The Security Industry Authority's preparatory work on Martyn's Law has moved from consultation into practice. The regulator is running pilot inspections and inviting duty-holders to test its digital notification platform, with Laura Gibb, the SIA's executive director for Martyn's Law, updating on progress (NCASS). The consultation on the draft Section 12 guidance โ how the SIA will inspect, advise and enforce โ has now closed.
The timeline is firming up. Final Section 12 guidance and a full consultation report are still to come, with the SIA's preparatory work completing in early spring 2027 and the law itself in force from spring 2027 (GOV.UK). The two-tier structure is unchanged: a standard tier for qualifying premises where 200 to 799 people may be present, requiring notification and reasonable public-protection procedures; and an enhanced tier for premises and events expecting 800 or more, which adds documented measures to reduce vulnerability to an attack and a security document filed with the SIA (GOV.UK).
The official line to duty-holders is that most organisations should be able to comply by developing procedures, training staff and documenting arrangements, rather than buying in consultants โ and that legal responsibility cannot be delegated even where private expertise is used (GOV.UK; NCASS). That is the shape of the opportunity for the industry: not sign-here compliance packages, but credible advisory and training that helps a responsible person meet a standard they still own. Firms that build genuine Martyn's Law readiness capability now โ assessment, procedures, staff training, exercising โ have a clear run at the window before enforcement bites in 2027.





