Protect Duty (Martyn’s Law): What UK business owners need to know
0

On 3 April 2025 the long-anticipated Protect Duty, officially known as Martyn’s Law, was formally introduced into UK legislation.

Named in memory of Martyn Hett, a victim of the tragic 2017 Manchester Arena bombing, the Protect Duty is set to transform the landscape of public safety and risk management for businesses operating publicly accessible spaces.

Designed to enhance the protection of the public from potential terrorist threats, Protect Duty places clear legal obligations on business owners, event organisers, venue managers and local authorities to take proportionate and practical steps to ensure the safety of people visiting their sites.

Keep reading as we explain what this means for UK businesses and the steps you need to take to comply with the legislation.

What is Protect Duty?

Protect Duty sets out a structured legal framework for the prevention and mitigation of terrorist risks in venues and spaces that are accessible to the public. It has been developed with strong support from counter-terrorism professionals, safety campaigners and victim advocacy groups, all committed to preventing future tragedies.

At its heart, Protect Duty seeks to:

  • Reduce the vulnerability of publicly accessible locations to terrorist attacks.
  • Promote a consistent, proportionate approach to public safety across the country.
  • Foster a national culture of preparedness, vigilance, and accountability.

Who does Protect Duty apply to?

The scope of Protect Duty is wide-ranging, covering:

  • Public venues such as concert halls, arenas, sports stadiums, shopping centres and hospitality venues.
  • Educational institutions like universities and colleges.
  • Local authority-managed spaces, parks, and cultural centres.

Businesses must assess whether their premises fall within the thresholds set by the legislation:

  • Standard Tier: For venues where between 100 and 799 people, including staff, could reasonably be expected to gather at any one time.
  • Enhanced Tier: For venues where 800 or more people are likely to be present together for an event.

It is important to note that the law also applies flexibly. A venue that typically operates under the Standard Tier could temporarily move into the Enhanced Tier if hosting a large event, such as a festival or exhibition. During that time, it must adopt enhanced protective measures.

Private events, such as weddings, are excluded unless public access is permitted.

Key requirements for businesses

Depending on the size and nature of your venue, your responsibilities under Protect Duty will vary. However, all affected businesses are expected to address the following areas:

Risk assessment

Businesses must identify potential terrorist threats specific to their premises and assess the vulnerabilities of their site. This means thinking beyond traditional crime risks to include new forms of threats and attack methodologies.

Security training

Staff must be trained to recognise suspicious behaviours and know how to respond appropriately during an incident. Training should be proportionate to the role of the staff member and the risk profile of the venue.

Mitigation planning

Venues are required to have security plans in place, including measures to detect and deter potential attacks. These may include physical security measures, changes to layouts, the use of surveillance technologies and coordination with emergency services.

Preparedness measures

Clear emergency response plans must be developed, rehearsed and refined. This includes evacuation procedures, lockdown plans and clear communication strategies to minimise harm in the event of an attack.

Documentation and accountability

Businesses must maintain robust documentation justifying the decisions they have made regarding their security arrangements. Documentation should show:

  • What measures are in place.
  • Why these measures have been selected.
  • How they are expected to mitigate the risks.

For Enhanced Tier venues, the appointment of a Senior Responsible Person (SRP) is compulsory. This individual holds significant personal legal responsibility and can face prosecution for neglect if they fail to meet the required standards.

Enforcement and penalties

The newly established regulator has inspection powers and can visit premises, request documentation, inspect equipment and interview staff with modest notice. Businesses that fail to comply with the requirements of Protect Duty could face substantial fines, expected to be on a similar scale to those imposed for GDPR breaches.

This increased scrutiny puts an additional focus on businesses to not only have effective plans in place but also to ensure that all actions are documented and defensible in the event of an inspection.

Practical steps for businesses now

If you own or operate a venue likely to fall within the scope of Protect Duty, you must act quickly to understand your obligations. Here are the initial steps you should be considering:

  • Identify your status: Determine if you are Standard or Enhanced Tier based on capacity and usage patterns.
  • Undertake a risk assessment: Either independently or with professional support, conduct a terrorism-specific risk assessment for your premises.
  • Develop a security plan: Put in place proportionate protective security measures and an actionable emergency plan.
  • Assign responsibility: Appoint a Senior Responsible Person if required and define clear roles and responsibilities for compliance.
  • Train your staff: Deliver security awareness training across your workforce and ensure regular refreshers are scheduled.
  • Prepare for Inspection: Maintain detailed, up-to-date records that demonstrate how you are meeting your Protect Duty obligations.

Appoint Cardinus as Your Senior Responsible Person for Protect Duty Compliance

We understand that the introduction of Protect Duty can feel overwhelming for business owners, particularly when appointing a Senior Responsible Person (SRP) is now a legal requirement for many organisations.

Cardinus can act as your designated Senior Responsible Person, taking on the responsibility to ensure your organisation fully meets its obligations under the new legislation. Our experienced team will manage compliance, oversee security planning, maintain documentation and liaise with regulators on your behalf.

Speak to us today about how we can help you manage the requirements of Protect Duty and protect your people, premises, and reputation.

Recommended Posts

Leave a Comment

Start typing and press Enter to search