Information requests from Ofcom: why you have one and what you need to do

If you have information that will help Ofcom fulfil its role, we might send you a request for that information.

Every request is unique to that case. When we send it, we will explain why we need the information.

We use formal information requests for many reasons, including (but not limited to):

1. to administer our regulatory fees process;
2. to better understand issues in the areas that we regulate and help us make more informed policy decisions;
3. to investigate processes and how decisions were made; and
4. to investigate potential non-compliance with our rules.

Our powers to request information are set out in law

Here are some of the relevant pieces of legislation:

• Communications Act 2003

  Ofcom has wide powers to require the provision of information under section 135 of the Communications Act. Ofcom has powers to impose financial penalties for non-compliance with a statutory information request and failure to comply can also constitute a criminal offence under sections 138 to 144 of the Communications Act.

• The Telecommunications (Security) Act 2021 (TSA)

  The Communications Act gives Ofcom powers to monitor and enforce industry’s compliance with their security duties (sections 105I and 105N to 105V). Ofcom can require providers to share information that we consider necessary for the purpose of carrying out its security functions.

  The TSA amends the security framework in the Communications Act with the aim of increasing the security of the UK's public electronic communications networks and services. All providers of public electronic communications networks or public electronic communications services must comply with this revised security framework.

  We will typically use the powers under section 135 of the Communications Act to gather any information we require.

• Wireless Telegraphy Act 2006 (WTA)

  Under section 32A of the WTA, Ofcom has wide powers to require the provision of information for the purpose of carrying out our radio spectrum functions. Ofcom has powers to impose financial penalties for non-compliance with a statutory information request and failure to comply can also constitute a criminal offence under sections 32C to 33 of the WTA.

• Postal Services Act 2011

  Under section 55 and Schedule 8 of the Postal Services Act, Ofcom can require the provision of information relating to a suspected contravention of any regulatory condition/direction imposed under Part 3 of the Postal Services Act or other postal legislation. Ofcom has powers to impose financial penalties for non-compliance with a statutory information request and failure to comply can also constitute a criminal offence under Part 2 of Schedule 8 to the Postal Services Act.

• Online Safety

  Under the Online Safety Bill, it is likely that Ofcom will be given the power to formally request any information from regulated services that may be required for exercising or deciding whether to exercise any of its powers, including information that needs to be obtained or generated by providers.

We also have powers in broadcasting and spectrum licences to request information from licensees.

We typically attach a formal information request to an email (as a PDF). If we ask for information from a company, the request is marked for the attention of the Company Secretary at the registered business address.

We send the email from information.registry@ofcom.org.uk.

In some cases, we will also send a hard copy by post, for example if you have not agreed for us to contact you by email only.

A formal information request generally consists of:

1. a cover letter attaching the information request;
2. the information request, generally called a ‘Notice’, which explains what we need the information for and the deadline for responding. The Notice typically contains a number of annexes:
   1. The actual questions you need to respond to will generally be contained in the first annex.
   2. Other annexes might contain information on how to provide information to Ofcom via a secure file transfer and information on potential offences and sanctions if you fail to comply with the requirements of the request. These may include criminal offences if you provide false or misleading information to Ofcom.

You will probably get a draft version first

Sending a request in draft version first allows us to make sure we have worded and targeted it clearly enough, so that we get the information we need and you can respond within the set time period. You don’t need to provide the actual information at this stage.

Once we have finalised the information request, we will send the formal ‘final’ Notice to you. You will then need to provide your response by the given deadline.

If you have any questions about the request, you can ask us to clarify.

In some situations, we might not consider it appropriate to send the request in draft form first. In those circumstances, we will make clear that you have been sent the ‘final’ Notice and need to respond by the given deadline.

In short, you need to provide clear, complete and accurate responses to all the questions by the deadline set out in the request.

You must also provide the information in the format requested. For example, this might be a document in .docx format or a spreadsheet in .csv format. We generally only accept information returned in the requested format.

The information you provide must be clear, complete and accurate

An incomplete response could mean failing to answer one or more questions (or sub-parts of a question), or failing to provide all information requested by a particular question.

