Fort Green
Fort Green
January 24, 2025

Protect Duty Legislation: Essential Guide for UK Event Organisers 2024

A shocking 72% of UK event venues don't have proper security measures to handle major incidents. This fact shows why we need the new protect duty legislation, also known as Martyn's Law, which takes effect in 2024.

Event organisers like us face tough challenges to understand and implement these new requirements. Your event's public safety could be at risk if you don't comply, and you might face heavy penalties. We created this complete guide to direct you through everything in Protect Duty compliance.

Our guide covers simple requirements, risk assessment frameworks, and budget-friendly compliance strategies. Your events will meet all security standards while running smoothly.

Understanding Protect Duty Requirements

The Terrorism (Protection of Premises) Bill brings substantial changes to event security requirements. The legislation affects 278,880 premises across the UK [1]. Retail and hospitality venues make up 65% of these locations [2].

The Security Industry Authority (SIA) serves as the primary regulator [2]. After that, all qualifying venues must notify the SIA when they become responsible for premises or events [1].

Standard vs Enhanced tier criteria

The legislation establishes two distinct tiers based on venue capacity:

Tier

Capacity

Key Requirements

Standard

200-799 people

Basic protection procedures

Enhanced

800+ people

Additional security measures

Places of worship and educational institutions keep their special status. They stay in the standard tier whatever their capacity [3]. This approach recognises their unique operational environments and existing safety protocols.

Scope and applicability for events

Events must meet four criteria to fall within the legislation's scope:

  1. Take place in qualifying premises
  2. Host minimum required attendees
  3. Have express permission requirements
  4. Be available to the public [4]

The requirements vary based on event type and location. To name just one example, a music event in a park needs ticket verification and must implement appropriate security measures if expecting over 800 attendees [4].

Transport premises with existing security legislation (such as airports and railway stations) don't need to comply [3]. Parks and recreational grounds fall under the legislation only when their staff controls access or checks tickets [3].

Event Risk Assessment Framework

Understanding threats is the foundation of event security that works. Our approach targets six main terrorist threats event organisers should think about:

Threat Type

Description

Marauding Attack (MTA)

Active threat scenarios

Vehicle as Weapon (VAW)

Vehicle-based attacks

Improvised Explosive Devices (IED)

Explosive-based threats

Fire as Weapon (FAW)

Deliberate fire incidents

Chemical/Biological/Radiological (CBR)

CBRN attacks

Cyber Attacks

Digital security breaches

 

Vulnerability assessment process

Finding vulnerabilities needs a step-by-step approach. Our assessment looks at two significant control categories [5]:

  1. Physical Controls:
  • Infrastructure security
  • Electronic access systems
  • CCTV monitoring
  • Alarm installations
  1. Active Controls:
  • Staff procedures
  • Security protocols
  • Emergency response plans

Plus, we do regular walkthroughs to spot weak points, especially when control measures might not be enough [5].

Risk mitigation strategies

Our mitigation strategy includes five key elements [6]:

  1. Deter: Using visible security measures to discourage threats
  2. Detect: Using behavioural detection methods and surveillance
  3. Delay: Setting up physical barriers and access control systems
  4. Mitigate: Using measures to minimise impact during incidents
  5. Respond: Creating complete response protocols

Organisations that do regular security reviews are 50% more likely to spot and fix vulnerabilities [7]. This shows why ongoing monitoring and assessment matter.

Your complete protection plan should include scenario-based risk assessments that answer three vital questions [5]:

  • Who might use these vulnerabilities?
  • What could go wrong and how?
  • What's the full impact if something happens?

Public Protection Procedures

Want to create better public protection procedures for your events? The complexities of safety protocols under the protect duty legislation can be challenging. We'll help you build resilient safety measures that protect your attendees and meet all compliance requirements.

Evacuation planning

Our evacuation planning creates clear exit routes and assembly points. Your plan should include these critical elements:

  • Primary and secondary evacuation routes
  • Designated assembly points
  • Role assignments for security personnel
  • Accessibility considerations for disabled attendees

Your staff members need documented evacuation procedures right away [8]. These procedures must handle more scenarios than standard fire evacuation protocols [9].

Lockdown protocols

We've built our lockdown approach on 'deter, detect, delay' principles [9]. Our protocols cover:

  1. Access point security
  2. Physical barrier deployment
  3. Zone-specific lockdown procedures
  4. Emergency exit management

Our dynamic lockdown procedures adapt quickly to evolving threats [10]. The circumstances determine what measures are reasonable, necessary, and proportionate [9].

