The United Kingdom has a new piece of legislation that promises to fundamentally change how public spaces are secured. The Terrorism (Protection of Premises) Act 2025, known as Martyn’s Law, has come into force, placing a new duty on those responsible for public premises and events. This landmark legislation is not merely a bureaucratic measure; it is a direct and permanent response to tragedy, born from the unwavering campaign of a mother who turned her grief into a mission for public safety.

A Promise Kept: The Story Behind a Landmark Law

In May 2017, the UK was rocked by the horrific terrorist attack at the Manchester Arena. The suicide bombing claimed the lives of 22 people, including Martyn Hett, a vibrant and beloved young man. According to family accounts, Martyn was a “party animal” who “lived life not just at 100 miles an hour, but 200 miles an hour”. In a cruel twist of fate, he found himself in the foyer, just four metres from the bomber, after being turned away from the main venue’s doors, a security gap the new law is designed to address.

Martyn’s mother, Figen Murray, was propelled into a tireless, six-year campaign to prevent similar tragedies. Her journey from unimaginable loss to becoming a leading advocate for public safety has been nothing short of inspirational. To better understand the threat, she embarked on and completed a master’s degree in counter-terrorism. In a powerful display of her “certain steel,” Figen even walked 200 miles from Manchester to Downing Street to maintain the political momentum for her cause, a feat which required a hip replacement afterward.

Her remarkable efforts were instrumental in driving the legislation forward. On Thursday, 3 April 2025, her campaign reached its culmination when The Terrorism (Protection of Premises) Act 2025 received Royal Assent and became law. The legislation is a promise kept by the government to Figen Murray and the nation. It ensures that public premises and events are better prepared and protected, ready to respond in the event of an attack, thereby creating a lasting legacy in her son’s name.

Deconstructing the Law: A New Era of Responsibility

The Act delivers on a government manifesto commitment to strengthen the security of public premises and events. The government intends to enhance public safety by introducing Martyn’s Law, which sets out clear legislative goals and regulatory plans to ensure robust counter-terrorism measures are implemented nationwide.

It will improve protective security and organisational preparedness across the UK by requiring those responsible for certain premises and events to formally consider how they would respond to a terrorist attack, in line with the requirements set by the legislation.

These are legislative requirements for those responsible for certain premises and events.

Defining the Scope: Who is Affected?

This legislation applies to certain public premises and events that meet specific criteria. A premises is in scope if it is “wholly or mainly used” for one of the purposes specified in the Act, such as a restaurant or a shop, and if it is reasonable to expect at least 200 individuals to be present at least occasionally.

A crucial element of the law is the designation of a “responsible person.” This can be an individual or an organisation that has control of the premises in connection with its relevant use. These responsible persons or organisations are referred to as duty holders under the legislation, and they carry the legal responsibility for compliance. This is an important distinction, as the law clarifies that the responsible person or organisation is not necessarily the freehold owner if they have no involvement in the day-to-day running of the premises. For instance, a shop owner is the responsible person for a shop, while for a concert in a park, the event company putting on the concert is the responsible organisation and duty holder for the duration of that event. The legislation also stipulates that this legal responsibility cannot be delegated to contracted services.

The Two-Tiered Approach to Compliance

To ensure the law is “proportionate” and does not place an undue burden on smaller organisations, it is structured around a two-tiered system based on capacity.

Standard Tier: This applies to standard duty premises and smaller premises with a capacity of between 200 and 799 individuals. For this tier, the requirements are focused on implementing “simple procedures” that could reduce the risk of physical harm in an attack. These particular procedures should be tailored to the nature of the premises, including a clear strategy for evacuation, invacuation (moving people to a safe place), and lockdown, as well as defined communication channels to alert people on the premises. A key aspect of the Standard Tier is that there is “no requirement to put in place physical measures”. The emphasis is on procedural readiness and staff awareness.

Enhanced Tier: This applies to enhanced duty premises, certain larger premises, and qualifying public events where it is reasonable to expect 800 or more individuals to be present. These sites must fulfill all the duties of the Standard Tier, but they are also required to take “appropriate steps to reduce vulnerability to terrorist attacks”. For public events and larger venues in this tier, particular procedures and security measures should be determined by the nature of the event or premises. Examples of these enhanced measures include having CCTV, implementing bag search policies, and conducting vehicle checks where appropriate. A major difference for this tier is the formal documentation requirement; responsible persons must create a public protection plan that includes an assessment of how the procedures and measures reduce vulnerability, and this document must be submitted to the new regulator.

