Martyn’s Law is now a major topic for organisations responsible for publicly accessible buildings. For many duty holders, however, the challenge is not recognising the name. It is understanding what the law actually requires, when those requirements will apply, and how to prepare without overreacting or investing in the wrong measures.

Formally known as the Terrorism (Protection of Premises) Act 2025, Martyn’s Law was introduced to improve preparedness for terrorist incidents in places where the public may be present. It is intended to create a clearer, more consistent baseline for protective security and response planning across a wide range of premises and events.

For commercial and public building operators, that makes this a practical operational issue rather than a distant policy discussion. The law is relevant to how people enter a site, how staff respond during an incident, how communications work under pressure, and whether building procedures are robust enough to support evacuation, invacuation, or lockdown when required.

What is Martyn’s Law and why was it introduced?

Martyn’s Law is named in memory of Martyn Hett, who was killed in the Manchester Arena attack in 2017. The legislation was developed in response to long-running calls for a clearer legal framework requiring certain premises and events to consider terrorist threat preparedness in a more structured way.

Its purpose is not to turn every building into a high-security environment. Instead, it is designed to ensure that organisations responsible for publicly accessible premises take proportionate steps to prepare for the possibility of an attack and to reduce harm if an incident occurs. That means the law is fundamentally about preparedness, procedures, and sensible risk reduction.

For commercial and public buildings, this is important because terrorism preparedness has often been addressed unevenly in the past. Some organisations have strong site security and trained teams. Others have relied on informal arrangements or assumptions that do not stand up well under pressure. Martyn’s Law is intended to create a more consistent standard.

Does Martyn’s Law already apply now?

This is one of the most important questions, because there is still confusion around the timeline.

The Terrorism (Protection of Premises) Act 2025 received Royal Assent on 3 April 2025. However, the legal duties are not all immediately live simply because the Act exists. There is an implementation period before commencement, and government material has made clear that organisations will have time to prepare before the requirements are enforced.

That distinction matters. Royal Assent means the legislation has become law. Commencement is the point at which specific legal duties take effect. For commercial and public building operators, the current position is that preparation should begin now, but organisations should also be careful not to assume that every future requirement is already mandatory today.

The most sensible approach is to use this period to understand likely scope, review current procedures, and identify gaps in readiness.

Which commercial and public buildings are likely to be affected?

Martyn’s Law is aimed at certain publicly accessible premises and qualifying events. The exact application depends on the nature of the premises, whether the public has access, and the number of individuals reasonably expected to be present at the same time.

In broad terms, the Act creates a standard tier and an enhanced tier. The standard tier is aimed at qualifying premises where it is reasonable to expect at least 200 individuals to be present from time to time. The enhanced tier applies to larger premises and qualifying events where it is reasonable to expect at least 800 individuals to be present at the same time.

For building operators, this means the issue is not limited to obvious high-profile venues. Depending on occupancy and public accessibility, scope may include larger offices with public-facing space, shopping environments, entertainment venues, museums, healthcare sites, local authority buildings, education settings, hospitality spaces, and transport-related premises.

The key point is that operators should assess their buildings realistically. The law focuses on the number of individuals who can reasonably be expected to be present, not simply a rough guess based on headline capacity.

What will responsible persons need to do?

For those in scope, the Act places duties on the responsible person. That will usually be the organisation or person with control of the premises in the relevant sense, rather than necessarily the individual facilities manager alone.

At the standard tier, the emphasis is on preparedness. Organisations will need to have public protection procedures in place that are appropriate to the premises and capable of being followed by staff. Those procedures are expected to address practical responses to an incident, including evacuation, invacuation, locking down parts of the site, and communicating with people on the premises.

At the enhanced tier, expectations go further. Larger premises and qualifying events are expected not only to prepare procedures but also to consider, and where appropriate take, measures to reduce vulnerability to attack and reduce harm if one occurs. In practice, that may include a more detailed look at entry arrangements, internal zoning, monitoring, access control, communications resilience, and the management of crowded areas.

