Shopping centres are among the most complex venues that Martyn's Law, also known as Protect Duty, will regulate. With hundreds of tenants, dozens of entry points, and daily footfall that can exceed tens of thousands of visitors, malls face a unique set of compliance challenges that few other venue types share.

The Terrorism (Protection of Premises) Act 2025 imposes obligations on venues to prepare for, and respond to, terrorist threats. It's a duty that sits alongside a broader safety picture retail already contends with:

27% of retail workers report feeling unsafe at work, and four in ten (42%) say they have no way to instantly notify colleagues if an incident occurs in-store.

For shopping centres, the compliance stakes are high and the logistics are formidable.

This blog breaks down what Martyn's Law means for retail venues specifically, what shopping centre operators will need to address, and how indoor mapping technology can support that planning.

What is the status of Martyn's Law in 2026?

Before getting into the specifics, it’s important to understand specifically what's required, and when. Martyn's Law received Royal Assent on April 3, 2025. The Home Office published Section 27 statutory guidance in April 2026 to help responsible persons prepare, but the Act is not yet in force as of July 2026.

Government guidance originally pointed to an implementation period of at least 24 months from Royal Assent; industry commentary is now increasingly pointing to commencement in spring 2027, subject to formal confirmation. There's no legal obligation to comply yet, but venues that wait for enforcement to begin planning will be behind.

The Security Industry Authority (SIA), an arm's-length body of the Home Office, is the designated regulator. It will provide guidance and support to venues in scope, and has enforcement powers for non-compliance once the Act is in force.

What Martyn's Law will require of shopping centres

Martyn's Law establishes a tiered system based on venue capacity. Most shopping centres will fall into the enhanced tier, which applies to premises expecting 800 or more people at the same time. Given that even a modest regional mall regularly exceeds this threshold, the majority of shopping centres will need to meet the legislation's most comprehensive requirements.

For a full overview of the legislation's structure and tier definitions, see our complete guide to Martyn's Law. Read the guide →

Under the enhanced tier, shopping centres will need to:

  • Conduct a terrorism risk assessment that identifies vulnerabilities specific to the venue's layout, access points, and operational patterns.
  • Develop and maintain a security plan that details preventive measures and response procedures for a range of threat scenarios.
  • Take reasonably practicable measures to reduce vulnerability and improve protective security including physical measures, procedural controls, and staff preparedness.
  • Appoint a designated senior individual (DSI) who is accountable for the venue's compliance and liaises with the SIA and other relevant authorities.
  • Provide staff training so employees across all tenant operations understand their roles during an incident.

The multi-tenant challenge

What makes shopping centres particularly difficult to secure is the multi-tenant model. A single mall may house 150 or more individual retailers, food outlets, entertainment venues, and service providers. Each tenant has its own staff, its own operating hours, and its own level of security awareness.

Coordinating a unified response across all of these entities is one of the central challenges of Martyn's Law preparation for retail venues.

Fragmented responsibility

In a traditional single-occupier building, one organisation owns the security plan from top to bottom. In a shopping centre, the centre management company is responsible for common areas (i.e., corridors, atriums, car parks, service areas) while individual tenants manage their own units.

Martyn's Law places the primary duty on the premises operator, which in most cases is the centre management team. But effective preparation requires cooperation from every tenant, and that cooperation can't be assumed:

In a 2024 survey of UK retail workers, 42% said they had no way to instantly notify colleagues elsewhere in the store if an incident occurred.

And that's within a single retailer, before accounting for the dozens of separate tenant organisations a shopping centre has to coordinate with.

This means shopping centre operators need to establish clear communication channels, shared protocols, and tenant-level training that aligns with the centre-wide security plan.

High footfall and unpredictable density

Shopping centres experience dramatic fluctuations in visitor numbers. A weekday morning might see a few hundred visitors, while a Boxing Day sale or holiday shopping event can push attendance to capacity. Planning must account for both extremes and everything in between.

Crowd density also varies within the centre itself. Anchor stores, food courts, and event spaces create localised bottlenecks that complicate evacuation routing.

Retail security heatmap analytics

Multiple entrances and exits

A typical shopping centre has numerous public entrances, service entrances, car park access points, and connections to public transport. Each of these is both an evacuation route and a potential vulnerability.

Risk assessments need to evaluate every access point, and plans need to account for scenarios where one or more exits are compromised.

How indoor mapping supports retail venue security planning

Indoor mapping and wayfinding technology addresses several of the practical challenges shopping centres face in preparing for Martyn's Law.

Comprehensive venue visualisation

A detailed digital map of a shopping centre provides the foundation for effective risk assessment. Rather than working from static floor plans that may be outdated or incomplete, centre management can maintain an accurate, current representation of the entire venue – including tenant layouts, service corridors, emergency exits, and vertical circulation points such as lifts, escalators, and stairwells.

This level of detail makes it possible to identify vulnerabilities that might be missed on a traditional plan: dead-end corridors, areas with limited exit access, or zones where crowd density naturally concentrates.

Dynamic evacuation routing

Static evacuation signage has a fundamental limitation: it can't adapt to the specifics of an incident. If the threat is near one exit, the signs still point to it. Indoor mapping technology enables wayfinding that can be updated to redirect visitors and staff toward the safest available routes as conditions change.

