The 2026 Guide to Integrated Public Space Surveillance, Security & Resilience — for Local Authority Chief Executives, SIROs, Emergency Planners, Community Safety Managers and DPOs.
The typical UK town centre CCTV estate was built in a different era. Analogue cameras on coaxial cables. Footage recorded to tape or early digital video recorders and monitored by staff conducting manual screen-watches in council control rooms. Reactive by design, siloed by default, and patched repeatedly over decades as budgets permitted and equipment failed.
In 2026, that model is not merely obsolete. In many authorities it constitutes a live governance risk — an infrastructure gap between the civic resilience obligations that local authorities now bear under statute and the systems they actually have in place to meet them.
The pressure facing public sector leaders has never been more acute or more convergent. Martyn’s Law — the Terrorism (Protection of Premises) Act 2025 — creates mandatory emergency preparedness duties for public venues and events, with enforcement commencing April 2027. The Data (Use and Access) Act 2025 adds material new accountability requirements for how surveillance data is governed and processed. Council budgets are under sustained structural pressure, eliminating the option of simply adding capability on top of legacy systems. And public trust in surveillance technology — which cannot be assumed; it must be earned and demonstrably maintained — demands that every camera, every system, and every data retention decision be proportionate, transparent, and auditable.
“Public space surveillance is not about watching the public. It is about protecting them — with their knowledge, with their consent, and within a governance framework they can scrutinise.”
Fyrfly Systems — Civic Resilience AdvisoryAcross most local authority areas, the reality is a patchwork of systems procured under different capital programmes, maintained by different contractors, running on different networks, and producing data in different formats that cannot easily be shared between them. Town centre CCTV runs on one system. Civic building access control runs on another. Emergency communications rely on the public Wi-Fi network that was never designed to be a resilience backbone.
The consequence of this fragmentation is predictable and well-documented: systems fail during critical incidents precisely because they have never been designed to work together under pressure. A lockdown command cannot propagate across a civic building because the access control system is not connected to the CCTV management platform. A control room operator cannot verify the location of an incident because the cameras covering the relevant area are offline due to a bandwidth conflict on the shared network. A Subject Access Request takes three weeks to fulfil because footage is stored across four separate systems with no unified search capability.
1. Legislative Compliance Deadlines
Martyn’s Law is not guidance; it is statute. The April 2027 enforcement date is not moveable. Local authorities that have not audited their current provision, identified gaps, and begun procurement by early 2026 face a realistic risk of non-compliance. The consequence is not merely reputational: it is a criminal liability for the responsible person.
2. Data Governance Accountability
The Data (Use and Access) Act 2025 reinforces and extends the obligations that existed under UK GDPR and the Data Protection Act 2018. Senior Information Risk Owners and Data Protection Officers now face enhanced personal accountability for data processing decisions. A CCTV system with no documented DPIA, unclear retention periods, and uncontrolled access rights is not a legacy problem: it is a live regulatory exposure.
3. The Budget Imperative
Local authority capital and revenue budgets are not recovering. Every infrastructure investment must be justified in terms of long-term value, reduced maintenance overhead, and consolidation of supplier relationships. The case for integrated infrastructure is not primarily a technology argument — it is a financial governance argument. One integrated system, one contract, one accountable supplier, maintained to a single documented standard.
An integrated civic security ecosystem comprises three interdependent systems. Each is essential. Each becomes substantially more powerful when connected to the others. The failure of any one creates a gap that the other two cannot compensate for.
The shift from passive recording to active, AI-assisted monitoring is the single most significant development in public space surveillance in two decades. Edge AI analytics — running on the camera or at a local processing node, without requiring footage to be transmitted to an external cloud server — allow control room operators to manage significantly larger camera estates with greater effectiveness, because the system is continuously prioritising what requires human attention.
This is not autonomous decision-making. It is operator support. The AI flags; the human decides. This distinction is important for compliance with the Surveillance Camera Code of Practice, which requires that all processing be proportionate, purposeful, and subject to appropriate human oversight.
The UK Government’s CONTEST counter-terrorism strategy identifies “Protect” and “Prepare” as two of its four principal strands. Proactive public space CCTV with AI-assisted anomaly detection directly supports both: it protects by deterring and identifying threats, and prepares by providing control room operators with real-time situational awareness during an unfolding incident.
Civic buildings — council offices, civic centres, libraries, registrar offices, planning departments — present a specific and frequently underestimated security challenge. They must be genuinely accessible to the public they serve. They must protect the staff who work in them, who regularly face confrontational behaviour from members of the public in stressful circumstances. And they must be capable of immediate, site-wide protective action in the event of a serious threat.
Access control in a civic building context is not about restricting public access to public services. It is about ensuring that access is managed, logged, and capable of being instantly controlled when circumstances require it.
The single most common point of failure in local authority security infrastructure is the network. Not the cameras. Not the access control hardware. The network that is supposed to connect them.
Public sector Wi-Fi networks were designed for connectivity, not resilience. They were not designed to simultaneously carry live CCTV streams from forty town centre cameras, maintain access control authentication across twenty civic buildings, support body-worn video upload from community safety officers, and provide emergency communications to a control room during a major public safety incident — all while the general public is connecting to the same infrastructure via the free town centre Wi-Fi.
“A civic security network is emergency infrastructure. It must be treated with the same design rigour as a blue-light communications system — because during a critical incident, it performs the same function.”
