Risk briefing: Getting to grips with new business requirements to protect against terrorism

The Terrorism (Protection of Premises) Act 2025 - widely known as Martyn’s Law - has officially received Royal Assent, marking a major step forward in efforts to protect the public from acts of terrorism.

The new act has significant impacts for businesses, particularly those in the hospitality and leisure sector.

It introduces a new legal requirement for those in charge of public venues and events to proactively assess the risks of terrorism and strengthen their emergency preparedness.

To ensure a smooth transition, the government has included an implementation window of at least 24 months.

This gives venue operators and event organisers ample time to familiarise themselves with the new requirements, develop response plans, and put appropriate safety measures in place—ten years after the attack that inspired the law.

What it means for businesses

Martyn’s Law is designed to protect the public in places where they congregate by placing requirements on venues to adopt resilience measures against terrorism.

It requires any public premises where 200 or more individuals may be present, to be better prepared and have plans in place to keep people safe in the event of an attack.

Businesses involved in industries such as entertainment, leisure, or food and drink, will have to comply.

A further enhanced tier of venues with a capacity for over 800 people will also be subject to additional requirements to reduce their vulnerability to acts of terrorism – such as having CCTV, bag search policies or vehicle checks where appropriate.

These businesses will also have to maintain a security document informed by an assessment of terrorism risk.

The bill represents a significant shift in how businesses will be required to consider the risk of terrorist activity, with the insurance sector having an important role to play in facilitating increased resilience by taking the opportunity to educate insureds.

“Businesses that can clearly demonstrate the steps they’ve taken towards complying with the regulation may see improved underwriting terms”

Standard commercial and property policies usually exclude terrorism-specific cover, for example, and Martyn’s Law will create an increased demand for exactly this sort of insurance.

Insurers will also now need to examine to what extent businesses are complying with the regulation when underwriting any risks associated with terrorism – businesses that can clearly demonstrate the steps they’ve taken towards complying with the regulation may see improved underwriting terms, for example.

Lucy Dennison, legal director at DAC Beachcroft, explained: ”If [an insured] presents [its] risk and can demonstrate compliance with the act, then that could be seen very positively by insurers.”

DAC Beachcroft partner Duncan Strachan said: “The legislation is there as a positive thing to try to help organisations understand what they need to do [to] keep the public safe – to prevent an attack, during an attack and after an attack.

“It should be seen as a good thing – it doesn’t need a knee-jerk reaction from the market to say ’this is a new risk, we need a new product and premiums need to be increased for this cover to be made available’.”

Indeed, Strachan explained that the introduction of Martyn’s Law presented the insurance market with an opportunity for “a renewed focus on terrorism”.

“The bill will really shine a spotlight on terrorist events, which will mean that policyholders are going to have to look at how they prepare and respond in the event of a terrorist attack”

He said: “Now’s a good time for insurers, risk managers and brokers to think about what their liability policies cover and whether there is cover for terrorist attacks included.”Martyn’s Law will also impact directors’ and officers’ (D&O) insurance because adherence to the new legislation will fall under directorial responsibility.

Strachan noted: “With a D&O policy, if you have a designated individual who is then subject to an investigation or regulatory proceedings then insureds need to consider whether that policy responds to terrorism.”

Dennison added: “The bill will really shine a spotlight on terrorist events, which will mean that policyholders are going to have to look at how they prepare and respond in the event of a terrorist attack, which will inevitably mean that they will be looking to ensure they have the right cover in place.

“Insurers definitely need to be ready for that.”

What next for businesses?

Whilst those that fall within scope of the Act may wish to begin considering the requirements, they should note that guidance will be published in due course.

This guidance will assist in understanding the requirements set out in the legislation. Government says it will be designed to be easy to follow, needing neither particular expertise nor the use of third-party products or services. 

To support enforcement of the regime, a regulator will be established through a new function of the Security Industry Authority (SIA), which will support, advise and guide those responsible for premises and events in meeting the requirements.

The Government intends for there to be an implementation period of at least 24 months before the Act comes into force.

This will allow the Security Industry Authority’s new function to be established, whilst ensuring those responsible for premises and events in scope have sufficient time to understand their new obligations.

This will enable them to plan and prepare appropriately.