Ahead of July’s webinar - Martyn’s Law – Navigating the Labyrinth, we invited Calum Ronald, Senior Risk Consultant at Pool Re Solutions, for a Q&A session to give you an introduction to the upcoming legislation.

How would you summarise Martyn’s Law?

Whilst businesses comply with fire regulation and complete risk assessment for slips, trips and falls, consideration of terrorism is often ignored. This is despite a requirement under existing Health and Safety legislation to ensure the safety of visitors at venues from foreseeable risks, including those from terrorism.

As attacks such as the 2017 Manchester Arena bombing have shown, insufficient preparedness for a terrorist attack at UK business premises can contribute to catastrophic impacts including death, injury, property destruction and ongoing psychological harm.

Martyn’s Law (officially titled as the draft Terrorism (Protection of Premises) Bill) is the result of a tireless campaign led by Figen Murray, mother of Martyn Hett who was murdered on the night of the Manchester Arena bombing. Learning lessons from the attack, the law will be a step-change legal duty compelling business to consider the issue of terrorism and reinforce the existing requirements to protect the public at venues.

The draft bill includes for adoption of proportionate protective steps dependent upon venue size, crowd and potential impacts of a terrorist attack. The aim is to make public spaces in the UK safer, more secure, and better prepared in the event of a terrorist attack.

Who will Martyn’s Law apply to?

The draft legislation is currently undergoing parliamentary scrutiny and is therefore subject to change, however, it is currently expected to apply to upwards of 300,000 business premises in the UK.

To be in scope premises or events will need to meet the following three criteria:

  • Having public access.
  • A capacity of 100 or more persons.
  • Undertaking a qualifying activity (such as leisure, hospitality, education, healthcare).

Some locations such as private dwellings, offices, and transport infrastructure (where existing security regulations apply) are not currently expected to be within scope.

What will the new law require from organisations?

The law is likely to be applied on a tiered basis, due to the increased potential impact at more crowded locations. It is not currently outlined how capacities of premises will be calculated, and this will be outlined by the Secretary of State.

For smaller premises within the expected Standard tier (100-799 maximum capacity), this would involve simple low-cost (or no-cost) preparedness measures, such as:

  • Demonstrating awareness of the threat from terrorism.
  • Completing a terrorism evaluation.
  • Ensuring staff are adequately trained and aware of the threat, likely attack methods, and how to respond.
  • Taking basic mitigation steps, such as having an actionable lockdown plan, knowing how to evacuate, and having access to first aid equipment.

Premises and events with capacity of over 800 persons are expected to fall within the Enhanced tier.  Some of the potential requirements include:

  • Completing an Enhanced terrorism risk assessment, identifying relevant threats.
  • Producing, maintaining, and rehearsing a dedicated security plan, including reasonably practicable measures to reduce the risk of terrorism acts occurring onsite, and reducing the potential for harm.
  • Providing terrorism protection training for relevant workers.

All qualifying premises and events will likely be required to register with a regulator (to be defined and established) and provide necessary information, such as type of premises / event type, as well as details of the responsible person and senior officer (in the case of Enhanced premises / events) for implementing the legislated requirements.

When will this new law take effect?

Currently the legislation is a draft bill, being scrutinised by the Home Affairs Select Committee within the parliamentary approvals process. The law is currently expected to be passed in Spring of 2024. It is anticipated that a grace period will follow to allow time for businesses to implement the necessary changes.

How will Martyn’s Law be inspected and enforced?

Due to the potential consequences of non-compliance, failure to comply with the law is expected to be penalised with substantial weight through a system of contravention and penalty notices.

For the Standard tier, the maximum penalty is expected to be a £10,000 fine.

For Enhanced tier premises and events, expected penalties increase to a maximum of £18 million or 5% of global company revenue, as well as non-compliance being a criminal offence for which a custodial sentence may be given.

It is also anticipated that an independent regulator, with investigatory powers, will be established to inspect around 5% of premises per year. However, details on who the regulator will be are not included in the draft bill.

What can organisations do to prepare for the new law? Are there tools/technology that exist already that can help business get ready for Martyn’s Law?

