CMD, APS group
The terrorist threat is multifaceted, diverse, and continually evolving prominently with global footprints. Most prominent amongst these the tragic events of 9/11 and 26/11 which forced the nations to consider the threat of terrorism seriously. Stringent procedures were evolved and enforced yet the perpetrators of terrorism find new ways & newer technologies to beat the security system. The new millennial fundamentalists have beaten all the traditional security systems hollow. The incidents of the terrorism have risen exponentially world over. They have used internet for creation of fake IDs, digital banking for financing, hacking of data & telecom devices for communication and GPS to navigate into unchartered territories to their optimum advantage. The police, private security services, counter terrorist forces and public at large do all they can to combat this threat but the acts of terrorism continue unabated. Since March 2017 UK police and security services have foiled 27 plots, including eight motivated by Right Wing ideologies. Since terrorists enjoy the freedom of selection of target & time of strike coupled with the most decisive factor – the element of surprise – it will never be possible to stop every terrorist attack despite best planning, preparation and response matrix. The terrorist attacks in UK, particularly since 2017, have resulted in colossal loss of lives and casualties amongst common people going about their everyday routine business, often in open, public places; and have changed the lives of many people.
What is non-debatable is that the first duty of any Government is to protect the public. The Government in UK has come forward to improve the safety and security of public venues, as outlined in the 2019 General Election Manifesto of the Conservative Party. The proposals are based around the set of safety and security protocols known as ‘Martyn’s Law,’ developed as a result of the Manchester area attack in 2017. The proposals have been open to consultation for 18 weeks till 25 July 2021. This consultation considered how all stakeholders can work together to develop proportionate security measures to improve public security. It also considers how those responsible for publicly accessible locations are ready and be prepared to take appropriate action, if terrorist attacks were to happen.
UN Guiding Principle 1
I t will be of relevance to quote that the United Nations Human Right Council (UNHRC) unanimously adopted the UN Guiding Principles in 2011. The first pillar of the UN Guiding Principles on Human Rights (hereinafter UN Guiding Principles) underscores that the duty to protect human rights lies with the state. Under international law, states are obligated to respect, protect and fulfill human rights. In practice; “States must protect against human rights abuse within their territory and/ or jurisdiction by third parties, including business enterprises. This requires taking appropriate steps to prevent, investigate, punish and redress such abuse through effective policies, legislation, regulations and adjudication.”
Protect Duty – Definition and Status
It is the name given to the UK Govt’s legal initiative to improve protective security and safety at public spaces and events under which the Govt intends to set out a legal framework for ‘publicly accessible locations’ to ensure that they are prepared for and protected against terrorist attacks. The current status is that the proposed legal framework is under consultation till end July 2021. Government is working with all stakeholders including public, private, outside organizations and counter-terror police in order to seek views on exactly:
- Who the Protect Duty should apply to?
- What will be required of stakeholders?
- How compliance should work?
How is a ‘publically accessible location’ defined?
Publicly accessible locations are defined as – ‘any place to which the public has access, on payment or otherwise, as of right or by virtue of express or implied permission’ and they include – retail stores, shopping centres and markets, transport hubs, commercial ports, schools and universities, medical centres and hospitals, hotels, pubs, clubs and casinos, sports stadium, music venues, festivals and visitor & tourist attractions, places of worship, Government offices, including town halls and job centres, high streets, public squares, parks and beaches. Publicly accessible locations would be split into sectors including health, education, retail, leisure, faiths zones and individual sites.
Private venues such as places of employment or other locations where there is no public access are not intended to fall within the scope of the Protect Duty.
What Protect Duty law will require from owners of public and private places?
This new law would require venue operators to consider the risk of a terrorist attack and take proportionate and reasonable measures to prepare for and protect the public from such a terrorist attack. In essence there are five elements to it:
- To engage with freely available counter-terrorism advice and training.
- To conduct vulnerability assessments of their operating places and spaces.
