Martyn’s Law (The Protect Duty)

What is Martyn’s Law

Martyn’s Law is more widely known as the Protect Duty. It is legislation designed to improve protective security and organisational preparedness at publicly accessible locations. This is in response to the Manchester Arena incident on 22 May 2017 when a homemade improvised explosive device (IED) was detonated by Salman Abedi, as concert goers exited the venue after the Ariana Grande concert. A total of 22 people were killed, over 250 people sustained physical injuries and hundreds more suffered psychological or emotional trauma.


Draft legislation was introduced to Parliament on the 10 May 2022 and is likely to be laid in statute by the end of 2023.

Who will be affected?

Although the UK Government is still to define and agree the exact criteria, any size of organisation should start planning for its implementation now.

Examples of who may be affected.

  • Public Venues – pubs, night clubs, universities, shopping centres, cinemas, large office blocks with public or shared areas open to the public.

  • Large Organisations – stadiums, arenas including joint stakeholders, promoters, venders and venue owners.

  • Publicly Accessible Locations (PAL) – beaches, parks, pedestrian areas in towns, leisure centres.

  • Duty Holders – landlords, tenants, owners or service companies.

Who’s responsible?

Everyone is responsible and the importance of the Protect Duty should not be underestimated. Irrespective of company size, it must be driven from Senior Management level, so that employees, staff, contractors, and members of the public know that it is being taken seriously.

How can you prepare?

A senior responsible company person must ASSESS the risk of a terrorist attack and conduct suitable and sufficient risk assessments based on current terrorist methodologies.

Don’t wait for the official notification from the UK Government 

What needs to be done? (Assess & Mitigate)

Plan – review and amend current emergency and crisis response plans or create new ones.

  •  Implement control measures – physical security (CCTV, access barriers etc).

  • Identify any gaps in planning, roles and responsibilities and resource allocation.  Conduct a cost benefit analysis as appropriate.

  • Train staff – hostile reconnaissance and incident reporting, trauma first aid, terrorist methodologies (types of attack).

  • Maintain current knowledge of terrorist methodologies and the threat level as set by the UK Government.

  • Ensure all stakeholders are kept up to date on the threat level and specifically briefed if the threat level changes.

Record / Evidence

  • Record the implementation of identified mitigation measures through the change management process, exercise programme, senior management, organisational reporting and staff training.

  • Amend all appropriate documentation, risk registers, legal and other registers and include as an agenda item at management meetings and staff meetings.

  • Have an action plan that records progress and completion of the mitigation measures.

  • Continual review based on exercises, training and staff and stakeholder engagement campaigns and internal audits.

How can Inverroy help?

Inverroy has been successfully delivering business continuity, security and crisis management consultancy and training across the UK, Europe, and the Middle East since its inception in 2015.

Our team consists of experienced emergency services and military professionals and can assist with the following.

  • Design, develop and deliver senior management table-top exercises to identify organisational risk and potential vulnerabilities and to see how resilient your organisation would be against a terrorist incident

  • Conduct a vulnerability study of sites, physical security and shared areas where the division of labour and liability between departments or organisations must be made clear and agreed

  • Carry out risk assessments, which must cover the risk requirements for the different levels of threat

  • Review and amend current management systems or create new ones based on the client’s system and business priorities

  • Compliance frameworks and advice

  • Provide templates for all policy, processes and practices: risk assessments, crisis response and emergency preparedness plans, exercises, checklists, and internal audits.

  • Provide a bespoke horizon scanning package for your company showing potential threats and how to mitigate them.

If you would like to know more, please contact us at

Subscribe To Our Newsletter
Sign up with your email address to receive news and updates