The draft law divides qualified public premises into two levels, with special requirements applying to premises in each level. Standard duty rooms are rooms with a capacity of 100 to 799, while enhanced duty rooms have a capacity of 800 or more. The Bill allows for provision to be made for certain qualifying premises to be treated as standard duty premises where they would otherwise be enhanced duty premises, and vice versa.
Responsibilities are also imposed on those controlling “qualifying public events”. These are public events held in premises that do not meet the requirements for public premises with a capacity of 800 or more, where express permission is required to enter for the purpose of attending the event, with or without payment.
The public capacity of premises and events will be determined in accordance with regulations made by the Secretary of State.
The standard duty requirements have been developed “to ensure there is a baseline level of protection and readiness across the UK”, according to Security Secretary Tom Tugendhat. These include a requirement to carry out a standard terrorism assessment of the premises, which will include an assessment of the types of terrorism most likely to occur on or in the immediate vicinity of the premises and the measures in place to mitigate that risk and protect to the public, including procedures for evacuation of their premises. This should be reviewed regularly – at least every 12 months and whenever there is a material change. A copy should be provided to workers and relevant workers – those with appropriate responsibilities – should also receive appropriate terrorism protection training.
Those responsible for premises with increased duty or qualifying public events will also need to ensure that counter-terrorism training is provided to relevant workers on their premises. They must also appoint a person as a designated senior officer for the premises or event and must complete and regularly review their Terrorism Risk Assessment. In making this assessment they must take into account the types of terrorist acts most likely to be committed on or around their premises or event and the “reasonably applicable” measures that can be expected to reduce the risk of such an act occurring or the risk of physical harm to persons as a result of such action. They must also implement reasonably practicable security measures to reduce the risk of terrorism and the harm caused by it.
Persons responsible for heightened duty premises or a qualifying public event must also prepare and maintain a security plan for the premises or event, with a copy provided to the regulator – this will be a public body designated as the regulator in this context in the regulations which will be made by the Secretary of State. Details of what will need to be included in the security plan will also be set out in future regulations, but according to the draft law it will need to document, among other things, information about the premises or event, the persons responsible for premises or events , as well as information resulting from compliance with other requirements.
The draft law also defines the proposed enforcement powers of the regulator – a set of sanctions and punishments for non-compliance is foreseen. Civil penalties may be imposed as an alternative to a criminal penalty in appropriate cases. For enhanced duty premises or a qualifying public event, which can be up to £18m or 5% of the operator’s worldwide revenue. The draft law also provides for a criminal sanction for individual officials when a legal entity commits a crime and it is proven that it was committed with the consent or complicity of that entity.
In all cases, the government and regulator will provide guidance and support to ensure they “do everything they can to ease the burden on businesses,” Tugendhat said.
Health and safety law expert Kevin Bridges of Pinsent Masons said: “The draft Bill creates a framework for what appears to be a significant new duty on those responsible for premises or events within scope. This is in addition to existing obligations under health and safety legislation to protect members of the public in relation to risks arising from the conduct of the undertaking or business. However, questions remain, with much of the detail still to be set out in regulations to be made by the Secretary of State and guidance still to be provided.
“The government has previously said its aim is to ‘create a culture of security with consistent enforcement and greater certainty of effect.’ If this is to be achieved, it will need to ensure that the request of those in scope is understandable and enforceable and is a proportionate response to the risk without unnecessarily burdening the business. Careful consideration is also required in the choice of regulator. The most obvious choice, the health and safety executive, is already stretched thin, having recently been given significant new responsibilities. A significant additional resource will be required if oversight of the safeguard duty regime is also to be added to its remit,” he said.