The Social Tenant Access to Information Requirements (STAIRs) represent a significant shift in the regulatory landscape for private registered providers (RPs) of social housing. Introduced as part of the government's broader drive to improve transparency and accountability in the sector, STAIRs will give social housing tenants of RPs new rights to access information about how their homes and estates are managed; these rights being broadly comparable to those already available to tenants of local authorities under the Freedom of Information Act 2000 (FOIA).
The requirements will be implemented in two phases. From 1 October 2026, RPs must comply with a new publication scheme requiring them to proactively publish certain categories of information. From 1 April 2027, tenants will gain the right to submit formal information requests, which RPs must respond to within prescribed timeframes.
The operational impact on RPs should not be underestimated. Compliance with STAIRs will require a review of existing policies and procedures, investment in staff training, and the development of new internal processes, including a published policy on how the provider will approach decisions to withhold information. Compliance will be monitored by the Regulator of Social Housing (RSH) as part of its broader standards framework, and individual complaints will be handled by the Housing Ombudsman. While a proportionate approach to enforcement is anticipated, providers who fail to prepare risk both regulatory scrutiny and reputational damage.
The requirements are divided into two key parts: a publication scheme (requiring RPs to proactively publish specified categories of information) and an information request regime (giving tenants, including licensees and shared owners of properties, the right to request information about the management of their housing). This article considers each in turn, before addressing the exemptions framework, the complaints process, and the practical steps providers should be taking now.
Part 1: The Publication Scheme (from 1 October 2026)
From 1 October 2026, RPs must proactively publish information they hold which falls within the following categories set out in the policy statement:
- governance and decision making;
- spending;
- housing stock management;
- performance;
- housing services;
- lists and registers; and
- social housing management.
To meet this obligation, RPs must establish and maintain a publication scheme and ensure tenants are made aware of it. Information should be presented in a way that is easy for tenants to identify and access, and must be reviewed and updated on a regular basis.
Importantly, RPs are not required to create new records to comply with the publication scheme; the obligation extends only to information already held. Where documents fall within scope of the publication scheme but contain sensitive material, RPs may redact those documents where it is appropriate and reasonable to do so, applying the same principles that govern the withholding of information under the Freedom of Information request regime (discussed below). Where a tenant believes that a RP has failed to publish information that falls within scope of the scheme, they may complain via the provider's internal STAIRs review process (see "Complaints and Oversight" below).
Part 2: Information Requests (from 1 April 2027)
From 1 April 2027, tenants or their designated representatives will be entitled to submit written requests for "relevant information" held by RPs or by any entity or person responsible for managing the provider's social housing on its behalf. Tenants do not need to mention STAIRs for the requirements to apply; any written request for information that falls within scope will require compliance with the regime. RPs are expected to inform tenants of the policy and how to request information, for example through tenant handbooks and their websites.
RPs must acknowledge receipt of information requests promptly and respond substantively within 30 calendar days. Additional time is permitted only in exceptional circumstances; for example, where the RP needs to consider whether it is reasonable to withhold the information, or where the information is held by a third-party managing agent. Even where additional time is taken, the response must be provided within a reasonable timeframe, and the applicant must be notified of the delay and given an expected response date. Information must be disclosed in a format that is accessible to the applicant, and RPs may redact documents where it is appropriate and reasonable to do so, applying the withholding principles discussed below.
The scope of "relevant information" is broad. It covers information related to the management of a RP's social housing, including details of policies, plans and actions, as well as records retained to support those activities. Examples include information relating to property moves, rent collection and rates, service charges, property conditions and repairs, anti-social behaviour, staffing and training, complaints handling, health and safety, and housing stock management.
While tenants already have the right to make subject access requests (SARs) under UK GDPR, those are limited to personal data about the individual making the request. STAIRs significantly broaden this right by allowing tenants to request information about the management of their social housing more generally. However, certain categories of information fall outside scope. Information is not "relevant information" if there is already a statutory right of access to it (for example, under FOIA or the Environmental Information Regulations 2004 (EIR)), or if the information was created after the request was received. Matters determined by local councils, such as allocations policies and homelessness, are also excluded, as is information about the management of property unrelated to the provider's social housing functions.
RPs may refuse an information request on the following grounds:
- it is reasonable to withhold the information, having regard to the protections under the FOIA, EIR and UK GDPR (for example, where disclosure would involve third-party personal data);
- the identity of the applicant cannot be established;
- the request is unclear;
- the information requested is not "relevant information";
- responding would exceed 18 hours of staff time;
- the request is repeated, including coordinated requests from multiple applicants; and/or
- the request is offensive or communicated in an abusive manner.
Exemptions: A Practical Guide
The policy statement does not set out a prescriptive list of exemptions. Instead, it requires RPs to have "due regard" to the protections afforded to certain classes of information under FOIA and the Data Protection Act 2018 (DPA), and any other relevant statutes. In practice, this means that RPs should look to the FOIA exemptions framework as a guide when deciding whether it is reasonable to withhold information. RPs must also prepare and publish a policy setting out how they will approach these decisions; a requirement that underscores the importance of having a clear, documented process in place before the regime takes effect. The following are the exemptions most likely to be relevant in practice.
