No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • Artificial Intelligence (AI)
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Downloads
    • Download Whitepapers & Reports
    • Download eBooks
  • Research
  • Books
    • CCI Press
    • New: Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act by Severin Wirz
    • CCI Press & Compliance Bookshelf
    • The Seven Elements Book Club
  • Podcasts
  • Webinars
  • Videos
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Martyn’s Law: What New Anti-Terrorism Guidance Means for Event Organizers

Ahead of the expected entry into force next year, rules signal a cultural shift: counterterrorism preparedness embedded into everyday event planning

by Liam Lane and Constance Strasser
July 14, 2026
in Compliance
manchester uk terrorist attack flowers

Named for a victim of the 2017 Manchester Arena bombing, Martyn’s Law will place new counterterrorism duties on those running publicly accessible UK premises and events. Liam Lane and Constance Strasser of Peters & Peters examine what the recently published statutory guidance clarifies — from the tiered obligations to the emphasis on clear, recorded decision-making — and practical steps to consider now.

In May 2017, nearly two dozen people were killed and thousands more were injured in a terrorist bombing at a concert in Manchester, UK. Among those killed was Martyn Hett, and the law named for him is expected to enter into full force next year. 

Following the April publication of statutory guidance under Martyn’s Law (formally titled the Terrorism (Protection of Premises) Act 2025, organizations are now better-placed to understand how the legislation will operate in practice and what is required of them, as the guidance provides much-needed clarity on scope, responsibilities and the tiered framework that applies to qualifying premises and events.

A shift in expectations for event organizers

One of the key messages emphasized in the guidance is that the act represents a cultural shift in how security is approached in large, publicly accessible premises and events across the UK. The act assumes that a terrorist attack could occur anywhere and therefore places responsibility on those running premises and events to ensure they are always prepared, not only for large-scale or high-profile events.

For event organizers, this marks a move away from treating counterterrorism as a specialist or reactive issue and toward embedding it within core planning, risk management and operational decision-making.

The guidance outlines a two-tiered system, dividing events into two categories based on capacity, the standard tier (200-799 persons), the enhanced tier (800 or more persons). The guidance underlines that qualifying events are treated in line with enhanced-tier premises, meaning that organizers of larger events will face more extensive obligations, including assessing vulnerabilities and implementing appropriate mitigation measures.

Who is responsible?

One of the most practically significant issues for event organizers will be determining who bears responsibility under the act.

The guidance makes it clear that the responsibility will sit with the person or organization that has control of the premises or event. In the context of events, this can be complex. Multiple parties may be involved, including venue operators, event promoters, production companies and security contractors.

The guidance anticipates this complexity and introduces obligations of “co-operation,” where multiple parties have roles in delivering the event, and “co-ordination,” where there is more than one “responsible person.”

In practice, this means event organizers will need to clearly allocate responsibility at the contracting stage, ensure roles are documented and understood across all parties and avoid assumptions that the security responsibility rests solely with venues or third-party providers.

A failure to clearly define responsibility is likely to create a compliance risk and operational confusion in the unfortunate event of an incident.

executive meeting room empty seats
Compliance

UK Corporate Crime Law Puts ‘Senior Managers’ in the Hot Seat

by Ben Boorer
January 23, 2025

As Britain’s landmark economic crime law takes effect later this year, organizations face expanded liability and unclear guidance on compliance

Read moreDetails

‘Reasonably practicable’ standard

The concept of “reasonably practicable” is central to the act and the guidance. The guidance does not require organizations to eliminate all risk. It stresses that “there is no requirement for those responsible for premises or events to undertake (or to expect their staff to undertake) actions that are not reasonably practicable because those actions would compromise their own safety.” Instead, it requires steps that are proportionate, appropriate to the specific circumstances and balanced against cost, effort and operational impact.

Critically, the guidance emphasizes that organizations are not expected to implement measures that would put staff or others at undue risk, reinforcing that safety for all remains the overriding consideration.

For event organizers, this means moving away from a “checklist” mentality and toward a structured, risk-based approach. Examples of steps may include:

  • Developing and rehearsing evacuation, invacuation, lockdown and communication procedures
  • Ensuring staff and contractors are trained and aware of their roles
  • Considering site layout and crowd flow in the context of security risks
  • Assessing whether physical security measures are appropriate and sufficient

Enhanced-tier events will also need to consider vulnerabilities in advance and, where appropriate, take steps to reduce them, the key point being that decisions must be evidence-based and tailored rather than generic.

