Hotels across the UK are preparing for tighter security regulations under Terrorism (Protection of Premises) Act 2025, widely known as Martyn’s Law.

The legislation introduces mandatory counter-terrorism measures for venues with a capacity of more than 100 people, with enforcement expected around 2027 following a two-year implementation period.

For hotel operators, the law signals a shift towards structured risk assessment, staff training and preparedness planning. It forms part of a wider wave of global hotel compliance trends, including sustainability reporting, data protection and pricing transparency.

What martyn’s law requires

Martyn’s Law introduces a tiered system based on venue capacity, directly affecting hotel operations.

Hotels in the Standard Tier (100–799 capacity) will need to complete a formal evaluation template, train staff, share safety information, and implement basic preparedness procedures.

Larger properties in the Enhanced Tier (800+ capacity) face stricter obligations, including detailed risk assessments, documented security plans and, where appropriate, physical measures such as CCTV systems.

The focus is on practical readiness rather than complex infrastructure. Government guidance states that venues should be able to “take reasonably practicable steps to reduce harm” in the event of an attack.

The Security Industry Authority is expected to oversee compliance, though full statutory guidance is still pending. Free training resources are already available through the ProtectUK platform, which is likely to play a central role in industry preparation.

Operational impact on hotels

For hotel professionals, Martyn’s Law will require a more structured approach to hotel security risk management.

Operators will need to begin with a clear understanding of property capacity, as this determines their compliance tier. From there, attention shifts to workforce readiness. Staff training is expected to cover threat awareness, emergency procedures and communication protocols.

One key message from early government guidance is simplicity. Measures are designed to be “proportionate to the size and type of venue,” reducing the burden on smaller operators while still improving preparedness.

Hotels may also need to review existing infrastructure. Larger properties, particularly those hosting conferences or events, could face investment decisions around surveillance systems or access control.

For many, the immediate task will be embedding security awareness into daily operations rather than introducing major capital projects.

Part of wider hotel compliance trends

Martyn’s Law sits alongside a broader set of global hotel regulations reshaping the sector.

Environmental compliance is tightening following international climate agreements, with mandatory sustainability reporting and carbon tracking expected to expand after COP30.

In parallel, data protection laws such as General Data Protection Regulation and PCI DSS standards continue to drive stricter controls on guest data and payment security.

In the UK and other markets, hotels are also adapting to new rules on price transparency, which require the full cost of a stay to be displayed upfront. Short-term rental registration schemes and rising tourism taxes are adding further complexity to revenue management.

Employment regulation is another pressure point, with higher minimum wages and evolving labour requirements increasing operating costs.

Taken together, these developments point to a more regulated operating environment. Security compliance under Martyn’s Law is becoming one of several critical areas where hotels must demonstrate accountability.

Preparing for 2027 enforcement

With enforcement still some distance away, industry focus is shifting to early preparation. Auditing capacity, reviewing current security measures and engaging with available training resources are expected to be the first steps.

Martyn’s Law is designed to improve public safety through practical, scalable measures. For hotels, the challenge will be integrating these requirements into existing operations while managing parallel demands in sustainability, data protection and cost control.

The next two years will be critical as guidance is finalised and enforcement approaches. For many operators, early action may reduce both compliance risk and future operational disruption.