- To mitigate the risks created by the vulnerabilities.
- To have a counter terrorism action plan.
- To plan for the threat of terrorism including enforcement of stringent physical security checks like bag screening & personal search and training of entire event staff.
The consultation, which is open until 25 July 2021, is targeted at
- Organizations employing 250 staff or more which operate at publicly accessible locations where there is significant and/ or regular public footfall, irrespective of the number and size of stores and outlets they have in the UK.
- Individuals and organizations who own or operate publicly accessible venues and spaces with capacity to hold 100 persons or more.
- Organizations who store, sell or hire products that could be used as weapons by terrorists in an attack at a publicly accessible location such as vehicles, knives and potentially harmful substances.
- Local and public authorities responsible for public accessible locations which usually have no clear boundaries or well-defined entrances/ exits, and Government offices.
Risk analysis/ vulnerability analysis – best practices
- The proposed requirements are outlined in the ‘best practice examples’ in Annex 2 of the consultation document shared by the Home Department of UK which vary depending on the size of the organization, the scale of event and the number of employees and predicted number of visitors at each location. Best practices examples are very illustrative, exhaustive and self-explanatory. The consultation document helpfully includes some best practice examples of security considerations and mitigations at different types of organizations, to demonstrate that the threat and risk impacts had been considered and appropriate mitigations investigated and implemented, or at least, plans put in place for implementation.
- Use available government information and guidance to consider terrorist threats to the public and staff at locations they own or operate.
- Assess the potential impact of these risks across their functions and estate and through their systems and processes;
- Consider and take forward ‘reasonably practicable’ protective security and organizational preparedness measures (which could involve, for example, staff training and planning for how to react in the event of an attack).
Inspection and enforcement
The consultation envisages a combination of remote compliance monitoring and inspection regime, using evidence-based risk assessments to determine how and where resources should be deployed. It is proposed that enforcement would be primarily based on civil sanctions (such as fines) with offences to include persistent failure to take reasonable steps to reduce the potential impact of attacks.
Exemptions and exclusions?
Organizations operating in the rail (international, domestic heavy and light rail) and aviation sectors would be exempt on the basis that they are already subject to legislative requirements to assess and mitigate the terrorist threats. Chemical, oil & gas (OaG), Container Ro-Ro (CRR) and other bulk cargo (OBC) ports would also be excluded as such operations do not take place in publically accessible locations.
Impact of Legislation
The primary intention behind the proposed Protect Duty legislation is that owners and operators of publicly accessible locations will be required to consider and take forward appropriate and proportionate protective security measures.
When considering the broad spectrum of sectors that the government state will be included in the legislation, this has the potential to impact on the decisions and actions of many businesses, particularly when you consider that they will all need to.
How would Compliance Work?
- The most efficient way of demonstrating compliance with the Protect Duty is considered to be through risk assessments, which would specify – 1) The range of threats considered; 2) the steps taken to mitigate the threat; 3) the steps taken to prepare for and/ or respond in the event of attack and 4) if steps have not been taken, the reasons why?
- The assessments would need to be recorded and retained by venues and organizers and reviewed periodically to respond to changes.
- An inspection regime (assessed either remotely or by a third party agency) would be needed to oversee compliance, using evidence-based risk assessments. In practice this could involve providing completion certificates for staff training courses, or evidence of installation of physical security measures such as installation of door locks and roller shutters.
- The government plans that the inspections could also offer an opportunity to provide specific support and advice to help improve protection and preparedness.
How would compliance be enforced?
An enforcement model would be developed which shall give inspectors the capacity to provide advice and guidance on risk assessment and appropriate mitigation or requests for necessary improvements. If these were not taken forward, enforcement options could include notice of a deficiency or enforcement action, with persistent breaches being punishable by fines rather than imprisonment.
Side Effects of the ‘Protect Duty’
The government has taken pains to emphasize that its intention is not to impose an unreasonable or disproportionate costs burden on affected organizations, though costs implications will vary depending on factors like the location and the nature of the venues affected.
