volunteer-run organisations?

This will vary depending on the size and set up of the organisation and circumstance of the premises or event. In considering what is reasonably practicable, the responsible person should weigh what can be done to achieve the objectives of procedures and/or measures, balanced against the cost, time and difficulty of implementation. Please see the Home Office section 27 guidance, chapter 7 (7.4).

FAQ title

Martyn’s Law and other regimes

Does Martyn’s Law supersede other legislation (e.g. Fire Safety Order, Health and Safety)?

The Act does not supersede other legislation, and all legislation must be complied with. Those who have requirements placed on them by this Act may also have obligations under other legislation. This includes, but is not limited to, legislation relating to health and safety, fire safety and licensing, as well as obligations under the Equality Act 2010. The responsible person will want to consider other relevant legislative requirements when meeting the Act’s requirements.

Many premises and events will already have procedures for evacuating in case of a fire. However, it needs to be clear which procedures are in place for fire safety, and which are to respond to a terrorist attack. Evacuation procedures for a suspected terrorist attack should reflect the other dangers that an act of terrorism can pose and so plans may differ from fire evacuation plans.

Is staff training compulsory, and what level is expected?

Paragraph 7.51 of the section 27 statutory guidance sets out training, learning, instruction and counter-terrorism awareness. There is no statutory requirement in the Act for staff working at qualifying premises and qualifying events to carry out specific training, learning or instruction related to counter-terrorism or the Act’s requirements. However, as part of ensuring that public protection procedures are in place and can be enacted quickly and effectively, those working at the premises with responsibility for carrying them out must be made aware of the procedures and their specific role. They also need to be provided with the understanding, experience and tools required to carry them out effectively.

Will the SIA endorse or recognise existing qualifications?

The Act does not contain a statutory requirement in relation to specific training, learning or instruction. However, the Home Office’s section 27 guidance does signpost to existing non-statutory good practice, training and learning where appropriate throughout (More detail is in non-statutory supplementary document C: further resources and learning).

There are organisations offering advice on Martyn's Law compliance. How do we know which sources of guidance are credible, and where should we go for official information?

The only authoritative sources about Martyn’s Law compliance are the Home Office and SIA and only the SIA can determine compliance, based on the requirements laid out in the Act.

The best first step is to review the Home Office guidance outlining the steps necessary for premises and events to comply. You can also sign up for updates from the SIA. Further useful materials can be found on ProtectUK.

FAQ title

Regulation

Will inspections or notifying the SIA cost money?

No, the SIA will not charge fees for inspections, post-inspection advice, or notifications.  

You will not need to notify the SIA of your premises or event until the relevant provisions of the Act commence. The Home Office and the SIA will publish the timeline and how to submit notifications well in advance.

Do premises and events need to document compliance with the procedures and measures?

There is no requirement to provide the SIA with any documentation relating to procedures for standard tier premises. 

However, in practice, the responsible person should keep under review the procedures that are in place so that they remain up-to-date. This can help ensure that procedures remain appropriate and reasonably practicable over time, taking account of changes to the premises and their operation.

Those responsible for enhanced tier premises and qualifying events must document their compliance with the Act’s requirements. The document must be kept up to date and be provided to the SIA as soon as reasonably practicable after it is prepared for the first time (or within 30 days of any revision). The requirements to notify the SIA, and provide them with compliance documentation, are not yet in force. The SIA will provide further information in due course on the information required to be submitted to them.

When will the portal for notification be available?

The notification portal will be available by the time Martyn’s Law comes into force. This is currently expected to be Spring 2027. We will confirm the exact date in good time ahead of the Act coming into force.

How does the notification process work?

When Martyn’s Law comes into force, you will need to notify the SIA if you’re in scope. We will publish information when the portal has been developed. You should not notify the SIA about your security plans and procedures if you are not in scope.

For further guidance on the requirement to notify the SIA see the Terrorism (Protection of Premises) Act 2025: notification requirement - GOV.UK

Will we have to provide a lot of documentation?

