The views, thoughts, and opinions expressed in this text belong solely to the author, on behalf of the members of SG & E committee and do not necessarily represent the views of IOSH.
Protect Duty Consultation Part Two – The devil is in the detail
The enquiry into the bombing of the Ariana Grande concert at the Manchester Arena in 2017 found that the public outcry for the eponymous ‘Martyn’s law’ was justified and the Home Office has decided that it should be in the form of the proposed Protect Duty. The consultation is open until July 2nd 2021. In Part One we looked at the context and why it is important for the events industry to respond. In Part Two we explore the detail contained in the proposed duty.
The document itself is easy to navigate. The introduction is a handy guide to counter terrorist measures that is useful in its own right as a stand-alone piece. After that the document is divided into four sections each with a set of proposals and a set of questions at the end to respond to. Whilst ultimately it is important to take an holistic approach it may be useful for an event company to assign each section to a team to look at. We will look at each section in turn. The intention here is not to unduly influence the objective analysis by event teams or individual event professionals but put forward our understanding of what is intended and to highlight where we see aspects that need particular scrutiny or assumptions that should be challenged. This brief is definitely not intended as any kind of short cut. The document itself should be read and responded to in full.
Section 1: Who (or where) should the legislation apply?
The first consideration is what is meant by a ‘public place’. The document explains that it includes anywhere that is open to the public or where a ticket can be purchased to gain entry but not offices and closed workplaces. Whilst exhibitions could be construed as a workplace it is clear that, whilst it is not expressly stated, that exhibitions and business events held in venues are intended to be included.
There is a clear proposal that it should apply to any venue with a capacity of 100 or more. This could mean almost every parish church hall, bowls club, cricket club, wedding venue and potentially school hall in the country. It also notes that the government may in future consult to lower this figure. In addition, it applies to accessible venues employing more than 250 people more. This includes organisations like retail chains with 250 staff with a number of outlets irrespective of capacity. It is important that this is more tightly clarified since if the boundaries are too wide it will impose a burden on small organisations and overload an already stretched security industry and overwhelm local authorities. The proposal makes the connection with fire capacity but this is open to question. The risks are not necessarily directly comparable and, in any case, current event guidance for fire, groups venues as either small to medium (up to 300), or large (over 300). (Theatres, cinemas and similar premises have their own fire guidance.) In theory, the 100 limit implies a duty on a couple getting married to submit a security plan to the local authority. Is that what was really intended here? Event professionals working in small venues need to look very closely at this.
The wording of this section and other sections reveals a misunderstanding of how events work. The focus on ‘venues’ and ‘venue operators’ misses the important role of event organisers and promoters. It also misses the point that in all likelihood it is the event itself not the venue per se that is the target for attack. It is reasonable to posit that, in part, the Ariana Grande concert was attacked because of the freedoms for young women epitomised by the artist and the audience that are an anathema to the ideology behind the attack. The Manchester Arena itself may just happened to be the host venue. The pandemic has also shown us that venues cannot easily impose a set of controls for the whole site in which event organisers can operate. This is especially so during the construction and set up phases where event organisers control access to large parts of the venue during the load in and load out.
There are proposed exemptions where existing legislation imposes comparable duties and these are listed as rail, maritime and aviation. Whilst there is a reference to sports grounds legislation and guidance later in the document, there is an argument that sports grounds covered by the Safety at Sports Grounds Act and related legislation and guidance should also be exempt.
Section 2: What should the requirements be?
This is the meat of the document as it attempts to set out the shape of what compliance with the law would look like. It splits the content between venues and open public spaces. It is worth quoting in full the proposals for venues and large organisations which will be required to:
- Use available information and guidance provided by the Government (including the police) to consider terrorist threats to the public and staff at locations they own or operate;
- Assess the potential impact of these risks across their functions and estate, and through their systems and processes;
- Consider and take forward ‘reasonably practicable’ protective security and organisational preparedness measures (for example staff training and planning for how to react in the event of an attack).
The inclusion of ‘reasonably practicable’ and the link to health and safety legislation is an important limiter here because it allows employers to balance the assessed risk against the cost of counter measures.
The document goes on to state that compliance would be demonstrated by ‘providing assurance that the threat and risk impacts had been considered, and appropriate mitigations had been considered and taken forward’. The question then is what that ‘assurance’ looks like. It is reasonable to assume that it would require a risk/threat assessment and a written security plan and this indicated specifically in Section 3. Without a written plan how else will any proposed enforcement officer be ‘assured’ of compliance unless every event were to be physically inspected?
The detail for public spaces proposes to use existing mechanisms to mitigate terrorist threat including SAG’s for events. It also references licensing of sports grounds presumably via the Green Guide. The document notes the limitations of some or all of these mechanisms and specifically notes that here the government is open to suggestions via the consultation on exactly how this could work.
