Protect Duty – are you prepared?


Protect Duty

On Monday 19 December 2022, the Government announced details for the Protect Duty, now to be known as ‘Martyn’s Law’ in tribute of Martyn Hett, who was killed alongside 21 others in the Manchester Arena terrorist attack in 2017.

It will place a requirement on those responsible for certain locations to consider the threat from terrorism and implement appropriate and proportionate mitigation measures.

The legislation will ensure parties are prepared, ready to respond and know what to do in the event of an attack. Better protection will be delivered through enhanced security systems, staff training, and clearer processes.

A driving factor behind the proposal is the fact that counter terrorism security efforts often fall in the pecking order when compared to other, legally required, activities. Plus, during the consultation, 7 in 10 respondents agreed that ‘those responsible for publicly accessible locations should take appropriate and proportionate measures to protect the public from attacks.’

In this article we provide some practical information on what organisations may need to consider when drafting a plan to meet the requirements of the new Protect Duty.


After a terrorist suicide bomb attack in the lobby of an arena in Manchester in 2017, several inquiries highlighted a range of security-related failings. As a result of both official findings and public pressure, heroically led by the mother of one of the 22 victims, Figen Murray OBE, a public consultation and pending draft legislation will put some responsibilities for terrorism security onto organisations who own and operate publicly assessable locations (PALs).


Publicly accessible locations are defined as “any place to which the public has access, on payment or otherwise, as of right or by virtue of express or implied permission” and include;

  • Retail stores, shopping centres and markets
  • Transport hubs
  • Commercial ports
  • Schools and universities
  • Medical centres and hospitals
  • Hotels, pubs, clubs, and casinos
  • Sports stadium, music venues, festivals, visitor and tourist attractions
  • Places of worship
  • Government offices, including town halls and job centres
  • High streets, public squares, parks, and beaches.


Organisations that fall into the scope of Martyn’s Law will be required to:

  • Use available information and guidance provided by the Government (including the police) to consider terrorist threats to the public and staff at locations they own or operate.
  • Assess the potential impact of these risks across their functions and estate, and through their systems and processes.
  • Consider and take forward ‘reasonably practicable’ protective security and organisational preparedness measures (for example staff training and planning for how to react in the event of an attack).

Government publications regarding Martyn’s Law suggest that without “legal compulsion”, counterterrorism security infrastructure and procedures are currently considered to be secondary priorities behind legal requirements such as workplace health and safety. As such, though there is an emphasis on the avoidance of placing a disproportionate burden on organisations, this legislation will likely involve stringent enforcement through financial penalties and fines for those who consistently fail to meet their obligations.


1: Adopt the basic principles regardless of legislation

Standard duty holders will need to undertake easy and simple activities to meet their obligations. This will include completion of free training, awareness raising and cascading of information to staff and completion of a preparedness plan.

The aim is to ensure staff are better prepared to respond quickly to evolving situations, aware of what processes they should follow, able to make rapid decisions and carry out actions that will save lives. This could be as simple as locking doors to delay attackers progress and access whilst guiding staff and customers to alternative exits. It could also enable lifesaving treatment to be administered by staff whilst awaiting the arrival of emergency services.

Should the worst happen and you are impacted by a terrorist attack, the commercial and reputational damage of not having the basics in place could be catastrophic!

2: Use Martyn’s Law as a helpful guide to Duty of Care.

We believe Martyn’s Law is a useful and practical guide to meeting your Duty of Care requirements. There is a need to meet Duty of Care obligations and this should be seen as a useful handrail to guide on this journey.

3: Don’t overcomplicate things, particularly your risk assessments.

Our opinion is that security risk assessments should be incorporated into the overall risk assessment process. You don’t need a different methodology, framework or report structure for security risk. In fact, in order to ensure the security agenda is raised organisation wide, incorporate security risk into existing frameworks.

4: Martyn’s Law is about briefing staff, training and making prudent investments.

Complying with Martyn’s Law is about briefing staff, having sensible and pragmatic policies, practices and plans in place. It is not about not procuring excessively expensive security infrastructure and capital expenditure. Invest in what is appropriate to provide the outcome that is required – avoid services that are complex and have features which may never be used.

5: Put an incident response plan in place.

When considering responses to an incident, a proper robust communication plan should be in place that includes evacuation, invacuation and lockdown scenarios. How to prevent access to sites, mobilise key responders, inform other agencies and Senior Managers, as well as preparing to brief the media, will need to be considered.

Effective communication is vital, and the Callmy Alert service has been designed to support the execution of your critical incident plans, and a variety of other Business Continuity and Emergency situations.

Please contact us to discuss your requirements.