Severe Threat, Stronger Defence: Public Sector Security After Martyn’s Law

On 30 April 2026, the Joint Terrorism Analysis Centre (JTAC) raised the UK national terrorism threat level from “substantial” to “severe”, meaning a terrorist attack is now highly likely in the next six months. This escalation, triggered by the antisemitic terrorist attack in Golders Green, reflects a broader rise in extreme right‑wing terrorism.

For public sector organisations such as government buildings, courts, civic centres, schools, hospitals, and publicly accessible premises, this is not just a headline. It is a direct call to action. The Terrorism (Protection of Premises) Act 2025, commonly known as Martyn’s Law, introduces a new legal duty for those responsible for certain public premises and events to prepare for terrorist attacks. 

This article explains what Martyn’s Law requires, how the severe threat level changes the landscape, what public sector organisations must do to prepare before the Spring 2027 compliance deadline, and how public sector security is being redefined for a new era of risk.

The Severe Threat Level: What It Means for Public Sector Security

The UK’s national threat level is set by JTAC and indicates the likelihood of a terrorist attack. The move to SEVERE, meaning an attack is highly likely, is the second-highest tier on the five‑level scale. The UK has been experiencing a gradual increase in terrorist threats, driven by a rise in extreme right‑wing terrorism.

For public sector organisations, this means:

  • Heightened risk to staff, visitors, and members of the public.
  • Increased scrutiny from regulators, insurers, and the public.
  • Greater urgency to implement protective security measures.

Why Public Sector Sites Are Particularly Vulnerable

Public sector buildings such as government offices, courts, civic centres, and public spaces are high‑profile targets for several reasons:

  • High public footfall: Many public buildings receive thousands of visitors daily.
  • Symbolic value: Government buildings, courts, and civic centres represent authority and are therefore attractive to terrorists.
  • Legacy security infrastructure: Many public sector sites have outdated security systems that were not designed for the current threat environment.
  • Inconsistent security standards: Different departments, agencies, and sites often operate under different security protocols, creating gaps.
  • Underfunding and staffing shortages: Public sector security teams are often stretched thin, with limited resources to implement new measures.

Organisations that fail to act now risk not only legal penalties but also reputational damage and, most importantly, the safety of the people they serve.

Martyn’s Law, formally the Terrorism (Protection of Premises) Act 2025, received Royal Assent on 3 April 2025. It introduces a minimum legal security standard for larger premises and events for the first time. The Act requires those responsible for certain premises and events to consider how they would respond to a terrorist attack and to take proportionate steps to mitigate and respond to terrorist threats.

Key Facts About Martyn’s Law

FactDetail
Royal Assent3 April 2025
Implementation periodMinimum 24 months
Expected commencementSpring 2027
RegulatorSecurity Industry Authority (SIA)
Applies toEngland, Wales, Scotland and Northern Ireland
PurposeImprove protective security and organisational preparedness

The Home Office published its final statutory guidance under section 27 of the Act on 15 April 2026. This guidance is intended to support those responsible for qualifying premises and events, helping them understand and prepare for their new statutory obligations. The SIA is currently consulting on its own guidance, with the consultation expected to close in autumn 2026.

💡 Key takeaway: The guidance is available now. Waiting until the commencement date is not a strategy.

public sector security

The Two‑Tier System: Understanding Your Duty

Martyn’s Law adopts a tiered approach based on premises capacity. All premises within scope must notify the regulator (the SIA) and provide details of the “responsible person” – the individual who controls the premises and holds legal responsibility.

Standard Tier (200–799 people)

Applies to premises where it is reasonable to expect 200 to 799 individuals to be present at the same time from time to time.

Requirements:

  • Public protection procedures such as evacuation, invacuation, lockdown, and communication.
  • Staff training on these procedures.
  • Notification to the SIA that you are the responsible person.
  • No mandatory physical measures – the standard tier focuses on planning, briefing, and practising, not on physical security infrastructure.

Enhanced Tier (800+ people)

Applies to premises and qualifying events with an expected capacity of 800 or more people.

