Security Intelligence

Security Planning for Religious Institutions | CloseProtectionHire

Q: "What does Martyn's Law require for places of worship?"

"The Terrorism (Protection of Premises) Act 2024 -- commonly known as Martyn's Law -- creates two tiers. Standard duty applies to qualifying premises with a capacity between 200 and 799. Enhanced duty applies to premises with a capacity of 800 or more. Places of worship that meet the capacity threshold are qualifying premises under the Act. Standard duty requires a written security plan, staff training on basic terrorism preparedness, and documented procedures for responding to a terrorist attack. Enhanced duty requires a more comprehensive risk assessment, formal security planning, and in some cases a Security Management Oversight function. The Act received Royal Assent on 3 April 2024."

Q: "How do you manage security at an open-access place of worship without alienating the congregation?"

"The tension between security and open access is real and should not be dismissed. A mosque or church that operates behind airport-style screening has changed its nature. The security model for open-access worship environments works through layered observation rather than access control at the perimeter: trained ushers and greeters who observe unusual behaviour, CCTV covering approaches and public areas, a defined suspicious activity reporting protocol for all staff and volunteers, and NaCTSO ACT Awareness training that provides the vocabulary and confidence to report concerns. The goal is a congregation-wide observation network operating informally and continuously, not a checkpoint at the door."

Q: "What is the lone actor threat profile for places of worship?"

"The majority of significant attacks on religious institutions in recent years have been lone actors or small cells operating with limited command and control from any larger organisation. The Christchurch mosque attacks (March 2019), the Pittsburgh Tree of Life synagogue attack (October 2018), and the Halle synagogue attack (October 2019) were all carried out by individual attackers with ideological motivation and planning conducted largely independently. Lone actors do not require external logistics, have fewer pre-attack communications to intercept, and may present no prior criminal or intelligence record. The pre-attack indicators available are behavioural: surveillance activity, inappropriate enquiries about schedules and access, and observable hostile reconnaissance."

Q: "What is hostile reconnaissance and how is it identified at a place of worship?"

"Hostile reconnaissance is the pre-attack intelligence gathering phase that precedes most planned attacks. For a place of worship it typically involves one or more visits to observe access points, crowd size and timing, security camera positions, staff movements, and exit routes. The indicators that distinguish hostile reconnaissance from ordinary visitor behaviour include: photography of security infrastructure rather than the building or congregation, repeated visits without engagement with services, interest in back-of-house areas, timing visits to coincide with the largest gatherings, and asking staff operational questions (number of staff, lock-up times, whether the building is alarmed) without a plausible stated purpose. Staff and volunteers who are briefed on these indicators can report them; unbriefed, they typically assume benign intent."

Q: "Where can religious institutions get free security guidance?"

"The National Counter Terrorism Security Office (NaCTSO) provides free security guidance for places of worship through its Protect UK platform, including the ACT Awareness training course (free, online, approximately 45 minutes). The Community Security Trust (CST) provides security training and advisory services to Jewish community institutions across the UK. Tell MAMA provides support and liaison for Muslim communities experiencing threats or incidents. For Church of England and other denominational buildings, the relevant denominational advisory body often provides security guidance coordinated with NaCTSO. The NPSA (National Protective Security Authority) provides protective security advice for higher-risk environments."

Places of worship face documented hate-motivated violence and lone actor attack risk. This guide covers the security planning requirements under Martyn's Law, physical controls for open-access environments, and congregation safety.

1 May 2026

Written by James Whitfield, Senior Security Consultant

Speak to the Team

Attacks on places of worship are not a new threat, but they have become more frequent and more severe in the last decade. The Christchurch mosque attacks in March 2019 killed 51 people. The Pittsburgh Tree of Life synagogue attack in October 2018 killed 11. The Halle synagogue attack in Germany in October 2019 killed two people after the attacker was unable to breach the door. The 2017 Manchester Arena bombing, which Martyn’s Law is named for, targeted a concert – but the Terrorism (Protection of Premises) Act 2024 it produced applies directly to places of worship that meet the capacity threshold.

This guide covers the security obligations and practical security planning requirements for religious institutions: the legal framework under Martyn’s Law, the physical security model for open-access environments, lone actor threat recognition, and the congregation-based observation systems that are the most effective early warning available.

