Skip to content
Vigil Logo
Log In

Preparing for enforcement: the role of the SIA and what inspections may look like

By Vigil compliance teamPublished Updated 5 min read

Aligned to NaCTSO guidance, every claim cited to a primary source

Martyn's Law gives the United Kingdom a new compliance regime, and a new regulator role to go with it. The Security Industry Authority (SIA), best known for licensing door supervisors and security operatives, will house the regulatory function for the Terrorism (Protection of Premises) Act 2025.[1][5]

The duties are not yet in force, with commencement expected from 2027, so no venue is being inspected today.[3] But the shape of the regime is already clear from the Act and the statutory guidance published in April 2026, and the venues that will find enforcement uneventful are the ones that prepare during the implementation period. This article covers how the SIA is expected to operate, what its powers are, and what evidence is worth keeping. If you have not yet confirmed your tier, start with our eligibility checker.

A support-first regulator

The Home Office has been consistent about the SIA's intended posture: support, advise and guide responsible persons first, with enforcement reserved for cases of serious or persistent non-compliance.[3] Since summer 2025 the Home Office and SIA have been running sector webinars and publishing guidance to help premises prepare.[2]

That posture matters for planning. The realistic risk for a venue making a good-faith effort is not an ambush fine; it is being unable to show what it has done. Almost everything the regime asks for is evidenced by ordinary records: a capacity assessment, written procedures, briefing logs and, for the enhanced tier, the compliance document.

The SIA's enforcement toolkit

Where the SIA does need to act, the Act gives it a graduated set of civil powers:[3]

  • Compliance notices: a formal requirement to remedy specified failures within a set period.
  • Restriction notices: for enhanced duty premises and qualifying events, a power to restrict how the premises or event operates until failures are addressed.
  • Monetary penalties: up to £10,000 for standard duty premises, and up to £18 million or 5% of worldwide revenue, whichever is greater, for enhanced duty premises and qualifying events.
  • Daily penalties: where non-compliance with a compliance or restriction notice continues after a penalty becomes payable, up to £500 per day at the standard tier and up to £50,000 per day at the enhanced tier.

Criminal offences

The regime is primarily civil, and for standard duty premises non-compliance with the core duties is not a criminal matter. The Act does create criminal offences for the most serious cases, including failure to comply with a compliance or restriction notice in relation to enhanced duty premises or qualifying events, and providing false or misleading information to the regulator.[3]

For organisations, this is the practical reason the designated senior individual duty in the enhanced tier deserves board-level attention rather than delegation to the bottom of a job description.

What an inspection may look like

The SIA has not yet published its detailed inspection methodology, so anything specific about visit formats is provisional.

What can be said with confidence is what the regulator will be assessing, because the duties define it. For a standard tier venue: that the SIA was notified, that the four public protection procedures (evacuation, invacuation, lockdown and communication) are in place so far as reasonably practicable, and that staff with a role in them know what to do.[2] For an enhanced tier venue: all of that, plus public protection measures across monitoring, movement of individuals, physical security and information security, and a current compliance document that has been provided to the SIA.[2]

A reasonable working assumption is that conversations with the regulator will run along those lines: who is your responsible person, how did you assess your capacity, show me your procedures, how do staff learn them, and, at the enhanced tier, walk me through your compliance document. Venues that can answer from records rather than memory will have short conversations.

The evidence worth keeping

Whichever tier you are in, a small set of documents covers almost every question the regime can ask:

  • Your capacity assessment: the number you reached, the method, and the data behind it.
  • Identification of the responsible person, and at the enhanced tier the designated senior individual.
  • The four written procedures, version controlled and dated. See how to write them.
  • Staff briefing and training records with names and dates.
  • Review history: when procedures were last reviewed and what changed.
  • Enhanced tier only: the compliance document and the record of providing it to the SIA.

Using the implementation period well

Commencement is expected from 2027, and no date has been confirmed.[3] That window is the cheapest compliance resource you will ever get. Establishing the records above now, while there is no deadline pressure, turns the eventual start of enforcement into a non-event.

Vigil keeps all of this evidence in one place: procedures, briefing logs, review reminders and an audit trail designed around what the SIA will ask for. See pricing, or start with our guide to whether the law applies to you.

Frequently asked questions

Who enforces Martyn's Law?

The Security Industry Authority (SIA). A regulatory function for the Terrorism (Protection of Premises) Act 2025 is being established within the SIA, with a stated approach of supporting and guiding responsible persons first and reserving enforcement for serious or persistent non-compliance.

Can the SIA fine venues today?

No. The duties under the Act are not yet in force. The Government has committed to an implementation period of at least 24 months from Royal Assent on 3 April 2025, with commencement expected from 2027.

What are the maximum penalties under Martyn's Law?

Up to £10,000 for standard duty premises and up to £18 million or 5% of worldwide revenue, whichever is greater, for enhanced duty premises and qualifying events. Continuing non-compliance with a notice can attract daily penalties of up to £500 (standard) or £50,000 (enhanced).

Is failing to comply with Martyn's Law a criminal offence?

The regime is mainly civil. Criminal offences are reserved for the most serious cases, including failing to comply with a compliance or restriction notice in relation to enhanced duty premises or qualifying events, and giving false or misleading information to the SIA.

Sources

  1. Terrorism (Protection of Premises) Act 2025, legislation.gov.uk
  2. Terrorism (Protection of Premises) Act 2025: statutory guidance, Home Office (April 2026)
  3. Terrorism (Protection of Premises) Act 2025: overarching factsheet, Home Office
  4. Martyn's Law overview, ProtectUK (NaCTSO)
  5. Security Industry Authority, GOV.UK

This guide is general information, not legal advice. Confirm your position against the official sources above or take professional advice.

Find out where your venue stands

Use our free eligibility checker to see whether Martyn’s Law applies to you and which tier you are likely to fall in, then see plans matched to each tier.

Check my venue (free)See pricing

Martyn's Law updates, straight to your inbox

Get notified about new guidance, enforcement updates and free resources. We send occasional emails and nothing else. You’ll also get our free Martyn’s Law readiness checklist.

Related guides

The Enhanced tier: requirements for venues of 800+ capacity

Read the guide →

The Standard tier: what venues with 200 to 799 capacity must do

Read the guide →

What is Martyn's Law? A plain-English guide for UK venues

Read the guide →