For a quick reference, the table below provides a summary of the two tiers.

The Role of the Regulator

The act establishes a new regulatory function within the Security Industry Authority (SIA) to ensure compliance with Martyn’s Law. The SIA’s role is twofold: it will provide advice, guidance, and support to help businesses comply with Martyn’s Law, but it also has the power to take enforcement action. For instances of serious or persistent non-compliance, the SIA can issue compliance notices, financial penalties, and even restriction notices. The legislation also includes criminal offences for the most egregious failures. The SIA is working closely with the Home Office and other stakeholders to coordinate efforts, share information, and support the implementation and compliance processes for the legislation.

The Practical Mandate: Translating Law into Action

Martyn’s Law is a principles-based piece of legislation, not a prescriptive checklist. This means that businesses must prepare for the new obligations introduced by Martyn’s Law, acting and thinking strategically about their security rather than simply ticking boxes. An implementation period will be provided, giving businesses sufficient time to understand, plan for, and comply with these new obligations. The law’s effectiveness hinges on two core concepts: the principle of “reasonably practicable” and the five principles of protective security.

The Crucial Concept of ‘Reasonably Practicable’

The concept of “reasonably practicable” is integral to the law, borrowed from long-standing health and safety legislation in the UK. It requires a business to strike a balance between the severity of a risk and the time, money, and effort required to mitigate it. A measure is considered “reasonably practicable” if the cost of implementing it is not grossly disproportionate to the level of risk it addresses.

A simple example illustrates this principle clearly: spending £1 million to prevent five people from suffering bruised knees is considered disproportionate, whereas spending the same amount to prevent a major explosion that could kill 150 people is obviously proportionate. This principle is vital because it makes the legal obligation dynamic and context-specific. It means that the legal security obligation is not a static checklist but a continuous duty of care that is directly tied to a business’s circumstances. A small business with a modest capacity and limited resources will have a different standard of what is “practicable” than a large, well-resourced corporation. This creates a sliding scale of responsibility where the greater the potential for harm and the greater the organisation’s resources, the more extensive the security measures it will be legally compelled to implement. This nuance means that security solutions cannot be a one-size-fits-all approach; they must be tailored to the individual premises’ risk profile.

The Five Principles of Protective Security

To guide businesses in developing their security strategies, experts have established a framework known as the five principles of protective security: Deter, Detect, Delay, Mitigate, and Respond.

• Deter: This involves making a site appear too difficult, risky, or unappealing for an attack, such as through visible security patrols.
• Detect: This is about identifying potential threats or suspicious activities early, before they escalate, such as through surveillance or vigilant staff.
• Delay: This crucial principle involves implementing measures that increase the time it takes for an attacker to get to a vulnerable location once an attack starts. The right type of perimeter fencing is a key example of a delaying measure.
• Mitigate: This refers to the use of measures to minimise the impact of an attack once it is underway, for example, using hostile vehicle mitigation systems to prevent a vehicle from accessing a pedestrian area.
• Respond: This means having effective plans and staff training in place to manage an incident and coordinate with emergency services, thereby ensuring harm is kept to a minimum.

The principle of Delay is particularly critical for physical security providers and is the lynchpin that connects a passive physical barrier to an active human response. A robust physical perimeter, designed to “increase the time it takes for attackers to get to the location of vulnerability,” directly enhances the effectiveness of the “Respond” principle by providing precious extra time for evacuation, lockdown, and emergency service intervention. This understanding transforms a gate or fence from a simple deterrent into a life-saving tool, giving physical security solutions a powerful, high-stakes value proposition.

Fortifying the Perimeter: The Physical Shield

The perimeter of a commercial or industrial property is more than just a boundary; it is the first and most critical line of defence. As a central theme in the new legislation, Martyn’s Law demands a serious re-evaluation of perimeter security and the implementation of public protection measures, such as CCTV, bag searches, and physical barriers, tailored to the specific risks of each site. An unsecured perimeter is the initial point of failure that can leave a business vulnerable to a cascade of threats, from everyday theft and vandalism to more catastrophic security breaches. Fire safety is also a crucial aspect, ensuring organizations are prepared to respond to emergencies and reduce harm. It is important to recognize that what works at one location may not be suitable for another, so security solutions and safety procedures must be adapted to the unique circumstances and resources of each premises. The consequences can be severe, leading to financial loss, operational disruption, and lasting reputational damage.

