Two NHS foundation trusts are facing potential legal enforcement after failing to meet statutory deadlines for Freedom of Information (FOI) requests, in a development that underscores mounting pressure on data governance across the health sector.

The Information Commissioner’s Office (ICO) confirmed in March 2026 that it has issued enforcement notices against University Hospitals Birmingham NHS Foundation Trust and The Queen Elizabeth Hospital King’s Lynn NHS Foundation Trust, citing serious and persistent breaches of FOI obligations.

Persistent FOI delays trigger regulatory action

Under the UK’s Freedom of Information Act 2000, public authorities are required to respond to requests within 20 working days. However, both trusts were found to have repeatedly missed these deadlines, prompting formal intervention.

Evidence reviewed by the ICO revealed a pattern of systemic non-compliance. At University Hospitals Birmingham, at least 158 FOI requests were overdue by more than a year, while King’s Lynn recorded particularly low compliance rates over a sustained period.

The ICO stated that the enforcement notices require both organisations to take immediate corrective action to ensure timely responses and improve internal processes. Failure to comply could lead to further legal measures, including potential court action.

Role of digital platforms and public scrutiny

Notably, the regulator indicated that part of its investigation was informed by publicly available FOI tracking data, including requests published on platforms such as “WhatDoTheyKnow”. This reflects the growing role of civic technology in monitoring transparency and holding public bodies to account.

Such platforms, which aggregate FOI requests and responses, are increasingly being used by journalists, researchers and the public to identify delays and gaps in disclosure. In this case, they helped highlight backlogs and non-compliance trends that may otherwise have remained less visible. The use of these tools demonstrates how digital transparency ecosystems are reshaping accountability frameworks in the NHS and beyond.

Wider implications for NHS data governance

The enforcement notices arrive amid broader scrutiny of information governance practices within the NHS, particularly as organisations manage rising volumes of data requests alongside operational pressures.

While the ICO has in recent years shown a preference for reprimands over financial penalties in the public sector, enforcement notices carry legal weight and signal a more serious level of concern. Non-compliance can ultimately result in court orders compelling action. The cases also highlight the intersection between FOI compliance and wider digital maturity. Delays are often linked to fragmented record systems, limited automation, and resource constraints, issues that are central to ongoing NHS digital transformation programmes.

Transparency, trust and the technology challenge

For healthcare organisations, FOI compliance is not merely a legal requirement but a cornerstone of public trust. Delays in responding to information requests can undermine confidence, particularly when they relate to patient safety, service performance or resource allocation.

The latest enforcement action reinforces the need for NHS trusts to invest in robust information management systems, streamline workflows, and adopt digital tools that can support timely disclosure. As regulatory scrutiny intensifies, the message from the ICO is clear: transparency must keep pace with technology, and failure to do so carries tangible legal and reputational risks.

‍