Communication systems

Resilient communication systems power our protection procedures. We use multiple channels:

Communication Method

Primary Use

Backup System

PA Systems

Mass announcements

Mobile devices

Internal messaging

Staff coordination

Radio systems

Emergency alerts

Rapid response

Text messaging

 

Two-way communication capabilities make a huge difference [11]. Staff can provide live feedback that helps management make faster, informed decisions [11]. Our systems blend with public safety software to coordinate smoothly with first responders [11].

Code words for different incidents and pre-recorded messages guide specific emergency responses [9]. These complete measures keep all stakeholders informed and protected during any security incident.

Staff Training and Awareness

Staff competencies depend on specific roles and duties. Our research shows that the whole workforce needs to adopt good security behaviours [8]. The core team needs these skills:

Staff Level

Required Knowledge

Front-line Staff

Threat identification, Emergency procedures

Security Personnel

Risk assessment, Incident response

Management

Strategic planning, Compliance oversight

 

Training programme development

The training programmes need to focus on three vital areas [12]:

  • Understanding emerging terrorist threats
  • Becoming skilled at risk management processes
  • Applying counter-terrorism measures

People take life-saving actions more often when they think about their response before something happens [12]. This preparation makes a significant difference when emergencies occur.

Higher tier premises need detailed training that has:

  1. Public protection procedures
  2. Emergency response protocols
  3. Communication systems operation
  4. Access control management

Documentation requirements

Good documentation is the foundation of compliance. Organisations must keep records of:

  • Staff training completion [13]
  • Annual updates and refresher courses [6]
  • Competency assessments
  • Exercise participation

Training documentation must show that staff know how to apply public protection procedures [13]. Staff members should prove they can:

  1. Execute evacuation procedures
  2. Implement lockdown protocols
  3. Operate security systems
  4. Communicate during emergencies

Regular updates to training records help maintain compliance and keep them available for inspection. Organisations should reach a minimum training compliance target of 85% [14].

ACT Awareness e-Learning works well as part of your training programme [15]. This prominent counter-terrorism guidance helps staff understand and alleviate current terrorist methodologies.

Technology and Security Measures

The legislation requires enhanced tier premises to use appropriate security equipment based on their specific risk assessment [2]. Your focus should be on these core security measures:

Security Category

Required Equipment

Physical Barriers

Security doors, blast-resistant glazing

Perimeter Security

Fences, bollards

Detection Systems

Intruder alarms

Emergency Response

Communication equipment

 

Standard tier premises don't need to purchase physical equipment. They should focus on simple procedures instead [2].

Monitoring systems

Enhanced duty premises must set up monitoring systems for the premises and immediate vicinity [13]. Here's our recommended monitoring framework:

  • Detailed CCTV coverage
  • Security control rooms
  • Behavioural detection systems
  • Suspicious activity reporting protocols

These systems should identify potential threats and suspicious behaviours [13]. Your monitoring measures can range from simple awareness materials to advanced security systems, based on your venue's specific needs [13].

Access control solutions

Effective access control is a vital part of your security infrastructure. Successful access management needs:

  1. Quick entry management systems
  2. Visitor verification protocols
  3. Staff identification systems
  4. Area-specific access restrictions

We recommend integrating access control with other security measures instead of using standalone solutions [16]. This approach will give a complete protection while you retain operational efficiency.

Enhanced tier premises should focus their movement control measures on:

  • Using appropriate deterrents
  • Reducing vulnerabilities
  • Protecting public entry and exit points
  • Implementing searching and screening procedures [13]

Different types of qualifying premises can deliver these measures through a combination of people, processes, and physical measures [13]. The right integration of these technologies and security measures creates a resilient security framework that meets legislative requirements and ensures public safety.

Emergency Response Planning

Our incident response framework works in three distinct phases:

Phase

Actions

Timeline

Response

Protect people, minimise damage

Immediate

Crisis Management

Stakeholder communication, media handling

Short-term

Recovery

Service restoration, normal operations

Long-term

 

Organisations need clear incident response procedures that have:

  1. Move to Critical (MTC) plans for increased threat levels [1]
  2. Suspicious behaviour reporting protocols [1]
  3. Lockdown and evacuation procedures [1]
  4. Bomb threat response guidelines [1]
  5. CBRN incident management [1]

Coordination with authorities

Emergency response needs smooth coordination. We build strong partnerships with emergency services. Our approach has:

  • Crisis communication plans [1]
  • Incident reporting procedures [1]
  • Emergency service liaison protocols [17]
  • Multi-agency response coordination [3]

Security incident response procedures need regular testing to work properly [1]. These exercises help us spot potential gaps and improve our coordination capabilities.

