Martyn's Law Compliance for Enhanced Tier Venues: What You Need to Know

The clock is running. Spring 2027 is not a distant horizon - it is less than twelve months away. For any venue or event that brings together 800 or more people, Martyn’s Law will impose statutory obligations that cannot be satisfied with a folder on a shelf. The Act requires a genuinely operational communication procedure, formal documentation submitted to the Security Industry Authority, and a named senior individual who is personally accountable for compliance.

This is the legislation that Figen Murray - the mother of Martyn Hett, killed in the Manchester Arena attack - campaigned for with extraordinary determination. It is named in his memory, and its purpose is serious: to ensure that the people responsible for public spaces have done everything within their power to protect the people in them. That framing matters. This is not a box-ticking exercise. The Act asks whether your procedure actually works.

Two tiers, one significant gap

Martyn’s Law operates across two tiers, calibrated to venue size. The distinction matters
more than many organisations have yet appreciated.

The government has been at pains to say that standard tier compliance does not require expensive technology. That is deliberately reassuring - and accurate. A well-run venue of 300 people can meet its obligations with clear procedures and trained staff.

But at the enhanced tier, the nature of the obligation changes. It is no longer sufficient to have a plan. The Act asks whether your communication procedure can be implemented rapidly and effectively, whether it reaches everyone who needs to be reached - including people who have already evacuated - and whether you can demonstrate all of this to a regulator with an evidence trail, not assertions

“We have a communication procedure” is an assertion. An alert log with timestamps, recipient counts, and exercised templates is evidence. The SIA will ask for the latter.

Five gaps that catch enhanced tier venues unprepared under Martyn's Law

1.  Fire alarms are explicitly ruled out as a terrorism response tool

The Act’s guidance is not merely suggesting that fire alarms are suboptimal. It explains why relying on them during a terrorist incident creates additional danger. Any venue whose communication plan defaults to the alarm system has not read the guidance carefully - and will not pass SIA scrutiny.

2.  PA systems have a fixed perimeter that the Act looks beyond

Public address systems speak to people inside the building. The Act specifically requires communication procedures that cover the “immediate vicinity” - including people who have evacuated, people in adjacent areas, and people still travelling to the venue. A PA system cannot reach them. SMS can.

3.  Multi-employer events have no shared contact database

The people working at a large event - security contractors, AV teams, caterers, medical staff, staging crews - do not work for the same organisation. They have no shared contact system. The event organiser cannot simply broadcast to all staff via their own HR database, because most staff are not on it. This is the contact problem at the heart of enhanced tier compliance.

4.  The compliance document needs evidence, not good intentions

A written plan describes what you intend to do. The compliance document that enhanced tier venues must submit to the SIA needs to demonstrate that your procedure is operational. That requires a system that creates a record: alert history, recipient counts, template library, exercise logs.

5.  Personal accountability concentrates the mind differently

The named senior individual at an enhanced tier venue is personally accountable for compliance. A senior individual who bears personal liability will want to know that their communication procedure is real, tested, and documented. A plan they cannot exercise is not, in any meaningful sense, a plan at all.

Where YUDU Sentinel sits in the compliance picture

YUDU Sentinel is not the only way for an enhanced tier venue to meet its obligations. The Act does not mandate any particular technology. But the gap between a plausible plan and a genuinely operational communication procedure is significant - and that gap is where Sentinel sits.

The platform was designed for exactly this kind of environment: multiple parties who don’t share infrastructure, communications that need to reach people wherever they are, and an evidence trail that can withstand regulatory scrutiny. Its core capabilities map directly to the enhanced tier requirements.

Registration without friction

Visitors scan a QR code or text a number on arrival. Staff - including every contractor from every third-party organisation on site - register the same way. No app. No pre registration requirement. No shared employer system needed. The multi-employer contact problem is solved frictionlessly, in the seconds it takes to scan a code.

Procedures mapped to the Act’s four statutory responses

Evacuation, invacuation, lockdown, and all-clear: Sentinel provides pre-configured templates for each. A single click triggers the appropriate message to all registered contacts. Follow-on instructions reach people already outside the venue perimeter - where PA systems fall silent. Every alert is logged automatically.

An audit trail built for SIA submission

The compliance document your designated senior individual must maintain is only as credible as the evidence behind it. Sentinel’s full alert history - timestamps, recipient counts, template records - provides the evidential layer. Drills can be run against live templates. Exercises are logged. The SIA asks for demonstrated capability, not stated intention.

GDPR auto-erasure as standard

Collecting visitor phone numbers at scale creates data obligations. Sentinel handles this by design: mobile numbers are automatically deleted after a venue-configured window. No residual data risk. GDPR-compliant from day one, which also reduces friction at registration - visitors are more likely to register if the data handling is transparent and limited.

The honest answer on cost

The burden on hospitality and events businesses is real. Martyn’s Law was not designed to be punitive - the standard tier provisions reflect that. But enhanced tier venues operate at a different scale, with different risk profiles and different legal exposure. The personal accountability of the designated senior individual, the SIA submission requirement, and the potential sanctions for non-compliance change the calculation.

The question is not simply what Sentinel costs. The question is what the absence of a demonstrable, evidenced communication procedure costs if something goes wrong.

The clock is running

Spring 2027 is not far away, and many organisations are discovering that the distance between “we have a plan” and “we have a compliant, operational communication procedure” is greater than they initially assumed. The people who are ready when the Act comes into force are the ones who are building and testing their systems now.

YUDU Sentinel's communication compliance tool for Martyn's Law is operational within 24 hours. The compliance document it supports is built from evidence, not assertions. The people it reaches include everyone who needs to be reached - inside, outside, and beyond your venue.

That is what the Act requires. That is what a communication procedure actually looks like.