Who has the right to make a Freedom of Information request under the FOIA 2000?

Under section 1(1) of the Freedom of Information Act 2000, any person — whether an individual, a company, a charity, or any other legal entity — has the right to request information held by a public authority. There is no requirement to be a British citizen or resident in the United Kingdom; a person based anywhere in the world may make a valid FOI request to a UK public authority. The requester does not need to explain why they want the information, and the authority cannot refuse the request simply because it disapproves of the requester’s purpose. Public authorities subject to the FOIA 2000 are listed in Schedule 1 and include all government departments, the Houses of Parliament, the armed forces, local authorities, NHS bodies, maintained schools and academies, further and higher education institutions, the police, and publicly owned companies (i.e. companies wholly owned by the Crown or a public authority under s.6 FOIA 2000). Some bodies are only partially subject to the Act — for example, the BBC is subject to the FOIA 2000 only in respect of information held for purposes other than journalism, art, or literature under s.7. If you are unsure whether a body is subject to the FOIA 2000, the ICO maintains a list of public authorities on its website. Note that if the information concerns your own personal data, you should use a Subject Access Request (SAR) under Article 15 of the UK GDPR and s.45 of the Data Protection Act 2018 rather than an FOI request, as personal data requested by the data subject is exempt from disclosure under s.40(1) FOIA 2000.

What are the most common exemptions used to refuse FOI requests, and can I challenge a refusal?

The Freedom of Information Act 2000 contains two categories of exemption. Absolute exemptions under ss.21, 23, 32–36, 40(1), 41, and 44 FOIA 2000 apply without any need for the authority to consider the public interest; if the exemption applies, the authority need not disclose. Key absolute exemptions include: s.21 (information reasonably accessible by other means, e.g. already published); s.23 (security body information, such as MI5/MI6/GCHQ); s.40(1) (personal data of the requester, redirected to a Subject Access Request); and s.41 (information provided in confidence, where disclosure would be an actionable breach of confidence). Qualified exemptions, by contrast, require the authority to apply a public interest test under s.2(2)(b) FOIA 2000: the exemption applies only if the public interest in maintaining the exemption outweighs the public interest in disclosure. Key qualified exemptions include: s.35 (government policy formulation); s.36 (prejudice to effective conduct of public affairs); s.37 (communications with the Royal Household); s.38 (health and safety); s.40(2) (third-party personal data); and s.43 (commercial interests). If you receive a refusal, you have two means of challenge. First, you may request an internal review from the same authority under s.50 FOIA 2000 — this must typically be requested within 40 working days. Second, if unsatisfied with the internal review outcome, you may complain to the Information Commissioner’s Office (ICO) at ico.org.uk, which has power to issue a decision notice under s.50 FOIA 2000. The decision notice is enforceable by the High Court under s.54 FOIA 2000. Further appeals lie to the First-tier Tribunal (Information Rights), Upper Tribunal, and Court of Appeal on points of law.

How does the FOIA 2000 interact with the Environmental Information Regulations 2004?

The Environmental Information Regulations 2004 (SI 2004/3391) (EIR 2004) run parallel to the Freedom of Information Act 2000 and implement the Aarhus Convention on access to environmental information in UK law. The EIR 2004 applies to any public authority within the meaning of the FOIA 2000 and gives any person the right to request environmental information, defined broadly in regulation 2(1) as information about the state of the elements (air, water, soil, land, landscape, biodiversity), factors affecting those elements (energy, noise, radiation, waste, emissions), measures affecting or protecting the environment, reports and analyses, the state of human health and safety, and the cultural heritage. Where information falls within the EIR 2004 definition, it should be disclosed under the EIR 2004 rather than the FOIA 2000, because the EIR 2004 is generally more favourable to requesters: it imposes a presumption in favour of disclosure (reg.12(2)); its exceptions are narrower and all qualified (requiring a public interest test); it provides a 20-working-day response period; and it allows requesters to request internal review and complain to the ICO in the same way as under the FOIA 2000. A key difference from the FOIA 2000 is that public authorities are required to proactively disseminate environmental information to the public under regulation 4. If you are requesting information about planning decisions, environmental permits, pollution data, or the natural environment, referencing the EIR 2004 in your request (as this template does) ensures the authority considers and applies the more permissive regime.

What is the 20-working-day response deadline and what should I do if the authority misses it?

