Martyn's Law for UK Hotels: What You Need to Know Before April 2027

If you manage a UK hotel, understanding Martyn's Law isn't optional anymore; it's essential for compliance, guest safety, and avoiding hefty penalties.

Since receiving Royal Assent on 3 April 2025, the Terrorism (Protection of Premises) Act 2025, known as Martyn's Law, establishes comprehensive security requirements for UK venues. Hotels must implement protective measures against potential terrorist threats, with enforcement expected in April 2027 or later.

This guide breaks down which hotels are affected, what's required at each tier, and how to prepare before the deadline.

Key Takeaways

• • Martyn's Law applies to most UK hotels with capacity for 200+ people simultaneously
• • Standard Tier hotels (200-799 capacity) must register with the SIA, create Public Protection Procedures, train staff, and maintain compliance records
• • Enhanced Tier hotels (800+ capacity) need additional physical security measures and formal risk assessments
• • Enforcement begins April 2027 with penalties up to £18 million for non-compliance
• • Early preparation is critical to ensure smooth compliance and avoid last-minute scrambling
•  

What Is Martyn's Law?

Named in tribute to Martyn Hett, one of the 22 victims of the 2017 Manchester Arena attack, Martyn's Law (also known as Protect Duty) establishes legal obligations for venues and events to prepare for and respond to terrorist incidents. The legislation was championed by Figen Murray, Martyn's mother, whose tireless campaigning brought attention to security gaps in public venues.

The Act addresses a critical need: while terrorism remains a substantial threat in the UK according to government assessments, many venues lack structured emergency procedures.

Martyn's Law creates consistent security standards across more than 250,000 premises nationwide, including hotels, restaurants, entertainment venues, shopping centres, and sports grounds.

Why Martyn's Law Matters for UK Hotels

Hotels present unique security considerations that make them specifically relevant to this legislation:

• • Public-facing venues with multiple entry points and unrestricted access
• • Transient populations of guests, visitors, and conference attendees
• • 24/7 operations requiring round-the-clock security awareness
• • Large capacity spaces that can accommodate hundreds of people simultaneously
• • Event hosting for weddings, conferences, and functions that increase capacity
•  

The legislation recognizes these complexities and applies a proportionate, tiered approach based on venue size rather than imposing one-size-fits-all requirements.

More importantly, hotel management now bears a legal duty of care - failure to comply can lead to enforcement actions and substantial financial penalties.

Does Martyn's Law Apply to Your Hotel?

Your hotel falls under Martyn's Law if it meets three criteria:

1. • Qualifying Use – Hotels explicitly qualify under Schedule 1 of the Act
2. • Public Access – The premises must be publicly accessible (guests, conference attendees, restaurant customers, visitors)
3. • Capacity Threshold – Your hotel must reasonably expect 200+ people present simultaneously
4.  

How to Calculate Hotel Capacity for Martyn's Law

Count everyone who could be present at once:

• • Hotel guests in rooms
• • Staff on duty across all departments
• • Restaurant and bar patrons
• • Conference or event attendees
• • Spa, gym, or leisure facility users
• • Other visitors
•  

Most UK hotels comfortably exceed 200 people when combining guest rooms, public areas, restaurants, and staff. Even boutique hotels with 40-50 rooms typically reach this threshold during peak times.

If your hotel ever meets the 200-person threshold, even occasionally during peak season or special events, you're in scope.

Martyn's Law Requirements for Hotels: The Two-Tier System

Martyn's Law uses a tiered approach to ensure requirements are proportionate to the potential impact of an incident.