Recovery procedures

Quick response matters, but recovery planning is equally important. Our recovery framework has:

  • Business continuity measures
  • Staff support systems
  • Public reassurance strategies
  • Operational restoration plans

Recovery phase focuses on three main elements [18]:

  • Reassuring staff and customers
  • Managing media relations
  • Restoring normal operations

We recommend building mutually beneficial alliances for joint security initiatives [18]. These partnerships help maintain high threat awareness levels and enable quick recovery after incidents.

Organisations should protect themselves by:

  • Documenting all emergency procedures [1]
  • Maintaining detailed incident logs
  • Reviewing and updating protocols regularly
  • Conducting periodic emergency drills [1]

Cost-Effective Compliance Strategies

Understanding the financial picture helps you plan better. Standard tier premises need about £3,313 per venue over 10 years [19]. Enhanced tier premises need to invest more - around £52,093 during this time [19].

You should look at:

  • Annual budget allocation
  • Available government resources
  • Training investment requirements
  • Equipment upgrade schedules

The legislation aims for reasonable measures. Most standard tier venues won't face big new costs [15]. The focus stays on readiness rather than expensive physical changes.

Resource optimisation

We suggest starting with security solutions that cost little or nothing, which often meet compliance needs [15]. Here's our framework to optimise costs:

Resource Type

Optimisation Strategy

Staff Training

Internal knowledge sharing

Documentation

Digital record keeping

Risk Assessment

In-house expertise development

Communication

Existing systems utilisation

 

The government offers several helpful resources [20]:

  1. Risk assessment templates
  2. Digital training materials
  3. Counter-terrorism guidance
  4. Implementation toolkits

Phased implementation approach

We created a timeline that spreads costs manageably. You get about 24 months to prepare for compliance [12], so you can plan your budget well.

Here's how to break it down:

  1. Initial Assessment (Months 1-3)
    • Review current measures
    • Identify gaps
    • Calculate resource requirements
  2. Core Implementation (Months 4-12)
    • Staff training programmes
    • Simple security procedures
    • Documentation systems
  3. Enhanced Measures (Months 13-24)
    • Advanced security solutions
    • Technology integration
    • Compliance verification

Standard tier venues should focus on simple, budget-friendly preparation activities [21]. This approach delivers good security results without breaking the bank. Many organisations can meet requirements by making simple changes to their current systems [20]. Good planning and smart use of resources will help you make these changes while keeping operations smooth.

Worried about how the protect duty legislation might affect your event's finances? We know that new security measures can put pressure on your budget. Let's look at some practical ways to meet requirements without spending too much.

Documentation and Record Keeping

The Security Industry Authority (SIA) needs specific documentation from all qualifying premises [4]. Our experience shows that proper record maintenance falls into three main categories:

Document Type

Purpose

Update Frequency

Risk Assessments

Threat evaluation

Annual

Security Plans

Operational procedures

Bi-annual

Training Records

Staff competency

Quarterly

 

Inspectors can ask for information or documentation about security measures anytime [4]. We recommend keeping these records ready:

  1. Security arrangement objectives
  2. Event requirements analysis
  3. Implementation procedures
  4. Staff reporting processes
  5. Points of contact information

Compliance evidence

Your compliance evidence should show that you've put appropriate security measures in place [20]. We keep detailed records of:

  • Security audit reports
  • Staff training certificates
  • Equipment maintenance logs
  • Incident response records

Security audits give us a full picture when we put together successful event documentation [22]. These audits help us:

  1. Identify potential weaknesses
  2. Document existing systems
  3. Record improvements made
  4. Track implementation progress

Audit preparation

Your inspection readiness depends on having available documentation [4]. Our audit preparation framework covers:

  1. Documentation Organisation
    • Chronological filing system
    • Digital backup storage
    • Quick retrieval protocols
  2. Regular Reviews
    • Monthly documentation checks
    • Quarterly compliance assessments
    • Annual security audits
  3. Stakeholder Communication
    • Staff awareness programmes
    • Authority liaison records
    • Emergency service contacts

Inspections usually involve interviews with the core team, including security heads [4]. Our documentation shows:

  • Understanding of threat methodologies
  • Risk assessment competency
  • Implementation of appropriate measures
  • Regular review procedures

We conduct regular internal audits that focus on:

Audit Area

Key Elements

Frequency

Documentation

Completeness, accuracy

Monthly

Procedures

Implementation, effectiveness

Quarterly

Training

Compliance, updates

Bi-annual

 

Your audit preparation needs evidence that security measures are [20]:

  • Reasonable and appropriate
  • Regularly reviewed
  • Properly documented
  • Effectively implemented

Conclusion

The UK's Protect Duty legislation has changed event security requirements and affects over 278,880 premises nationwide. This piece outlines the steps you must take to comply with rules about risk assessment, staff training, security measures, and emergency planning.