There is a further reference to the SGSA and the Guide to Safety at Sports Grounds to note the requirement to consider ‘Zone Ex’ or the ‘last mile’ i.e., those spaces outside the venue such as stations and car parks that are crucial the overall event operation and experience. What appears to be implied here is an holistic approach which takes account of these areas. The document acknowledges that this already happens on a voluntary basis. It goes on to state ‘We are keen to explore how existing mechanisms, networks and good practice could be spread to realise improved security outcomes, and whether a Protect Duty could be used to support improved co-ordination and delivery of security outcomes amongst organisations operating across shared public spaces and localities.’ It is not at all clear from this document how this is meant to happen when there is no single agency responsible for security overall and, if additional measures are required, who will fund them.
Section 3: How should compliance work?
The introduction includes a commitment to ensure that the costs of compliance are minimal and proportionate.
The central proposal is that compliance should be risk assessment based with the requirements mirroring health and safety risk assessments. When one considers the efforts that go into training those responsible to conduct event health and safety risk assessments there is a clear cost impact. Even though this is civil law (i.e. without the attendant risk of criminal prosecution) it is reasonable to assume that there will be a lot of resistance by senior staff to sign off on risk assessments covering terrorist threat. The idea that such risk assessments should be reviewed by the venue owner once a year seems to miss the point that the risk is entirely dependent on the event schedule and the organisers who run these events. Event professional may wish to consider how they would conduct these new assessments.
The proposed criteria in the document for external risk context places a considerable burden on event companies to be up to speed with aspects such as current ‘threat methodologies’. The comment on internal risk context indicates that the authors of this document have not fully considered the true complexity of events and the potential range of risks posed. The cited example of a restaurant choosing to serve customers outside in terms of how the context can change comes nowhere near the complexities of, say, a large industrial, international exhibition with visiting government ministers. Many events have content which is not just contentious but, in some cases, likely to insight violent protests or a direct attack. Anything connected to the oil industry for example. Whilst it would be unreasonable to expect a consultation document to list every conceivable permutation of internal contextual risk, it clearly misses the point that venues are not just a single entity with one narrow event function and risk profile.
Again, the requirement for ‘venues’ to record and retain these risk assessment misses the event organiser out of the equation.
The statement that ‘We consider that an inspection regime would be required to provide the necessary assurance that those within scope of a Protect Duty are meeting its requirements’ and its implications needs to be thought through. Despite the reassurance that this will be ‘light touch’, it follows that any appointed or created third party agency, once in place and imbued with legal powers, may start to justify its existence by extending its brief and elaborating the compliance requirements. The application of the requirements for GDPR make a useful comparison here.
There should be some form of arbitration to balance this new law’s application. Whilst, for the most part, that fact that this is not criminal law is an advantage, it also means that it comes without the checks and balances that are part of criminal law. Any agency wishing to bring about a criminal prosecution has to jump through a lot of hoops to do so including the fact that in a criminal court the burden of proof is ‘beyond all reasonable doubt’. There is also a well-established system of warnings that fall short of prosecution, such as an Improvement Notice, in health and safety law. The new law would need similar checks and balances to guard against arbitrary or heavy-handed application.
Beyond well-intentioned statements of proportionality this proposal falls short of giving any kind of concrete assurance on how that will be achieved once the law is in the hands of the proposed ‘inspectors’. The cancellation of the Southampton Boat Show in 2020 on public health grounds should serve as an example that authorities with powers to enforce will use them and even the threat of doing so can undermine the business confidence. It might also be reasonably asked whether the events industry really needs yet another inspectorate to deal with on top of the half dozen or so that we already have.
The impression created by this section is that the authors really only had sports arenas and concert venues in mind where, even if the risk profile can fluctuate, it does so in the context of single type of event. It also explains why the proposals seem to assume that the venue has sole control over security issues. All respondents need to ensure that the recipients are left with a very full picture of the depth and diversity of the events business in total even within different event sectors.
Section 4: How should government best support and work with partners?
There is helpful list of existing agencies that currently assist employers not least CTSA’s, NaCTSO, CPNI and others and summary of the range of ways in which event companies can inform themselves. It acknowledges that engagement is currently voluntary so if it becomes a legal duty under law then the mechanisms for engagement will need to be enhanced. Responders might usefully consider how well government engagement with the events industry has gone during the pandemic and the extent to which the appointed agency, the DCMS, has acquitted itself in understanding the needs and complexities of the events industry.
The document acknowledges that the security industry will need to deliver:
‘It will be important to ensure that the market can provide sufficient high-quality advice, products and services to all those within scope.’ Arguably the security industry in the event sector was struggling due to a variety of socio-economic reasons prior to the pandemic. It is anyone’s guess as to the state of the industry now and its ability to recover post pandemic, let alone service the requirements of new law. It is also important that whatever new law emerges the distinction is made between ‘security’ that is in reality event crowd safety with no specific CT role and the security arrangements which are specific to countering targeted terrorism and crime.
Responding to the Consultation
This is clearly set out in the document and urges representative groups to give a summary of the people and organisations they represent, and it is hoped that these responses will be given more weight. Notwithstanding it is vital that event professionals respond as individuals as well to maximise the impact and hopefully the quality of whatever results.