Martyn's Law: UK Business Premises Security Checks

Martyn's Law has moved from "something that might happen one day" to something UK businesses need to start planning around properly.

The Terrorism (Protection of Premises) Act 2025 received Royal Assent on 3 April 2025. The Home Office published statutory guidance in April 2026. The Security Industry Authority is being set up as the regulator. That means the direction of travel is no longer vague.

The Act is not in force yet. There is an implementation period of at least 24 months from Royal Assent, which gives businesses time to prepare. But that time is not a reason to park it. It is the reason to use the next maintenance visit, site survey or security review properly.

For FIDEC's kind of clients, this is the important bit: Martyn's Law is not limited to writing a policy and putting it in a folder. It is about whether your premises can actually respond when something serious happens at the front door, in the car park, at reception, or during a busy public event.

Why This Topic Is Getting So Much Attention Now

Search interest around Martyn's Law has risen because business owners, facilities managers, schools, venues, landlords and event operators are all trying to answer the same uncomfortable question: does this apply to us?

That question has become sharper since the 2026 statutory guidance and SIA updates. Until recently, many businesses knew the name but not the detail. Now they are seeing thresholds, duties, regulator language and practical examples.

And the practical examples matter. A retail unit, training centre, hotel, leisure facility, place of worship, education site, community venue or commercial building used for public events can all end up looking at the same core issues: entry control, CCTV coverage, staff communication, evacuation, invacuation and lockdown.

Who Is Likely to Be in Scope?

Broadly, Martyn's Law applies to qualifying premises and qualifying events where members of the public may be present. The main threshold most businesses will hear about is 200 people.

• Standard tier: Premises where it is reasonable to expect between 200 and 799 individuals, including staff, to be present at the same time from time to time.
• Enhanced tier: Premises where it is reasonable to expect 800 or more individuals to be present at the same time from time to time.
• Qualifying events: Certain publicly accessible events with 800 or more people, where entry is controlled.

There are exceptions and special cases. Places of worship and many education settings are treated differently, even where numbers exceed 800. Some transport premises are excluded because they already sit under other security regimes. So, no, you should not rely on a one-line summary from LinkedIn to decide whether you are in or out.

The Bit Businesses Often Miss: Responsibility Cannot Be Outsourced

The statutory guidance is very clear that every qualifying premises or event will have a responsible person. That is the person, company or organisation with control of the premises for the relevant use.

You can delegate tasks. You can ask a fire and security contractor to review your systems. You can ask consultants to help with procedures. But the legal responsibility itself does not transfer to the contractor.

That should sound familiar. Fire safety works in much the same way. You can bring in competent people, and often should, but the responsible person still needs to understand what has been put in place and why.

What Standard Tier Premises Need to Think About

For standard tier premises, the focus is on public protection procedures. In plain English, staff need to know what they would do if an attack happened or was suspected.

The guidance talks about procedures including evacuation, invacuation, lockdown and communication. These procedures connect directly to the building and the systems inside it.

• Evacuation: Can people leave quickly without being sent toward the danger?
• Invacuation: Can people be moved inside, away from an external threat, to safer internal areas?
• Lockdown: Can entry points be secured quickly, without trapping people where they should be able to escape?
• Communication: Can staff share clear instructions quickly enough for the procedure to work?

This is where a paper plan starts meeting reality. If your reception team cannot lock the right doors, if your CCTV does not cover the entrance properly, if staff cannot tell what is happening outside, or if your fire alarm evacuation plan conflicts with a lockdown plan, the procedure is fragile.

What Enhanced Tier Premises Need to Think About

Enhanced tier premises have additional requirements. The Act expects public protection measures, so far as reasonably practicable, to reduce vulnerability to an attack and reduce the risk of physical harm if one happens.

For larger premises, this is where security hardware, fire safety systems and operational procedures start to overlap. You may need to look at:

• CCTV coverage: Entrances, queueing areas, reception desks, external doors, loading bays and public-facing car parks.
• Access control: Which doors can be secured, who controls them, and what happens during fire alarm activation.
• Intruder alarms: How out-of-hours security supports the wider protective security plan.
• Door hardware: Whether controlled doors can support lockdown without creating an evacuation hazard.
• Fire alarm interfaces: Whether evacuation, door release and security procedures work together rather than against each other.

There is a trap here. Some businesses will hear "security" and immediately think "more locks". That is not the right starting point. A badly designed lockdown arrangement can create a life safety risk. A door that should release for escape cannot simply be treated like a normal security door.

Your CCTV Is Only Useful If Someone Can Use It

CCTV is going to come up in a lot of Martyn's Law conversations. That is understandable. It gives staff visibility of entrances, external areas and suspicious activity before someone is already at the desk.

But CCTV is not magic. A camera facing the wrong way, a recorder no one can access, or a system that only the installer knows how to use will not help much during a live incident.

A useful review should ask simple questions:

• Can staff see the main approach routes before opening a door?
• Are blind spots around entrances and side doors understood?
• Can footage be retrieved quickly after an incident?
• Is the image quality good enough to identify what happened?
• Who is allowed to access the system, and have they been shown how?

Access Control Needs a Fire Safety Conversation

Access control is one of the most useful systems for protective security, but it is also one of the easiest to get wrong if nobody thinks about escape routes.

Under normal conditions, controlled doors help keep unauthorised people out of private areas. During an emergency, the same doors may need to release, remain secured, or be controlled in stages depending on what is happening. Fire alarm activation, emergency door release, staff override and lockdown all need to be thought through together.

If you have magnetic locks, electronic strikes, turnstiles, shutters, intercoms or reception-controlled doors, this is not a theoretical issue. It is exactly the sort of detail that should be checked before procedures are signed off.

Do Not Forget the Ordinary Stuff

Most failures in real emergencies are not caused by exotic problems. They are caused by ordinary things nobody checked.

• The side door that does not close properly.
• The camera that has been offline for six months.
• The access control fobs that were never removed after staff left.
• The fire exit being treated as a storage area.
• The alarm maintenance contract that lapsed quietly.

Martyn's Law will push businesses to look at protective security, but the first useful step is often basic housekeeping. Get the existing systems working properly. Know what you have. Know what is missing. Then decide what needs upgrading.

A Sensible First Step for Business Owners

If you are responsible for a premises that may fall within scope, start with a practical site review rather than a panic purchase.

Walk the building and ask:

• How many people could realistically be present at the same time?
• Where can members of the public enter?
• Which doors can be controlled, secured or released?
• Can staff see what is happening outside before opening up?
• Do fire alarm, access control and security procedures contradict each other?
• Are maintenance records current for fire alarms, CCTV, intruder alarms and access control?

That gives you a useful starting point. It also prevents the most common mistake: buying equipment before understanding the risk.

Where FIDEC Fits In

FIDEC cannot make a business compliant with Martyn's Law by installing one product. Nobody credible should tell you otherwise.

What we can do is help you understand whether the systems in your building support the procedures you are likely to need. That means checking CCTV coverage, access control, intruder alarms, fire alarm interfaces, door release arrangements and maintenance records as part of a joined-up review.

If your premises is publicly accessible, regularly busy, or used for events, now is the right time to look at it. Not in a panic. Not with a box-ticking mindset. Just properly.

Contact FIDEC Security Solutions for a free site survey or premises security review. Call 0333 3662 007 or email info@fidecss.co.uk.