Under section 10(1) of the Freedom of Information Act 2000, a public authority must respond to a valid FOI request promptly and in any event within 20 working days of receipt. For central government departments dealing with requests that engage the public interest test on a qualified exemption, s.10(3) FOIA 2000 allows the authority to extend the response period by a further ‘reasonable’ time while it considers the public interest, but the ICO’s published guidance makes clear that such extensions should be used sparingly and should not exceed an additional 20 working days in most cases. Working days are defined by s.10(6) FOIA 2000 as any day other than a Saturday, Sunday, or public holiday. If an authority fails to respond within 20 working days, it is in breach of s.10 FOIA 2000. The appropriate remedy is a complaint to the Information Commissioner’s Office (ICO). You are not required to request an internal review before complaining to the ICO about a failure to respond (as distinct from a substantive refusal, where an internal review is expected first). The ICO takes failure to respond within the statutory deadline very seriously and regularly issues decision notices requiring authorities to provide responses where they have failed to do so. If the authority has provided a substantive refusal (with which you disagree), you should first request an internal review from the authority before approaching the ICO. The ICO can be contacted at ico.org.uk/make-a-complaint. There is no fee for making a complaint to the ICO.

Can a public authority charge a fee for providing information under the FOIA 2000?

Public authorities may charge fees in certain limited circumstances under the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004, but in practice the vast majority of FOI disclosures are provided free of charge. Where the cost of compliance falls below the appropriate limit (£600 for central government; £450 for others), the authority may only charge for disbursements — that is, the direct costs of transmitting the information (postage, photocopying, and the costs of reproducing documents in a particular format). The prescribed fee for disbursements must be reasonable and proportionate. The authority must send a fees notice before requiring payment, and the 20-working-day response period is suspended from the date the fees notice is sent until the fee is paid (s.9 FOIA 2000). Where the estimated cost exceeds the appropriate limit, the authority may: (a) refuse the request under s.12; (b) offer to comply with a reduced scope; or (c) offer to provide the information subject to payment of a fee calculated at £25 per hour for the time spent beyond the appropriate limit. In practice, many public authorities — particularly local councils and NHS bodies — charge nothing at all for electronic disclosures. If you receive a fees notice, you have three months from the date of the fees notice to pay before the authority is entitled to treat the request as withdrawn. You may also take the opportunity to narrow the scope of your request to bring it within the cost limit and avoid any fee.

Freedom of Information Request (England & Wales) — United Kingdom

Create a formal Freedom of Information (FOI) request letter under the Freedom of Information Act 2000. Compliant with s.8 FOIA 2000, covering the 20-working-day response period, exemptions (absolute and qualified), Environmental Information Regulations 2004, and your right to internal review and ICO complaint.

What Is a Freedom of Information Request (England & Wales)?

A Freedom of Information (FOI) request is a formal written application made to a public authority under section 1 of the Freedom of Information Act 2000 (FOIA 2000), asking the authority to confirm whether it holds specified information and, if so, to disclose that information to the requester. The FOIA 2000 came fully into force on 1 January 2005 and represents one of the most significant transparency reforms in modern UK constitutional history. It applies to all public authorities listed in Schedule 1 to the Act and those designated by Order under s.5 FOIA 2000, including every government department from the Cabinet Office to HMRC, all local councils, NHS trusts and clinical commissioning groups, maintained schools, universities, the police, fire services, publicly owned companies, and Parliament itself.

The right of access created by s.1(1) FOIA 2000 is universal: any person — individual, company, or organisation, regardless of nationality or residence — may make an FOI request and has the right to receive the information held unless a specific statutory exemption applies. The requester is not required to explain their reasons for wanting the information, and the authority cannot refuse simply because it considers the purpose inconvenient, embarrassing, or commercially sensitive, unless a relevant exemption is engaged. The Act creates two parallel duties on public authorities: the duty to confirm or deny whether the information is held (s.1(1)(a)), and the duty to communicate the information if it is held (s.1(1)(b)).

FOI requests must comply with the formal requirements of s.8 FOIA 2000: the request must be in writing (which includes email), state the requester’s real name, provide an address for correspondence (which may be an email address), and describe the information requested with sufficient clarity for the authority to identify it. Beyond these requirements, no other formality is needed. The FOIA 2000 operates alongside the Environmental Information Regulations 2004 (SI 2004/3391), which implement the Aarhus Convention and provide a parallel access regime for environmental information that is generally more permissive than the FOIA 2000 itself. Where information falls within the EIR 2004, the authority should apply that regime rather than the FOIA 2000.

The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 govern the cost limits (£450 or £600) above which authorities may refuse requests under s.12 FOIA 2000, and the fees they may charge for disbursements where they do comply. The Information Commissioner’s Office (ICO) is the independent regulator of the FOIA 2000 and has power under s.50 FOIA 2000 to issue decision notices enforceable by the High Court.

When Do You Need a Freedom of Information Request (England & Wales)?

You should use this Freedom of Information request template whenever you need information from a public authority and believe that authority is subject to the Freedom of Information Act 2000 or the Environmental Information Regulations 2004. FOI requests are an important tool for journalists, researchers, campaigners, businesses, lawyers, and private individuals seeking accountability and transparency from publicly funded bodies.

