Freedom of information

Copyright © 2026 LexisNexis

This subtopic contains a range of materials concerning freedom of information, focusing on the regime under the Freedom of Information Act 2000 (FIA 2000).

The freedom of information regime

In England, Wales and Northern Ireland the freedom of information regime is governed by FIA 2000, which grants a general right of access to information held by public authorities, while also placing an obligation on such authorities to make certain information available to the public proactively and regularly. The body responsible for enforcing the regime is the Information Commissioner's Office (ICO).

The regime in Scotland contains similar rights governed by different legislation. The Scottish Information Commissioner is responsible for enforcement in relation to Scottish public authorities. Public authorities that span the whole of the UK, such as the BBC or Ministry of Defence, are governed by the regime for England, Wales and Northern Ireland created by FIA 2000.

For introductory guidance on the freedom of information regime, see Practice Notes:

  1. Introduction to freedom of information

  2. Who is subject to the freedom of information regime

Rights and duties under the freedom of information

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Information Law News

ICO publishes framework for handling data protection complaints

The Information Commissioner's Office (ICO) has published guidance detailing its approach to handling data protection complaints, including the criteria used to determine the extent of investigations. The framework introduces a triage system that prioritises complaints involving high levels of harm, vulnerable individuals, or strategic priorities. Additionally, the ICO is developing a threshold system that could trigger intervention for organisations receiving multiple complaints over a specified period, although the exact details of these thresholds have not yet been disclosed.

Commission launches consultation to revise the EU Cybersecurity Act and strengthen the EU cybersecurity framework

The European Commission launched a call for evidence to support the preparation of a legislative proposal to revise the EU Cybersecurity Act. The initiative aims to strengthen EU cyber resilience, update the mandate of the EU Agency for Cybersecurity (ENISA) and improve the effectiveness of the European Cybersecurity Certification Framework. The Commission noted that the cybersecurity landscape has become significantly more complex and threat‑intensive since the Act’s adoption in 2019, while subsequent EU legislation has expanded ENISA’s tasks beyond its original mandate, creating the need to streamline, simplify and supplement the existing framework to ensure coherence, reduce administrative burdens and improve implementation for businesses and users. The initiative focuses on measures to support a secure and resilient Information and Communication Technology supply chain and the EU cybersecurity industrial base, addresses shortcomings in the certification framework such as slow adoption, unclear roles, limited agility and insufficient clarity on covered risks, including non‑technical factors, and considers alignment with newer instruments such as the Cyber Resilience Act. The Commission outlined policy options ranging from non‑legislative measures to targeted or comprehensive regulatory revision, stating that EU‑level action is required to prevent internal market fragmentation and to secure long‑term economic and social benefits through greater harmonisation, stronger cybersecurity and resilience, more efficient incident response and enhanced protection of fundamental rights, including personal data. The call for evidence will run until 20 June 2025.

ICO updates data protection by design guidance following DUAA commencement

The Information Commissioner’s Office (ICO) has published its updated guidance on data protection by design and by default alongside the commencement of key Data (Use and Access) Act 2025 (DUAA 2025) provisions. The guidance clarifies that organisations must build data protection considerations into the design and operation of systems, services, products, and processes, ensuring that only the minimum necessary personal information is collected, used, stored, and accessed for each defined purpose. It explains the need for appropriate technical and organisational measures, including robust security controls, clear retention practices, strong default privacy settings, and regular assessment of risks through data protection impact assessments.

Information Law weekly highlights—5 February 2026

Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to laws governing the use and dissemination of information and personal data. Each week these highlights focus on developments in key topics such as data protection, ePrivacy, cybersecurity, breach of confidence, misuse of private information, and defamation.

View Information Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin
Late payment penalties—inheritance tax

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Glossary—Latin legal terms

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin