On Thursday 15 June, IFSEC Insider hosted a webinar session entitled: Preparing for the Terrorism (Protection of Premises) Bill & the role of critical communications. Here, we cover some of the questions asked by attendees during the session that weren’t answered live by the speakers on the day.
The hour-long session explored the draft Terrorism (Protection of Premises) Bill, what is likely to be expected of publicly accessible locations and venues, as well as the importance of clear and consistent organisational communication in a crisis.
Panellists Tony Watson and Charles Weaver from Peoplesafe, and Kizzy Augustin and Emily Wright, Partner and Associate respectively at law firm Mishcon de Reya covered the following topics:
- The anticipated implications of the legislation, particularly as it affects businesses and property owners
- Consideration of the shift towards public accountability in UK health and safety legislation
- How to mobilise and communicate to different response levels across an organisation
- Ways to audit communications
- The role of technology and mass communication platforms
Missed this session? Have a watch back of this webinar for free, on-demand, here >>
The regulator and risk assessments
Do we know who the regulator is likely to be to enforce the incoming requirements? How will they work?
Emily Wright & Kizzy Augustin (EW & KA): The regulator hasn’t been identified yet, but it is likely to stem from the police enforcement sector – perhaps a co-joined effort from various counter terrorism units within the – and the guidance states that “there are currently multiple options being considered for how this role will be carried out including the responsibility being undertaken by an existing body or a new body being created.”
The financial cost to the Government of implementing the bill has been calculated on the assumption that the regulator will be a “new arms’ length body”.
What level of support/guidance is expected from the incoming regulator and/or government on how to meet obligations?
EW & KA: The legislation requires guidance to be issued about this bill and this guidance may involve online training material or the publication of documents. We anticipate that guidance will be made available by the regulator, once established/identified.
How do we expect competence to be measured from those carrying out risk assessments?
EW & KA: Risk assessments/evaluations are to be carried out by the person responsible for the premises/event. The draft bill contains guidance about what the assessment/evaluation should contain and how it should be maintained – see subsections (4) of sections 11 or 12 as appropriate. Advice may be sought to ensure that the assessment/evaluation carried out is compliant. It is likely that some form of ‘skills, knowledge and experience’ assessment might apply (much like in the construction industry).
Qualifying public premises – What’s in scope?
What kind of venues are currently in scope?
EW & KA: To be a qualifying public premises a premises must be accessible to the public, have capacity of 100 or more individuals and be primarily used for a use or usage specified in Schedule 1 of the bill. These uses include entertainment and leisure, retail, food and drink, nightclubs, museums and galleries, sports grounds, public areas of local and central Government buildings (e.g., town halls), visitor attractions, temporary events, Places of Worship, health, and education.
Certain education establishments and places of worship will be standard duty premises even where they have capacity for over 800 people. Courts and shopping malls/retail parks would be caught by the legislation. Schedule 1 includes stations forming part of a transport system which uses a mode of guided transport, but any premises to which a transport security regime applies (i.e. airports) is not caught by the legislation, so this would need to be considered for cruise terminals. Factories would not be caught by the legislation as they would not meet the requirement to be accessible to the public.
Venues that would be caught by virtue of hosting a qualifying public event are likely to be predominantly festival venues, open houses and museums, etc.
What is the process in working out capacity numbers to understand what tier (if any) a facility might fall into?
EW & KA: The guidance states that “the public capacity of premises and events will be determined in accordance with regulations made by the Secretary of State. Such regulations might require some types of premises to determine their capacity differently from others.”
We anticipate that, once appointed/created, the regulator will provide further guidance on this. In the meantime, considering any capacity calculated for the purpose of premises licencing, insurance or covid restrictions may be useful as a preliminary guide.
What counts as a ‘qualifying public event’? And what does implied permissions and express permissions mean?