Standard Tier Requirements for Hotels (200-799 People)

Most UK hotels fall into this category. Requirements focus on procedures, training, and preparedness:

Registration and Responsibility

• • Register with the Security Industry Authority (SIA)
• • Designate a Responsible Person (typically General Manager, Operations Manager, or Security Manager)
• • Notify the SIA when this person starts and ceases the role

Public Protection Procedures

• • Create documented procedures for responding to terrorist incidents
• • Cover different scenarios: hostile threats, suspicious items, evacuation, lockdown
• • Ensure procedures are specific to your hotel's layout and operations
• • Make procedures accessible to all staff
•  

Staff Training and Awareness

• • Train all staff on Public Protection Procedures
• • Include counter-terrorism awareness in staff inductions
• • Conduct regular refresher training (minimum annually)
• • Ensure staff can recognize suspicious behavior and know reporting protocols
•  

Emergency Planning

• • Develop evacuation plans tailored to your building
• • Create lockdown procedures for when evacuation isn't safe
• • Account for guests with disabilities or mobility challenges
•  

Documentation

• • Maintain written records of procedures, training, and plans
• • Keep documentation accessible for SIA inspections
•  

What Standard Tier Does NOT Require:

• • Expensive physical security equipment (CCTV, access control systems)
• • Detailed risk assessments or security audits
• • Hiring external security consultants
• • Major infrastructure changes

The government has been clear: Standard Tier compliance should be achievable without specialist products or services.

Enhanced Tier Requirements for Hotels (800+ People)

Larger hotels—particularly those with significant conference facilities, ballrooms, or multiple restaurants—may fall into the Enhanced Tier. This includes all Standard Tier requirements plus:

Physical Protection Measures

• • Assess and implement protective measures where reasonably practicable
• • Consider CCTV, access control, bag searches, or hostile vehicle mitigation
• • Balance security with maintaining a welcoming guest experience
•  

Formal Risk Assessment

• • Conduct vulnerability assessments
• • Evaluate different attack scenarios specific to your premises
• • Document how protective measures reduce identified risks
•  

Senior Oversight

• • Designate a senior responsible individual (director level or equivalent)
• • This person oversees compliance and makes strategic security decisions
•  

SIA Documentation Submission

• • Provide evidence of procedures, measures, and risk assessments
• • Maintain audit-ready records
•  

Special Considerations: Hotel Events and Martyn's Law

If your hotel hosts events (weddings, conferences, exhibitions) with 800+ attendees, those events trigger Enhanced Tier requirements—even if your standard operations fall under Standard Tier. Event organizers and hotel management must coordinate to ensure compliance based on who has control of the premises during the event.

Common Misconceptions About Martyn's Law Compliance

"This will be expensive and require security consultants"

For most Standard Tier hotels, compliance centers on procedures and training—not expensive equipment or consultants. The government designed requirements so businesses can comply without specialist services.

"Our fire safety procedures already cover this"

Fire procedures focus on evacuating the building. Martyn's Law requires procedures for hostile threats where evacuation might not be safe, and where lockdown or barricading might be appropriate.

"Only large hotels need to worry about Martyn's Law"

Any hotel expecting 200+ people at once falls under the Standard Tier—a 40-room hotel with a restaurant, bar, and staff easily reaches this threshold.

"We're not a target, so Martyn's Law doesn't apply"

The legislation establishes baseline preparedness requirements based on capacity, regardless of perceived risk or whether a venue is considered a "target."

Martyn's Law Penalties and Enforcement

The Security Industry Authority (SIA) will regulate compliance through a supportive but firm approach:

Initial Approach:

• • Guidance and advice to help premises comply
• • Site inspections to assess preparedness
• • Opportunity to remedy issues before penalties
•  

Enforcement Actions:

• • Contravention notices for non-compliance
• • Restriction notices limiting operations until compliance is achieved
• • For Standard Tier hotels: Fixed penalties up to £10,000
• • For Enhanced Tier hotels: Penalties up to £18 million or 5% of global turnover (whichever is higher)

The substantial penalties for Enhanced Tier reflect the greater potential impact of security failures at larger venues.

Martyn's Law Implementation Timeline for Hotels

Although the Act received Royal Assent in April 2025, enforcement begins in April 2027 or later—giving hotels a 24-month implementation period.

