ICO publishes guidance for public bodies on AI-generated FOI requests

TL;DR:

• The Information Commissioner’s Office has published new guidance for UK public authorities responding to a rising volume of Freedom of Information requests generated using AI tools, some of which misquote or misinterpret the underlying legislation.
• The guidance does not change the law; it is meant to help FOI teams apply existing principles consistently, and includes wording authorities can use to encourage responsible AI use by requesters.
• Resultsense view: this lands as the second piece of UK public-sector AI guidance in a fortnight, alongside the new ADM rules under the Data (Use and Access) Act — a clear signal that the ICO is now operationalising AI policy at the workflow level, not just the rights level.

The ICO said the guidance responds directly to feedback from FOI practitioners about the practical impact of AI on their work. Public bodies are reporting both higher volumes and greater complexity of requests, including AI-drafted submissions that misstate FOI law and require clarification before a substantive response can be drafted.

What the guidance covers

The published material focuses on three operational pressure points: requests generated using AI that misinterpret or misquote FOI legislation; managing higher volumes of requests requiring clarification or refinement; and maintaining fair, consistent handling regardless of how a request was created. The ICO has also included sample wording authorities can use when corresponding with requesters to encourage responsible AI use and clearer requests.

Deborah Clark, the ICO’s Upstream Regulation Manager, said the goal is “practical, sensible support, not adding new burdens”, noting that AI also has potential to help authorities improve how they handle FOI requests when used responsibly.

Where this sits in the broader UK AI regulatory picture

The FOI guidance arrives as part of a wider ICO operational push on AI. The regulator is mid-consultation on draft guidance for automated decision-making under the new Article 22C of the UK GDPR, brought into force on 5 February 2026 by section 80 of the Data (Use and Access) Act. That consultation closes on 29 May 2026, with final guidance expected this summer. The ICO is also developing a statutory code of practice on AI and ADM as part of its biometrics-and-AI strategy.

Read alongside the ADM consultation, the FOI guidance represents the ICO’s “everyday-AI” operational layer — distinct from the rights-based ADM framework, but visibly part of the same overall strategy of giving UK organisations confidence to use AI within existing law rather than treating each AI use as exceptional.

Looking forward

For UK public-sector teams, the practical short-term task is straightforward: align internal FOI workflows with the new guidance and the sample wording before the volume of AI-drafted submissions rises further. The wider question — how the ICO’s accumulating AI guidance interacts with the forthcoming statutory code — is the one to watch through the summer.