For commercial and public buildings, this does not automatically mean expensive capital works. In many cases, the first improvements will be procedural, organisational, and operational rather than purely physical.

How does Martyn’s Law relate to existing fire and security responsibilities?

One of the biggest misunderstandings is assuming Martyn’s Law is simply an extension of fire compliance. It is not.

Fire safety law is focused on protecting people from the risk of fire and ensuring appropriate fire precautions, warning systems, escape routes, and management arrangements are in place. Martyn’s Law is focused on preparedness for terrorist incidents. There is some overlap in practical response planning, particularly around evacuation and communications, but the legal purpose is different.

That said, the two areas do meet in the real operation of a building. A site’s fire alarm, voice communication systems, access control, door release strategy, lockdown capability, CCTV coverage, and staff training can all influence how effectively a premises responds to an incident. A building with integrated, well-maintained systems and a clear command structure is likely to be more resilient overall.

This is why Martyn’s Law should be viewed as part of a wider resilience conversation. It is not only about physical security. It is about how the premises functions under stress.

What practical steps should building operators take now?

The best starting point is a measured review of the premises and how it operates day to day.

Organisations should look at how the public enters and moves through the building, which areas are openly accessible, where queues or concentrations of people build up, how visitors are managed, and what options exist if part of the site needs to be secured quickly. They should also review existing emergency procedures to check whether they are genuinely usable in a hostile incident rather than only in a fire evacuation scenario.

Training is another major area. Procedures are not effective if staff are unfamiliar with them or unsure who makes decisions during a fast-moving incident. Teams need clear instructions, sensible escalation routes, and confidence in how to communicate with colleagues, occupants, and emergency services.

Maintenance and testing matter too. If a site depends on access-controlled doors, release functions, monitored alarms, intercoms, lockdown routines, or communication devices, those arrangements need to work reliably. Preparedness is not just about writing a document; it is about ensuring the systems and procedures behind that document remain dependable.

How can multi-site organisations prepare more effectively?

For larger organisations, consistency across the estate is often one of the biggest challenges.

A multi-site operator may have a portfolio that includes offices, educational facilities, public-facing buildings, service centres, and legacy properties with very different layouts and security infrastructure. If each site is managed in a completely different way, preparing for Martyn’s Law becomes far harder.

A more effective approach is to establish a common framework across the estate. That means setting out consistent principles for site assessment, responsible person roles, procedural planning, staff awareness, access control, communications, and maintenance, while still allowing for local differences in risk and layout.

Integrated systems can support that process. Access control platforms, monitored security systems, and clearly documented door, alarm, and communication strategies can make it easier to manage readiness across multiple buildings without treating every location as a separate project.

What should commercial and public building operators do next?

For most organisations, the right next step is not a rushed equipment purchase. It is an early gap analysis.

That review should examine whether the premises is likely to fall within scope, how many individuals can reasonably be expected to be present, what existing procedures already exist, and where the current weak points are. It should also look at the building systems that may support or hinder emergency response, including access control, fire alarm interfaces, lockdown arrangements, CCTV, communication tools, and monitoring.

From there, operators can prioritise sensible actions. Some sites may mainly need stronger procedures and staff training. Others may benefit from system integration, improved access control, clearer zoning, or a more robust monitored security strategy. For complex or multi-building environments, support from a competent provider can make planning more practical, especially where fire, security, access, and compliance issues overlap.

Conclusion

Martyn’s Law matters because it shifts terrorist preparedness from something optional or informal into a clearer duty for many publicly accessible premises and events.

For commercial and public building operators, the key message is not panic. It is preparation. The Act is about understanding whether your premises is likely to be affected, putting proportionate procedures in place, and making sure the building, its systems, and its staff are ready to respond effectively if the worst happens.

Organisations that use the current implementation period well will be in a much stronger position. By reviewing occupancy, public access, procedures, training, communications, and system reliability now, duty holders can move towards compliance in a controlled and proportionate way.