Martyn’s Law and Business Continuity Planning: Why it Matters
The introduction of the Terrorism (Protection of Premises) Act 2025[1], commonly known as Martyn’s Law, marks a significant shift in how UK organisations must prepare for and respond to terrorism-related risks. For business continuity professionals, this legislation isn’t just a new compliance requirement; it’s a strategic opportunity to strengthen resilience and embed counter-terrorism measures into existing continuity frameworks.
Although this legislation only applies in the UK, and not to all organisations within the UK, the ideas behind it matter everywhere. Risk assessment, emergency planning, and incident response aren’t just UK concerns, they’re global best practices. For resilience and security professionals outside the UK, understanding Martyn’s Law offers an insight into how regulation and adoption of its guiding principles can drive stronger security and resilience planning standards.
These principles are relevant to any organisation that values resilience, public and employee safety.
Understanding Martyn’s Law
Martyn’s Law applies to publicly accessible UK venues and introduces a tiered approach to compliance:
- Standard tier: For public venues with a capacity of 200 - 799 people. These must carry out basic terrorism risk assessments and ensure staff receive relevant training.
- Enhanced tier: For public venues with a capacity of 800 or more. These must develop detailed security plans, implement incident response protocols, and conduct regular exercises.
The aim is clear: organisations must ensure they are equipped to respond effectively to terrorist threats, minimising harm and disruption.
A natural fit with continuity planning
Business continuity planning (BCP) is about ensuring that critical operations can continue or recover quickly after any disruption. Martyn’s Law fits naturally into this framework, expanding the scope of risk management to include terrorism as a specific threat.
Here’s how BCP professionals can align Martyn’s Law with existing practices:
- Risk identification and assessment
BCP already involves identifying and evaluating risks. Martyn’s Law simply adds a terrorism-specific lens. This integration can be done into existing risk registers to ensure terrorism is considered alongside other threats like cyberattacks, extreme weather, and supply chain issues. - Incident response and crisis management
The law requires organisations to develop response plans tailored to terrorist incidents; covering evacuation, lockdown procedures, and communication protocols. These can be embedded into existing crisis management frameworks to maintain consistency and avoid duplication. - Training and awareness
Staff preparedness is central to both BCP and Martyn’s Law. Adding counter-terrorism awareness into current training programmes, such as recognising suspicious behaviour and knowing how to respond, enhances overall readiness and confidence. - Communication systems
Clear, timely communication is vital during any emergency. Martyn’s Law highlights the need for rapid alerts during terrorist incidents. BCP teams can use existing mass notification systems to quickly inform staff, emergency services, and stakeholders to meet this requirement. - Documentation and audit readiness
Both the BCP and Martyn’s Law demand robust documentation. Keeping records of risk assessments, training sessions, drills, and incident responses supports compliance and continuous improvement providing evidence during audits or regulatory reviews.
Going beyond compliance
Even if Martyn’s Law doesn’t apply to your organisation, particularly if you don’t operate publicly accessible venues in the UK, its principles still offer value. Adopting its practices can improve safety, security, build resilience, and demonstrate a proactive approach to risk management. For business continuity professionals, this is an opportunity to lead by example and show a strong commitment to duty of care.
Strategic benefits of integration
Bringing Martyn’s Law into business continuity planning delivers real strategic benefits by driving improved resilience. Embedding terrorism preparedness into existing frameworks means an organization becomes better equipped to handle a broader range of threats; not just the ones we expect.
There’s another advantage; stakeholder confidence. Taking a proactive stance on safety and risk management sends a clear message that the organisation takes its responsibilities seriously. People notice that.
Finally, integration creates operational efficiency. Instead of running separate processes, terrorism-related security measures sit within the business continuity structure, reducing duplication and saving time.
Final thoughts
Martyn’s Law is more than a legal requirement; it’s a framework for creating safer, more resilient organisations. For business continuity professionals, it provides a clear path to address terrorism risks within broader continuity planning. Whether mandated or not, integrating its principles is a smart move that protects people, supports operations, and builds trust in an increasingly uncertain world.
Martyn’s Law and the Good Practice Guidelines share some clear common ground. Both start with risk assessment, requiring organizations to identify and evaluate threats in a structured way.
They also emphasise preparedness and response. Each framework insists on having documented plans and trained people ready to act. Plans shouldn’t sit on a shelf; they need to be practical and understood.
Validation is another point of alignment. Testing and exercising plans are essential in both approaches. It’s how you find gaps and make sure everything works when it matters most.
Finally, there’s a commitment to continuous improvement. The Good Practice Guidelines encourage regular reviews and updates, while Martyn’s Law makes readiness an ongoing responsibility. Neither sees resilience as a one-off task, it’s a process that evolves over time.
More on
About the author
Simon J Beer
Business Continuity Coordinator
A lead role as subject matter expert for business continuity management within a team who work in all areas of the business to coordinate business continuity activities.
I am involved in making significant contribution to the development and maintenance of the business continuity management program including: Emergency and continuity planning event management, development and facilitation of exercises, relationship management with external suppliers & contractors, and development of policy, standards, and guidelines.
In a relationship management capacity; provide guidance and direction to assigned Department representatives & external contractors to ensure their business continuity management processes are in accordance with the business continuity management program and quality standards
Participating in external business continuity management organizations and keeping abreast of industry best practices and trends.