Those in the standard tier will not have to submit documentation to the SIA as part of the notification process but will have to notify. 

Enhanced tier premises and qualifying events must document the procedures that are in place and measures that are in place and submit this to the SIA. Refer to the Home Office section 27 guidance for more information on this, chapter 8 (8.57) and section 7(2) of the Act. 

We will share templates to support this process ahead of Martyn’s Law coming into effect. The templates will be there to guide those in scope and make it easier to comply.

Will there be a period to prepare before compliance is required?

Now is the time to start to prepare. Find out if your premises or event is in scope of the legislation and if so, review the Home Office guidance to understand the requirements to ensure you are compliant when the law comes into force in 2027. 

The only authoritative sources about Martyn’s Law compliance are the Home Office and SIA. Further useful materials can be found on ProtectUK, which provides free advice, guidance and learning to help businesses and communities improve their response to the risk of terrorism.

We’re also currently inviting those who are in scope to help test and develop our systems and processes. It’s an opportunity to feedback prior to launch on the way we regulate Martyn’s Law. Anyone interested should sign up.  

When will official guidance and templates be published?

The Home Office section 27 statutory guidance was published on 15 April 2026, which sets out the requirements of the Act and how those in scope may meet them. The SIA will publish our final section 12 guidance, which explains how we will regulate, in the Autumn following our public consultation. Feedback from the consultation will inform future guidance and templates, as will further insights we gain from the regulated community.

Only those in the enhanced tier will be required to submit compliance documentation. We will share templates to support this process ahead of Martyn’s Law coming into effect. The templates will be there to guide those in scope and make it easier to comply.

FAQ title

Inspections and enforcement

How will the SIA prioritise and carry out inspections?

More information on our regulatory approach can be found in our Section 12 guidance though this is yet to be finalised.  We will take an evidence-based approach to determining the priority risks in our area of responsibility and will allocate resources where they will be the most effective in addressing those risks. Where concerns are raised regarding compliance with the requirements of Martyn’s Law, these will be triaged and prioritised according to our Risk Assessment Framework, and we will then undertake the most appropriate regulatory activity in response.

How will consistency be ensured across regions and sectors?

Our regulatory reach extends across Scotland, Northern Ireland, Wales and England so we’re building regional inspection teams. 

When we assess or inspect premises and events in scope of the Act, our focus will be on what is appropriate and reasonably practicable in the specific circumstances of that premises or event, rather than assessing all premises and events against the same standard. 

Will we get fair warning of an inspection?

The SIA will typically give at least 72 hours before an inspection and use a warrant to enter a premise. We have powers to inspect without notice using a warrant in certain circumstances, these are detailed in section 5.9 of the draft Section 12 guidance.

Who receives penalty notices; the individual or the organisation?

The responsible person. If the responsible person is an organisation, the senior individual in that organisation is not personally liable.  However, if a company or other organisation has committed a criminal offence under the Act, senior personnel may also be prosecuted for the offence if it can be proved that the offence was committed with their consent or connivance, or occurred because of their neglect. See Home Office section 27 guidance, chapter 8 (8.74).

FAQ title

Data security and information sharing

How will the SIA protect our data submitted through the portal?

We recognise the sensitivity of the information you will be sharing with us, and we will put robust systems in place to make sure your data is secure.

We handle all the information we process in accordance with the UK GDPR and the Data Protection Act 2018, and the principles of data minimisation and proportionality. Before we ask for the information, we will clearly explain what the information will be used for so you can be reassured about the purpose of the data collection. Once we receive your information, we are responsible for safeguarding it.

Where does the information I share go?

Information you share will be stored in our secure system. The SIA uses information contained in notifications to inform its risk assessments, including to prioritise premises and events for assessments and inspections that may involve the use of its powers to gather information and enter premises.

Keywords
Martyn's Law
FAQ
Terrorism Protection of Premises
Scope
Regulation
Security Industry Authority
Responsibility
Compliance
Home Office