The threat data

FBI hate crime statistics for 2023 recorded 7,262 hate crime incidents in the United States. Religion was the second-largest motivation category. Of religion-based hate crimes, anti-Jewish incidents accounted for 57.5%, followed by anti-Islamic incidents. The Global Terrorism Database (GTD) records 900+ attacks on religious institutions globally between 2015 and 2023.

In the UK, Tell MAMA recorded a significant increase in anti-Muslim incidents following the Manchester Arena attack in 2017 and again following the Christchurch attacks in 2019, demonstrating the copycat and reactive threat elevation that major incidents create. The Community Security Trust (CST) recorded 4,103 antisemitic incidents in the UK in 2023 – a record high – including 129 incidents directly targeting synagogues and Jewish community buildings.

The threat is not uniformly distributed. High-profile institutions, institutions associated with public controversy or geopolitical flashpoints, and institutions in areas of known community tension face a higher threat level than institutions in lower-profile environments. A security plan that acknowledges this differential and allocates resource accordingly is more effective than a uniform approach.

Martyn’s Law: what it requires

The Terrorism (Protection of Premises) Act 2024 received Royal Assent on 3 April 2024. It creates a duty on qualifying premises to take steps to protect the public in the event of a terrorist attack.

Standard duty (200-799 capacity): Qualifying premises must have a documented procedure for responding to a terrorist attack, staff training on that procedure, and reasonable steps to ensure the procedure is implemented.

Enhanced duty (800+ capacity): Qualifying premises must conduct a formal threat and vulnerability assessment, implement a more extensive security plan, have a named responsible individual, and ensure that security planning is formally reviewed.

Places of worship that meet the capacity thresholds are qualifying premises under the Act unless they fall within an exemption (temporary premises, some private events). A church, mosque, synagogue, or temple with a capacity of 200 or above should confirm its obligation status with legal counsel or the National Counter Terrorism Security Office.

The Act does not require specific physical security infrastructure – it requires a documented plan and trained staff. The practical implementation is the security planning described in the sections below.

The open-access challenge

Churches, mosques, synagogues, and temples are not airports. They do not operate with access credentials or a single entry point. Many operate with genuinely open access for much of the week – doors open to the community, to visitors, to those seeking quiet. The theological commitment to welcome is not an inconvenient security problem to be overridden. It is central to the institution’s identity.

The security model for open-access religious environments must work within this constraint. The approach that has emerged from NaCTSO guidance and post-incident analysis is:

Layered observation rather than checkpoint access control. The perimeter of a church or mosque cannot practically be made into a single-entry security gate. What can be created is a congregation and staff who observe their environment actively, recognise unusual behaviour, and have a clear, simple reporting route.

Greeters and ushers as first observation layer. Individuals whose role involves welcoming new visitors – and who interact briefly with everyone who enters – are positioned to identify pre-attack reconnaissance behaviour. A greeter does not need to challenge anyone. They need to notice, remember, and if warranted, report. NaCTSO’s ACT Awareness training (free, online, 45 minutes) provides the framework for this observation function.

CCTV coverage of approaches and public areas. Camera coverage of the main approaches, the entrance area, and the public interior provides evidential record and deters casual surveillance. Cameras should be positioned to cover the approaches from the public street, not only the interior. Pre-attack reconnaissance is conducted outside the building as much as inside.

Locking protocols and secure areas. Access to administrative areas, server rooms, staff areas, and storage is controlled independently of the public worship space. An individual who has conducted surveillance of the building’s public areas should not be able to access staff offices or security infrastructure without passing through a secondary control.

The lone actor threat and its indicators

The majority of significant attacks on religious institutions in recent years have been lone actors. The implications for security planning are specific:

Lone actors do not have command and control structures that intelligence services can intercept. They may not have prior criminal records that appear in police databases. They may not communicate their intent on monitored platforms.

What they do is conduct pre-attack preparation that leaves observable traces in the physical environment of the target: visits to the location, observation of security arrangements, timing of congregant arrival and departure, and in some cases direct interactions with staff or congregation members.