Event organisers should balance their security preparation. Smart organisers see these requirements not as burdensome rules but as chances to boost visitor safety and operational excellence. Simple procedural changes will help standard tier venues comply, while enhanced tier locations will require complete security infrastructure.

Your venue must have these elements to comply:

  • Full risk assessments with prevention strategies
  • Complete staff training programmes
  • Right security technology setup
  • Strong emergency response plans
  • Clear documentation methods

Venues of all sizes can achieve affordable compliance. Many organisations meet requirements when they optimise existing resources and apply practical, budget-friendly solutions. Of course, good planning and organised implementation help maintain both security standards and operational efficiency.

Want to make sure your events meet all Protect Duty requirements? Our security experts will help you develop and set up security measures that fit your specific needs. Visit protectdutysolution.com/pdr today to start your complete event protection journey.

References

[1] - https://www.protectuk.police.uk/sites/default/files/2024-06/Risk controls list.pdf
[2] - https://www.protectuk.police.uk/martyns-law/martyns-law-overview-and-what-you-need-know
[3] - https://www.hse.gov.uk/event-safety/safety-advisory-groups.htm
[4] - https://www.gov.uk/government/publications/terrorism-protection-of-premises-bill-2024-factsheets/terrorism-protection-of-premises-bill-regulation-sanctions-and-enforcement-factsheet
[5] - https://www.protectuk.police.uk/stage-1-risk-identification
[6] - https://www.enfield.gov.uk/services/community-safety/protect-duty-martyns-law
[7] - https://www.fahrenheitsecurity.com/post/event-security-risk-assessment
[8] - https://www.gov.uk/government/consultations/protect-duty/outcome/government-response-document
[9] - https://www.protectuk.police.uk/evacuation-invacuation-lockdown-protected-spaces
[10] - https://www.protectuk.police.uk/tactic-rb3-ensure-lockdown-procedures-are-known-tried-and-tested
[11] - https://www.crises-control.com/blogs/emergency-communication-systems-2-2/
[12] - https://homeofficemedia.blog.gov.uk/2024/09/13/martyns-law-factsheet/
[13] - https://www.gov.uk/government/publications/terrorism-protection-of-premises-bill-2024-factsheets/terrorism-protection-of-premises-bill-enhanced-duty-requirements-factsheet
[14] - https://www.gov.uk/government/publications/nhs-prevent-training-and-competencies-framework/nhs-prevent-training-and-competencies-framework
[15] - https://assets.publishing.service.gov.uk/media/60379c368fa8f50494071e18/Protect_Duty_Consultation_Document5.pdf
[16] - https://www.accredit-solutions.com/access-control-and-accreditation-essential-layers-of-event-security/
[17] - https://www.gov.uk/guidance/emergency-response-and-recovery
[18] - https://www.wtwco.com/en-gb/insights/2024/09/protection-of-premises-legislation-implications-for-the-health-and-social-care-sector
[19] - https://www.gov.uk/government/publications/terrorism-protection-of-premises-bill-2024-impact-assessment/terrorism-protection-of-premises-bill-impact-assessment-accessible
[20] - https://www.gov.uk/government/consultations/protect-duty/protect-duty-consultation-document-accessible-version
[21] - https://www.protectdutysolution.com/post/martyns-law-a-timeline-of-implementation-phases
[22] - https://liveit.io/top-reasons-why-a-security-audit-is-critical-for-event-planning/

Fort Green
Fort Green
Fort Green is the ultimate resource, renowned for its unwavering reliability and UNMATCHED proficiency in the realms of security, safety and event production. No matter the obstacle, Fort Green is always your first and foremost choice.

Ready to get started?

Free trial
Insights

Our latest news

Sharing knowledge and insights in everything from terrorism risk to machine learning from our researchers and partners.

Standard Tier

Venues with 200-799 capacity

Enhanced Tier

Venues with 800+ capacity

Basic Requirements

Tell regulator, put in basic protection

Advanced Requirements

Detailed risk checks, strong safety measures