On 15 June 2026 the first operational provisions of the Terrorism (Protection of Premises) Act 2025 — Martyn’s Law — came into force. The commencement regulations, published on 10 June, do not yet impose duties on venues themselves. What they do is switch on the machinery of the regulator. The Security Industry Authority now has a statutory duty to produce guidance on how it will police the Act, and the government continues to point to spring 2027 for the main duties. The preparation window now has a visible end.
What the Act requires
Martyn’s Law received Royal Assent on 3 April 2025, with the government committing to an implementation period of at least 24 months before the duties on premises commence. It applies to premises used for the purposes listed in Schedule 1 of the Act — hotels, pubs, restaurants, shops, sports grounds, entertainment venues, healthcare premises and more — where it is reasonable to expect that 200 or more individuals may be present at the same time. The Act creates two tiers.
- Standard tier (200 to 799 people). Those responsible must notify the SIA of their premises and have in place, so far as reasonably practicable, appropriate public protection procedures covering evacuation, invacuation (moving people to safety within the building), lockdown and communication in the event of a terrorist incident. The standard tier is about workable procedures, not mandated physical works.
- Enhanced tier (800 or more people). In addition, those responsible must put in place appropriate public protection measures to reduce the premises’ vulnerability and the risk of harm — which can include monitoring measures such as CCTV — document those procedures and measures with an assessment of how they reduce risk, and designate a senior individual accountable for compliance.
What changed in June 2026
The Terrorism (Protection of Premises) Act 2025 (Commencement No. 2) Regulations 2026 brought two sets of provisions into force on 15 June. Section 12 places a statutory duty on the SIA to produce guidance on how it will exercise its regulatory functions, with the Home Secretary’s approval required before publication. Sections 18(5) to (7) require the SIA to lay before Parliament a statement defining qualifying worldwide revenue — the concept that sets the ceiling for enhanced tier penalties.
The SIA has been consulting in parallel. Its public consultation on the draft section 12 guidance opened on 15 April 2026 and closed on 12 June 2026, and responses are now being analysed ahead of ministerial sign-off. In plain terms: the regulator has moved from design to delivery.
The penalties are not trivial
Standard tier premises face civil penalties of up to £10,000 for non-compliance. For enhanced tier premises and qualifying events the maximum is £18 million or 5% of qualifying worldwide revenue, whichever is greater, with daily penalties available for continuing breaches. The SIA will also be able to issue compliance notices and restriction notices.
What this means for you
If you operate hotels, hospitality venues, leisure facilities or any publicly accessible premises, the first task is an honest capacity assessment. The test is the number of people it is reasonable to expect on site at once — staff included — not simply your licensed capacity. That number decides your tier, and whether you are in scope at all.
The second task is reconciling counter-terrorism procedures with your fire strategy. Invacuation and lockdown pull in the opposite direction from fire evacuation: a lockdown arrangement that impedes escape routes would put you in breach of the Regulatory Reform (Fire Safety) Order 2005. The two plans must be written together, not bolted on separately.
A practical checklist for the months ahead
- Confirm whether each site meets a Schedule 1 use and the 200-person threshold, and record the assessment.
- Identify who is responsible for compliance at each premises and, for enhanced tier sites, nominate the designated senior individual now.
- Draft the four core procedures — evacuation, invacuation, lockdown, communication — and walk-test them with the staff who would actually carry them out.
- Map existing CCTV, access control and intruder systems against the procedures they need to support, and note the gaps.
- Cross-check lockdown plans against your fire risk assessment and escape strategy.
- Watch for the SIA’s final section 12 guidance, expected once ministerial approval is given.
Gemini AMPM designs, installs and maintains NSI Gold accredited security systems — CCTV, access control and intruder alarms — alongside fire detection, which means lockdown and evacuation can be engineered as one strategy rather than two documents that contradict each other. If Martyn’s Law puts your premises in scope, spring 2027 is closer than it looks.