The Home Office has commenced a public consultation on how legislation, known as the Protect Duty, may be used to enhance the protection of publicly accessible locations across the UK from terrorist attacks.

The proposals are based around the set of safety and security protocols known as "Martyn's Law", developed as a result of the Manchester Arena attack in 2017.

If introduced, the Protect Duty would apply to a significant number of private, public and third sector organisations in the UK.

The consultation, which is open until 2 July 2021, is targeted at: 

  • Organisations employing 250 staff or more which operate at publicly accessible locations where there is significant and/or regular public footfall, irrespective of the number and size of stores and outlets they have in the UK
  • Individuals and organisations who own or operate publicly accessible venues and spaces with capacity to hold 100 persons or more
  • Organisations who store, sell or hire products that could be used as weapons by terrorists in an attack at a publicly accessible location, such as vehicles, knives and potentially harmful substances
  • Local and Public Authorities responsible for public accessible locations which usually have no clear boundaries or well-defined entrances/exits, and
  • Government offices.

How is a "publicly accessible location" defined?

Publicly accessible locations are defined as "any place to which the public has access, on payment or otherwise, as of right or by virtue of express or implied permission" and include;

  • Retail stores, shopping centres and markets
  • Transport hubs
  • Commercial ports
  • Schools and universities
  • Medical centres and hospitals
  • Hotels, pubs, clubs and casinos
  • Sports stadium, music venues, festivals and visitor & tourist attractions
  • Places of worship
  • Government offices, including town halls and job centres
  • High streets, public squares, parks and beaches.

Private venues, such as places of employment or other locations where there is no public access are not intended to fall within the scope of the Protect Duty.

What would the protect duty require?

Dutyholders would be required to assess the potential risk and impact of a terror attack at the locations they own, operate or control and take proportionate protective security and organisational preparedness measures to make it harder for a would-be terrorist to carry out a successful attack.

The proposed requirements are outlined in the "Best Practice Examples" in Annex 2 and vary depending on the size of the organisation, the scale of event and the number of employees and predicted number of visitors at each location.

Best practice examples include:

  • The operator of a single, town-centre, shop with 10-15 employees and up to 100 customers at a time who would be required to carry out and record a terrorist attack risk assessment, train and provide staff with information on how to spot and report suspicious activity and respond to each type of attack identified as a risk and, where possible, coordinate active security measures with other local businesses
  • A medium sized business location, part of a national chain, with several hundred employees and hundreds of visitors at each location at any one time would also be required to base their risk assessment on the Counter Terrorism Local Profile, plan how the site can support a police intervention and also to integrate public safety personnel, visible guarding deterrents and whole-site lockdown measures into their existing security arrangements
  • A large venue with many employees and thousands of visitors each day would be required to carry out a risk assessment covering all risks within the current threat spectrum and introduce a layered approach to active security including search and screening at access points, employee screening, hostile vehicle mitigation and traffic control measures and also develop incident response, communications and police intervention support plans.

Inspection and enforcement

The consultation envisages a combination of remote compliance monitoring and inspection regime, using evidence-based risk assessments to determine how and where resources should be deployed.

It is proposed that enforcement would be primarily based on civil sanctions (such as fines) with offences to include persistent failure to take reasonable steps to reduce the potential impact of attacks.

Proposed exemptions and exclusions?

Organisations operating in the rail (international, domestic heavy and light rail) and aviation sectors would be exempt on the basis that they are already subject to legislative requirements to assess and mitigate against terrorist threats.

Chemical Oil Gas (GOG), Container Ro-Ro (CRR) and Other Bulk Cargo (OBC) Ports would also be excluded as such operations do not take place in publicly accessible locations.

Further information

The consultation document can be downloaded here.

If you have any questions on the scope on the proposed Protect Duty or how the proposals may impact on your organisation, please contact Stephen Panton.