The Royal Commission into the Christchurch attack (New Zealand, December 2020) found that the attacker had not previously been known to intelligence services. The attack was planned over an extended period, with online research and physical preparation. The pre-attack period, if a surveillance-aware congregation and staff had been in place, might have produced observable indicators.

The training objective is not to make congregation members suspicious of everyone. It is to give them the vocabulary to describe what they observe – and the confidence to report without feeling they are overreacting.

Indicators of hostile reconnaissance in a religious setting:

Repeated visits without engaging in services or activities
Photography of exits, CCTV cameras, or security infrastructure rather than the building itself
Questions to staff about operational matters: opening hours, staff numbers, whether the building is alarmed, when the largest services take place
Lingering in the building after services when others have left
Interest in back-of-house areas, service entrances, or routes to administrative areas
Vehicle parked for an extended period with an occupant observing the building

None of these alone is definitive. Any of them, combined with a general unease or inconsistency in stated purpose, warrants reporting.

Reporting channels

The security plan must specify where suspicious activity is reported, by whom, and what happens next. The reporting chain should be:

The individual who observes the behaviour notifies the named security contact for the venue (a trustee, a sexton, a facilities manager, or where the institution has one, a security manager).
The named contact logs the report and makes an initial assessment.
If the assessment warrants it, a report is made to police (999 for immediate threat, 101 for non-urgent concerns, the ACT reporting line 0800 789 321 for terrorism-specific concerns).
The log of observations is retained and available to police if a pattern of reconnaissance is later confirmed.

This reporting chain must be simple enough for a volunteer usher to use without hesitation.

The active attack response: Run, Hide, Tell

NaCTSO’s Run, Hide, Tell guidance provides the framework for the immediate response to an attack in progress:

Run if there is a safe escape route available. Do not stop to assist others unless doing so does not increase your own risk. Persuade others to leave with you if possible.

Hide if escape is not possible. Get behind cover, not just concealment. Turn off phones and put them on silent. Do not open the door until police confirm safety.

Tell – call 999 as soon as it is safe to do so. Provide location, description of the attacker, weapons observed, number of casualties.

This guidance should be covered in staff and volunteer training and included in the written security plan. For the active attacker response framework in broader settings, see our active shooter and workplace violence response guide. For the hostile reconnaissance detection skills that support early warning in open-access environments, see our hostile reconnaissance detection guide.

Sources

Terrorism (Protection of Premises) Act 2024: Royal Assent 3 April 2024, UK Parliament. Royal Commission of Inquiry into the Terrorist Attack on Christchurch Mosques on 15 March 2019: Ko tou rourou, ko taku rourou, New Zealand Government, December 2020. CISA: Mass Shooting After-Action – Tree of Life Synagogue, Cybersecurity and Infrastructure Security Agency, 2019. FBI: Uniform Crime Reporting – Hate Crime Statistics 2023, Federal Bureau of Investigation. Community Security Trust: Antisemitic Incidents Report 2023. Tell MAMA: Annual Report 2023. NaCTSO: Protecting Crowded Places – Guidance for Places of Worship, National Counter Terrorism Security Office, 2024. NPSA: Protective Security Advice for Places of Worship, National Protective Security Authority, 2024. Global Terrorism Database: Attacks on Religious Institutions 2015-2023, START, University of Maryland.

Summary

Key takeaways

Martyn's Law creates legal obligations for qualifying places of worship

The Terrorism (Protection of Premises) Act 2024 requires a written security plan and trained staff for premises over 200 capacity. Religious institutions that have not confirmed their capacity threshold and conducted the required planning are exposed to legal risk under the Act. Compliance is also the correct starting point for security planning regardless of legal obligation -- the Act's requirements reflect the minimum credible standard for a qualifying venue.

Congregation members and volunteers are the most effective observation layer

A mosque or church with 200 regular worshippers has 200 potential observers who know the space and the community intimately. Unusual behaviour -- an unfamiliar individual photographing exits, a visitor asking operational questions, someone revisiting the premises at unusual times -- is most likely to be noticed by regular members. The security plan's value depends on these observers having a simple, non-intimidating reporting channel and being confident that reporting a concern is the correct thing to do.