Requirements:

  • All standard-tier requirements.
  • Physical measures – CCTV coverage, bag search policies, ticket checks, vehicle screening, and other proportionate protective measures.
  • Documented security plan submitted to the SIA.
  • Designated senior individual with responsibility for compliance.
  • Risk assessments.

Comparison Table: Standard vs Enhanced Tier

AspectStandard Tier (200–799)Enhanced Tier (800+)
Public protection procedures✓ Required✓ Required
Staff training✓ Required✓ Required
Notify SIA✓ Required✓ Required
Physical security measuresNot required✓ Required
Documented security planNot required✓ Required
Designated senior individualNot required✓ Required
Risk assessmentsNot required✓ Required

Penalties for Non-Compliance

Penalties for non‑compliance can be severe. For enhanced tier premises and qualifying events, penalties can reach up to £18 million or 5% of qualifying worldwide revenue (whichever is higher), plus potential daily penalties of up to £50,000 per day. The SIA has civil enforcement powers and, in serious cases, can refer cases for prosecution.

Public Sector Challenges: Legacy Systems, Untested Plans and the Compliance Gap

Public sector organisations face unique challenges in implementing Martyn’s Law. These challenges are amplified by decades of underinvestment and the complexity of the public sector estate.

1. Legacy Security Infrastructure

Many public sector buildings were constructed decades ago, with security systems that were never designed for the current threat environment. Outdated CCTV, manual access control systems, and ageing alarm infrastructure make compliance with Martyn’s Law public premises security requirements difficult and costly.

2. Untested or Outdated Incident Response Plans

A significant number of public sector sites have incident response plans that have never been tested or reviewed. Under Martyn’s Law, having a plan on paper is not enough – staff must be trained, and procedures must be rehearsed. The Act requires four core procedures: evacuation, invacuation, lockdown, and communication.

3. Inconsistent Security Standards Across Sites

Different government departments, agencies, and local authorities often operate under different security standards. A court building may have robust security while a nearby civic centre has minimal protection. Martyn’s Law requires a consistent baseline across all qualifying premises.

4. Procurement Challenges

Public sector security contracts are subject to complex procurement regulations. The process can be slow, making it difficult to respond quickly to changing security requirements. The SIA is working to introduce a new Business Approval Scheme to replace the existing Approved Contractor Scheme, which will align with Martyn’s Law expectations.

5. The Compliance Gap

The gap between current security standards and what Martyn’s Law requires is significant. The SIA will play an “enhanced” role in the UK’s protective security landscape, and organisations that fail to close the gap risk significant penalties.

What Public Sector Organisations Must Do Now: A Practical Checklist

The Spring 2027 deadline is approaching. Here is a practical checklist to help public sector organisations prepare for Martyn’s Law compliance.

Step 1 – Determine If You Are in Scope

Assess whether your premises or events may host 200 or more people. Use a pragmatic assessment of fire safety occupancy limits, peak attendance data, or site capacity. Staff count towards the total.

Step 2 – Identify Your Responsible Person

The person who controls the premises (owner, occupier, tenant, or facility manager) holds legal responsibility and cannot delegate it away. However, they may delegate tasks to others.

Step 3 – Review Existing Emergency Procedures

Fire drills, evacuation plans, and security protocols can often be adapted to meet Martyn’s Law requirements. Review your current procedures and identify gaps.

Step 4 – Assess Security Gaps

For enhanced-tier premises, consider whether you need CCTV, bag search policies, access control, or vehicle checks. For the standard tier, focus on training and procedures.

Step 5 – Designate a Senior Individual (Enhanced Tier Only)

Directors or partners with high‑level responsibility must be identified for enhanced tier premises. They will face a greater risk of prosecution if a breach occurs.

Step 6 – Begin Staff Awareness and Training

Free resources are available on the ProtectUK website, which provides free advice, guidance, and learning to help organisations and communities improve their response to the risk of terrorism.

Step 7 – Document Everything (Enhanced Tier – Mandatory)

The SIA will require a compliance document. Enhanced tier premises must maintain a documented security plan and submit it to the regulator.

