What is Martyn’s Law?

Welcome to the Universal Verification newsletter – Universally Speaking.

Issue number 010 – What is Martyn’s Law and how will it affect your Attraction

We were at the ADIPS and PIPA SHAD in Sutton Coldfield earlier in March. (A SHAD is a Safety and Health Awareness Day aimed at controllers of amusement devices and inflatable play equipment.)

In the question and answer session, someone in the audience who runs a trade association asked about Martyn’s Law – also known as the Terrorism (Protection of Premises) Act 2025.

It was interesting to see that not many controllers there were familiar with Martyn’s Law; it’s something that all controllers/ operators need to be aware of.

We’re hearing a lot of concern about Martyn’s Law, so here’s a little overview.

Why are people intimidated by Martyn’s Law?

There are a number of things that make it seem intimidating:

1. It’s a new law. Many attractions have managers who’ve worked at other locations within the industry, and these managers can draw on their experience to work out a process for complying with existing laws. For a new law, everyone is having to figure out what to do for the first time.
2. Smaller attractions often look to bigger attractions to see how they handle an issue. This can be difficult for Martyn’s Law, because a lot of the steps are taken behind the scenes. Bigger attractions might be unable or unwilling to share how they’d deal with a terrorist attack.
3. Because it’s a new law, there aren’t examples of businesses who’ve been prosecuted under it. Because there aren’t any legal precedents, it can be harder to know how a court’s going to interpret the law.
4. Because terrorist attacks are thankfully very rare, few of us have had any firsthand experience in dealing with one.
5. Most of the previous terrorist attacks have taken place in other industries, adding to the lack of expertise in the theme park sector.
6. The regulator is the SIA (Security Industry Authority), rather than the HSE (Health and Safety Executive) which a lot of us are more familiar with.
7. The risks can shift, depending on external events over which we have no control.
8. Martyn’s Law addresses incidents arising due to deliberate acts.  This is different to the bulk of health and safety activity, which is focused on preventing accidents.
9. There are clearly several major variables outside our control.

Like any new law, guidance will evolve, including from the regulator, the SIA. It will also evolve in response to any future attacks, or planned attacks. Nonetheless, it’s time for parks and attractions to start complying with the new law.

We certainly don’t have all the answers. No one does unless they’ve got a crystal ball hidden away. But it is clearly an issue that’s concerning a lot of our clients, so we wanted to discuss it.

Why was Martyn’s Law created?

For those who aren’t familiar with Martyn’s Law, it has been introduced partly in response to the bombing/terrorist attack at an Ariana Grande concert at the Manchester Arena in 2017. 22 people were killed and 1,017 people were injured.

Martyn Hett was one of the 22 people who were killed. He was aged 29 at the time. His Mum was key in campaigning for the Terrorism Act, which is often referred to as Martyn’s Law in memory of him.

Following the attack there was a public inquiry to identify learning points. The first part (‘Volume 1`) of the output from the inquiry was published in 2021.  It looked at the missed opportunities to prevent the attack.

The second part was published in 2022, looking at the response from the emergency services.

The third part was published in 2023 and looked at the radicalisation of the terrorist.

For attractions wanting to learn lessons from the Manchester Bombing, Volume 1 is likely to be the most relevant:

https://assets.publishing.service.gov.uk/media/60cc659fe90e07438f7af765/CCS0321126370-002_MAI_Report_Volume_ONE_WebAccessible.pdf

Because Martyn’s Law is designed to help learn lessons, particularly based on this report, the report is useful for anyone looking to create a plan for dealing with Martyn’s Law.

There are plenty of consultants who will help attractions formulate a response to Martyn’s Law. It might well be worth consulting a specialist. At the same time, controllers (the attractions) ultimately have responsibility for ensuring the safety and compliance of their venues. Whilst you can benefit from specialist expertise, it’s going to be useful to have some in-house understanding of the law, rather than completely relying on external consultants.

What other events can we refer to?

Martyn’s Law draws on the lessons from the Manchester Arena Inquiry and is designed to make a terrorist attack less likely in the future, and to improve the response if there is an attack.

