ARTICLE
17 October 2025

Martyn's Law: What Live Music, Sport And Events Businesses Should Be Doing Now

LS
Lewis Silkin

Contributor

Lewis Silkin logo
We have two things at our core: people – both ours and yours - and a focus on creativity, technology and innovation. Whether you are a fast growth start up or a large multinational business, we help you realise the potential in your people and navigate your strategic HR and legal issues, both nationally and internationally. Our award-winning employment team is one of the largest in the UK, with dedicated specialists in all areas of employment law and a track record of leading precedent setting cases on issues of the day. The team’s breadth of expertise is unrivalled and includes HR consultants as well as experts across specialisms including employment, immigration, data, tax and reward, health and safety, reputation management, dispute resolution, corporate and workplace environment.
Explore Firm Details
The Terrorism (Protection of Premises) Act 2025 (the Act) – commonly known as "Martyn's Law" – is set to transform the way public venues and events across the UK approach security and preparedness for terrorist threats.
United Kingdom Government, Public Sector
Sally Hughes and James Thorpe-Jones
Your Author LinkedIn Connections
Lewis Silkin are most popular:
  • within Cannabis & Hemp, Tax and Strategy topic(s)

The Terrorism (Protection of Premises) Act 2025 (the Act) – commonly known as "Martyn's Law" – is set to transform the way public venues and events across the UK approach security and preparedness for terrorist threats.

The Act is named in memory of Martyn Hett, one of the 22 victims of the 2017 Manchester Arena terrorist attack. Since his death, his mother, Figen Murray, has led a tireless campaign to improve public safety and ensure that lessons are learnt from that event – a campaign that led to the passing of this legislation.

The Act received Royal Assent in April 2025 and is anticipated to come into force around April 2027, giving businesses plenty of time to prepare. When it does, owners and operators of a wide range of premises and event spaces will be subject to a new duty intended to enhance venue security and improve public safety.

While we wait for the Act to come into force, venues and organisers should start identifying which sites and activities fall within scope, what practical steps are needed for compliance, and how to ensure related technologies – such as facial recognition – are secure and legally compliant.

In this article, we provide an overview of the new law and highlight some of the key provisions and considerations for those affected.

Who does it apply to?

The Act applies to "qualifying premises" which are premises that consist of a building (or part of, or a group of buildings), that are wholly or mainly used for certain specified purposes (such as entertainment, leisure, sport, retail, hospitality, museums, visitor attractions, conference centres, and higher education), and in respect of which it is reasonable to expect that from time to time 200 or more individuals may be present on the premises at the same time. Certain premises are specifically excluded, for example, government premises and transport hubs.
Premises are classified according to capacity:

  • standard duty premises are qualifying premises where 200-799 individuals may be present at the same time.
  • enhanced duty premises are qualifying premises where 800+ individuals may be present at the same time.

Note that places of worship, childcare settings, schools, and further education institutions are always treated as standard duty premises, even if the number of individuals that might attend exceeds 800.

The Act also applies to "qualifying events" which are ticketed, members-only, or paid-for events open to members of the public held at premises that are not classified as enhanced duty premises but where 800 or more individuals may be present at the same time. For example, a qualifying event might be a temporary outdoor music festival.

What is required?

The requirements depend on the classification of the activity:

  • for standard duty premises, public protection procedures must "so far as reasonably practicable" be in place, with the objective of reducing the risk of physical harm being caused to individuals if an act of terrorism were to occur on the premises. These procedures cover evacuation, lockdown (preventing entry or exit), and clear communication with those on site. Importantly, those responsible for standard duty premises are not obliged to install new physical security measures.
  • for enhanced duty premises and qualifying events, public protection measures must be in place to reduce vulnerability to terrorist attacks and minimise the risk of harm caused if an act of terrorism were to occur. The measures must be assessed and kept under review and must cover:
    • monitoring the premises or event, and its immediate surroundings;
    • managing how people move into, out of, and within the site;
    • improving physical security at the premises or event; and
    • ensuring the security of information relating to the premises or event.

