How to Prepare a Martyn's Law Public Protection Risk Assessment
Step-by-step guide to preparing a public protection risk assessment under the Terrorism Protection of Premises Act 2025 (Martyn's Law) before commencement in 2027.
The Terrorism Protection of Premises Act 2025 (Martyn's Law) places legal public protection duties on those responsible for qualifying premises and events. A public protection risk assessment is the foundation of compliance: identify the threats, evaluate the venue's vulnerability, and document reasonably practicable steps to reduce harm. Standard tier (capacity 200 to 799) requires the assessment in proportionate form. Enhanced tier (800+) requires documented measures, training, and evaluation against the four legal pillars.
7 steps to complete
Determine your tier
Calculate full-use capacity (staff, visitors, contractors at the same time). 200 to 799 is standard tier. 800 or more is enhanced tier. Document the calculation and the tier.
Designate a senior individual
Identify a named individual responsible for Martyn's Law compliance. For enhanced tier this is a legal requirement; for standard tier it is best practice.
Identify the threats
Cover the attack types relevant to UK venues: vehicle ramming attacks (where vehicle access permits), edged weapons, firearms, IEDs, and marauding terrorist attacks (MTAs). Use the Government's Counter Terrorism Security Office (CTSO) guidance and the Crowded Places Guidance for details.
Evaluate the venue against each threat
Walk the venue with the threat in mind. Where could a vehicle attack approach? Where would an attacker enter? What protected internal areas exist? How would communication work? Engage your local CTSA (Counter Terrorism Security Advisor) - the contact is via the local police force.
Document reasonably practicable measures
For each identified threat, document the public protection measures across the four legal pillars: evacuation, invacuation, lockdown, and communication. Reasonably practicable means proportionate to the venue, the threat, and the cost of measures.
Document staff training
For enhanced tier, training is a legal requirement. Document who needs training, what it covers, and the refresh schedule. Common content: ACT (Action Counters Terrorism) e-learning, See Check and Notify (SCaN), venue-specific procedures.
Set the review schedule
Review the assessment annually and after any material change (capacity, layout, security infrastructure, incidents). Document the review and any updates.
Tips for success
Common mistakes to avoid
Frequently asked questions
When does Martyn's Law take effect?
The Act received Royal Assent on 3 April 2025. Commencement is expected to be April 2027, with a 24-month implementation window.
What's the difference between standard and enhanced tier?
Standard tier (200 to 799 capacity) requires reasonably practicable public protection procedures and regulator notification. Enhanced tier (800+) adds documented measures, staff training, regular evaluation, and a designated senior individual.
Do I need a CTSA assessment?
Not legally, but a Counter Terrorism Security Advisor walkthrough materially improves the risk assessment and is best practice. Contact via your local police force.
Need hands-on help with this?
Our hospitality consultants work alongside your team to implement food safety systems, prepare for inspections, and improve compliance.
Ready to simplify compliance?
Paddl automates the processes described in this guide. Digital records, automatic alerts, and complete audit trails for your hospitality business.
Full access to all features · Dedicated onboarding support · Cancel anytime