EW & KA: A qualifying public event is an event held at a premises which is not a qualifying public premises, is accessible to the public for the purposes of attending an event and has capacity of over 800 individuals. Access to the event must be by express permission only (whether or not it is on payment). Express permission would include were access to an event or venue is by ticketed access (on payment or not) no such requirements are in place for implied access to be granted.
We anticipate that this will primarily include festivals/events in venues not otherwise accessible to the public or caught by the legislation. For an event to qualify, access must be by express permission only and this means that any public marches, street festivals, processions etc would not be caught, where an event is organised and is accessible to the public but no express permission is required for attendance.
Would qualifying public events at corporate offices that can hold more than 800 people where the public can enter the building foyer, but not able to go beyond unless invited in for a private function be included?
EW & KA: No, premises primarily used as offices would not be caught by the legislation.
If a venue has a capacity for over 800 people, but runs frequent smaller events with less than 100 people attending, would measures expected under the bill need to be in place for the low attendance events?
EW & KA: This could be better assessed with more information but we expect that if a venue has capacity for over 800 individuals then it would be subject to the enhanced duties.
Would sporting events i.e. football matches on rented privately or publicly owned pitches that could involve over 100 people taking part and spectating be included?
EW & KA: Such events may be caught by the legislation if the capacity is over 800 people as they may then be qualifying public events.
Supporting technology & mass communication platforms: Peoplesafe’s perspective
In a marauding attack scenario, is over riding user’s silent setting not potentially dangerous to them if they are hiding?
Tony Watson (TW): It is. This is why in the PS Alert Management Portal, which is used to configure messages before they are sent, the service administrator can choose whether to use this feature or not.
In an Active Shooter situation we would recommend using PS Alert to send an initial Run Hide Tell message (this can be delivered to all PC desktops, as well as mobile phones) and then, if appropriate, follow up with other information and finally an official stand-down message. It is vital these scenarios are exercised on a regular basis too!
Aren’t communication networks often overloaded during large incidents that could negatively impact on app-based communications?
TW: It largely depends on the location.
PS Alert is mainly used by “enterprises” where network capacity is managed by an internal IT department. Users are connected to private networks or, if on a mobile network, there is a very limited burden even during critical incidents. In public settings (think festivals, concerts, sports events, etc.) where users are utilising mobile networks, there could be an issue with data capacity and if the Police invoke MTPAS, GSM connectivity will be lost too.
Does the bill address mass notification systems which aren’t app-based? For example, the equivalent to fire systems but for terrorism scenarios?
TW: The bill only specifies the requirement to communicate with those in the affected location, or in the vicinity of the location – it does not specify how this is done. However, whatever solution is implemented, it needs to be effective and bear the scrutiny from an external inspector.
Venues, definitions, permissions and preparation – where do I begin?
When stating “education establishments”, is there a definition of that category, for example a hotel/conference centre that could be classed as an education venue if booked for that purpose?
EW & KA: The categorisation of a premises will be determined by its primary use or uses and as such a hotel which hosts educational events would still be considered a hotel, rather than an educational establishment, for the purpose of the legislation.
A conference center is caught under schedule 1 paragraph 8 – Exhibition halls etc., and “venues for hire for events or activities” are also caught by this classification.
With implied permissions, protesters etc. and perhaps those who enter trying to escape an incident, would there not be a responsibility for owners/managers to respond in some way to these people, albeit if they would be “trespassers”?
EW & KA: The legislation imposes a duty of preparedness on qualifying premises and events which is based on the anticipated capacity of a premises or event.
It doesn’t deal with responding to an incident, except that premises and events should be prepared to do so (through having assessed risks, provided training and taken security measures as applicable), and doesn’t qualify who should be responded to, if acts of terrorism were to occur.
This legislation should be considered alongside existing legislation – including the Health and Safety at Work etc. Act 1974, where a duty is owed to non-employees (including trespassers), but only so far as is reasonably practicable. The circumstances of an incident that could trigger obligations under the Terrorism Bill may not warrant additional ‘reasonably practicable’ considerations.
