Resources
Equip your team with the essential AI governance tools designed for AI innovators.
Start here to build AI tools leaders can trust. These resources help protect your team, your product, and your path to AI adoption.
Protect end-user data, comply with regulations, and earn the confidence of leaders with these resources:
AI Readiness & Risk Assessment Toolkit for K‑12 EdTech
A practical self-assessment designed for software teams to evaluate data quality, bias risks, and privacy safeguards according to FERPA, COPPA, and district-level rules.Operational AI Governance Blueprint
Step-by-step guidance to implement policies around student usage, teacher oversight, and AI feature rollout in real-world classroom settings.HR Policies for AI Development Teams
Two templates—Permissive (encouraging experimentation) and Prohibitive (focused on compliance)—help manage internal AI creation while safeguarding student interests.NIST-Aligned AI Risk Management Assessment
A structured roadmap to benchmark your EdTech software against federal best practices and preemptively address emerging K‑12 compliance issues.IP & Legal Risk Summary for AI
A targeted overview of copyright, licensing, and content-sourcing challenges unique to AI tools in educational settings.U.S. Department of Education Compliance Aids
Resources and toolkits curated for EdTech companies deploying AI to ensure they meet federal guidelines and support safe student use.
Why These Resources Matter
K‑12 districts demand clear, documented processes for any AI-powered tool used in classrooms. These materials help you:
Mitigate Student Data Risk: Address privacy, bias, and security upfront.
Streamline Sales to Districts: Provide documentation they expect—compliance checklists, policy templates, and transparency about AI features.
Build Credibility & Trust: Demonstrate accountability through formal governance aligned with public standards (NIST, DOE, White House).
More Support for Your Journey
Need help going beyond the basics? Our specialized services include:
Custom AI Governance Frameworks tailored for your software’s architecture and use cases.
District-Focused Compliance Reporting to shorten sales cycles.
Integration Advising on how to embed governance directly into product development and release workflows.
Ready to Elevate Your AI EdTech Product?
We specialize in helping K‑12 EdTech software companies:
Navigate evolving AI compliance regimes
Build governance into your product’s DNA
Accelerate adoption by school districts
Turn AI complexity into your edge. Insights delivers bite-sized guidance to help you meet district needs and speak their language. Whether you’re preparing for demos, navigating procurement, or trying to stand out, we’ll help you align with what leaders actually care about. Less noise, more traction.
Your Guide to Navigating Compliance in EdTech
From student data privacy to AI oversight, each framework here shapes how schools decide which technologies to trust — explore them to see where your solution stands and what it takes to clear the bar.
-
KEY PROTECTIONS: Education records (grades, schedules, health info unless HIPAA applies)
ENFORCED BY: U.S. Dept of Education
WHO MUST COMPLY: Schools; Vendors via DPA
KEY REQUIREMENTS: Limit disclosure, parental rights
HOW EDTECH SOFTWARE COMPLIES: Sign clear DPAs; restrict access; allow export & correction of records by schools/parents.
KEY NOTES: Parents/students have rights to inspect & amend.
-
KEY PROTECTIONS: Children’s info under 13: name, address, email, photos, geolocation
ENFORCED BY: FTC
WHO MUST COMPLY: Websites & Apps
KEY REQUIREMENTS: Parental consent
HOW EDTECH SOFTWARE COMPLIES: Obtain verifiable parental consent OR rely on school consent for education-only use; do not use data for ads.
KEY NOTES: May extend age to 16 in future.
-
KEY PROTECTIONS: Sensitive survey content (political beliefs, religion, mental health)
ENFORCED BY: U.S. Dept of Education
WHO MUST COMPLY: Schools; Vendors collecting survey data
KEY REQUIREMENTS: Consent for sensitive surveys
HOW EDTECH SOFTWARE COMPLIES: Get school approval for any surveys; provide opt-out or consent forms; store data securely.
KEY NOTES: Parents must consent for certain questions.