Clear and recorded decision-making

A running theme throughout the guidance is the importance of accountability, which is not limited to outcomes, but in the decision-making process itself.

Given the inherent flexibility brought to light in the “reasonably practicable” standard, organizations will need to be able to demonstrate how risks were identified, what options were considered and why particular measures were selected or rejected.

Maintaining clear and contemporaneous records will be critical in practice. For event organizers, this may include:

  • Written risk assessments addressing terrorism-related threats
  • Records of security planning meetings and decisions
  • Documented allocation of responsibilities between parties
  • Evidence of training and briefing for staff

Such records are likely to be important not only for regulatory compliance but also in the context of enforcement action by the Security Industry Authority, civil claims following an incident and reputational scrutiny, such as a public inquiry.

In this respect, parallels can be drawn between the act and existing regulatory regimes, such as health and safety, where documented reasoning and proportionality of measures are key.

Practical steps for event organizers

Although the act is not yet in force, the guidance makes clear that organizations should begin preparing during the implementation period. Steps include, but are not limited to:

  • Scoping: Determine whether events are likely to fall within the act particularly the enhanced tier threshold.
  • Responsibility mapping: Identify the likely “responsible person” and clarify allocation of responsibilities for staff members.
  • Analysis of current security and safety arrangements: Compare current security and safety arrangements against the requirements outlined in the guidance.
  • Developing procedures: Establish or refine plans for evacuation, invacuation, lockdown and communication.
  • Embedding a security culture: Ensure that counter-terrorism considerations are integrated into event planning processes and provide appropriate training and briefings to all staff members.
  • Documentation and governance: Implement systems for recording decisions and meetings.

Looking ahead

The guidance confirms that the act is intended to deliver a “step-change” in protective security across the UK.

For event organizers, the challenge will be to translate the flexibility built into the legislation into robust, defensible and practical measures. From a risk perspective, including reputational risk, safe operation and insurance agreements, organizations will need to adapt.

Organizations that begin early by clarifying responsibilities, adopting a structured approach to risk and embedding clear decision-making processes will be best placed not only to comply with the legislation but demonstrate effective and proportionate security standards in an increasingly complex risk environment.

This is republished with permission.
Tags: Risk Assessment
Previous Post

The UK’s FCA Is Weighing Real-World Impact, Not Just Careful Wording

Liam Lane and Constance Strasser

Liam Lane and Constance Strasser

Liam Lane is an associate in the business crime & investigations team at Peters & Peters in London. His practice encompasses a wide range of serious and general crime, financial misconduct, sanctions, INTERPOL red notices and internal investigations.
Constance Strasser is a paralegal at Peters & Peters in London.

Related Posts

nist sign building

NIST Database Change Rebalances Burden of Risk

by Nichole Windholz
July 13, 2026

Register of common vulnerabilities and exposures will have less federal context, leaving organizations to decide if a vulnerability warrants quick...

kalshi display nyc mayoral election 2025

Congratulations, You Have a Prediction Market Policy; Now What?

by Jennifer L. Gaskin
June 24, 2026

Ignoring prediction markets and employee temptations to bet on them isn’t going to make these increasingly popular platforms go away....

whack a mole seen from above

AI’s Blend of Bias, Privacy & Regulatory Risk Means You Can’t Patch Your Way Out of Exposure

by Hugh Mulligan
June 8, 2026

Take a system-wide view rather than attempting to plug holes

Allianz Civil Unrest

Political Violence & Civil Unrest Trends

by Corporate Compliance Insights
June 5, 2026

How exposed is your business to political violence risk? 2026 report Allianz 2026 Political Violence & Civil Unrest Trends Report...

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2026 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • Artificial Intelligence (AI)
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Downloads
    • Download Whitepapers & Reports
    • Download eBooks
  • Research
  • Books
    • CCI Press
    • New: Bribery Beyond Borders: The Story of the Foreign Corrupt Practices Act by Severin Wirz
    • CCI Press & Compliance Bookshelf
    • The Seven Elements Book Club
  • Podcasts
  • Webinars
  • Videos
  • Subscribe

© 2026 Corporate Compliance Insights