Commercial Sensitivity
Under FOIA, information is exempt where its disclosure would, or would be likely to, prejudice the commercial interests of any person (section 43 FOIA). In the STAIRs context, this is likely to be relevant where tenants request information about procurement processes, contractor pricing, development appraisals, or commercial negotiations. To rely on this exemption, RPs should be able to demonstrate a real and significant risk of prejudice; a speculative or generic assertion of commercial harm is unlikely to be sufficient. RPs should document their reasoning and, where the information relates to a third party (such as a contractor), seek the views of that third party on the likelihood of harm before reaching a decision.
Confidentiality
Information provided in confidence, or subject to legal professional privilege, may be withheld where disclosure would constitute an actionable breach of confidence or would prejudice the provider's ability to obtain legal advice (sections 41 and 42 FOIA). RPs should review their contractual arrangements with third parties (including managing agents, contractors, and consultants) to identify where confidentiality obligations exist. However, the mere existence of a confidentiality clause does not automatically justify withholding information; the provider must still assess whether disclosure would in fact cause harm.
Data Protection
Where a request for information would involve the disclosure of personal data relating to a third party, RPs must consider whether disclosure would comply with the data protection principles under UK GDPR and the DPA. This is likely to arise frequently; for example, where complaint records, incident reports, or correspondence contain the names or personal details of other tenants, staff, or contractors. In many cases, redaction of personal data will allow the remainder of the information to be disclosed but redactions should be considered carefully, noting that in some contexts a person's identity could still be apparent even if a name is redacted. RPs should ensure that staff handling information requests are trained to identify personal data and apply appropriate redactions, rather than refusing the request in its entirety.
The Public Interest Test
Where an exemption applies, the policy statement requires RPs to balance factors favouring disclosure against the likelihood of harm arising from it. This mirrors the public interest test under FOIA. In conducting this assessment, RPs should consider the general presumption in favour of transparency that underpins the STAIRs regime, the nature and severity of any potential harm, and whether the information could be disclosed in a redacted or summarised form.
Notably, the final policy statement makes clear that it is not reasonable to refuse a request on the basis that disclosure would result in reputational risk for the provider; a point that RPs should ensure is reflected in staff training and internal guidance. RPs should not refuse a request based on the applicant's identity (beyond confirming they are a tenant or authorised representative), the reasons for the request, or how the information will be used following disclosure. All decisions to withhold information should be documented, with a clear record of the exemption relied upon, the harm identified, and the public interest balancing exercise undertaken.
Practical guidance on how RPs should approach the application of exemptions is set out in the "Next Steps for Providers" section below.
Complaints and Oversight
Where a tenant is dissatisfied with the handling or outcome of an information request (or believes a RP has failed to publish information under the publication scheme), the first step is to complain to the provider via its internal STAIRs review process. A tenant may nominate a designated representative to complain on their behalf. The provider must carry out a review, normally within 30 calendar days, although additional time may be taken in certain circumstances.
If the tenant remains dissatisfied following the internal review, they may escalate the complaint directly to the Housing Ombudsman under the terms of the Housing Ombudsman Scheme. The Ombudsman's role is to resolve individual disputes between tenants and providers in relation to STAIRs. Providers are required to assist the Ombudsman, provide any information requested, and comply with any orders made. The Ombudsman may also issue good practice guidance on STAIRs, to which providers should have regard. Responses to internal reviews should inform tenants of their right to escalate to the Ombudsman.
The Ombudsman undertook a consultation on how they will take on complaints as part of their role in STAIRs; this closed on 17 March and is currently under review – the outcome of which should be factored into any internal STAIRs review process – watch this space.
The Regulator of Social Housing (RSH) has a broader oversight role. STAIRs forms part of the standards that all registered providers must deliver, and the RSH is responsible for holding providers to account for meeting those standards. While the RSH's approach is intended to be proportionate, consistent, and transparent, persistent non-compliance could result in regulatory intervention. Providers should also be aware of the reputational risks associated with adverse findings by either the Ombudsman or the RSH; particularly given the increased public and media scrutiny of the social housing sector.
Practical steps that RPs should take to minimise the risk of complaints and regulatory action are set out in the "Next Steps for Providers" section below.
Next Steps for Providers
With the first phase of STAIRs taking effect on 1 October 2026, RPs should be taking steps now to ensure readiness. Key actions include:
- auditing existing information holdings against the publication scheme categories and establishing or updating the publication scheme accordingly;
- reviewing and updating information governance policies and procedures, including developing and publishing a policy on how the provider will approach decisions to withhold information;
- training staff on the STAIRs requirements, including the distinction between SARs and information requests, the exemptions framework, and the importance of documenting decisions;
- implementing a dedicated internal STAIRs review and complaints handling process, with clear timelines and escalation routes to the Housing Ombudsman;
- reviewing contracts with managing agents, contractors, and other third parties to ensure they include appropriate provisions for the sharing of information in response to tenant requests; and
- establishing systems for monitoring and reporting on information request volumes, response times, and outcomes, to support compliance reporting to the RSH.
If you have any questions about how STAIRs will affect your organisation, or would like assistance in preparing for implementation, please contact a member of our team.