If you do not have any of the information requested, then you should say so and explain what searches you have carried out to check.

A response can refer to other documents or information held by Ofcom, but it should not require us to interpret a response by reference to other information or documents you may have provided in order to understand your intended meaning.

If you can’t be sure that your response is 100% accurate, then you should clearly explain any problems to Ofcom and provide information with appropriate qualification.

We only extend deadlines for good reason – tell us promptly if you need more time

If you don’t think you can respond by the deadline, inform us immediately and clearly explain why. We only agree to extend deadlines where there are good reasons for doing so, like:

• unexpected absence of a key employee responsible for obtaining the required information;
• technical difficulties;  or
• other exceptional circumstances outside of your control.

We will consider requests for more time on a case-by-case basis.

It's important you provide clear, complete and accurate responses to all the questions by the deadline given in the request. If you don’t, we may open an investigation into your failure to comply. In turn, this may result in you receiving a significant financial penalty (and your service might be suspended). 

Whether we investigate and decide to impose a financial penalty will depend on the circumstances. The maximum penalty depends on the relevant legislation. For example, we can impose a penalty of up to £2,000,000 for a contravention under the Communications Act plus up to £500 per day in respect of each day on which the contravention continues. Previous cases in which we have imposed financial penalties for non-compliance with a statutory information request can be found in the Enforcement area of our website.  

Any information that is unclear will at a minimum result in additional correspondence with Ofcom, so take the time up-front to ensure your response is clear. 

Failure to comply 

• Failing to comply with a statutory information request, or providing false or misleading information to Ofcom, can lead to a formal investigation and may also constitute a criminal offence, which can result in a financial penalty and/or imprisonment. 
• Failing to comply with a formal request for information issued under a licence can constitute a breach of licence, which may result in enforcement action and potentially revocation of the licence. 

You must provide all the information requested, even if you consider that the information, or any part of it, is commercially sensitive and/or otherwise confidential (for example, because it relates to a third party and you have agreed with that third party to keep their information confidential).  

Ensuring information is appropriately protected is central to Ofcom’s work and our reputation as the UK’s communications regulator.  

The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously. We consistently test and monitor the efficacy of our systems to protect the data we hold and ensure data is only kept in accordance with our records and information management policy. 

If you consider that any of the information you are required to provide is confidential, you should clearly identify the relevant information and explain in writing your reasons for considering it confidential (for example, the reasons why you consider disclosure of the information will seriously and prejudicially affect the interests of your business, a third party or the private affairs of an individual, taking into account any relevant statutory definition of ‘confidential’ information. You may find it helpful to do this in a separate document marked ‘confidential information’. 

Ofcom will take into account any claims that information should be considered confidential. However, it is for Ofcom to decide what is or is not confidential, taking into account any relevant common law and statutory definitions. We do not accept unjustified or unsubstantiated claims of confidentiality. Blanket claims of confidentiality covering entire documents or types of information are also unhelpful and will rarely be accepted. For example, we would expect stakeholders to consider whether the fact of the document’s existence or particular elements of the document (e.g. its title or metadata such as to/from/date/subject or other specific content) are not confidential. You should therefore identify specific words, numbers, phrases or pieces of information you consider to be confidential. You may also find it helpful to categorise your explanations as Category A, Category B etc. 

Any confidential information provided to Ofcom is subject to restrictions on its further disclosure under the common law of confidence. In many cases, information provided to Ofcom is also subject to statutory restrictions relating to the disclosure of that information (regardless of whether that information is confidential information). For this reason, we do not generally consider it necessary to sign non-disclosure agreements. Our general approach to the disclosure of information is set out below. 

Circumstances where we may disclose part of your response 

We will not disclose information we have gathered from you unless:  

1. we have consent;  
2. we are required by a court or tribunal to disclose the information in relation to civil or criminal proceedings; or  
3. there is another legal basis for us disclosing the information, and we consider it is proportionate to disclose the information in the circumstances.  

The specific circumstances in which we may disclose information will depend on the relevant legal framework under which we have gathered that information and any statutory or common law restrictions on the disclosure of information by Ofcom.  

