MARTYN’S LAW

Preparing for Martyn's Law

24 March 2025

Hospital estates will be required to meet new legislation designed to mitigate the risks of harm from terror attacks, writes Paul Hobden, managing director at Learning Solutions, Skills for Health

© Skills for Health

© Skills for Health

Martyn's Law is a forthcoming Act of Parliament which will compel all manner of venues, including NHS estates, to implement measures to mitigate and reduce the risk of harm from terror attacks. The law is currently undergoing its third reading in the House of Lords and is the result of years of tireless campaigning by the mother of Martyn Hett – one of the victims of the 2017 Manchester Arena terror attack. Subject to Royal Assent, it is anticipated that Martyn's Law will make it onto the statute books by the time Parliament breaks in July.

Although the timetable for implementation is yet to be finalised, healthcare providers meeting the threshold requirements – more on that later – should work on the assumption that they will be required to demonstrate compliance by late 2026. Martyn's Law will apply to the majority of publicly accessible locations where the number of people present at any one time is 200 or more. Smaller GP surgeries are unlikely to meet this threshold and will therefore be exempt from Martyn's Law. Most hospitals, with the exception of a small handful of community ones, will undoubtedly exceed the threshold requirements of the legislation.

The capacity threshold of a qualifying venue, such as a hospital campus, will be calculated on the basis of the site as a whole, rather than individual buildings. That being so, the threshold calculation includes cafes, pharmacies and newsagents, for example, which are located on hospital grounds, but not directly operated by the NHS trust. 

The same rules apply for an independent pharmacy attached to a GP.

In short, the Bill requires qualifying premises to implement policies, process and procedures, backed by training, and in some instances building modifications or upgrades, to reduce the risk of physical harm to individuals in the event that an act of terrorism occurs at the premises or in the immediate vicinity.

The extent of the measures required depends on the capacity of the healthcare setting, with the legislation following a tiered approach separating smaller and larger premises into Standard and Enhanced tiers, respectively. 

Locations with a capacity of 200-799 are considered Standard Tier, whereas premises with a capacity exceeding 800 or fall within the Enhanced Tier, which are required to comply with additional measures as well as Standard Tier ones. 

Standard Tier - Every healthcare setting is different, but essentially providers will be required to – where practicably possible – implement and/or evidence the existence of a codified set of policies and procedures regarding the following:

• evacuation - getting people safely out of the premises

• invacuation - bringing people safely into, or to safe parts within, the premises

• lockdown - securing the premises to ensure that the entry of any attacker is restricted or prevented

• communication - alerting people on the premises to move them away from any danger. 

Enhanced Tier premises are required to comply with those of the Standard Tier in addition to implementing and/or providing in-use evidence of:

• monitoring measures to support identification and reporting signs of suspicious activities, behaviours, items or other potential indicators of a potential or actual attack

• movement measures such as deterrents and mitigations to reduce vulnerabilities to attacks and to protect members of the public

• physical safety and security measures that prevent certain attack methodologies from occurring and/or to mitigate their impacts

• information security interventions to safeguard sensitive information regarding the premises, operating environment, design or usage that could reveal vulnerabilities to a terror attack.

The penalties for non-compliance are severe. Failure to comply with an information notice or providing false or misleading information carries a two-year prison sentence.

Fines of up to £18m can also be issued to trusts that fail to comply with Enhanced Tier requirements.

Martyn's Law requires a designated ‘responsible person' for all qualifying premises. In most cases, this will be an entity, such as an NHS Foundation Trust, rather than an individual. While NHS bodies are liable for the most part, in practical terms, of course, safety and security is everyone's business. 

The NHS generally has a strong safety culture, however, the delivery of training in support of Martyn's Law must take account of the strain that the workforce is under and prioritise learner engagement accordingly. The risk with any new regulatory compliance training is it becomes a mere box ticking exercise and so NHS employers should look for ways to foster genuine engagement with the tenets of behavioural safety which sits at the heart of Martyn's Law.

Tags

Related Articles

SKILLS FOR HEALTH
Quality assurance audit programme receives overhaul

Quality assurance audit programme receives overhaul

By Liz Wells 25 March 2025

Skills for Health, the sector skills council for healthcare, has launched a new quality assurance audit service to replace its long-running Quality Mark prog...

NHS PROVIDERS

EXCLUSIVE: Why the shift to community needs sound governance

By Lee Peart 24 March 2025

Emily Newton, systems policy advisor at The Health Foundation, says the appointment of Sir John Oldham as a senior advisor for neighbourhood health is a sign...

NHS ORKNEY

Going beyond traditional recruitment

By Liz Wells 24 March 2025

As a remote and rural healthcare provider, NHS Orkney has to think differently about attracting and retaining staff, which requires a strategic and proactive...