The Power of Security-Rated Gates and Fencing

A key measure for fortifying the perimeter is the use of security-rated gates and fencing. These products are not just simple barriers; they are engineered and tested to provide a verified level of resistance to forced entry. The gold standard for this evaluation is the Loss Prevention Standard (LPS) 1175, a “globally recognized benchmark” that rigorously assesses physical security products.

The LPS 1175 standard has evolved to provide a more granular and flexible system. While the older Issue 7 had a straightforward SR1 to SR8 classification, the latest iteration, Issue 8, provides a more nuanced approach. It classifies performance using a combination of threat levels (letters A through H) and delay times (a numerical value of 1 to 20 minutes). For many commercial and industrial applications, the older SR1, SR2, and SR3 ratings still provide a clear and useful framework that can be correlated with the new system.

• SR1 (A1): This foundational level of security is designed to deter “opportunistic attacks.” The testing for this rating simulates attacks using easily concealed tools like pliers, knives, screwdrivers, and small bolt cutters. A gate with an SR1 rating is built to resist an intruder who is not highly skilled and is likely to abandon their attempt if they encounter significant resistance.
• SR2 (B3): Offering a more enhanced level of security, an SR2-rated gate or fence is designed to resist more “determined attempts” at forced entry. This involves a wider array of tools and a longer delay time, making it suitable for locations requiring a higher level of protection.
• SR3 (C5): This is the rating for products designed to resist “deliberate forced entry” by experienced intruders using powerful and more sophisticated tools.

The ability to specify security products that are independently certified to these standards is a powerful tool for businesses. The newer LPS 1175 Issue 8 system, in particular, offers a “more precise alignment of security measures with specific threat scenarios”. This demonstrates a sophisticated understanding of protective security, allowing a business to select a solution that is perfectly matched to its specific risk profile, threat assessment, and budget, which is a direct application of the “reasonably practicable” principle.

The table below explains these ratings in more detail.

The Threat from Hostile Vehicles and the HVM Solution

For premises in the Enhanced Tier, where the Act mandates that businesses “reduce vulnerability to terrorist attacks,” the threat of hostile vehicle attacks must be a serious consideration. Hostile Vehicle Mitigation (HVM) is a specialised protective security discipline focused on using physical obstructions to counter vehicle-borne threats, such as those posed by terrorists who drive at speed or mount footways.

HVM measures can take many forms, from simple traffic management and chicanes to the strategic deployment of physical barriers. These barriers, such as bollards, planters, and even street furniture, can be designed to be “hidden in plain sight,” protecting the site without compromising its aesthetic qualities. A critical aspect of HVM solutions is that they are rigorously crash-tested to standards like PAS 68 or IWA 14.1, which ensures they can stop a range of vehicles travelling at specific speeds.

The presence of robust HVM systems serves two main purposes under Martyn’s Law: they act as a powerful deterrent and also a critical mitigating measure, designed to “minimise the impact of an attack”. The ability to deploy bollards and other perimeter security products that are specifically engineered and tested to address this threat is a vital component of a comprehensive security strategy, especially for high-traffic, high-capacity premises.

Beyond the Barrier: Intelligent Access and Control

While physical gates, fences, and bollards are the foundation of a strong perimeter, modern security demands more than just a passive barrier. The integration of intelligent systems is crucial for true compliance and security efficacy. However, it is important to note that compliance with Martyn’s Law should not rely solely on third party products; government guidance and self-assessment remain the primary resources for meeting requirements. This is where access control becomes a vital component of a post-Martyn’s Law strategy.

The Crucial Role of Access Control

Access control systems are security systems that “help in controlling or supervising anyone that can use or view certain resources in an establishment”. They are a fundamental measure against “unauthorised access,” which is listed as one of the top security threats to commercial properties. Beyond simply preventing unwanted entry, modern access control systems create an auditable, manageable, and secure environment.