The hope is that for many organizations and venues, the requirements of a Protect Duty would entail minimal new costs. This is because many have already undertaken, or are currently undertaking significant works, to consider appropriate security measures, systems and processes not least as a result of Covid-19.
There will be instances where proportionate security measures would entail more significant mitigation requirements such as implementing measures for appropriate access control or reducing the risk of vehicles as a weapon of attack. As those measures will entail financial cost to plan, design and implement, a reasonable time would need to be allowed to plan and progress such measures within a business.
Will these Proposals be Welcomed?
The Conservatives committed to improving the safety and security of public venues in their 2019 General Election manifesto; a commitment which has culminated in the publication of these proposals on the new Protect Duty. As Robert Gardener, Hogan Lovells’ Director of Government Affairs notes, “The detail of any draft legislation will depend on the results of the consultation. However, from a policy perspective, there is broad agreement for legislation in this area. Victims’ groups have been campaigning for this for years now, and there is little doubt that improved measures will help to keep the public safe. But there is also a strong political driver behind this move. Security experts have warned about the ‘siege mentality’ of responding to the threat of terrorism; the denying of liberty and the spreading of fear is actually doing the job of the terrorists for them.”
“The government is alive to this, and is keen to embed preventative measures in much more of a steady and unnoticeable way – protection without detection. That is why venues need to be part of the approach, and that is why parliament is unlikely to resist the draft legislation.”
As such, these new proposals could be finding their way into the statute books fairly swiftly!
The experiment of UK is distinct with many firsts & will have wide ranging ramification globally since this maiden initiative is fusion of many drivers and strategies like –
- Fostering the joint partnership amongst public, private and government counter terrorism forces & agencies to pre-empt the terrorist threat.
- Documenting the risk/ vulnerability analysis of every nook & corner of the public places across length and breadth of the country and identify & allocate resources to mitigate the threat from ground zero to national level.
- Assigning the ownership and accountability of owners of public places with regard to seeking free advice, guidance, training of employees & staff and equipment profiling to mitigate the threat.
- Ensuring multiplicity of eyes and ears in physical and electronic form to continuously look out for the potential perpetrators of terrorism.
- Plugging of all loopholes at grass root level to marginalize & effectively reduce the threat to miniscule.
Impact on Indian PSI and Cue which Indian MHA, Govt. of India and PSI can Pick Up
I ndia has been at the centre of terrorism in 20th and 21st century and has enacted legal framework to tackle this menace. However cost centric Indian PSI has left many of the above discussed aspects like risk assessment, risk management, training, equipping and documenting the response metrics at drawing stage only having started half – heartedly that too this effort was limited to a handful of MNCs and not the Indian PSI in general. All of the intelligence gathering and counter terrorist forces are controlled centrally by the MHA, GoI and very little is shared with public and private entities. A fragmented approach by the MHA has left huge scope which can be encashed from the successful implementation of the ‘Protect Duty’ in UK. Many MNCs with British origin operating in India are likely to demand similar steps by Indian PSI & PSAs. Similarly MNCs of Indian origin will have to meet the compliance matrix in UK.
The inaugural event between Security Institute (UK )and CAPSI held on 28 Apr 2021 to create an ecosystem to support the international networking and knowledge sharing was an watershed event in this direction. Steve McGrath and Rick Mounfield from UK and Manish Sharma, IPS from India contributed largely to kick start the agenda. The ‘Protect Duty’ should be seen as a positive step in enhancing the overall resilience of the security ecosystem in UK for transforming it from reactive to proactive. The model of the ‘Protect Duty’ needs to be evaluated at length by MHA of GoI, State Govts, NDMA, NIDM, NIA, NTRO, IB, RAW, NSG, local municipality authorities, local Police and the PSI. Many take away are likely to emerge which will reinforce the security environment at large and will have immense incremental value in India as well.