Step 8 – Engage with the SIA Consultation

Provide feedback on the draft section 12 guidance before the consultation closes in autumn 2026. This is a direct opportunity to shape how the Act will be enforced.

The Role of SIA‑Approved Contractors in Public Sector Security

The Security Industry Authority (SIA) has been confirmed as the regulator for Martyn’s Law. Public sector organisations will need to work with security providers that understand the new legal framework and can help them achieve compliance.

Why SIA Accreditation Matters

The SIA Approved Contractor Scheme (ACS) sets standards for quality and professionalism. The redesigned scheme will introduce higher benchmarks and align ACS approval with the expectations of Martyn’s Law and wider public‑safety duties. This will provide:

  • Better support in meeting legal duties under Martyn’s Law
  • A clearer distinction between high‑quality providers and those who meet only the minimum standard
  • Assurance that the provider is committed to quality, safety, and ethical compliance

Public Sector Security Contracts

Public sector security contracts often require SIA ACS accreditation. Working with an SIA‑approved contractor ensures:

  • Vetted, trained, and licensed security personnel.
  • Compliance with Martyn’s Law requirements.
  • Digital reporting and audit trails (e.g., REMS tracking).
  • Scalable staffing and 24/7 support.

For public sector organisations seeking a security company in Cardiff or across Wales, choosing an SIA‑approved contractor with experience in government buildings, courts, and civic centres is essential. Professional public sector security services provide the trained personnel and systems needed to meet Martyn’s Law compliance deadlines.

Frequently Asked Questions 

Public Sector Security After Martyn’s Law

1. What is Martyn’s Law and who does it affect?

Martyn’s Law is the Terrorism (Protection of Premises) Act 2025. It applies to publicly accessible premises and events where 200 or more people may be present. Public sector organisations, government buildings, courts, civic centres, schools, and hospitals are within scope.

2. What’s the difference between standard tier and enhanced tier?

Standard tier (200–799 people) requires public protection procedures and staff training. The enhanced tier (800+ people) requires all standard-tier measures, physical security measures, a documented security plan, and a designated senior individual.

3. When does Martyn’s Law come into force?

The Act received Royal Assent on 3 April 2025. It is expected to commence in Spring 2027 after a minimum 24‑month implementation period.

4. What are the penalties for non‑compliance?

Penalties include fixed penalties, daily penalties of up to £50,000, fines of up to £18 million or 5% of worldwide revenue for enhanced tier breaches, and, in serious cases, criminal prosecution.

5. How can public sector organisations prepare for Martyn’s Law?

Review your premises, understand your tier, assess security gaps, train staff, and document your procedures. Free resources are available on the ProtectUK website.

6. Do I need an SIA‑approved contractor for public sector security?

Working with an SIA‑approved contractor ensures your security provider meets quality standards, holds the necessary licences, and can help you achieve Martyn’s Law compliance.

7. What is the role of the SIA as a regulator?

The SIA is the regulator for Martyn’s Law. It will issue guidance, conduct inspections, and enforce compliance through civil penalties and, in serious cases, prosecution.

8. How does the severe threat level affect my organisation’s security obligations?

The severe threat level means an attack is highly likely. It does not change the legal requirements of Martyn’s Law, but it does increase the urgency of compliance and the need for effective protective security measures.

Act Now, Not in Spring 2027

The UK’s terrorism threat level is severe an attack is highly likely in the next six months. Martyn’s Law introduces a new legal duty for public premises and events. The Spring 2027 deadline is approaching fast.

Public sector organisations face unique challenges: legacy security systems, untested incident response plans, and significant compliance gaps. But the guidance is available now. The ProtectUK website offers free resources to help organisations prepare. The SIA is consulting on its guidance.

The cost of inaction is too high. Fines of up to £18 million, daily penalties, reputational damage, and most importantly, the risk to public safety. Professional, SIA‑approved public sector security is not a cost. It is a legal and moral necessity.

Don’t wait for an incident to expose the gaps. Act now.

Business Security You Can Rely On

Trusted by leading businesses nationwide for reliable, 24/7 protection.

or call 0330 912 2033

Region Security Guards company logo