Planning an event in the UK isn’t just about creating memorable experiences, it’s about ensuring security, safety and compliance. From music festivals, Christmas and seasonal festivals to corporate conferences, event risk management is a legal and moral responsibility for organisers. This guide breaks down the essentials you need to consider throughout the planning journey to ensure effective crowd and event security.

Why Security Risk Management Matters

Events bring people together, from different backgrounds and cultures, but they also introduce wider threats and are a credible target for criminals, disruptors and terrorist plots. More operational threats can also include crowd surges, fire risks, anti-social behaviour, severe weather, and even protestors/agitators. Effective event risk management enables protective security in crowded spaces, whilst protecting attendees, staff, and your reputation while meeting legal obligations.

Legal Framework You Must Follow

• UK event organisers must comply with the legal operating framework of the UK, the most applicable laws and regulations are;
• Health and Safety at Work Act 1974 - Duty to protect workers and the public.
• Management of Health and Safety at Work Regulations 1999 - Requires a written and comprehensive risk assessments
• Regulatory Reform (Fire Safety) Order 2005 - Fire risk planning
• Licensing Act 2003 - Governs alcohol and entertainment
• Terrorism (Protection of Premises) Act 2025 (Martyn’s Law) - Introduces counter-terrorism duties for venues/events with 200+ capacity

Terrorism (Protection Of Premises) Act 2025 (Martyn's Law)

Where Does the Law Apply?

• Anyone responsible for publicly accessible premises or events must now consider terrorism risks and take “reasonably practicable” steps to mitigate them.
• This applies to both permanent venues (stadiums, theatres, shopping centres) and temporary events (Christmas markets, festivals, fairs, marquees)

Tiered Compliance – Martyn’s Law

• Standard Tier;
• For venues/events expecting 200–799 people (threshold may drop to 100 if threat level changes).
• Requires basic measures:
• Terrorism focused risk assessment
• Staff awareness training
• Emergency Response Plan

• Enhanced Tier;
• For venues/events expecting 800+ people.
• Requires comprehensive measures:
• Detailed threat, vulnerability and risk assessments
• Physical security measures (e.g., barriers, HVM, CCTV)
• Designated security roles and responsibilities
• Regular plan reviews and realistic training drills

Planning and Preparedness

• Organisers must integrate security planning early in event design and plan, to include;
• Crowd management and screening areas to ensure crowd safety at events
• Secure ticketing and entry points
• Dedicated event control and communication hubs.
• For large-scale events, police may appoint a representative months in advance to oversee intelligence, route security, and contingency planning.

Team Training and Awareness

• All staff should receive counter-terrorism awareness training (ACT) and know;
• How to identify suspicious behaviour and unattended items
• Emergency lockdown and evacuation procedures
• How to assist the public during an incident
• How to integrate with the Police and understand any limitations of the Police and resource availability

Enforcement and Penalties

• The Security Industry Authority (SIA) will enforce compliance
• Non-compliance can lead to fines up to £18 million or 5% of global revenue for some premises

Timeline

• The law received Royal Assent in April 2025, with a two-year implementation period. Full compliance is expected by April 2027, so planning should start now to ensure that you are prepared and adopting the most effective security posture.

Step-by-Step Security Risk Management Process for Events

Step1. Threat, Vulnerability and  Risk Assessment

• Identify threat (terrorism, petty crime, alcohol and drugs culture, crowd crush, electrical faults, weather)
• Grade target attractiveness and accessibility
• Assess likelihood and impact
• Identify vulnerabilities, review effectiveness and criticality
• Implement control measures to reduce identified vulnerabilities (barriers, signage, trained staff)
• Record, compile and document the Event Risk Assessment.
• Compile an exercise and testing programme to confirm control measure effectiveness and to build a trusted provision
• Review and adjust dynamically

Step 2. Event Security Management Plan

The Event Security Management Plan should include;

• Site orientation and layout with emergency routes, muster locations and safe havens
• Define and issue roles and responsibilities so that all event staff understand their purpose and assigned activities and procedures
• Establish clear lines of communication protocols throughout, with contingencies and redundancy
• Ensure health and safety measures are also included within the management plan.
• Compile, train and test Emergency Response Plans
• Engage early with Civil Contingencies to ensure early integration with a local Safety Advisory Group (SAG)

Step 3. Crowd & Security Management

• Ensure access and egress areas are zoned, with contingencies for emergency response
• Utilise barriers for crowd flow control.
• Enable real-time monitoring and with SIA Licensed Operatives and trained stewards.
• Enable Martyn’s Law compliance to include; terrorism security vulnerability and risk assessment, Hostile Vehicle Mitigation (HVM), staff training, and emergency preparedness and planning.

Step 4. Command & Control, Emergency Response and Incident Cascade

• Establish a Command & Control Centre to lead and manage the operational delivery
• Enable coordinated control through a robust communication strategy and cascade protocol
• Confirm and implement a graded response to incident management to ensure the response is targeted and the right people are made aware at the right time
• Confirm security posture integrity by conducting vigorous onboarding, briefings, training and exercise and testing.

Step 5. Continuous Improvement

Ensure you implement a robust continuous improvement loop to learn and refine your plans. This can be gained from your deployed teams and customers whose feedback will assist in adjusting your planning for future events.

Essential Resources

HSE Event Safety Guidance: HSE.gov.uk

The Purple Guide: thepurpleguide.co.uk

Martyn’s Law Guidance: https://www.protectuk.police.uk/martyns-law 

Conclusion

Security risk management isn’t optional or a nice to have, it’s the backbone of a safe, secure and successful event. Start planning early, document everything, and keep security and safety at the heart of your preparedness and planning strategy. Should you require any support or guidance get in touch with the Peregrine Risk Management team who are on hand to assist.