Every venue needs its own ‘black box’ for public safety, says Lloyd Major, CEO of the incident management software firm Halo Solutions, as a moral and operational obligation.
Safety concerns
Ten years ago, public safety concerns were dominated by high-profile terrorist plots. Today, terrorism remains a big concern, but it is layered with other threats. From unpredictable lone actors to mass crowd disorder caused by drones, climate stressors such as extreme heat events, and social media-fuelled flash events that can cause sudden crowd surges, risk has become more erratic, diverse and harder to contain.
This evolution has brought a new level of scrutiny and regulatory pressure. The Terrorism (Protection of Premises) Act 2025, also known as Martyn’s Law, aims to enhance security measures to better prepare public venues for any kind of incident by introducing new requirements for risk assessments, planning and incident accountability.
These requirements are to be taken seriously. Venues and events that cannot demonstrate audit-ready records of their safety responses by 2027 risk enforcement action in the form of restrictions, fines and criminal penalties. But as it stands, more than 60 per cent of UK venues and events still rely primarily on analogue systems, such as radios, spreadsheets, and manual logs to coordinate safety-critical operations, which are leaving dangerous gaps in accountability and evidence.
Cost of not knowing
Most operators feel their current processes are ‘good enough’. In fact, in Halo’s pre-demo questionnaire, more than 70% of security and operations leaders rate their confidence above 3 out of 5 when asked if their logs could hold up under the evidentiary standards of a legal proceeding. However, in the same survey, nearly all admit to the same frustrations: difficulty ensuring accuracy, patchy audit trails, and the impossibility of building a complete timeline after the fact. What’s missing is transparency.
In the event of an incident, control rooms, safety advisory groups, and insurers all need to demonstrate not only that the right decisions were made, but that those decisions can be evidenced. And that’s no small task when information is scattered across different devices and systems.
The financial impact of a failure is significant, with public liability claims already costing UK organisations more than £2.7 billion each year. And that’s only one part of the story. The other is the cost of public inquiries, which regularly run into tens of millions of pounds. Behind those figures are real people – attendees, operators and stewards who all suffer when something preventable happens or goes unrecorded.
Then there’s the cost of public confidence. High-profile public inquiries, such as the Manchester Arena Inquiry, have shown how the inability to demonstrate operational clarity causes trust to collapse. And rebuilding that trust can take years.
Under the latest regulations, organisations will need to demonstrate new proactive measures in ensuring public safety. To do so will require a clear, time-stamped, protected record of operations in real time. In other words, a black box for venues.
Digital record of truth
Transitioning from analogue methods of capturing operational data towards a ‘black box’ style digital audit trail to meet new evidentiary standards will take measured, practical planning, which mustn’t overlook the following three considerations:
1. Assessment
Organisations should begin by evaluating current incident management and documentation processes. Using available tools, such as the Incident Response Curve Calculator, will help identify the biggest strengths and vulnerabilities in response patterns and pinpoint opportunities to enhance preparedness and resilience to build a clear business case for investment
2. Technology integration
An incident management system will be crucial, but the right one will go beyond simple logging. A comprehensive platform will enable live communications and centralised tasking to align teams under pressure; a tamperproof, time- and user-stamped log that can withstand legal and regulatory scrutiny; advanced reporting and analytics that can quickly turn raw activity into insight; and integrated modules that unify risk, incident, and compliance processes into a single source of truth.
3. Training and culture
Another major consideration is how to embed a culture of transparency and continuous improvement through regular training and awareness programmes. This isn’t about micromanaging teams; organisations don’t need to watch everything. However, they do need to ensure that when key moments occur, they’re recorded, reviewed and remembered. The goal is to give teams clarity and confidence – a shared understanding of what’s happening, how to respond and how to carry those lessons forward.
Just as an aeroplane wouldn’t take off without a black box, it’s time that venues didn’t operate without one either. The evolving landscape of public safety and organisational accountability necessitates a shift towards a single source of truth – and this needs to arise through comprehensive incident documentation that not only ensures compliance but also fosters a culture of transparency, resilience, and continuous improvement.
