Public safety concerns increasingly dominate the agenda for all event organisers. The introduction of The Terrorism (Protection of Premises) Act 2025 – also known as Martyn’s Law – has focused attention on accountability and the risks associated with terrorism. But as the market floods with so called compliance solutions and services, it is important for event organisers to understand the new regulatory landscape. 

The Security Industry Authority (SIA) indicates it is taking a collaborative not punitive approach to compliance. Following 18 months of preparing, training people and issuing guidance for the interpretation of the legislation, the SIA will focus on building trust with the Event Industry and other Publicly Accessible Locations (PALs). Two further years of leading organisations towards compliance, as opposed to any punitive measures, allows organisers to safely adopt a ‘watch and wait’ posture.

It is time for education, training and understanding, not tick box solutions that cannot possibly reflect the specific safety requirements of guidance that has not yet been issued! As Lloyd Major, CEO, Halo Solutions, states, don’t ignore the legislation; take steps to understand the guidance and likely impact on a business, but there is no need for any panic purchases or large-scale expenditure. 

Pragmatic Regulatory Approach

For all event organisers, from permanent arenas to pop up festivals, Martyn’s Law will provide a much-needed framework to support planning and resourcing as well as day to day management. It is, however, just one of a number of regulations affecting events. Organisers were already charged with compliance under a raft of regulations including Health and Safety, the Security Act 2000 and the Licensing Act 2005 and, as such, have extensive experience of the regulatory compliance process.

Furthermore, while this is an important regulation, there is no need to panic or embark on knee-jerk changes. The SIA is not expecting event organisers to be immediately compliant. It is instead working with the industry to understand how best to meet the new requirements and encouraging event owners and organisers to undertake education and training to determine how the regulation affects their specific location, customer base and risk profile.  There will be a gradual evolution, with fines for non-compliance unlikely to be applied straightaway. 

In the events industry specifically, and especially for annual events, there are no specific legal risks associated with not immediately moving towards compliance. This summer’s events can be managed as normal if desired, although it is important to recognise the potential reputational risks of an incident. Next summer, both regulator and industry will be a step closer to mandatory compliance; with summer 2027 the likely hot zone for mandatory compliance. 

Accountability Versus Responsibility 

While in theory this takes the pressure off, in reality it provides only one to three run through opportunities prior to absolute compliance requirements. Given the high turnover of staff and potentially significant losses or changes to organisational memory from one year to the next, some consideration and groundwork now would be prudent.

Indeed, given the extensive resources required to deliver an event, many aspects of safety, including security, cleaning, maintenance and medical care, are typically outsourced to third parties. Event organisers need to consider how regulation affects these suppliers both individually and collectively: the way diverse organisations are empowered to share information and collaborate is a vital step forward in improving public safety. 

Time spent understanding how the regulation applies to individual events, locations and attendees – by demographic as well as audience size – is a vital step. It is only once this level of understanding has been achieved that organisers will be able to identify gaps within the current safeguarding processes and look to remediate the risks with appropriate technology and services. 

Understanding Requirements

Are all contracted staff named, checked and identified as well as tracked across sites? Can the different teams, from security to cleaning, medical to maintenance, share mobile information and collaborate in real time? Is incident information digitally recorded, time stamped and stored in the cloud to deliver a trusted evidence chain? Can the public quickly share information about possible crimes or problems with crowding and get an immediate response? And how is the event set up to meet regulatory requirements to communicate directly with attendees in the event of a major incident? 

Has paperwork evolved to specifically look at the new requirements of the Act? Have contracts with sub-contractors evolved to clearly delineate areas of responsibility? How do these map across to the four key requirements of roles and responsibilities in the event of lockdown, invacuation, evacuation and communication? Plus, there are enhanced requirements of locations with 800 people or more to monitor the premises and its immediate vicinity, have access control in place, provide physical safety and security plus secure/restrict information which may assist in the planning, preparation and execution of acts of terrorism. 

Assessing these requirements, discussing the implications, even pressure testing before enforcement begins will improve the chances of being ready once the guidance comes out. However, while a number of technology companies are looking to push “Martyn’s Law Compliance” technology as well as training and consultancy, it is far too early for anyone to know exactly what to do and at this time. Yes, have the conversations. Look for trusted training companies. And follow advice published by the United Kingdom Crowd Management Association (UKCMA). But don’t invest prematurely in technologies or services that are highly unlikely to accurately reflect regulatory requirements.

Next Generation Incident Management

Over the next couple of years, the impact of Martyn’s Law will be visible at events. Organisers will understand how to ensure accountability irrespective of the number of third parties involved. Next generation incident management systems will provide essential visibility from initial contractor appointment all the way through incident management to post event inquiry and assessment. Organisers will, by default, make effective use of mobile communication and cloud-based data storage. The chain of evidence will be robust, with time stamped, traceable incident recording.  

This is a significant advance for many event organisers and, as such, one that must be achieved in a measured, managed way. Quick fix compliance is not possible – but it is also not required. It is only by taking measured steps to understand the new regulation and evolving towards the next generation of incident management that affected industries will achieve their goals and reinforce public safety. 

For many of the best out there, this legislation will mean little to no change and they will continue to place public safety at the forefront of everything they do. For everyone else, it will provide the guidance and support needed to help enhance areas of knowledge and operations which hitherto may not have been their primary skill set. The result should be a safer environment for event providers and the public alike.