In a shopping centre context, this matters because the right evacuation route depends on the location of the threat, which exits are available, current crowd density in different zones, and the visitor's own location within the building.

A shared spatial reference

One of the most practical benefits of a common digital map in a retail setting is giving centre management and tenants a shared point of reference. Instead of a radio call describing "the store near the fountain," staff can work from the same precise map and consistent naming for every unit, corridor, and access point, reducing the ambiguity that slows down any coordinated response.

Supporting staff training and drills

Martyn's Law will require staff training, and for shopping centres, that training needs to reach employees across dozens or hundreds of different organisations.

Indoor mapping tools can support this with interactive training materials that show staff exactly how the centre's evacuation plan works, what routes are available from their specific location, and where assembly points are.

Digital mapping also supports more effective drill planning, modelling different scenarios and identifying bottlenecks before they become problems during a real incident.

Documentation over time

Preparedness under Martyn's Law isn't a one-time exercise; plans need to be reviewed and kept current. A digital indoor map creates a living, dated record of the venue's layout that's easy to update as new tenants move in, layouts change, and building modifications alter circulation patterns, which makes it easier to keep risk assessments and security plans grounded in how the venue actually looks today.

Security camera feed management in security map

Practical steps for shopping centre operators

Shopping centre operators preparing for Martyn's Law should consider the following:

  1. Audit your current security posture. Review existing risk assessments and evacuation plans against the enhanced tier's requirements. Identify gaps, particularly around multi-tenant coordination and communication.
  2. Map your venue digitally. If you're still working from static floor plans or paper-based evacuation maps, a comprehensive digital indoor map becomes the foundation for risk assessment, evacuation planning, and ongoing documentation.
  3. Establish tenant communication protocols. Develop clear, tested procedures for communicating with all tenants during an incident, with a designated point of contact per tenant.
  4. Train broadly and regularly. Training can't be limited to centre management and security staff. Tenant employees, including part-time and seasonal workers, need to understand basic response procedures.
  5. Plan for variable occupancy. Your plan needs to work as well on a slow weekday morning as it does on the busiest shopping day of the year.
  6. Appoint your designated senior individual. Identify who will be accountable for compliance and make sure they have the authority and resources to fulfil that role.

Frequently asked questions

Is Martyn's Law in force yet?

Not yet. The Act received Royal Assent on 3 April, 2025, and Section 27 statutory guidance was published in April 2026. Industry commentary is now pointing to commencement in spring 2027, though this is still subject to formal confirmation. Venues in scope should use this period to prepare rather than wait for enforcement to start.

Does Martyn's Law apply to all shopping centres?

Most will be in scope. The standard tier applies to venues expecting 200–799 people at a time, while the enhanced tier covers 800 or more. Given typical shopping centre capacities, most will fall into the enhanced tier, which carries the more comprehensive requirements. Smaller retail parks and outlet centres are still likely to meet the 200-person threshold for the standard tier.

Who regulates Martyn's Law?

The Security Industry Authority (SIA), an arm's-length body of the Home Office, is the designated regulator, and will have enforcement powers once the Act is in force.

Who is responsible for compliance: the shopping centre operator or individual tenants?

The primary duty falls on the premises operator, typically the centre management company or the landlord's managing agent. Individual tenants are expected to cooperate with the centre-wide plan, but in practice, effective preparation requires close collaboration between centre management and every tenant. Many operators are building Martyn's Law expectations into lease agreements and tenant handbooks.

How does Martyn's Law interact with existing shopping centre security measures?

Many shopping centres already run substantial security operations, including CCTV, security personnel, and access control. Martyn's Law doesn't replace these measures — it adds a structured, legislated framework around them: a terrorism-specific risk assessment, a documented security plan, staff training, and a designated senior individual. Existing security measures will likely form part of the response, but will need to be evaluated against the Act's specific requirements.

What role does technology play?

Technology isn't mandated by Martyn's Law, but it's one of the most practical tools for meeting the legislation's expectations at the scale a shopping centre operates at. Indoor mapping, wayfinding, and communication systems all contribute to a more robust and responsive security posture. For venues as large and complex as shopping centres, relying solely on manual processes and static signage is unlikely to meet the standard of "reasonably practicable" that the Act asks for.

How often should security plans be reviewed?

The legislation doesn't specify a fixed interval, but plans should be treated as living documents: reviewed whenever there's a significant change to the venue (new tenants, layout modifications, changes to access points), and at minimum annually. Drills and post-incident reviews should also trigger updates.

Retail security & Martyn's Law: How Mappedin can help

Mappedin is already a leading indoor mapping partner for retail and mall properties around the world, working with portfolios including Simon Properties, Shaftesbury Capital, Cadillac Fairview, with more than 10 billion square feet mapped globally.

As shopping centres take on new obligations under Martyn's Law, Mappedin Security Center extends that same spatial foundation into a platform purpose-built for security operations, including a floor-level view of incidents, patrol routes, and critical infrastructure across every property in a portfolio.

Thinking through what Martyn's Law preparedness looks like for your venue? Get in touch. We're happy to talk through where digital mapping fits into your planning.

Retail security system
Build a safer, more secure venue with Mappedin

Turn floor plans into an interactive, integrated security dashboard based on a 3D venue map. See security guard location, camera feeds and more.

Tagged In

  • Safety and Security

  • Retail

  • Malls

Share