The SIA's consultation on its section 12 guidance for Martyn's Law โ the Terrorism (Protection of Premises) Act 2025 โ closed on 12 June. With the Home Office statutory guidance published in April and the SIA confirmed as the regulator, the shape of the regime is now settled. Commencement is expected in Spring 2027, following the minimum 24-month implementation period from Royal Assent on 3 April 2025. That is not far off in compliance terms.
The two tiers. Premises where 200 to 799 people may be present at once fall in the standard tier. Premises at 800 or more fall in the enhanced tier. The thresholds have held through the guidance process, so duty-holders can plan against them with confidence.
What each tier must do. Standard-tier premises must have appropriate public protection procedures in place โ evacuation, invacuation, lockdown and communication โ coordinate with other responsible persons on the site, and notify the SIA. Enhanced-tier premises must do all of that and add public protection measures: monitoring, controlling movement, and physical security to reduce vulnerability. They must document compliance in a written statement for the SIA and designate a senior individual to oversee it where the responsible person is an organisation. The compliance document is not a tick-box; it must set out the procedures and measures and assess how they reduce harm.
The operator implication. The SIA has signalled a supportive, proportionate, risk-based approach rather than a punitive one at the outset โ but the duties are statutory and carry real penalties for serious non-compliance. For security managers and consultants the live work starts now: tier each site against the thresholds, map current procedures against the standard- or enhanced-tier requirements, name a responsible person, and begin the documentation. Waiting for Spring 2027 to start is the wrong call. The desks that win this work will be the ones with credible readiness assessments in front of clients this year.