What hotels should do now:

1. • Assess your capacity – Determine whether you meet the 200 or 800-person thresholds
2. • Identify a Responsible Person – Designate who will oversee compliance
3. • Review emergency procedures – Assess current evacuation and lockdown plans
4. • Identify gaps – Determine what documentation, training, or procedures are missing
5. • Begin staff training – Incorporate counter-terrorism awareness into inductions
6. • Plan physical security measures (Enhanced Tier only) – Audit existing security systems
7.  

Security experts emphasize that hotels shouldn't "wait and see." Early preparation ensures smoother compliance and enhances guest and staff safety immediately—regardless of legislative requirements.

The Hidden Challenge: Managing Martyn's Law Compliance Ongoing

Understanding what's required is one thing. The real challenge? Maintaining procedures, tracking training renewals, logging incidents, and keeping everything audit-ready—while running daily hotel operations.

Most hotels discover this complexity during implementation, not during research:

• • Training records scattered across emails, spreadsheets, and paper sign-in sheets
• • Procedures documented but not accessible during actual emergencies
• • No system for tracking when staff refresher training is due
• • Evidence scrambling when the SIA inspector schedules a visit
• • Compliance documentation buried under daily operational priorities

This is where many hotels struggle—not with understanding the requirements, but with operationalizing compliance alongside everything else their teams manage daily.

Simplify Martyn's Law Compliance with Snapfix

Managing Martyn's Law requirements alongside your daily hotel operations doesn't have to mean juggling multiple systems and spreadsheets. From documenting Public Protection Procedures to tracking staff training completion and maintaining audit-ready records, having everything centralized makes compliance straightforward.

Snapfix helps UK hotels manage Martyn's Law compliance seamlessly:

• • Store Emergency Procedures – Keep evacuation plans, lockdown procedures, and Public Protection Procedures accessible to your entire team via mobile device
• • Schedule Security Inspections – Automate recurring security walkthroughs, emergency exit checks, and safety equipment verification with custom checklists and alerts
• • Maintain Audit-Ready Records – Digital documentation with full audit trails that can be provided to SIA inspectors on request
• • Integrate with Daily Operations – Manage Martyn's Law requirements alongside maintenance requests, housekeeping tasks, and fire safety checks in one platform

Book a quick demo and see how Snapfix helps UK hotels document procedures, schedule inspections, and maintain compliance records in one mobile platform.

Martyn’s Law UK Hotels - FAQs

What is Martyn's Law?

Martyn's Law, officially the Terrorism (Protection of Premises) Act 2025, is UK legislation requiring public venues to prepare for and protect against terrorist threats. Named after Martyn Hett, a victim of the 2017 Manchester Arena attack, the law establishes security requirements for premises with a capacity of 200 or more people, including hotels, restaurants, and entertainment venues. It takes effect in April 2027.

What is standard duty in Martyn's Law?

Standard duty applies to venues with a capacity of 200-799 people. It requires venues to register with the Security Industry Authority (SIA), designate a Responsible Person, create documented Public Protection Procedures for terrorist incidents, train all staff on counter-terrorism awareness, and develop evacuation and lockdown plans. The focus is on procedures and preparedness rather than expensive physical security measures.

What are the rules for hotels?

Hotels expecting 200+ people at once must comply with Martyn's Law. Most hotels fall under Standard Tier (200-799 capacity) and must register with the SIA, create emergency procedures, train staff, and maintain documentation. Larger hotels with 800+ capacity face Enhanced Tier requirements, including physical security measures, formal risk assessments, and senior-level oversight.

What happened to Martyn Hett?

Martyn Hett was one of 22 people killed in the Manchester Arena terrorist attack on 22 May 2017. The attack occurred at the end of an Ariana Grande concert. Martyn's mother, Figen Murray, campaigned tirelessly for improved security measures at public venues, leading to the creation of Martyn's Law. The legislation honors his memory by helping protect others from similar tragedies.