So, the Manchester attack was the immediate impetus, but there have also been other terrorist attacks on major events. These include a number of attacks on Christmas markets in other European countries, and three Taylor Swift concerts were recently cancelled because the CIA had evidence of a planned attack.

Terrorist attacks remain very rare, but the consequences from them can be very serious. They are therefore categorised as ‘low frequency, high consequence’ events.

How did it become law?

Martyn’s Law has had cross party support in both The House of Commons and The House of Lords. Whilst Martyn’s Law was delayed because of the 2024 general election, it was passed during the next Parliament and received Royal Assent in April 2025.

The purpose of the law is to ensure organisations respond to threats in a reasonable and proportionate manner. The nature of the threats is likely to evolve.  We have already seen evidence of this with new technologies, for example the use of drones or online photos from satellites (such as Google earth) in planning attacks.  Further, the internet has made it easier to radicalise individuals, leading to a rise in ‘lone wolf’ terror attacks.  Terror threats can rise of fall depending on geo-political issues.  There is also a risk of copycat attacks as terrorist activity becomes more widely publicised.

The risk will also vary depending on the characteristics of an individual event. This includes the density of crowds, and whether there are specific aspects that a terrorist might want to target. For example, we’ve seen attacks on Gay Pride events, and gay nightclubs such as the Pulse attack in Orlando.

So where do we start with all this?

Each attraction will need to have an ‘Appointed Person’ for ensuring compliance with Martyn’s Law. That doesn’t mean that all the responsibility sits with them. The organisation has a responsibility to make sure the appointed person has the:

• Appropriate training.
• Time to make and implement a plan.
• Authority to make decisions, and to be listened to.
• Resources they need.

Regardless of the identity of the Appointed Person, meaningful buy in from the directors and general manager/CEO will be important.

Aside from any consultants used, responding to Martyn’s Law is likely to involve collaboration between several departments including:

• Health and safety.
• Security.
• First aid.

Similarly to other UK safety laws, Martyn’s Law is based heavily around the concept of managing risk, and risk assessments. This should be a familiar approach for anyone who works in health and safety. However, if your Appointed Person is from a security background, then they may have less experience in carrying out risk assessments, and consequently they will need more support.

As with other areas of safety, the procedures and policies should be based around controlling the risks identified in the risk assessments.

Authoring the risks assessments and related procedures requires a collaborative approach, which should include consultation with the employees working at the attraction. External advisors can help you prepare for Martyn’s Law, but their advice should be dovetailed with the specifics of the particular attraction.

Although the most recent terrorist attacks are likely to be top of mind for employees, other types of attack also need to be covered in the incident management planning.

These include:

• Marauding attacker.
• Vehicle attacks.
• IED (Improved Explosive Device).
• Fire as a weapon (arson).
• Chemical, biological or radioactive attacks.
• Other attacks including cyber and drone attacks.

The odds are your attraction probably already has a response plan for a number of these threats. For example, there have been talks at recent amusement conferences addressing the risk of cyber security and how to take sensible precautions.

The better the attraction’s baseline safety, the less it will need to do to meet the requirements of Martyn’s Law. However, it is only when you start consulting your staff, doing research, risk assessing and writing your plans, that you will identify some of the potential gaps.

When do we need to do this?

We are now in a 24-month implementation period. This means the law has already been passed, but it won’t start being proactively enforced until 2027.

The SIA won’t require evidence that you’re following the law until the implementation period has finished. However, if you’re not following it and you have a terrorist attack which is handled poorly, then the fact you weren’t following a law that’s already been passed could well be detrimental.

For some venues, making plans and changes to comply with Martyn’s Law is a major piece of work; hence the 24-month implementation period.  If your attraction hasn’t started to prepare for the new law then you are probably already behind the curve and need to start taking action.  External consultants may be able to increase the speed at which you prepare, but there will still be a body of work to complete in-house.

For more information on Martyn’s Law, and how you can prepare, please speak to Neil Wilson on Neil@universal-verification.com