Source: Home Office published on this website Monday 14 April 2025 by Jill Powell

This factsheet was updated in April 2025. 

The Terrorism (Protection of Premises) Act 2025, also known as Martyn’s Law, received Royal Assent on Thursday 3 April 2025.  

This Act delivers the Government’s manifesto commitment to strengthen the security of public premises and events. 

The Government would like to pay tribute to Figen Murray, mother of Martyn Hett, who was killed in the Manchester Arena attack.  Her campaigning has been crucial in driving this Act forward.   

The Government intends for there to be an implementation period of at least 24 months before the Act comes into force. This will allow the SIA’s new function to be established, whilst ensuring those responsible for premises and events in scope have sufficient time to understand their new obligations. This will enable them to plan and prepare appropriately.  

Please refer to our wider factsheets and legislation documentation which can be found on GOV.UK. 

What does Martyn’s Law do?  

The Terrorism (Protection of Premises) Act 2025, also commonly referred to as Martyn’s Law, will improve protective security and organisational preparedness across the UK by requiring that those responsible for certain premises and events consider how they would respond to a terrorist attack. In addition to this, at certain larger premises and events, appropriate steps to reduce vulnerability to terrorist attacks must also be considered. Through the Act, qualifying premises and events should be better prepared and protected, ready to respond in the event of a terrorist attack.  

Whilst those that fall within scope of the Act may wish to begin considering the requirements, they should note that guidance will be published in due course. This guidance will assist in understanding the requirements set out in the legislation. The guidance is being designed to be easy to follow, needing neither particular expertise nor the use of third-party products or services. 

To support enforcement of the regime, a regulator will be established through a new function of the Security Industry Authority (SIA), which will support, advise and guide those responsible for premises and events in meeting the requirements of this legislation. 

How will it work?   

The Act establishes a tiered approach, linked to the number of individuals it is reasonable to expect may be present at the same time at premises and events.  

Who will be in scope? 

Premises that satisfy the following four criteria fall within scope of the Act: 

1. There is at least one building (or the premises are in a building); 

1. The premises are wholly or mainly used for one or more of the uses specified at Schedule 1 to the Act, e.g. a restaurant or a shop; 

1. It is reasonable to expect that at least 200 individuals may be present at least occasionally; and 

1. The premises are not excluded under Schedule 2 to the Act 

If 800 or more individuals may be expected, the premises will be an enhanced duty premises unless the Act says otherwise. 

An event that satisfies the following criteria fall within scope of the Act: 

1. It will take place at premises within section 3(1)(a) of the Act, including land without buildings, that are not enhanced duty premises (or part of enhanced duty premises); 

1. The relevant premises are accessible to members of the public for the purpose of the event; 

1. It is reasonable to expect that there will be at least 800 individuals present for the event at once at some point during it;  

1. There will be measures to check entry conditions are met, such as a ticket checks; and 

1. The event is not excluded under Schedule 2 to the Act. 

Who is the responsible person for qualifying premises? ​ 

For qualifying premises, the responsible person is the person who has control of the premises in connection with their relevant Schedule 1 use (e.g. the use of a venue as a sports ground or a hotel). Where there is more than one Schedule 1 use (e.g. a church that also has a creche), it will be the person in control of the premises in connection with whichever Schedule 1 use is the principal use.  

Who is the responsible person for qualifying events? 

For qualifying events, the responsible person is the person who has control of the premises at which the event will be held for the purposes of the event. The circumstances of the event will need to be considered to determine who the responsible person is. For example, if a concert is to be held in a park and the company putting on the event takes control of an area of the park for the purposes of that concert, the company putting on the event will be the responsible person. Conversely, if a stately home puts on a concert in its grounds and maintains control of the site for the purposes of that concert, the stately home will be the responsible person. This would be the case even if the stately home contracted organisations to do aspects of the event (e.g. to provide door security or ticketing).   

What are the requirements for standard duty premises? 