-
KEY PROTECTIONS: Health info (diagnosis, treatment, payment)
ENFORCED BY: HHS
WHO MUST COMPLY: Schools w/ direct healthcare; relevant apps
KEY REQUIREMENTS: Applies if FERPA doesn't cover
HOW EDTECH SOFTWARE COMPLIES: Encrypt health data; limit access; clarify if FERPA covers info instead; disclose security measures.
KEY NOTES: FERPA generally supersedes HIPAA in schools.
-
KEY PROTECTIONS: Student-created info, test results, medical, criminal records
ENFORCED BY: CA Attorney General
WHO MUST COMPLY: Vendors & Operators
KEY REQUIREMENTS: No profiling, targeted ads
HOW EDTECH SOFTWARE COMPLIES: Do not use data for ads/profiling; encrypt data; provide security measures in privacy policy; comply with requests to delete data.
KEY NOTES: Applies broadly to EdTech serving CA students.
-
KEY PROTECTIONS: Filters for harmful content; monitor student online activities
ENFORCED BY: FCC (via E-rate)
WHO MUST COMPLY: Schools; Vendors supporting compliance
KEY REQUIREMENTS: Filtering, monitoring
HOW EDTECH SOFTWARE COMPLIES: Provide safe search tools, content filters, admin dashboards for monitoring usage.
KEY NOTES: E-rate funding tied to compliance
-
KEY PROTECTIONS: PII triggers: name + SSN, license, account info, credentials
ENFORCED BY: State AGs; federal rules
WHO MUST COMPLY: Schools & Vendors
KEY REQUIREMENTS: Timely notification
HOW EDTECH SOFTWARE COMPLIES: Encrypt PII; monitor for breaches; have documented incident response plan; notify schools quickly if breached.
KEY NOTES: States vary; CA includes online account credentials.
-
KEY PROTECTIONS: EU data rights: access, correct, erase, data minimization
ENFORCED BY: EU DPAs
WHO MUST COMPLY: Vendors processing EU data
KEY REQUIREMENTS: Rights to access, erase
HOW EDTECH SOFTWARE COMPLIES: Allow data export/deletion on request; get explicit consent where needed; keep data in EEA if possible; appoint EU rep if required.
KEY NOTES: Fines for non-compliance can be steep.
-
KEY PROTECTIONS: Risk classification for AI systems; transparency; human oversight
ENFORCED BY: EU Authorities
WHO MUST COMPLY: Vendors offering AI in EU
KEY REQUIREMENTS: Transparency, bias checks
HOW EDTECH SOFTWARE COMPLIES: Conduct AI risk assessment; provide explainability; human review for high-risk AI tasks (grading, behavior tracking).
KEY NOTES: Align product roadmap now; coming into force soon.
-
KEY PROTECTIONS: Bias testing, explainable AI, privacy-enhancing tech
ENFORCED BY: Various federal agencies
WHO MUST COMPLY: Vendors using AI with districts
KEY REQUIREMENTS: Explainability, bias, risk control
HOW EDTECH SOFTWARE COMPLIES: Implement fairness testing; maintain clear documentation of AI systems; train teams on explainability; share governance plan with districts.
KEY NOTES: Not yet a law but guides procurement requirements.
-
KEY PROTECTIONS: Defines standardized cybersecurity job roles and competencies.
ENFORCED BY: U.S. National Institute of Standards and Technology (NIST)
WHO MUST COMPLY: Schools, vendors, and training providers
KEY REQUIREMENTS: Job roles & skills
HOW EDTECH SOFTWARE COMPLIES: Use NICE role definitions to train staff and define security responsibilities in your team.
KEY NOTES: Useful for building security maturity in EdTech teams.
-
KEY PROTECTIONS: Provides a framework to identify, protect, detect, respond to, and recover from cybersecurity threats.
ENFORCED BY: U.S. National Institute of Standards and Technology (NIST)
WHO MUST COMPLY: Vendors and schools implementing cybersecurity best practices
KEY REQUIREMENTS: Protect, detect, respond
HOW EDTECH SOFTWARE COMPLIES: Use NIST CSF or NIST 800-53 to define internal security controls, audit readiness, and recovery plans.
KEY NOTES: Often referenced in RFPs and federal guidance on secure systems.