Pre-attack surveillance is often identifiable before an attack occurs

Post-incident analysis of major attacks on places of worship consistently identifies pre-attack reconnaissance that was noticed by members of the congregation or staff but not reported or acted upon. Creating a reporting culture -- clear, low-threshold, and destigmatised -- converts observed behaviour into actionable intelligence. The ACT Awareness training course provides congregation members with the framework to identify and report.

A non-escalatory suspicious activity response prevents incidents from developing

A greeter or usher who notices hostile reconnaissance behaviour should not confront the individual. Confrontation may trigger an attack or alert a surveillance team that their cover has been broken. The correct response is to note identifying details (appearance, vehicle, direction of travel), report to the venue's named security contact, and if warranted, contact the police through 101 or 999. The Action Counters Terrorism reporting line (0800 789 321) is available for non-emergency terrorism-related concerns.

Post-incident welfare planning is as important as prevention

A congregation that has experienced a threatening incident, a credible threat, or an actual attack needs structured support. Formal debriefing of staff and key volunteers, trauma support provision for the community, and a clear communication plan (what to tell the congregation, what to tell the media, how to communicate with the relevant authority) must be pre-planned rather than improvised in the hours after an incident. Denominations and faith community organisations typically have liaison contacts with police and local authority emergency planning teams who should be established before an incident, not called for the first time during one.

FAQ

Frequently Asked Questions

The Terrorism (Protection of Premises) Act 2024 – commonly known as Martyn’s Law – creates two tiers. Standard duty applies to qualifying premises with a capacity between 200 and 799. Enhanced duty applies to premises with a capacity of 800 or more. Places of worship that meet the capacity threshold are qualifying premises under the Act. Standard duty requires a written security plan, staff training on basic terrorism preparedness, and documented procedures for responding to a terrorist attack. Enhanced duty requires a more comprehensive risk assessment, formal security planning, and in some cases a Security Management Oversight function. The Act received Royal Assent on 3 April 2024.

The tension between security and open access is real and should not be dismissed. A mosque or church that operates behind airport-style screening has changed its nature. The security model for open-access worship environments works through layered observation rather than access control at the perimeter: trained ushers and greeters who observe unusual behaviour, CCTV covering approaches and public areas, a defined suspicious activity reporting protocol for all staff and volunteers, and NaCTSO ACT Awareness training that provides the vocabulary and confidence to report concerns. The goal is a congregation-wide observation network operating informally and continuously, not a checkpoint at the door.

The majority of significant attacks on religious institutions in recent years have been lone actors or small cells operating with limited command and control from any larger organisation. The Christchurch mosque attacks (March 2019), the Pittsburgh Tree of Life synagogue attack (October 2018), and the Halle synagogue attack (October 2019) were all carried out by individual attackers with ideological motivation and planning conducted largely independently. Lone actors do not require external logistics, have fewer pre-attack communications to intercept, and may present no prior criminal or intelligence record. The pre-attack indicators available are behavioural: surveillance activity, inappropriate enquiries about schedules and access, and observable hostile reconnaissance.

Hostile reconnaissance is the pre-attack intelligence gathering phase that precedes most planned attacks. For a place of worship it typically involves one or more visits to observe access points, crowd size and timing, security camera positions, staff movements, and exit routes. The indicators that distinguish hostile reconnaissance from ordinary visitor behaviour include: photography of security infrastructure rather than the building or congregation, repeated visits without engagement with services, interest in back-of-house areas, timing visits to coincide with the largest gatherings, and asking staff operational questions (number of staff, lock-up times, whether the building is alarmed) without a plausible stated purpose. Staff and volunteers who are briefed on these indicators can report them; unbriefed, they typically assume benign intent.

The National Counter Terrorism Security Office (NaCTSO) provides free security guidance for places of worship through its Protect UK platform, including the ACT Awareness training course (free, online, approximately 45 minutes). The Community Security Trust (CST) provides security training and advisory services to Jewish community institutions across the UK. Tell MAMA provides support and liaison for Muslim communities experiencing threats or incidents. For Church of England and other denominational buildings, the relevant denominational advisory body often provides security guidance coordinated with NaCTSO. The NPSA (National Protective Security Authority) provides protective security advice for higher-risk environments.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.