Martyn’s Law Statutory Guidance Published: What You Need to Know

For many organisations, the biggest takeaway is this:

Martyn’s Law is not a prescriptive security regime; it is an accountability framework.

Rather than mandating blanket security controls, the legislation focuses on whether organisations can demonstrate that they have:

• Understood their vulnerabilities
• Considered proportionate protective measures
• Put practical procedures in place
• Documented and justified their decisions

This represents an important change in how organisations will need to think about compliance.

What Is Martyn’s Law?

Martyn’s Law was introduced following recommendations made after the Manchester Arena Inquiry and aims to improve preparedness and protection against terrorist attacks at publicly accessible premises and events.

The legislation will introduce legal duties once it comes into force, for organisations responsible for qualifying premises and events to consider to consider how they would reduce harm in the event of a terrorist incident, and implement proportionate public protection arrangements.

The Statutory Guidance published in April 2026 provides further clarification around:

• Which premises and events fall within scope
• How the standard and enhanced tiers apply
• How the “Responsible Person” is determined
• What public protection procedures are expected
• How the Security Industry Authority (SIA) will regulate compliance
• How concepts such as “reasonable practicability” should be interpreted in practice

The Tiered Approach Remains

The guidance confirms the two-tier structure originally expected under the Act:

Standard Tier

Applies to events with an expected capacity of 200–799 people.

The focus is primarily on practical procedures, including:

• Evacuation
• Invacuation
• Lockdown
• Communication arrangements

Enhanced Tier

Applies to premises and events with an expected capacity of 800+ people.

Enhanced Tier organisations will face additional responsibilities, including:

• Documenting procedures and measures
• Demonstrating how decisions reduce vulnerability
• Maintaining ongoing review and governance processes

The proportional nature of the legislation remains central throughout the guidance.

What Has Changed From Early Expectations?

One of the most interesting developments from the published guidance is that several areas appear less prescriptive than originally anticipated.

No Mandatory Training Accreditation

While staff must be capable of carrying out procedures effectively, the legislation does not mandate specific training qualifications or accredited courses.

Instead, organisations are expected to ensure competence in practice.

No Prescribed Terrorism Risk Assessment Format

There is currently no legally mandated terrorism risk assessment template, methodology, or scoring system.

The emphasis is instead placed on understanding vulnerabilities and taking proportionate action.

No Automatic Requirement for Physical Security Measures

The guidance does not require organisations to automatically install measures such as:

• CCTV
• Hostile vehicle mitigation
• Security screening

Physical controls are only expected where they are considered reasonably practicable and proportionate.

Accountability and Defensibility Are Now Key

Although some areas are lighter-touch than expected, the guidance places greater emphasis on organisational accountability.

For Enhanced Tier premises in particular, compliance will rely heavily on:

• Clear documentation
• Structured decision-making
• Evidencing why measures were — or were not — implemented
• Ongoing review processes

In practical terms, organisations will need to be able to justify both their actions and omissions.

This means governance, record keeping, and operational coordination will become increasingly important.

What This Means for the FM Sector and Managing Agents

One of the most significant clarifications within the guidance relates to the role of Facilities Management providers and managing agents.

The legislation makes clear that the “Responsible Person” is determined by operational control — not simply ownership or contractual position.

This has important implications across many FM-led environments, including:

• Shopping centres
• Mixed-use developments
• Managed estates
• Multi-occupied commercial buildings

Where FM providers coordinate site-wide operations, control access and egress, or manage common areas, they may well be the Responsible Person, as defined.

Why FM Providers Are Central to Compliance

For many FM organisations, this legislation formalises responsibilities they already manage operationally every day.

FM teams are often best placed to:

• Coordinate evacuation and lockdown procedures
• Align multiple occupiers and stakeholders
• Manage communication processes
• Ensure consistency across large or complex estates

The guidance also strengthens expectations around coordination between parties operating within the same premises or estate.

This means effective collaboration between landlords, tenants, managing agents, and service providers will become increasingly important as implementation progresses.

Practical Steps Organisations Should Take Now

At this stage, the focus should not be on overcomplicating compliance or rushing into unnecessary expenditure.

Instead, organisations should begin by building a clear understanding of:

1. Operational Responsibility

Review who controls day-to-day operations across your estate and where responsibilities sit in practice.

2. Existing Procedures

Assess whether current emergency procedures adequately consider terrorism-related scenarios.

3. Coordination Arrangements

Identify where multiple stakeholders need to work together to ensure procedures remain aligned and effective.

4. Documentation and Governance

Consider how decisions, vulnerabilities, and protective measures will be recorded and reviewed over time.

5. Staff Awareness and Preparedness

Ensure staff understand procedures and can respond appropriately if required.

The organisations most likely to succeed under Martyn’s Law will not necessarily be those with the most visible security measures, but those able to clearly demonstrate proportionate, well-considered decision-making.

The Bigger Picture: Safety Beyond Compliance

At Ligtas, we believe health and safety should go beyond simply meeting legal obligations. Our role is to help organisations build practical, proportionate approaches that protect people, support operational resilience, and create confidence.

The publication of the Statutory Guidance provides a clearer direction of travel, but there is still time for organisations to prepare thoughtfully and proportionately ahead of implementation.

The key message remains simple:

You are not expected to do everything — but you are expected to justify what you do and do not do.

That principle is likely to underpin Martyn’s Law compliance for years to come.