By Kieron JH
If you’ve ever had an FOI bounced with “section 12, exceeds the appropriate limit”, you’ve seen the trick. The refusal is framed as maths. It’s often just organisational weakness dressed up as inevitability.
This article explains, in plain English, how UK public bodies calculate FOI costs, what they’re allowed to count, what they’re not, and the perverse incentive sitting underneath it all: the worse an organisation’s data labelling and records systems are, the easier it becomes to refuse disclosure.
What is the FOI cost limit?
Under section 12 of the Freedom of Information Act 2000, a public authority can refuse a request if it reasonably estimates the cost of compliance would exceed the “appropriate limit”. The limits are set by the Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004.
In practice, the headline figures you see most often are:
- £600 for central government, often expressed as 24 hours at £25 per hour
- £450 for most other public authorities, often expressed as 18 hours at £25 per hour
The “£25 per hour” is a notional rate. It’s there to convert time into a threshold. It’s not a real invoice, it’s not your problem to pay, and it’s not a real-world cost model. It’s a legal switch that decides whether the authority must comply.
ICO guidance on section 12 is here: Requests where the cost of compliance exceeds the appropriate limit.
What time can be counted in a section 12 estimate?
Section 12 is supposed to be about the work required to find and extract recorded information. The classic categories are:
- Determining whether the information is held
- Locating the information
- Retrieving the information
- Extracting the information (for example, from files, folders, or databases)
What’s commonly not meant to be counted under section 12 is the stuff that happens after the information has already been gathered, for example:
- Reading material to consider exemptions
- Redacting
- Consulting internally
- Drafting the response letter
Authorities don’t always explain this cleanly. Some refusals blur the categories. Even if a refusal might still be lawful overall, you should push for clarity on exactly what’s being counted and why.
The real problem: bad record-keeping inflates estimates
Here’s what usually sits behind “exceeds the appropriate limit”. It’s not that the request is inherently huge. It’s that the authority’s systems are built in a way that turns simple questions into manual labour.
Common patterns:
- Information scattered across multiple shared drives with inconsistent naming
- Email archives treated as a filing system, with no usable metadata
- Databases that store facts but don’t store meaningful tags
- Case management systems that can’t be queried in a way that produces aggregate statistics
- “Manual trawl” language used as a substitute for evidence
Every one of those weaknesses increases the time estimate. Time estimate goes up, refusal becomes easier. That’s the incentive problem.
Why FOI cost limits can discourage modernisation
Modernisation makes FOI compliance cheaper. That should be a win. Instead, it can feel like a risk to organisations that prefer the comfort of plausible deniability.
If you implement proper taxonomy, consistent database labelling, and searchable records, you get:
- Faster retrieval, because records are consistently tagged
- More reliable statistics, because fields are standardised
- Less reliance on email trawls, because information is structured
- Fewer section 12 refusals, because the same request takes minutes, not days
That last bullet is the uncomfortable bit. Better systems mean fewer valid excuses. FOI becomes harder to dodge. In practice, that can reduce internal incentive to build better systems, because “we can’t search it” quietly functions as a shield.
“Manual review” isn’t diligence, it’s usually a governance gap
Authorities sometimes present manual searching as carefulness. That’s marketing. A public body that can’t query its own holdings at scale is not being cautious. It’s operating without basic records intelligence.
When “manual trawl” is the default, the organisation’s ability to learn, audit, or spot trends is compromised. FOI just reveals the same weakness the public experiences elsewhere: complaints analysis, equality monitoring, safeguarding oversight, procurement audit trails, the lot.
What you should demand in an internal review
If an authority refuses under section 12, don’t accept vibes. Ask for the working.
- Task breakdown: which tasks, which systems, and how many hours for each
- Evidence: whether they sampled records to estimate time, and what that sample showed
- Scope control: whether a narrower, staged response is possible (and if not, why not)
- Advice and assistance: what refinement they propose under section 16
- Boundary clarity: confirmation they haven’t counted redaction or exemption review time under section 12
If the refusal is driven by “we don’t have searchable labels”, that’s their governance problem. You’re not asking them to invent new information. You’re asking them to retrieve what they chose to store without a usable structure.
The bottom line
FOI is meant to reinforce scrutiny. A model that makes disclosure easier to refuse when record-keeping is worse has the incentives backwards. It turns organisational disorganisation into a legal advantage.
If an authority claims FOI compliance is too costly because its data is unlabelled, scattered, or only retrievable by manual trawl, the issue isn’t the request. It’s the organisation.
Related reading on The Reasonable Adjustment
- Public FOI strategy, The Reasonable Adjustment
- GMP medical cannabis seized and disposed, FOI breakdown
- Vexatious FOI, lessons from Scotland






Be First to Comment