While the legislation is still draft and subject to change, businesses should avoid any courses or tools that are purported to make you ‘Martyn’s Law compliant’, until we know what the finalised legislation says. Instead, the priority tasks for businesses should be to make use of existing trusted and free to access awareness and knowledge materials.

Protect UK is the central hub for counter-terrorism and security advice provided by Counter-Terrorism Policing and NaCTSO, funded by Pool Re. Resources on the hub include threat updates, training such as ACT aimed to improve preparedness of UK business to terrorism, and best-practice mitigation advice. In due course, further Martyn’s Law specific guidance, tools and templates will be hosted on the Protect UK hub.

Pool Re will continue to provide general advice and updates as the draft bill progresses through the Home Affairs Select Committee, to support understanding of the legislative requirements. This is hosted on Pool Re’s Solutions Centre – Martyn’s Law Hub, alongside a number of supporting threat insights and bulletins.

We are also participating in a joint Resilience First and Pool Re webinar; Martyn’s Law – Navigating the Labyrinth, (Tuesday 4th July 2023, 1pm to 2pm), to help business understand the likely requirement of Martyn’s Law. To register please click here.

Do you foresee any shared responsibilities?

Absolutely. One of the key learnings from the Sir John Saunders inquiry into the 2017 Manchester Arena attack was the failure to coordinate security responsibilities in areas of ‘Grey Space’. The draft legislation therefore sets out specific clauses requiring cooperation with others, and delegation of responsibility.

Whether that be internal responsibilities shared between responsible person(s), boards and staff, or external responsibilities with event hosts, security providers, neighbours and parties in the immediate site vicinity, responsibility is a core component of the bill.

Framed in the view of liability, sanctions and penalties, businesses must be clear on who holds various responsibilities for security provision, and actively coordinate, communicate, and engage with partners. This will involve coordination during the threat assessment and security plan preparation stages, as well as fully documenting all responsibilities.

What are the potential benefits of Martyn’s Law legislation to business?

The fundamental benefit is that undertaking the outlined preparedness steps will help ensure people accessing a venue or event are kept as safe as reasonably possible from the threat of terrorism. The foundations of Martyn’s Law cannot be forgotten in this goal; the loss of 22 lives and injury to hundreds more at Manchester Arena, contributed to in part by failures in security preparedness and prevention.

Benefits of compliance with Martyn’s Law legislation will not only be restricted to the threat of terrorism, which fortunately is not a regular occurrence. Basic preparedness steps can help in deterring more regular malicious activities that businesses often face, such as criminality and anti-social behaviour, or even be of use during non-malicious incidents such as a first-aid incident. Ultimately, the law prepares businesses to be resilient and prepared, which is applicable to a variety of scenarios (terrorism or non-terrorism related).

When a pounds and pence justification is sought, the added value of being a safe, secure, and welcoming public premises should not be forgotten. The fact that 70% of responses to the Government’s consultation on Martyn’s Law stated they wish to see public locations actively mitigating the threat of terrorism is telling. From a cost-benefit analysis perspective, Martyn’s Law compliance could quickly become an issue of business reputation and success, alongside consideration that implementing basic preparedness measures is far cheaper than the potential financial penalties of non-compliance or potential legal liability following a terrorism threat.

Any last thoughts from Pool Re on Martyn’s Law?

The legalese and complexity of the current draft bill should not distract from the fundamental priority of Martyn’s Law; ensuring businesses are prepared and able to deal with a terrorist incident to a proportionate level, reducing potential harm to the public.

During the period of parliamentary scrutiny, the legislation is bound to change and be amended, with complexities debated and ironed out.

The passing of the legislation into law should not be the light-switch moment that businesses are awaiting, before considering their preparedness to deal with a terrorist incident. Right now, business can take simple preparatory steps. Begin understanding the threat, access existing free awareness materials and training, ensuring your business is as prepared as possible if the worst were to occur. Completing these steps will put you in good stead for when the legislation is introduced.

About Calum

Calum is a Senior Risk Consultant in the Pool Re Solutions team. He provides risk mitigation advice and support to Pool Re members, policyholders, and wider security industry, focusing on the threat from terrorism. With experience providing protective security advice in the built-environment, he has consulted across a broad range of sectors including CNI sites such as major transport infrastructure, crowded Publicly Accessible Locations, sports / event stadia and high-end commercial premises.