Preparing for the new UK terrorism liability legislation

The UK is set introduce new terrorism legislation that will change businesses’ responsibility for terrorism acts, requiring a new strategic approach for how companies manage and mitigate this risk.

As outlined in the consultation (opens a new window), the Protect Duty legislation, also known as Martyn’s Law, will require owners and/or operators of publicly accessible locations (PALs) to take appropriate and proportionate measures to protect the public from terrorist attacks.

The legislation comes on the back of the suicide bombing attack that took place at the Manchester Arena during the Ariana Grande concert on 22 May 2017. The legislation is named after Martyn Hett, one of the 22 victims (opens a new window) that lost their lives at the event. The inquiry into the Manchester Arena bombing (opens a new window) highlighted some security failings in relation to hostile reconnaissance, venue security practices and risk assessments. The new legislation aims to address these failures.

Applicability of Protect Duty:

The Home Office estimates that 650,000 UK businesses could be affected by the new legislation which will apply to:

  • Public venues (eg. entertainment and sports venues, tourist attractions, shopping centres with a capacity of 100 persons or more)

  • Large organisations (eg. retail or entertainment chains employing 250 staff or more to operate at publicly accessible locations)

  • Public spaces (eg. public parks, beaches, thoroughfares, bridges, town/city squares and pedestrianised areas, including event organisers using these spaces)

Requirements are expected to include:

  • Considering and implementing ‘reasonably practicable’ protective security and organisational preparedness measures

  • Developing a robust plan on how to deal with or act as a result of a terrorist attack

  • Using available information and guidance provided by the government and the police to consider terrorist threats to the public and staff at locations owned or operated by the business

  • Assessing the potential impact of these risks across your functions and estate, and through a business’ systems and processes

Source: Pool Re (opens a new window)

Organisations affected will need to (re-)assess the risk of terror attacks, implement measures to reduce the risk, and put together robust terrorism plans. Particularly smaller organisations that may not be regarded as obvious targets may need to take action as many of them will have never formally assessed terrorism.

Consequences for businesses

In order to prepare for the new Protect Duty legislation, businesses should review the risk mitigation measures they are deploying and potentially adjust them accordingly. The process may include:

  • Physical risk security assessment to reduce the freedom of movement of an attacker, identify vulnerabilities and implement protective measures that can include technology solutions to identify a potential threat, limit the opportunity for an attack and coordinate a response in the event of an attack

  • Security policies and procedures may need to be updated and include shelter in place and evacuation plans

  • Employee training and empowerment should clarify the roles for securing a location and enable staff to recognise and respond to a potential threat

  • Regularly review the security strategy, training, and processes

If a security breach is considered serious enough, companies may need to conduct a vulnerability assessment, prepare a counter-terrorism plan, and, importantly, ensure that representatives engage with the police and government agencies for training and best practice.

Expected effect on insurance programmes

The legislation is set to significantly change how companies manage terrorism risks. Businesses that fail to carry out the requirements under the duty could face prosecution under legislation such as the Corporate Manslaughter Act.

The duty will lead to greater liability exposure for businesses in scope. While the new rules are expected to become effective in 2023, businesses should start reviewing their insurance programmes with Protect Duty in mind, with a particular focus on general liability (GL) and employers’ liability (EL) limits. UK companies may need to purchase additional terrorism EL and GL cover if they don’t already do so.

A specific terrorism liability policy is designed to cover any claims expenses and damages that the insured becomes legally liable to pay following claims for bodily injury and property damage. If the business already purchases terrorism insurance, it might want to consider increasing the limits as the limits that many publicly accessible locations currently buy are likely to be insufficient to cover the costs following a deadly attack.

It is advisable that businesses consult with their directors’ and officers’ (D&O) liability insurance providers how the new duty is likely to affect their cover.

Consultants and specialist companies carrying out ‘protect’ risk assessments and designing mitigation programmes will need to review their professional negligence covers.

For further information, please contact:

Martin Halls, Senior Broker War, Terrorism and Political Violence

M +44 (0)7385 415 436


William Ambidge, Senior Broker War, Terrorism and Political Violence

T +44 (0)20 7933 2281