Fyrfly Systems — Municipal Network Design TeamThe Terrorism (Protection of Premises) Act 2025 — Martyn’s Law — is the most significant piece of counter-terrorism legislation directly affecting public sector organisations in a generation. For local authorities, the Act is not a distant corporate compliance matter: it affects the buildings councils manage, the events they organise, and the public spaces for which they bear statutory responsibility.
Is your authority in scope? Any venue or event with a capacity of 100 or more people falls within the Act’s Standard Tier. Any venue or event with a capacity of 800 or more falls within the Enhanced Tier with significantly more demanding requirements. The typical local authority operates multiple venues in both tiers: civic halls, libraries, town squares, council chambers, leisure centres, and managed event spaces.
Standard Tier (100–799 capacity): The responsible person — in a council context, typically the Chief Executive or a nominated senior officer — must document emergency procedures, ensure all staff who may be present during an event are trained in those procedures, and maintain ongoing monitoring of the protective measures in place. The key obligation is that the procedures are written, tested, and reflective of actual technical capability.
Enhanced Tier (800+ capacity): Additional requirements apply, including physical protective security measures, a suitably qualified security professional engaged in the planning process, and significantly more detailed documented procedures. Town centre Christmas markets, civic festivals, and major public events managed by the council are highly likely to trigger Enhanced Tier duties.
Martyn’s Law requires that documented emergency procedures reflect the actual technical capability of the systems in place. A procedure that requires an operator to take twelve separate manual actions across four disconnected systems is not a robust emergency procedure — it is a list of things that will not happen correctly under pressure.
A properly integrated system enables the following sequence from a single authenticated action:
Martyn’s Law applies to events as well as permanent venues. A Christmas market occupying the town square for four weeks is a Martyn’s Law-regulated event if it can accommodate 100 or more people simultaneously — which virtually all town centre events can. Fyrfly’s rapid-deployment solar CCTV towers provide the monitoring and communications backbone for temporary events without requiring civil infrastructure. Deployed in under ninety minutes, they provide 24/7 AI-assisted monitoring, 5G or Starlink connectivity, and integration with the council’s permanent control room for the duration of the event.
Public confidence in council-operated CCTV is not automatic. It is contingent on the authority demonstrating — publicly and through its published policies — that surveillance is proportionate, purposeful, and rigorously governed. The Senior Information Risk Owner and Data Protection Officer bear primary responsibility for that demonstration. The following checklist is designed as a practical governance tool for those roles.
“Surveillance by consent is not a slogan. It is a governance discipline. The council that can show its residents exactly what it records, why, for how long, who can see it, and how they can challenge it is the council that has earned the right to operate a surveillance estate.”
Fyrfly Systems — Public Sector Governance AdvisoryThe financial argument for integrated infrastructure is not primarily about capital cost. It is about the total cost of ownership across the system lifecycle — and the hidden costs of the fragmented alternative that most authorities are currently bearing without fully accounting for them.
A local authority operating five separate security systems under five separate maintenance contracts with three different suppliers is not saving money through competition. It is incurring costs in ways that do not appear in any single budget line:
| Hidden Cost | Fragmented Systems | Integrated System |
|---|---|---|
| Contract management overhead | Multiple SLAs, renewal cycles, performance reviews | Single contract, single SLA, single review |
| Incident investigation time | Staff manually correlating data from 4+ systems | Unified search across all systems in seconds |
| SAR/FOI compliance cost | Manual review and redaction across multiple systems | Automated redaction, single export process |
| Maintenance response time | Multiple callout windows; supplier finger-pointing on faults | Single accountable supplier, unified fault response |
| Staff training overhead | Multiple interfaces; training required for each system | Single unified management platform |
| Compliance audit preparation | Manual evidence compilation across disparate records | Single auditable record, automated report generation |
Authorities that have migrated from fragmented legacy provision to an integrated Fyrfly ecosystem typically report three categories of measurable saving within the first twelve months of operation:
Capital investment in integrated security infrastructure requires member-level approval in most local authority governance structures. The most effective case is built on three arguments that resonate with elected members and their constituents: statutory compliance (Martyn’s Law is not optional), public protection (demonstrated capability to respond to critical incidents), and financial prudence (a single integrated system replacing multiple legacy contracts at lower total cost of ownership).
Fyrfly Systems provides a written financial case document suitable for committee submission as part of the Civic Infrastructure & Compliance Audit — including a five-year total cost of ownership comparison and a risk-weighted assessment of the cost of non-compliance.
Every local authority estate is different. The right integrated infrastructure for a district council with a civic centre, a market square and a handful of managed car parks is not the same as the solution for a metropolitan borough with fifty public buildings, a major event programme and a 24-hour control room operation.
What is consistent is the need to understand the gap between current provision and current obligation — and to have that assessment in writing, prepared by a specialist with direct experience of public sector security infrastructure.
Our audits are carried out by Fyrfly Systems specialists with direct experience of public sector procurement, governance and infrastructure. The written report is yours to keep, act on, and share with members — whether or not you proceed with Fyrfly. We believe that better-informed authorities make better decisions. And better decisions mean better-protected communities.
Audits are available to single local authorities and to combined authorities or regional partnerships assessing shared infrastructure. A standard audit covers one site visit per venue type and produces a written report within ten working days.
To arrange your audit, contact us at hello@fyrflysystems.com or call 01234 567 890.
A no-obligation assessment covering public space CCTV, civic access control, network resilience, Martyn’s Law compliance, and a five-year financial case document suitable for member approval.
Request Your Free Audit →