Standard duty premises are generally those where it is reasonable to expect that between 200 and 799 individuals (including staff) may be present at the same time at least occasionally. The responsible person will be required to: 

• notify the Security Industry Authority (SIA) of their premises; and 

• have in place, so far as reasonably practicable, appropriate public protection procedures.  

These public protection procedures are those which should be followed by people working at the premises if an act of terrorism were to occur at the premises, or in the immediate vicinity. They are procedures which may be expected to reduce the risk of physical harm being caused to individuals relating to evacuation, invacuation (moving people to a safe place), locking down the premises, and communicating with individuals on the premises.  

The requirements for standard duty premises are centred around simple, low-cost activities with costs relating primarily to time spent. There is no requirement to put in place physical measures. 

What are the requirements for enhanced duty premises and qualifying events? 

Enhanced duty premises and qualifying events are premises or events where it is reasonable to expect that 800 or more individuals (including staff numbers) may be present on the premises at least occasionally² or attend the event at the same time. In addition to the same requirements as standard duty premises (above), the person responsible for enhanced duty premises and qualifying events will additionally be required to: 

• have in place, so far as reasonably practicable, appropriate public protection measures that could be expected to reduce both (i) the vulnerability of the premises or event to an act of terrorism, and (ii) the risk of physical harm being caused to individuals if an attack was to occur there or nearby. For example, enhanced duty premises will be required, so far as is reasonably practicable, to implement measures relating to the monitoring of the premises and their immediate vicinity;  

• document the public protection procedures and measures in place, or proposed to be put in place, and provide this document to the SIA. This document should include an assessment of how the public protection procedures and measures reduce vulnerability and/or the risk of harm; and 

• Where the responsible person is not an individual, they must designate a senior individual with responsibility for ensuring that the responsible person complies with these requirements.  

How to assess how many individuals are reasonably expected to be present?  

A range of methods can be used to make a reasonable assessment. This includes methods which those responsible for premises and events may already be familiar with, e.g. safe occupancy calculations for the purposes of fire safety or use of historic data.  

How will Martyn’s Law be enforced?  

To support enforcement of the regime, a new regulatory function will be established within the Security Industry Authority (SIA). The SIA will seek to support, advise and guide those responsible for premises and events in meeting the requirements of this legislation. Where there are instances of serious or persistent non-compliance the SIA will be able to take enforcement action including compliance notices, monetary penalties and restriction notices. The legislation also includes some criminal offences. The SIA must prepare statutory guidance about how it will discharge its functions under the Act, which must be approved by the Home Secretary before it is published.   

There will be a period of time prior to the implementation of the legislation, i.e. when it will come into force. We expect this period to be at least 24 months to allow for the set-up of the regulator and to ensure sufficient time for those responsible for premises and events in scope to understand their new obligations before they come into force, being able to plan and prepare accordingly. 

How will my business or organisation be supported on Martyn’s Law?   

Guidance will be provided in due course to assist those in scope to understand the requirements set out in the legislation. The guidance is being designed to be easy to follow, needing neither particular expertise nor the use of third-party products or services. 

The Home Office continues to build on the materials already published in relation to this legislation. This includes a bespoke landing page on Protect UK, Government factsheets which set out key aspects of the legislation, social media promotion, various press releases, media briefings, and our substantial stakeholder engagement campaign. 

Our intention is to augment and further strengthen our communications during the implementation period, to support duty holders and raise awareness amongst the public. 

Will Martyn’s Law apply to all of the UK?    

The legislation will apply across England, Wales, Scotland and Northern Ireland to ensure consistency in keeping the public safe across all parts of the United Kingdom. 

We have been working closely with stakeholders and the Devolved Governments throughout the development of this Act.  

Why have we introduced Martyn’s Law? 

Since March 2017, Counter Terrorism Policing assesses that there have been 15 domestic terror attacks in the UK (not including Northern Ireland-related terrorism), and security services and law enforcement have together disrupted 43 late-stage plots. 

The threat picture is complex, evolving and enduring, with terrorists choosing to attack a broad range of locations. It is not possible to predict where in the UK an attack might happen, or the type of premises or event that could be impacted – either directly as the target of an attack, or indirectly by being located near to the target of an attack.   

