The 2025 Act will be brought into force in spring 2027 and will require those responsible for premises accessible by the public to take proportionate measures to mitigate the risk of injury or damage caused by a terrorist attack. The legislation’s foundations are in lessons learned following the Manchester Arena bombing in 2017 and it is named after Martyn Hett, one of the 22 people killed in that attack.

On 15 April 2026 the UK government published two important pieces of statutory guidance, fulfilling certain of its obligations under the Act. Guidance from the Home Office fleshes out the scope of the duty as it applies to qualifying premises and events and offers several hypothetical case studies and scenarios that touch on premises and events in retail, leisure, and faith-based settings. The Security Industry Association (SIA) has been made the regulator of the new duty and its guidance relates to how it will engage with duty-holders, exercise its powers of inspection, enforcement, and sanctioning (which include issuing heavy penalties in the event of serious non-compliance).

This article looks at the Home Office guidance. It is a detailed, nuanced, and significant publication that addresses the main points of the duty in a structured and systemic way, including:

• the definitions of qualifying premises and events
• the standard and enhanced tiers
• their respective numerical thresholds of >200 and >800 people
• the identification of the “responsible person” within an organisation
• regulatory responsibilities where several organisations may be involved, and
• the duties to inform and cooperate with the regulator.

Although this is hardly an unexpected list - it reflects the headings of the key provisions of the Act - what the guidance does is to offer a level of detail and analysis of these elements and to provide answers to a range of scenarios that, while hypothetical, are very close to real world settings in which the duty under Martyn’s law will apply. This is a result of the Home Office’s programme of genuine practical engagement with organisations potentially in scope during the first quarter of the year, and the guidance records that it “has been substantially revised to improve clarity, consistency and usability [and] given the number of novel concepts introduced by the legislation, consultees requested further illustrative examples, many of which have been added.”

It is, however, worth noting that there is something of a disclaimer in its first few pages: 

“The examples are not exhaustive and will not directly apply to all premises or events … each qualifying premises and qualifying event will be unique and it is essential that those responsible consider the specific circumstances of the premises or event.”

The reference in this passage to the need to consider specific circumstances echoes the proportionate nature of the statutory duty, i.e. to put in place measures and procedures to protect the public “so far as is reasonably practicable” for the premises or event under consideration.

The examples in the guidance cover a very wide range of commercial and non-commercial settings, such as: supermarket chains, shopping centres, hospitals, tourist attractions, village halls, outdoor events and festivals, sports grounds, mass participation runs and similar events, conferences, and places of worship. One such example is copied below as an illustration of the level of detail that the guidance provides.

“A cross-city music event has one event organiser and is centrally organised. However, the event consists of separate performances occurring at many premises across the city, each operated by different businesses and organisations. The premises include music venues, theatres, hotel spaces, a pop-up stage and pubs. The music venues are all enhanced tier premises, but the theatres and pubs are a mixture of enhanced tier and standard tier premises. The pop-up stage satisfies the qualifying event criteria, as members of the public require a ticket to enter and the organiser reasonably expects 800 or more individuals (including staff) to attend at the same time. Attendees can purchase a ticket that grants access to all the events. The responsible persons for the enhanced tier premises (the music venues) will not change for the purposes of the event.

The responsible persons for the enhanced tier premises must consider all the events that will take place at their premises to ensure the measures and procedures are appropriate. The event organiser will be responsible for the qualifying event (the pop-up stage) as they will have control of that area for the duration of the event.”

The varied examples in the guidance clearly stem from the practical experiences of stakeholders responsible for managing premises and events in the public, private and voluntary sectors. Without question, it is an important document that over some one hundred and twenty-nine pages addresses the majority of questions that, absent such material, have surrounded the duty under Martyn’s Law since the Act was passed a year ago.

These reasons mean it would be inadvisable to attempt to summarise the guidance which - and this should be emphasised - is published under the authority of the Act. We expect that it will, with repeated careful scrutiny, provide significant clarity and valuable assistance to those organisations managing events and premises that fall within the scope of the legislation. 

Compliance with the Act is far from merely an operational issue but will be highly relevant to a business’s reputation and, with the statutory obligation to designate a “responsible person”  is a matter that should be escalated to board level.

Over the next few months, we will have detailed conversations with clients and contacts about how we expect the guidance to be used in practice and to examine what compliance with Martyn’s Law will look like. Please feel free to approach either of us, or any of your usual contacts at Clyde & Co, if you would like to explore this topic in more detail.