The procedures and measures must be documented and submitted to the Security Industry Authority (SIA), the entity responsible for the enforcement of the Act, along with an assessment of how they are expected to reduce risk and vulnerability. The extent and scope of the procedures and measures required is likely to be clarified by the Government in guidance to be released before the Act comes into effect.

Who is responsible?

Responsibility for compliance falls on the "responsible person", which is the person or organisation with "control" of the premises or event. Where multiple parties share control, such as landlords, operators, or event promoters, each will be considered a responsible person under the Act. They must, so far as is reasonably practicable, coordinate and work together, especially where premises overlap or are adjacent.

How will the Act be enforced?

The SIA will have powers to advise, investigate and enforce compliance with the Act. Where it identifies a breach, the SIA can issue compliance notices (requiring remedial action) or restriction notices (which can limit how, when or by whom a venue is used, or even prohibit an event from taking place). Penalties for non-compliance are significant: up to £10,000 for standard duty breaches, and for enhanced premises or events, up to the greater of £18 million or 5% of qualifying worldwide revenue, with additional daily penalties for ongoing breaches. Criminal liability may arise for failure to comply with notices or for providing false or misleading information.

Commercial takeaways for live music, sport and events

While we wait for the Government's official guidance, there are several practical steps that venues and organisers can take now to prepare:

  • Map out premises to identify which are likely to be caught by the standard or enhanced duties.
  • Understand which planned events might constitute qualifying events.
  • Identify the "responsible person" for each premises or event, and, for organisations, appoint a senior individual to oversee compliance. Where multiple parties are involved, such as landlords, operators, or promoters, establish clear protocols for coordination and information sharing.
  • Review and refresh your incident response plans to ensure they cover the applicable protections and measures, which may include evacuation, invacuation or shelter, lockdown, and effective communication with the public (using PA systems, screens, or mobile messaging as appropriate).

These plans should be aligned with your existing safety and crowd management procedures, and you could consider scheduling drills or exercises to ensure staff and contractors understand their roles and responsibilities.

If you are caught by enhanced duties, you could consider reviewing entry and crowd management procedures such as queuing systems, bag checks, and vehicle access controls, assessing monitoring tools like CCTV and radio communications, and implementing access controls in relation to sensitive site information (e.g., plans or control room details).

Be mindful that procedures and measures will need to work for disabled spectators, families, touring crews and other vulnerable groups, and multilingual communications should be considered where appropriate.

Legal considerations

We recommend that you review and update contracts with promoters, hirers and contractors where needed to reflect the new duties. You may also need to consider insurance and the costs of compliance as part of a wider liability discussion.

In addition, any venue/event considering deploying a technology solution (e.g., a ticketing system or an ID verification system) will need to be mindful of laws regulating:

  • Data protection if the solution processes personal data of staff or attendees e.g., the Data Protection Act 2018. Stricter protections apply to the processing of "special category personal data", which includes biometric data and will therefore need to be considered as part of a data privacy impact assessment carried out for any biometric verification or ticketing solution.
  • Artificial intelligence if the solution constitutes an "AI system" under the EU AI Act and falls into scope. If it does, compliance obligations may apply depending on the venue/event's use of the solution and its "operator" classification.
  • Equality and human rights to ensure that direct or indirect discrimination against individuals does not occur e.g., that an automated verification solution does not discriminate against event attendees contrary to the Equality Act 2010.

It'll be important to ensure that third-party vendors or hosting providers are subject to appropriate contractual obligations and restrictions, including compliance with law obligations, and that robust audit and information security measures are in place.

Staying prepared and further updates

As statutory guidance from the Home Office and the Security Industry Authority (SIA) is released, organisations should stay informed and be ready to adapt their plans and procedures accordingly. We will continue to monitor developments and publish further updates as the implementation period progresses.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Sally Hughes
Sally Hughes
Photo of James Thorpe-Jones
James Thorpe-Jones
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More