This has potential indirect impact upon my shared office space. Does the building management company have a responsibility to assess their regulatory requirements based on shared spaces for multi-floor buildings that have restaurants/bars at ground level including public access to communal internal areas?
EW & KA: Publicly accessible spaces where the primary use or uses is for one of the schedule 1 uses would be subject to the legislation but any publicly accessible spaces where the primary use is as an office would not be subject to the legislation.
Restaurants/bars and internal communal areas which are publicly accessible are likely to be caught by the legislation, but this should be assessed on a case by case basis and where there is a dispute over this, representations could be made to the regulator to present the case for/against certain premises being subject to the legislation.
We are a chain of seven central London hotels, one being 1600 beds – where should I start the process?
EW & KA: We would advise keeping up to date with the draft bill’s progression through parliament to assess what the impact of the legislation will be once it is in force, as well as the impact of other existing legislation. For the time being, consideration of how the legislation will affect you will include making an assessment about which individuals will be identified as responsible for the purposes of the legislation and who will carry out the duties under the act and ensure compliance with those duties.
Consideration should also be given to who else may have responsibilities under the legislation – i.e. freeholders, licences or any neighbouring premises, which whom cooperation may be required. We would of course be very happy to provide advice on these steps if you wish to get in touch.
I work in the facilities management field; If I were to approach my senior management or client’s regarding their premises in relation to the bill, however, these parties show no interest, should this then be reported to someone (especially if there is a clear risk with particular uses of areas/buildings)?
EW & KA: This could be brought to the tribunal under s20 but as initial steps, negotiations/discussions with senior management/clients could be held and a cooperation notice could also be issued (under s18) which requires a person to take the steps specified in the notice within a specified period.
Where a tribunal becomes involved, they can make a determination about the person responsible, and the tribunal may give directions on who is responsible for complying with duties under the act and how the duty is to be discharged. This is similar to the regulatory regimes followed in the fire safety and building safety sectors.
Heightened risk and counter terror support
Is there a definition of the premises at “heightened risk of terrorism”?
EW & KA: Under Schedule 3 of the draft bill, certain premises will be required to obtain a “terrorism protection statement” which states that in the opinion of an appropriate security advisor, the premises are at heightened risk of being the target of terrorist activity.
The guidance states that a set of criteria is currently being developed – currently it is not clear what that criteria relates to, but we would hope that it will be criteria for what premises are to be considered at heightened risk of terrorism.
Will this effort by CT police also consider the surrounding or businesses supported if they have requirements subject to things like CNI?
EW & KA: A risk assessment/evaluation (as required by the draft Bill) would require consideration of the surroundings/environment of the premises/event, and the security measures which are required by enhanced duty holders include a duty to ensure that all reasonably practicable measures are in place to reduce the risk of terrorism/physical harm “”at, or in the immediate vicinity of the premises or event””.
Therefore, surroundings should be considered. The legislation encourages cooperation between parties so it is likely that surrounding businesses and CNI would be expected to be taken into account by those complying with the legislation.
In terms of the CT police’s response to the legislation, from what we have seen so far they are trying to be proactive about supporting businesses and ensuring the success of the new legislation so that it is implemented comprehensively.
Further guidance and support is due to be published by the government and there has been a commitment to “”expend the support available to those responsible for delivering security in public places. Additionally, the National Counter Terrorism Security Office together with the Home Office and Pool Reinsurance have created a new online platform to support all those seeking to enhance their protective security.
The ProtectUK website is a hub for guidance on counter terrorism and it will continue to track updates about Martyn’s law. As such, we anticipate that there will be support for businesses seeking to comply with the legislation as this will continue to grow as we reach the stage where the law will be in force.
Speakers
Watch the full webinar back on-demand, which took place on 15 June 2023: Preparing for the Terrorism (Protection of Premises) bill & the role of critical communications
