The Martyn's Law checklist for standard-tier venues
Last reviewed:
If your venue can expect 200 to 799 people at once, including everyone working there, Martyn's Law's standard tier will apply to you when the Act's duties commence (expected Spring 2027). Getting ready comes down to seven steps, and none of them requires a consultant, a purchase, or specialist security knowledge.
A word of caution about other checklists you may find: several of the top-ranking ones were written before the Act passed and still cite superseded proposals, such as a 100-person threshold that does not exist in the final law. Everything below follows the Act and the Home Office statutory guidance published in April 2026, with paragraph references so you can verify each point yourself.
Step 1: Confirm you're in scope, and which tier
- ☐ Work out the largest number of people you could reasonably expect at your premises at the same time, including staff, volunteers and contractors (para 4.23).
- ☐ Include outdoor areas that are part of your premises, such as a beer garden or terrace. The guidance's own example: a café with 180 seats inside and 30 outside counts 210.
- ☐ Count predictable peaks, not your average. A venue that exceeds 200 only on match days or during seasonal events is still in scope if those peaks are expected to recur. See the "from time to time" rule.
- ☐ Record how you reached your number. The guidance accepts several methods (fire-safety occupancy figures, historic attendance data, fixed seating, ticket limits or licence capacity), but whichever you use "must be evidenced" (para 4.25).
Done when: you know your peak number, the method behind it, and your verdict: under 200 (out of scope), 200–799 (standard tier), or 800+ (enhanced tier). Our free tier checker walks you through this in about two minutes.
Step 2: Identify your responsible person
- ☐ Establish who has control of the premises in connection with their public use. That is the "responsible person", and it is defined by the Act as "not a matter of choice" (para 6.1).
- ☐ If the premises are leased or tenanted, check who holds the premises licence and who genuinely controls the site. The guidance's own pub example (para 6.3): where a brewery owns a leased pub and holds the licence, the brewery, not the tenant, is the responsible person.
- ☐ If the responsible person is an organisation (a company, committee or charity), agree which named individual will own these tasks day to day. Tasks can be delegated; the legal responsibility cannot (para 6.1).
Done when: you can state, in one sentence, who the responsible person is and why.
Step 3: Design your four public protection procedures
This is the heart of the standard tier: procedures to reduce the risk of physical harm if an act of terrorism occurred at or near your premises, in place "so far as reasonably practicable". Four types (paras 7.33–7.49), each thought through for your building:
- ☐ Evacuation: how you get people out and away from danger. Where are the exits? Who directs people? How does this differ from your fire evacuation, which might send people towards the danger (para 7.34)?
- ☐ Invacuation: how you move people to a safer place inside, or bring in people who are outside. Which rooms are safest? Who decides?
- ☐ Lockdown: how you secure the premises to keep danger out. Which doors lock, who holds the keys, what can block an entrance?
- ☐ Communication: how you alert everyone on site quickly and tell them what to do. A PA system if you have one; agreed words and a shout-and-relay plan if you don't.
Done when: for each of the four, you can answer: what would trigger it, who does what, and how people are told. Simple beats elaborate: the guidance's own example is a bar that replaced several attack-specific evacuation plans with one, after staff froze in practice trying to pick between them. The full detail is in our standard tier guide.
Step 4: Write it down (recommended, not required)
- ☐ Put your procedures in a short document: venue details, your capacity number and method, the responsible person, and the four procedures with roles.
"…there is no legal requirement to prepare a document stating the procedures in place… However, the responsible person should prepare a document like this… It may also be difficult to demonstrate compliance with the Act – for example, in the event of an inspection by the SIA – if the procedures are not documented in some form."
Statutory guidance, para 7.32
Done when: your procedures exist somewhere other than one person's head. A couple of pages is fine; accurate and known beats long and ignored.
Step 5: Brief everyone with a role
- ☐ Walk each person with a role in the procedures through what they'd do, including regular volunteers and casual staff.
- ☐ Keep a simple record of who was briefed on what, and when.
There is no mandatory training course at the standard tier. But the guidance requires that those responsible for carrying out the procedures "must be made aware of the procedures and their specific role" (para 7.51), and an SIA inspector can ask anyone present to assist during an inspection (para 9.5), which in practice means your staff could be asked what they'd do.
Done when: anyone with a role could answer "what do you do if…" without checking.
Step 6: Get ready to notify the SIA
- ☐ Gather what notification will plausibly need: venue address and details, your capacity assessment, and who the responsible person is.
Standard-tier venues will have to notify the Security Industry Authority that they are the responsible person for the premises. The exact information and timing will be set by regulations that have not yet been made, and the SIA's portal is not yet open, so there is nothing to submit today, and anyone selling "registration" now is ahead of the law. Doing steps 1–5 means you'll have every answer ready the day it opens.
Step 7: Keep it current
- ☐ Revisit your procedures when something material changes: a refurbishment, a new use of the space, a change of team or of responsible person.
The Act sets no fixed review interval for standard-tier procedures, review is strongly recommended in the guidance rather than required (para 8.5). The real test is simpler: do your written procedures still describe what would actually happen in your building tonight? If not, update them.
Where a tool fits in
Everything above can be done yourself, free; that's a deliberate feature of the law. What the Martyn's Law Plan does is compress it: guided questions produce your capacity assessment, your four procedures and your written document in one sitting, with staff briefing sheets, and we update your answers when the commencement date and notification regulations land. If you'd rather do it by hand, this checklist and the standard tier guide are everything you need.
Start with the two-minute step: check which tier your venue is in →
Frequently asked questions
Is there an official Martyn's Law checklist?
No. The statutory guidance (para 7.32) says templates "will be developed which are optional and indicative"; nothing published so far is official or mandatory, including this checklist. Ours simply follows the statutory guidance step by step, with paragraph references so you can check every claim.
How long does this take for a small venue?
For a straightforward standard-tier venue (one building, one use, a stable team), expect one to two focused days to work through all seven steps properly, most of it spent thinking through the four procedures for your specific layout. Keeping it current after that is measured in minutes, not days.
Do I need to buy anything to complete this checklist?
No. The guidance is explicit (para 6.7): "It is not mandatory to use third-party products or services to comply with the Act's requirements." Every step here can be done with time and a pen. Tools like ours exist to save you the time and give you confidence in the result, not because the law requires them.
Does this checklist cover the enhanced tier?
No, it is written for standard-tier premises (200–799 people). Venues expecting 800 or more people from time to time have additional duties, including public protection measures and a compliance document. Start with our standard tier guide to confirm which tier you are in.
Sources: Terrorism (Protection of Premises) Act 2025; Home Office statutory guidance (April 2026, updated May 2026) and supplementary documents. Paragraph references are to the statutory guidance. General information, not legal advice. Contains public sector information licensed under the Open Government Licence v3.0.