Beyond Martyn’s Law: How Crises Control Supports Broader UK Compliance and Resilience Regulations

Written by Anneri Fourie | Crises Control Executive

As the UK formally enacts the Protect Duty Act 2025 (commonly referred to as Martyn’s Law), organisations of all sizes are taking a closer look at their preparedness for emergencies. This includes everything from terrorist incidents and data breaches to cyberattacks and severe weather. For both SMEs and large enterprises, across sectors as diverse as education, oil and gas, aviation, healthcare, and even zoos, Martyn’s Law compliance is just one layer of a growing framework of regulations they must meet.

This blog concludes our in-depth series on Martyn’s Law and focuses on how organisations can align not just with this important new law, but with the broader UK business continuity regulations that define operational resilience today. We will also explore how Crises Control, a trusted crisis management platform and mass notification software, supports compliance across multiple regulatory domains.

Martyn’s Law Compliance: Meeting the Protect Duty Act 2025

The Protect Duty Act 2025 introduces legally binding requirements for organisations that operate publicly accessible locations. It aims to ensure that appropriate security measures and response procedures are in place to protect the public from terrorism.

Key requirements under Martyn’s Law include:

• Risk assessments to identify terrorism threats
• Emergency response plans for different scenarios
• Training and testing programmes for staff
• Clear communication systems to alert and instruct people during an incident

How Crises Control Helps:

Crises Control provides a structured, compliant-ready solution to support all tiers of Martyn’s Law:

• Scenario-based planning and quick plan activation
• Automated mass notifications to staff, emergency responders, and stakeholders
• Location-specific alerts and mobile-first check-in tools
• Audit trails for testing, drills, and real-world events

Whether you manage a shopping centre, university, stadium, or local government facility, Crises Control can help you meet the expectations of the Protect Duty Act 2025 while improving readiness and reducing risk.

Compliance Isn’t Just About Martyn’s Law: It’s About Operational Responsibility

In the context of UK legislation, compliance is not a one-time project, it’s an ongoing responsibility. In addition to Martyn’s Law, organisations must prepare for and respond to a wide range of legal and regulatory requirements related to safety, resilience, and data protection.

Failure to comply with these obligations can lead to regulatory fines, reputational damage, and increased exposure to litigation following a crisis.

Below, we explore other key regulatory frameworks and how Crises Control aligns with them.

1. Health & Safety Compliance

Relevant Regulations:

• Health and Safety at Work Act 1974
• Management of Health and Safety at Work Regulations 1999

Why It Matters:

All organisations have a duty of care to protect employees and visitors. This includes proactive planning for emergencies such as fire, medical incidents, severe weather, or violence.

How Crises Control Helps:

• Instant alerts to staff and emergency responders
• Incident logging and escalation to internal teams
• Evidence of planning and response for HSE investigations

Whether it’s a factory floor, classroom, or public zoo, rapid and coordinated response saves lives.

2. Business Continuity and Resilience Requirements

Relevant Frameworks:

• ISO 22301 (Business Continuity Management)
• FCA Operational Resilience (for regulated financial entities)
• Sector-specific frameworks (NHS trusts, local authorities, energy and transport)

Why It Matters:

Disruption to operations, whether caused by IT failure, supplier issues, or man-made events, must be planned for in line with formal business continuity expectations.

How Crises Control Helps:

• Digitised business continuity plans (BCPs) with structured workflows
• Plan activation tools and stakeholder communication modules
• Real-time dashboards to track plan execution
• Comprehensive audit trails for ISO certification and internal reviews

For organisations seeking the best tools for business continuity compliance in the UK, Crises Control provides both simplicity and depth.

3. Data Protection and Cyber Incident Response

Relevant Regulations:

• UK GDPR and the Data Protection Act 2018
• NIS Regulations (for operators of essential services)
• ICO breach notification guidelines

Why It Matters:

Under GDPR, organisations must report qualifying data breaches within 72 hours. Cyber threats and system outages also fall under resilience expectations in many sectors.

How Crises Control Helps:

• Crisis workflows tailored to cyber incidents and data breaches
• Automated stakeholder notifications, including internal teams, ICO contacts, and affected data subjects
• Documented incident management logs
• Post-incident analysis tools

This ensures you stay compliant while maintaining stakeholder trust in a data-sensitive world.

4. Employee Welfare and the Modern Slavery Act

Relevant Regulations and Drivers:

• Duty-of-care requirements under employment law
• Reporting obligations under the Modern Slavery Act 2015

Why It Matters:

Lone workers, travelling staff, and vulnerable personnel require protection mechanisms, especially during emergencies or disruptions.

How Crises Control Helps:

• Geo-fenced alerts and lone worker check-in features
• Welfare monitoring tools during incidents or high-risk events
• Documented duty-of-care protocols

These tools are particularly valuable for industries like logistics, field engineering, social care, and security services.

5. ISO Standards and Certification Readiness

Relevant Standards:

• ISO 27001 (Information Security Management)
• ISO 22301 (Business Continuity Management)

Why It Matters:

ISO standards are widely adopted across public and private sectors. They are often embedded into procurement requirements and are essential for demonstrating operational maturity.

How Crises Control Helps:

• Supports the implementation of controls and processes required by ISO frameworks
• Automates emergency response testing and documentation
• Produces logs and evidence for certification and audits

From aviation to retail, ISO compliance is no longer optional—and Crises Control makes it easier.

Summary Table: Where Crises Control Delivers Value

Crises Control for Every Organisation: SME to Enterprise, Zoo to Airport

One of the strengths of Crises Control is its flexibility. It supports:

• SMEs with limited resilience resources who need out-of-the-box capabilities
• Large enterprises with complex operations, internal protocols, and high regulatory scrutiny
• Public bodies such as local councils, emergency responders, and NHS trusts
• Diverse sectors from education and transport to oil & gas, leisure, and aviation

Whether you operate a local authority building, run an airport terminal, or manage a zoo open to the public, Crises Control helps you meet the expectations of today’s regulatory environment.

Final Thought: Preparedness Isn’t Optional, It’s Your Legal Obligation

Martyn’s Law marks a turning point in how organisations must prepare for emergencies. But it’s not the only regulation demanding change. From data protection to continuity standards, the burden of proof is now on you to demonstrate readiness, response, and responsibility.

Crises Control is more than software, it’s a partner in compliance, helping you move from reactive fixes to proactive planning.

Contact us today to book your free demo and discover how Crises Control can help your organisation meet Martyn’s Law compliance and more.