How is Martyn’s Law reshaping organisational preparedness?
Getting your Trinity Audio player ready...

Martyn's Law: Snapshot of what's needed

  • Preparedness is now essential; businesses must understand their exposure and plan realistic responses.
  • Policies alone are insufficient; organisations need to show their effectiveness in practice.
  • Leadership teams are accountable for resilience, decision-making and response.
  • Security risk management requires a structured, organisation-wide approach.
  • Insurance supports risk management, but insurers will expect clear evidence of strong controls and preparedness.
Senior, woman or business people in meeting with talking in teamwork for creative decision making. Collaboration, manager or professional employees with paperwork for project brainstorming in office
Following the introduction of the Terrorism (Protection of Premises) Act, the Home Office released statutory guidance in April 2026 outlining expectations for preparedness in practice. The guidance places greater emphasis on operational resilience, leadership accountability and proportionate planning.

Organisations are now expected to demonstrate how they prepare for, respond to and manage risks by embedding resilience into their operations. The law will be introduced with an implementation period; a lead-in phase that gives organisations time to understand the requirements and put the right measures in place, with enforcement likely around 2027.

Preparedness is becoming a governance issue

Operational preparedness has traditionally sat within functions like security or health and safety, but Martyn's Law shifts this to an organisational responsibility. Senior leaders and boards are now expected to demonstrate how resilience is managed and embedded across the business, with clear ownership, practical planning and staff awareness.

The law introduces a tiered approach based on risk exposure:

  • Standard tier: Smaller venues with lower footfall, focusing on basic, practical security measures.
  • Enhanced tier: Larger venues requiring more advanced measures, including risk assessments and structured training.

For organisations with multiple sites or complex structures, delivering consistent standards can be challenging, particularly where responsibilities are spread across teams or third parties.

Demonstrable preparedness is becoming the expectation

Preparedness needs to be visible and measurable. The focus is on proportionate, practical action rather than extensive physical security.

Key questions now include:

  • Who is accountable for preparedness?
  • How are decisions recorded and reviewed?
  • How are response plans tested?
  • How are employees trained and informed?
  • How is continuous improvement tracked?

These are no longer just operational questions — they're indicators of organisational maturity.

Common gaps in preparedness

Despite growing awareness, many organisations still face gaps in their readiness:

  • Crisis management teams: Often lack clearly defined roles or backup personnel.
  • Outdated plans: Not regularly reviewed or tested, limiting effectiveness.
  • Training gaps: Staff may lack sufficient understanding of emergency procedures, including evacuation and identifying suspicious activity.

How Martyn's Law affects different sectors

Martyn's Law extends beyond crowded venues, requiring public-facing organisations to take greater ownership of their risk exposure.

  • Public sector: Managing multiple sites and events creates coordination challenges.
  • Education and healthcare: Complex, high-occupancy environments require tailored approaches and strong leadership.
  • Charities: Organisations hosting fundraising or community events will need to understand and manage their responsibilities.
  • Hospitality, leisure, and retail: Large venues are central to compliance, while retailers must ensure consistency across portfolios.
  • Small businesses: May need more foundational support to understand and implement requirements.

Across all sectors, success depends on clear accountability, strong leadership and consistent risk management.

Operational preparedness for complex organisations

Organisations with diverse property portfolios, such as schools, hospitals and warehouses, require a more structured approach to preparedness:
  • Conduct site-by-site assessments to determine which locations are in scope.
  • Develop a central framework that can be adapted across different property types.
  • Implement proportionate security measures, such as access control, CCTV and, where appropriate, hostile vehicle mitigation.

Staff training is a critical part of this approach:

  • Build security awareness across all employees, not just specialist teams.
  • Ensure staff understand emergency response protocols such as "run, hide, tell";.
  • Provide clear briefings ahead of major events so roles and responsibilities are understood.
The goal is to enable staff to respond confidently, support public safety and apply preparedness measures consistently across locations.

The role of insurance and resilience maturity

Insurers are placing greater focus on how organisations identify and manage operational risks. While Martyn's Law is not an insurance requirement, it reinforces this direction.

Organisations with strong governance, clear accountability and mature resilience frameworks are better positioned to manage disruption, protect reputation and maintain stakeholder confidence.

Gallagher supports this shift through its Crisis Resilience offering, which provides access to structured frameworks aligned with best practice, alongside 24/7 response support and specialist consultancy.

It also helps organisations demonstrate preparedness during audits and assessments while aligning their approach with the requirements of Martyn's Law.

Martyn's Law FAQs

Will Martyn's Law affect my organisation?

If your premises are open to the public and meet certain size thresholds, you're likely to be in scope. This includes sectors such as retail, hospitality, education, charities, events and public venues.

What actions will organisations need to take?

Organisations will need to assess risk, have clear response plans, train staff and demonstrate that preparedness is part of everyday operations. To better understand what this means in practice, you can speak to a Gallagher specialist.

Who will be accountable for meeting the requirements?

A designated responsible individual will need to oversee compliance, with overall accountability resting with senior leadership and governance teams.


Disclaimer

The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.

Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 55 Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909.