Guide
Understanding SIA regulation of the private security industry
What the Security Industry Authority does, why private security is regulated in the United Kingdom, how the licensing system works under the Private Security Industry Act 2001, and what happens to businesses and individuals who operate without a licence.
The private security industry in the United Kingdom is regulated by the Security Industry Authority (SIA), a non-departmental public body sponsored by the Home Office. If you run a business that provides security services, or you employ security operatives, you need to understand how the SIA licensing regime works, what activities it covers, and what the consequences are for non-compliance.
Why private security is regulated
Before the Private Security Industry Act 2001 (PSIA 2001), the private security industry was largely unregulated. Anyone could set up a security company or work as a door supervisor without background checks, training, or accountability. This created serious problems: individuals with criminal convictions for violence worked as bouncers, bogus security firms defrauded clients, and there was no consistent standard of training or conduct across the sector.
Parliament enacted the PSIA 2001 to address these risks. The Act created the SIA with two core functions: licensing individuals who carry out specific security activities, and managing a voluntary Approved Contractor Scheme (ACS) for organisations that meet higher standards. The underlying policy objective is public protection. Security operatives exercise powers that affect people's liberty and safety, from controlling access to premises to detaining suspected shoplifters, and the licensing system ensures that only suitable, trained individuals carry out these roles.
For business owners, this means that employing unlicensed operatives or providing licensable services without proper arrangements is not simply a regulatory technicality. It is a criminal offence that can result in prosecution, unlimited fines, and imprisonment.
What activities require an SIA licence
The PSIA 2001 defines six categories of licensable activity. Whether you need a licence depends on the nature of the work being carried out, not the job title. A person described as a "receptionist" who controls access to a premises is performing a licensable security activity and needs a licence, regardless of what their contract says.
The distinction between licensable and non-licensable work is a frequent source of confusion for business owners. For example, a CCTV system that only records footage and is reviewed after the fact does not require an SIA licence. But a CCTV operator who monitors live feeds in a public space and directs security responses is carrying out public space surveillance, which is licensable. If you are unsure whether a particular role in your business requires a licence, the SIA publishes detailed sector-specific guidance on its website, and getting it wrong carries serious consequences.
How the licensing system works
SIA licences are issued to individuals, not to businesses. Each person who carries out licensable activity must hold their own valid licence for the relevant sector. Licences are granted for three years and must be renewed before they expire. There is no grace period: an operative whose licence has lapsed cannot legally work in a licensable role until the renewal is processed.
To obtain a licence, an individual must pass an identity check, a criminal record check (carried out through the Disclosure and Barring Service in England and Wales, Disclosure Scotland, or AccessNI in Northern Ireland), and hold a qualification linked to the licence sector. For most sectors, this means completing a Level 2 Award in a relevant discipline from an Ofqual-regulated awarding organisation.
The Approved Contractor Scheme
While individual licensing is compulsory, the Approved Contractor Scheme (ACS) is voluntary. Businesses that meet the SIA's standards for management, training, and operational quality can apply for ACS status. ACS registration signals to clients, insurers, and procurement bodies that the business operates above the minimum legal standard. Many public sector contracts and larger corporate clients require ACS status as a condition of tender. If you are building a security business with growth ambitions, ACS accreditation is a significant competitive advantage, though it is not a legal requirement.
What happens without a licence
The PSIA 2001 creates specific criminal offences for both individuals and businesses. The penalties are deliberately severe because unlicensed security activity directly undermines public safety.
As a business owner, you carry direct criminal liability if you deploy unlicensed operatives. The "I didn't know their licence had expired" defence does not work in practice. Courts expect employers in the security sector to have systems for checking and monitoring licence validity. The SIA provides a free online licence checker, and responsible businesses verify licences before deployment and at regular intervals.
Beyond criminal prosecution, a conviction can destroy your business commercially. Clients will terminate contracts, insurers will withdraw cover, and you will be unable to win future work. The reputational damage from an SIA prosecution often exceeds the financial penalty.
How the SIA enforces compliance
The SIA takes an active approach to enforcement. Understanding how it operates helps you assess the real risk of non-compliance and design your business processes accordingly.
The SIA does not rely solely on complaints. It runs proactive operations, often jointly with police forces, immigration enforcement, and HMRC, targeting venues and events where unlicensed activity is most likely. Night-time economy premises, large events, and construction sites are frequent targets. If your business supplies operatives to these environments, you should assume that SIA compliance checks will happen and plan accordingly.
How this connects to your business
If you are starting or running a security business, SIA regulation is not an obstacle to work around. It is the framework that gives your business legitimacy. Clients choose licensed, compliant suppliers because they need to manage their own legal exposure. A premises licence holder who employs unlicensed door supervisors risks losing their alcohol licence. A retailer whose security contractor uses unlicensed guards faces reputational and legal risk. Your compliance is part of your client's compliance.
Practically, this means building licence management into your core operations from day one. Maintain a register of all operatives, their licence numbers, expiry dates, and sectors. Check the SIA licence checker before every deployment. Build ACS standards into your processes even if you do not apply for accreditation immediately. And treat any suggestion of unlicensed working as a serious incident, not a minor administrative slip.