Wellinhand

Martyn's Law standard tier requirements, in plain English

Updated June 2026 · Based on the Terrorism (Protection of Premises) Act 2025 and the Home Office statutory guidance published April 2026 · Not legal advice

In short

Standard tier covers premises where 200–799 people may reasonably be expected at the same time — and places of worship and most education settings at any size, once in scope. The duties are to notify the SIA, put four public protection procedures in place (evacuation, invacuation, lockdown and communication), make sure the people who run the venue know them, and coordinate where premises are shared. There are no physical security measures and no compliance document at this tier, and breaching a compliance notice is not a criminal offence here. The law is expected to commence in Spring 2027.

Last reviewed: June 2026 · Sources: Home Office Section 27 statutory guidance (April 2026); SIA draft section 12 guidance (April 2026).

If your venue can reasonably expect between 200 and 799 people at the same time, you'll sit in the standard tier of Martyn's Law when it commences — expected Spring 2027. The 200 threshold applies to places of worship and education settings too; once in scope, they're standard tier at any size and never escalate to the enhanced tier.

The good news, which doesn't always survive the headlines: the standard tier was deliberately designed to be simple and low-cost. There are no required physical security measures, no terrorism risk assessments to commission, and no consultants to hire. Here's the whole of it.

Requirement 1: Notify the SIA

The Security Industry Authority is the regulator for Martyn's Law. Once the law commences, the responsible person for each qualifying premises must notify the SIA — and notify it again if they stop being responsible (for example, the premises changes hands).

Notification will be free, via a secure online system the SIA is currently building (a paper-based route will exist for those who genuinely can't use it). The exact process and timeframes will be confirmed in regulations nearer to commencement. There is nothing to submit today — but it's worth knowing now who your responsible person is (usually the person or body in control of the premises, such as the management committee or trustees).

Two things worth knowing from the SIA's draft operational guidance: notification is a living duty — if the information you've notified stops being accurate (a new responsible person, a changed use), you must update it within the specified time. And while the SIA may occasionally send reminders about your obligations, its guidance is explicit that you shouldn't rely on those reminders — staying on top of it is your responsibility. (Keeping track of exactly this sort of thing is, of course, rather the point of Wellinhand.)

Requirement 2: Four public protection procedures

You must have in place, so far as reasonably practicable, appropriate procedures that could reasonably be expected to reduce the risk of physical harm if an attack happened at or near your premises. The guidance frames these around four situations:

  1. Evacuation — getting people out of the building safely. Which exits, which routes, who directs, where people assemble. Much of this will already exist in your fire arrangements; the thinking here adds "what if the danger is at one of the exits?"
  2. Invacuation — the reverse: bringing people inside, or moving them to a safer part of the building, when the danger is outside or nearby.
  3. Lockdown — securing the premises: locking doors, closing shutters, moving people away from glass, keeping an attacker out.
  4. Communication — how you tell the people on site what's happening and what to do. For a small venue this can be as simple as who shouts what, and who calls 999.

The key sentence in the guidance: procedures only count if they can actually be followed. A document nobody has read doesn't comply. The legal expectation is workable plans plus people who know them.

"Appropriate and reasonably practicable" means proportionate to your venue — a 250-capacity village hall is not expected to plan like an arena. Simple, sensible and rehearsed beats elaborate and forgotten.

Requirement 3: Coordination (where it applies)

Where more than one person is responsible for premises — or your premises sit inside someone else's (a hall within a larger community campus, a unit in a shared building) — the responsible persons must coordinate with each other so far as reasonably practicable. In practice: talk to each other, make sure the procedures fit together.

What standard tier does not require

Penalties and enforcement — what the SIA's own draft guidance actually says

This is where the headlines and the reality part company, so here's the reality, from the regulator's draft operational guidance. The SIA's approach is advisory-first: for minor issues at standard tier venues it expects to point you to the published guidance; for more material ones, regulatory advice and a written warning come before any enforcement notice. Civil penalties of up to £10,000 exist as a backstop — and even then, the SIA's penalty framework explicitly takes into account your ability to pay, the impact on charitable funds, how quickly you put things right, and how you co-operated.

Some more facts worth knowing: failing to comply with a compliance notice is not a criminal offence at standard tier (the criminal offences mainly concern things like knowingly giving the SIA false information or obstructing an inspector). Restriction and closure powers apply to the enhanced tier only — a standard tier venue cannot be shut down under this law. Routine compliance checking will mostly be desk-based, and an on-site inspection without a warrant requires at least 72 hours' written notice.

One more thing the draft guidance makes clear: there will be no public register of notified venues and no published compliance ratings. So when your insurer or a hirer asks "what are your Martyn's Law arrangements?" — a question already appearing in renewal conversations — the only proof that exists is the record you keep yourself. That, far more than any fear of penalties, is the practical reason to keep your workings.

What to do between now and Spring 2027

  1. Confirm you're in scope — the test is realistic attendance, not the fire-capacity sign. Our free three-minute checker walks you through it.
  2. Identify your responsible person and put Martyn's Law on a committee agenda.
  3. Draft the four procedures — start from your existing fire and emergency arrangements; you're closer than you think.
  4. Brief your people — committee, staff, regular volunteers. The free government ACT e-learning is a good foundation.
  5. Keep a record — what you decided, who was briefed, when you'll review it. The venues that struggle won't be the ones who did nothing wrong; they'll be the ones who can't show what they did.

Common questions

What is invacuation in Martyn's Law?

Invacuation means bringing people into the premises, or moving them to a safer part of it, when the danger is outside or nearby — the opposite of evacuation. It's one of the four procedure types every standard tier venue must cover, along with evacuation, lockdown and communication.

Does standard tier require physical security measures?

No. Standard tier requirements are procedural — written, workable plans and people who know them. There is no requirement for CCTV, barriers, security staff or other physical measures at standard tier; those considerations apply to the enhanced tier (800+).

What are the penalties for standard tier non-compliance?

The SIA can issue civil penalties of up to £10,000 for standard tier non-compliance, alongside compliance notices. The regulator has said it intends to take a supportive, proportionate, advisory-first approach.

Wellinhand does this with you

A guided builder for the four procedures, a briefing log for your people, automatic review reminders, and a one-click evidence pack for your insurer. Built for venues that run on volunteers. Join the early-access list or start with the free scope checker.