The wait is over. After six years of campaigning by Figen Murray and others, and just over a year after the law was given Royal Assent, statutory guidance for the Terrorism (Protection of Premises) Act 2025 has been published, marking a defining moment for venue operators, event organisers and public authorities across the UK, writes Rory McGoldrick, MD of the contractor SAFECROWDS GROUP.
While the legislation itself established the framework, the guidance and supporting documents now translate Martynโs Law into something more tangible โ they explain what compliance will actually look like in practice. The 129-page Statutory Guidance document, along with the non-statutory notes (methods for assessing the reasonable expectation of individuals present at premises and events, illustrative examples of scope, and further resources and learning), contain a lot of information to absorb and understand. Here we unpick what has become clearer with the new guidance, and outline the steps that you can take to prepare for compliance now that the guidance is in place.
What stays the same
The purpose of the guidance is to bring clarity to what compliance will look like in practice. The core framework of the legislation has not changed. The Act retains the core structure that those already familiar with Martynโs Law already understand. The legislation defines two levels of duty: Standard Tier for premises with a capacity of 200 to 799 people and Enhanced Tier for premises and events with 800-plus attendees. The requirement is for reasonably practicable procedures and measures, and the Security Industry Authority (SIA) will have responsibility for monitoring compliance.
From assumption to evidence
One of the most important clarifications contained in the guidance is the move away from simplistic capacity-based thinking toward a defensible, evidence-led assessment of whether premises or events fall within scope. Duty-holders are now expected to determine how many people may reasonably be expected to be present under normal circumstances, and to take an evidence-based approach to establishing this figure using real operational data. Accepted methodologies for this include:
It is clear that compliance requires an evidence-based approach to justifying assumptions. It also introduces a key safeguard: isolated or unpredictable spikes in attendance do not automatically bring premises into scope โ so the church fair example that has been raised by those opposed to the legislation has now been put to bed.
What reasonably practicableโ now means in practice
The guidance provides much-needed context for the concept of โreasonably practicableโ, anchoring it in proportionality, risk awareness and operational reality. Rather than prescribing fixed solutions, the guidance requires that duty-holders:
This enables flexibility while also demanding accountability, with organisations and individuals required to demonstrate why decisions were made, not just what was implemented.
A clearer structure for compliance duties
The guidance simplifies how duties should be understood and applied in practice, this is broken down into duties mandated by each tier, thus:
Standard tier premises:
Enhanced tier premises and qualifying events:
The emphasis is firmly on outcomes, such as effective procedures, appropriate measures, and clear accountability, rather than defining rigid frameworks.
Procedures first: the foundation of compliance
Across all in-scope premises and events, the guidance reinforces that procedural readiness is central, above and beyond physical security measures. But what does this mean in practice?
Duty-holders are expected to establish and maintain practical, usable plans that cover evacuation, invacuation (moving people to a safer internal location), lockdown and communication with staff, visitors and emergency services. These procedures must be realistic, tailored to the environment, understood by staff, and suitable for implementation under pressure. The message is clear: compliance is about making sure measures are in place that define what people will actually do in the event of an incident.
The critical importance of the โimmediate vicinityโ
A major area of clarification in the Statutory Guidance is how duty-holders should interpret the term โimmediate vicinityโ. This is critical clarification when considering operational protocols and protective security measures for Zone Ex areas, crowd flows and ingress/egress procedures.
The guidance confirms that the term โimmediate vicinityโ does not define a specific fixed distance. Instead, organisations must assess where people gather before entry, movement routes during ingress and egress, and adjacent public spaces connected to the premises or event.
This significantly expands the practical scope of planning. For many locations it means that risk does not start at the door, requiring a risk-based approach to considering operational procedures as well as physical security covering the wider crowd environment, not just the building or event footprint.
Enhanced tier measures: defining proportionate security
For enhanced tier duty-holders, the guidance provides a structured way to think about physical and operational measures, grouped into four categories:
Importantly, the guidance emphasises that measures should work together as a system and must align with procedures, with any gaps identified, documented and addressed over time.
This allows organisations to adopt a layered, proportionate approach, rather than defaulting to high-cost or highly visible interventions.
Training and awareness
While not framed as a standalone legal requirement, the guidance makes clear that staff awareness and competence are fundamental to effective delivery of the aims of Martynโs Law. The Statutory Guidance mandates that personnel must understand the procedures in place, be capable of implementing them and be provided with appropriate briefings or training. The expectation is not formal certification for its own sake, but operational readiness.
Coordination in complex environments
The Statutory Guidance recognises that many real-world settings involve multiple responsible persons. It highlights the importance of aligning procedures across stakeholders to avoid conflicting responses in the event of an incident, with coordination for shared spaces such as entrances, exits and the public realm. This is a critical practical point because poor coordination could undermine otherwise compliant arrangements.
Next steps: how to prepare now
With Statutory Guidance now in place, organisations can now begin to prepare for compliance, guided by a clear framework of whatโs expected for each tier.
Here are some key steps that organisations can take now:
The real shift: from documentation to decision-making
The most significant change required by Martynโs Law is cultural. Compliance is no longer about having a policy on file; it is about whether those responsible in your organisation understand your environment, have made informed, evidence-based decisions, and can act effectively under pressure. Those who start early, build evidence-based approaches and focus on practical implementation will not only meet the requirements of Martynโs Law, they will be better prepared to protect the people who use their spaces every day.
Photo courtesy of Safecrowds: event stewards in central London.