For example, where we have gathered information relating to a particular business using our information gathering powers under section 135 of the Communications Act 2003, section 393 of the Communications Act explains that Ofcom cannot disclose that information without the consent of the person carrying on that business, unless this is permitted for specific, defined purposes (and in many cases only to specific persons). One of those purposes is where we consider disclosure facilitates the exercise of our relevant functions. It is a criminal offence for a person to disclose information in contravention of section 393. 

Ofcom will generally redact information identified as confidential from our publications or withhold it from the disclosures we make. However, for the avoidance of doubt, we may disclose information you consider to be confidential where permitted by law. For example, we may disclose information if, for example, we consider it necessary to facilitate the carrying out of our functions by enabling a reader to understand and contextualise our proposals or decision and associated reasoning and (where relevant) meaningfully engage in our consultation process. In doing so, we would take into account our wider duties to be transparent, accountable and proportionate under section 3(3)(a) of the Communications Act. 

Any confidential information provided to Ofcom is subject to restrictions on its further disclosure under the common law of confidence. In many cases, information provided to Ofcom is also subject to statutory restrictions relating to the disclosure of that information (regardless of whether that information is confidential information). 

Process we expect to follow if we propose disclosing part of your response 

When deciding whether to disclose information, we will carefully balance the need to disclose the relevant information against any concerns or objections you raise in relation to its disclosure.  

We will normally first explain our intention to disclose the information (including the context in which we intend to disclose it) and give you the opportunity to make representations about the proposed disclosure. Our intention to disclose may either be explained in this request or we may inform you separately. There may be some limited circumstances where we do not consider it appropriate to first explain our intention to disclose information, for example, where immediate action is required due to a security incident.  

We will generally try and resolve any objections to a proposed disclosure through constructive dialogue. If we remain of the view that we need to disclose the information and you continue to object, we will give you advance warning prior to making the disclosure. This will give you an opportunity to challenge our decision. 

Where we decide the information you have provided does not need to be disclosed in full but consider it appropriate to include some information in a proposed disclosure, we may ask you to provide a summary of information or a range of numbers, rather than simply removing the information. 

Informal or voluntary requests 

We gather information in a variety of ways, and it is not always appropriate to use our statutory or licensing powers. We often benefit from information provided on an informal or voluntary basis and from constructive dialogue on a range of topics. 

But if you have already, voluntarily provided information that we intend to rely on when making certain decisions, we usually then send you a formal information request to confirm the completeness and accuracy of that information. This includes: 

• where we intend to rely on information provided by a stakeholder in published documents such as consultations and statements; and  
• where information will be relied on to make decisions in the context of an investigation or to make a decision that imposes requirements on a stakeholder. 

This makes sure our decisions are made on the basis of robust and complete evidence. So, don’t be confused if it seems we are requesting information you’ve already provided to us. 

Where we have been told informally that certain information is unavailable, we may use our statutory or licensing powers to obtain formal confirmation of this. 

We may also formally ask for information formally when requesting customer or other information that may be commercially sensitive, including where a stakeholder asks us to request the information formally. 

Using information for a different purpose 

As noted above, every request will clearly explain why we need the information. 

We may share information provided in your response internally within Ofcom and use that information for another internal purpose unless we have agreed otherwise (for example, because information is particularly sensitive network security information). 

Where, however, we obtained information for the specific purpose identified in this request but subsequently want to use that information for another purpose and rely on it: 

• in published documents such as consultations and statements; or  
• to make decisions in the context of an investigation or to make a decision that imposes requirements on a stakeholder, 

we will generally send you another Notice requiring the same information to be provided for the new purpose.  

In some circumstances, we may, as an alternative, consider it appropriate to explain why we need to use the information for a different purpose and ask for your consent to use it for this new purpose. If you do not give consent then we may send another Notice requiring the same information to be provided for the new purpose.  

When seeking to use information previously provided for a different purpose, we may also ask you to confirm the information previously provided remains up-to-date and, where relevant, to provide updated information. We will generally do this in another Notice.