Engagement with business indicates that preparedness and protective security in the counter-terrorism space often falls behind areas where there are long-established legal requirements, such as health and safety. The police, security services, and other partners continue to do all they can to combat the terror threat; and many businesses and organisations already do excellent work to improve their security and preparedness. However, the absence of legislative requirements means there is no consistency of consideration or of outcomes achieved. 

That is what this Act seeks to address.  

Source: National Crime Agency published on this website Wednesday 3 April 2025 by Jill Powell

Sixty-three UK-based users of a Dark Web site hosting child sexual abuse material have been identified following work by the National Crime Agency.

Police in Germany started an investigation into the site, Kidflix, which resembled a well-known video streaming service.

They identified 1275 users from around the world who had either paid for access to material through crypto currency, or earned access through uploading their own material where they would earn site specific credits which would allow them access to further child abuse imagery.

After receiving information from the German authorities in February, NCA officers identified 63 UK users who were active on the site and had used cryptocurrency to access CSA material. Investigators then provided the intelligence to 28 UK forces so action could be taken.

To date, 30 people have been arrested in the UK and the Dark Web site has been taken down by the German authorities.

NCA Senior Manager Neil Keeping said:

"With thanks to our law enforcement partners in Germany and Europol, a dangerous site hosting tens of thousands of child sexual abuse videos has been taken down.

"NCA intelligence officers worked quickly to identify the UK users of the site, providing a package of intelligence to forces across the country so arrests could be made and children could be safeguarded.

"Providing this global to local response is paramount in our role to protect children from child sexual abuse and criminals who seek out this content.

"We will continue to work with international law enforcement partners to disrupt the online platforms that operate on the dark web, purely for the sexual gratification of offenders, and ensure children are safeguarded from abuse."

Source: UK Safer Internet Centre (UKSIC) published on this website Thursday 10 April 2025 by Jill Powell

The Revenge Porn Helpline has released its latest annual report, revealing an alarming 20.9% increase in intimate image abuse reports across 2024, marking the highest number of reports in the service’s history. A total of 22,275 reports were made, up from 18,421 in 2023, underscoring the urgent need for stronger legal protections and enhanced victim support.

Despite this surge, the Helpline successfully maintained an impressive 90.9% takedown rate across intimate images that were reported. However, the scale of the problem remains overwhelming. Since its inception in 2015, the Helpline has reported more than 412,000 intimate images, with 387,000 successfully removed.

Download the Full Report

Key Findings from the 2024 Report

Perpetrators & Victims: Over 81% of cases (where identified) involved a male perpetrator. Where the perpetrator was identified, 58.4% were current or former partners, 22.7% were known acquaintances, and 8.9% were linked to criminal gangs.

Sextortion Prevalence: Sextortion was the most reported harm, accounting for 22.7% of cases.

Re-victimisation: The Helpline continued to report 61,213 images from historic cases in 2024 (260% increase from 2023), reflecting the ongoing impact of intimate image abuse.

Gendered Disparity in Law Enforcement Response: Victims were nearly four times more likely to have a negative experience than a positive one when interacting with law enforcement. Of 457 recorded cases, 363 resulted in negative interactions, with female victims disproportionately affected (304 negative vs. 66 positive experiences).

Younger Adults Largely Affected: Out of the 793 cases where age data was available, the largest affected groups were young adults: 308 cases involved individuals aged 18-24, followed by 239 cases in the 25-34 age group.

Scale of Impact: Analysis suggests 1.42% of adult women in the UK experience non-consensual intimate image (NCII) abuse annually equivalent to the entire adult female population of Birmingham.

A Call to Action: Legislative Reform and Industry Responsibility

The Helpline is calling for urgent legal reforms to address the growing issue of intimate image abuse.

Treat NCII in the same way as Child Sexual Abuse Material – Non-consensual intimate image abuse must be classified and treated with the same urgency as Child Sexual Abuse Material (CSAM).

