The Terrorism (Protection of Premises) Act 2025 — widely known as Martyn's Law — places new legal obligations on UK venues and event organisers to implement and demonstrate appropriate security measures. For stadiums and large public spaces, those obligations are substantial.
Whether you manage a football ground, concert arena, exhibition centre, or any venue with 800+ capacity, this guide covers what the law requires, which security systems are affected, and how a unified security platform can simplify the compliance audit process.
The Act received Royal Assent on 3 April 2025. Enforcement is expected to begin no earlier than April 2027, giving venues approximately two years to prepare.
Download the full article below if you want to read later!
The Act establishes two tiers of responsibility:
Compliance with the Enhanced tier will be regulated by the Security Industry Authority (SIA), which will have powers to issue compliance notices, monetary penalties, and restriction notices.
Your site falls within scope if:
If 800+ individuals may reasonably be expected, the venue is an Enhanced duty premises and subject to the fuller set of requirements.
For events (rather than permanent premises), the 800-person threshold also triggers Enhanced obligations, provided ticketing or entry controls are in place.
Events that satisfy the following criteria fall within scope of the Act:
For Enhanced duty premises — which includes virtually all UK professional stadiums — the security plan must address the physical and technological measures in place to detect, deter, and respond to a terrorist threat.
In practice, this means your stadium security systems need to be documented, operational, and demonstrably fit for purpose across the following categories:
A comprehensive CCTV network covering all public areas, entry/exit points, concourses, car parks, and perimeter zones. Systems must be operational, regularly maintained, and capable of providing usable footage to law enforcement. Coverage gaps are a key audit risk.
Controlled entry at all gates and restricted areas, with the ability to lock down individual zones quickly. Integration between access control and video management allows security staff to verify and respond to access events in real time.
Perimeter and internal detection systems that alert the control room to unauthorised entry before a threat escalates.
The ability to communicate rapidly and clearly with all areas of the stadium — including evacuation instructions and lockdown alerts — is central to both the preparedness plan and the operational response.
Accurate, real-time occupancy data is essential for demonstrating compliance with safe capacity limits and informing evacuation decisions. Video analytics-based people counting removes reliance on manual processes.
For stewarding and security staff operating across the ground, body-worn cameras and mobile monitoring tools extend the reach of the central control room.
To support and enforce Martyn’s Law, a new regulatory function is being created within the Security Industry Authority (SIA).
The SIA’s role will be to guide, support and advise those responsible for premises and events - helping them understand the requirements and take practical steps to meet them. But it will also have the authority to take action if those responsibilities are ignored.
If there’s serious or ongoing non-compliance, the SIA will be able to issue:
The legislation also includes some criminal offences.
Before enforcement begins, the SIA must publish official guidance explaining how it will carry out its responsibilities. This guidance will need to be signed off by the Home Secretary.
Importantly, there will be a lead-in period of at least 24 months before the law comes into force. This gives time to set up the regulator and, crucially, allows businesses and event organisers to fully understand their obligations and get ready.
The legislation will apply across England, Wales, Scotland and Northern Ireland to ensure consistency in keeping the public safe across all parts of the United Kingdom.
The stadium control room is where Martyn's Law compliance becomes operational. It is the nerve centre from which your security team monitors, responds, and documents — and it is what the SIA will scrutinise during compliance assessments.
An effective stadium control room needs:
If your control room today relies on separate, disconnected systems — a standalone VMS, a separate access control dashboard, a manual radio log — it is likely to struggle under a Martyn's Law compliance audit.
Although the legislation won’t be enforced for at least two years, there’s plenty you can do now to start building stronger, smarter security practices.
ProtectUK created a checklist to help ensure that the right protective security measures are in place.
One of the most significant compliance challenges for stadium operators is demonstrating that security measures are in place, working, and regularly reviewed. The SIA's enforcement framework will require evidence — not just good intentions.
A unified security platform like WaveFusion addresses this directly by consolidating all security data into a single, auditable system.
Every event across your security estate — camera faults, access attempts, alarm triggers, operator actions, system health checks — is captured in a single, time-stamped log. When the SIA requests evidence of system operation or incident response, you can produce it immediately.
Generate structured reports showing camera uptime percentages, access control activity by zone, incident frequency, and response times. These outputs map directly to the documentation requirements of an Enhanced duty security plan.
Wavestore's HealthMonitor tracks the status of every camera, server, and connected device across your estate. Camera failures are flagged in real time — eliminating the risk of coverage gaps going undetected until an audit (or an incident) reveals them.
For post-incident review, unified logging means you can reconstruct a complete picture — video footage, access events, alarm activations, and operator responses — in a single timeline. This is critical both for internal review and for providing evidence to law enforcement or the regulator.
Most stadium security estates include hardware from multiple manufacturers. WaveFusion's open-platform architecture integrates with 200+ camera brands and a wide range of access control, audio, and intrusion systems — meaning the unified log captures everything, not just Wavestore devices.
Compliance managers, security consultants, and SIA auditors can be granted read-only access to reporting dashboards and audit logs without requiring full system access. This simplifies the audit process and reduces the operational burden of compliance reviews.
Wavestore has direct experience deploying unified video management in high-footfall stadium environments. Our VMS platform is designed to handle the scale, complexity, and reliability demands of professional sports venues.
Key capabilities for stadium operators:
Case Study: Wavestore’s VMS in Action at Uruguay’s Stadiums
Whether you’re assessing your obligations under Martyn’s Law or already putting a plan in place, our team is here to help you. Book a call with a Systems Architect → wavestore.com/support/demo
Martyn's Law does not mandate specific products, but Enhanced duty premises (800+ capacity) must implement security measures that are "reasonably practicable" to reduce vulnerability to a terrorist attack. In practice, this means documented and operational CCTV coverage, access control, intrusion detection, mass notification, and people counting systems — all underpinned by a formal security plan and regular reviews. The SIA will assess whether the measures in place are proportionate to the risk and the size of the venue.
A unified platform consolidates all security system data — video, access events, alarms, analytics, operator actions — into a single, auditable record. This directly supports Martyn's Law compliance by making it straightforward to produce evidence of system operation, demonstrate coverage across the venue, and document incident responses. It also reduces the operational complexity of managing multiple disconnected systems, which is a common source of compliance risk.
Visit our interactive Martyn's Law Compliance Checklist for Stadiums — a practical tool that maps your current security systems against Enhanced duty requirements and identifies gaps before the SIA does.
VISIT THE COMPLIANCE CHECKLIST
Or speak directly with a Wavestore Systems Architect who specialises in stadium and venue security.
BOOK A CALL WITH A SYSTEMS ARCHITECT →
GOV.UK Martyn's Law Factsheet
ProtectUK Security Checklist for Businesses
RM Partners Martyn’s Law The Protect Duty: A Checklist