Typical situations where an FOI request is appropriate include: journalists investigating public spending, procurement decisions, or policy-making; researchers seeking data for academic studies on public services, crime, health, or the environment; businesses wishing to understand regulatory decisions, planning history, or the basis of procurement awards; lawyers seeking documents relevant to litigation or regulatory proceedings; tenants and homeowners seeking planning decisions, inspection reports, or housing authority records; patients seeking information about NHS decisions on service provision or treatment protocols; local residents investigating council spending, planning permissions, or regulatory enforcement; and any person wishing to understand how a public authority has reached a decision that affects them.

You should also use this template — or be aware of its limitations — in the following circumstances. If the information concerns your own personal data, the correct mechanism is a Subject Access Request (SAR) under Article 15 of the UK GDPR and s.45 of the Data Protection Act 2018, not an FOI request; the authority is entitled to refuse an FOI request for the requester’s own personal data under s.40(1) FOIA 2000. If the information relates to the environment (pollution levels, planning applications, environmental permits, ecological surveys), consider requesting it under the Environmental Information Regulations 2004 instead of or in addition to the FOIA 2000, as the EIR 2004 exceptions are narrower and the presumption in favour of disclosure is stronger. If the authority is a private company that is not publicly owned, the FOIA 2000 does not apply; however, companies that deliver public functions under contract (such as private prisons or outsourced local authority services) may be subject to the Act in relation to those functions. In those cases, the request should be directed to the public authority that commissioned the service.

A well-drafted FOI request specifying a clear date range, identifiable document types, and a defined subject matter is far more likely to receive a prompt, substantive response than a broad or vague request that engages the s.12 cost limit or requires extensive clarification under s.1(3) FOIA 2000.

What to Include in Your Freedom of Information Request (England & Wales)

A properly drafted Freedom of Information request under the FOIA 2000 contains several key elements that together maximise the likelihood of a prompt and complete response. The first element is the requester’s identification: a valid request under s.8(1)(b) FOIA 2000 must state the requester’s real name and provide a correspondence address, which may be an email address. Anonymous requests are not valid under the FOIA 2000, although the Information Commissioner’s Office has issued guidance that pseudonymous requests may be valid if the pseudonym provides a sufficient means of identification.

The second key element is the identification of the correct public authority. The request must be directed to the authority that actually holds the information; a request sent to the wrong body does not trigger the 20-working-day response period. Under s.15 FOIA 2000, an authority that receives a request but does not hold the information should, if possible, advise the requester of the correct authority. Checking the Schedule 1 list and the ICO’s online public authority register before sending the request saves time.

The third and most important element is the description of the information requested. This must describe the information clearly enough for the authority to identify it. The description should specify: the subject matter; the relevant date range; the type of documents sought (emails, minutes, reports, contracts, data sets); and any reference numbers, project names, or department names that will help narrow the search. Overly broad descriptions covering entire policy areas without date limits are the single most common reason requests are refused under s.12 FOIA 2000 (cost limit) or are delayed while the authority seeks clarification under s.1(3).

The fourth element is a reference to the 20-working-day response deadline under s.10(1) FOIA 2000. Including this in the letter puts the authority on notice from the outset of its statutory obligation to respond promptly. The fifth element is the format preference under s.11 FOIA 2000: specifying whether you want the information by email, in hard copy, or available for inspection at the authority’s offices ensures the authority fulfils its obligation to give effect to your preference so far as reasonably practicable.

The sixth element is the request for explanation of exemptions. If the authority intends to rely on a qualified exemption under Part II FOIA 2000, it must conduct a public interest balancing test under s.2(2)(b) and set out the factors weighed. Expressly requesting this explanation in the letter enables you to assess the adequacy of the authority’s reasoning and to challenge it effectively on internal review or before the ICO. The seventh element is the reference to the Environmental Information Regulations 2004, which is important where the requested information may relate to environmental matters and ensures the more permissive EIR 2004 regime is applied where appropriate. The eighth element is a clear statement of your right to internal review and to complain to the ICO, which signals to the authority that you are aware of the enforcement framework and intend to use it if necessary.

What Is a Freedom of Information Request (England & Wales)?

When Do You Need a Freedom of Information Request (England & Wales)?

What to Include in Your Freedom of Information Request (England & Wales)

Frequently Asked Questions

Related Documents

GDPR Data Breach Notification Form (England & Wales)

Data Protection Impact Assessment (DPIA) — UK GDPR (England & Wales)

Employee Privacy Notice — UK GDPR (England & Wales)

Letter Before Action — Demand for Payment (UK)

Data Retention Policy (UK)