Mandate StopNCII.org Adoption – All online platforms that allow media uploads should be required to implement StopNCII.org, a global online protection tool that prevents the repeated sharing of intimate images through advanced hashing technology.

Improve Law Enforcement Training – Officers must receive enhanced training to properly support victims and understand the profound impact of this form of abuse. The high rate of negative experiences when reporting NCII cases to authorities demonstrates an urgent need for education and reform.

Urgent Need for Systemic Change

Sophie Mortimer (Revenge Porn Helpline Manager at SWGfL) said:

”The annual report once again highlights that intimate image abuse is still one of the most significant and concerning digital harms affecting adults right now. The rise in cases and persistent difficulties and gaps within legislation demonstrate that existing measures are insufficient. Without decisive legislative action to treat NCII content in the same way as CSAM, victims will continue to suffer from the harmful effects of intimate image abuse.”

For further information or to access support, please contact the Revenge Porn Helpline at www.revengepornhelpline.org.uk

Source: Ofcom published on this site Wednesday 18 December 2024 by Jill Powell

Ofcom has, four months ahead of the statutory deadline^, published its first-edition codes of practice and guidance on tackling illegal harms – such as terror, hate, fraud, child sexual abuse and assisting or encouraging suicide^[ – under the UK’s Online Safety Act.

The Act places new safety duties on social media firms, search engines, messaging, gaming and dating apps, and pornography and file-sharing sites. Before they can enforce these duties, they are required to produce codes of practice and industry guidance to help firms to comply, following a period of public consultation.

Ofcom have consulted carefully and widely to inform their final decisions, listening to civil society, charities and campaigners, parents and children, the tech industry, and expert bodies and law enforcement agencies, with over 200 responses submitted to their consultation.

As an evidence-based regulator, every response has been carefully considered, alongside cutting-edge research and analysis, and we have strengthened some areas of the codes since our initial consultation. The result is a set of measures – many of which are not currently being used by the largest and riskiest platforms – that will significantly improve safety for all users, especially children.  

What regulation will deliver

The illegal harms codes and guidance markshttps://www.ofcom.org.uk/ a major milestone in creating a safer life online, firing the starting gun on the first set of duties for tech companies. Every site and app in scope of the new laws has from today until 16 March 2025 to complete an assessment to understand the risks illegal content poses to children and adults on their platform.

Subject to the codes completing the Parliamentary process by this date, from 17 March 2025, sites and apps will then need to start implementing safety measures to mitigate those risks, and the codes set out measures they can take.[4] Some of these measures apply to all sites and apps, and others to larger or riskier platforms. The most important changes Ofcom expect the codes and guidance to deliver include:

• Senior accountability for safety. To ensure strict accountability, each provider should name a senior person accountable to their most senior governance body for compliance with their illegal content, reporting and complaints duties. 
• Better moderation, easier reporting and built-in safety tests. Tech firms will need to make sure their moderation teams are appropriately resourced and trained and are set robust performance targets, so they can remove illegal material quickly when they become aware of it, such as illegal suicide content. Reporting and complaints functions will be easier to find and use, with appropriate action taken in response. Relevant providers will also need to improve the testing of their algorithms to make illegal content harder to disseminate. 
• Protecting children from sexual abuse and exploitation online. While developing the codes and guidance, Ofcom heard from thousands of children and parents about their online experiences, as well as professionals who work with them. New research, published today, also highlights children’s experiences of sexualised messages online^[4], as well as teenage children’s views on our proposed safety measures aimed at preventing adult predators from grooming and sexually abusing children.^[5] Many young people we spoke to felt interactions with strangers, including adults or users perceived to be adults, are currently an inevitable part of being online, and they described becoming ‘desensitised’ to receiving sexualised messages.

Taking these unique insights into account, our final measures are explicitly designed to tackle pathways to online grooming. This will mean that, by default, on platforms where users connect with each other, children’s profiles and locations – as well as friends and connections – should not be visible to other users, and non-connected accounts should not be able to send them direct messages. Children should also receive information to help them make informed decisions around the risks of sharing personal information, and they should not appear in lists of people users might wish to add to their network.