Security specialists offer a wide range of access control systems that can be installed on new or existing gates and doors to suit specific needs. These include simple, yet effective, keypads and card/fob entry systems, as well as more advanced biometric options for high-security areas. Furthermore, the integration of video intercoms allows for visual verification before granting access, adding another layer of security.

For premises in the Enhanced Tier, the law requires the implementation of procedural measures such as bag search policies and vehicle checks. A physical barrier alone cannot enforce these policies. This is where an integrated access control system becomes a powerful and indispensable tool. A system that can link gates and barriers to video intercoms, CCTV, and Automatic Number Plate Recognition (ANPR) creates a seamless and auditable security process that goes far beyond a simple locked gate. It provides the technological foundation to enforce and document compliance with these new procedural requirements, positioning a business as a strategic partner that provides comprehensive, integrated solutions, not just hardware.

The Automation and Maintenance Advantage

The ability to automate gates and doors is a significant advantage for modern commercial and industrial sites. Automatic gate systems provide an “added element of control, making it easy to restrict or change access” as needed. Automation can be installed on existing gates or as part of a new system, and it is a key component of a robust access control strategy.

Furthermore, an effective security strategy is only as good as the systems that support it. A non-functional gate or a broken security system is a significant vulnerability. For this reason, the importance of ongoing maintenance and servicing cannot be overstated. Many providers, like Harling Security, offer comprehensive support and backup packages to ensure that security systems remain fully operational and compliant over the long term. Organisations may also require further support beyond initial installation and maintenance to address evolving compliance requirements or to access additional guidance and resources as needed.

Your Proactive Partner: How Harling Security Can Help

Martyn’s Law is a significant piece of legislation, but it does not need to be an overwhelming burden. The law’s emphasis on “reasonable practicability” and proportionality means that the right security partner is one who can provide bespoke, tailored solutions that fit a business’s specific risks and resources, rather than offering a generic, off-the-shelf product. Harling Security’s approach is perfectly aligned with this principle.

As a specialist in designing, manufacturing, installing, and maintaining physical security products, Harling Security provides a full spectrum of solutions that directly address the core requirements of Martyn’s Law.

• For the “Delay” Principle: Harling’s range of SR-rated gates and fencing (SR1, SR2, SR3) provide a robust, independently certified barrier that increases the time an attacker needs to breach a perimeter. These products are crucial for any business seeking to increase its resilience and provide a precious time advantage for an effective response.
• For “Mitigation” and “Deterrence”: Harling’s bollards, gates, and other perimeter security products are key components of a hostile vehicle mitigation strategy. These solutions are vital for protecting public premises from the specific threat of vehicle-borne attacks, a key requirement for Enhanced Tier compliance.
• For “Procedural Control”: Harling’s integrated access control systems provide the technological backbone for an effective security plan. These systems can be linked to CCTV, video intercoms, and other monitoring tools to ensure that procedural duties, such as monitoring and vehicle checks, are managed and audited seamlessly.

Harling Security is not just a supplier; it is a full-service partner. From the initial design and consultation to manufacturing, installation, and long-term maintenance, the company provides a complete solution. This comprehensive approach is essential for ensuring that a business’s security measures are not only compliant with the law today but will remain reliable and effective for years to come.

For detailed information and more detailed information about Martyn’s Law, including compliance requirements and regulatory roles, readers are encouraged to consult official government resources and factsheets. The Home Office will publish statutory guidance to help organisations understand their legal obligations under the new legislation. This statutory guidance will be a key resource for interpreting requirements and implementing appropriate security measures. For ongoing updates, engagement, and further support, the Protect UK platform is also recommended.

Final Word: Securing Your Legacy

The passing of Martyn’s Law marks a significant shift in the UK’s approach to public safety, with the primary aim of keeping people safe in public spaces. It is a necessary and proportionate piece of legislation that establishes a new standard for the duty of care owed to the public. Compliance with this law is not an unnecessary burden; it is a critical step in building a more resilient and secure society.

For businesses and property managers, the first step towards compliance is to conduct a thorough risk assessment, as recommended by security experts. With the law now in place, the time for preparation is now. The legacy of Martyn’s Law is a dual one: it honours the memory of a victim of terrorism while at the same time building a safer future for everyone who uses and enjoys our public spaces.