Current as of June 2026. Education AI rules moved in the last year: the children’s privacy rule was amended in 2025, federal AI-in-education policy shifted toward promotion, and most states issued their own guidance. Every date below reflects the most recent confirmed status, and uncertainty is flagged where it exists.

For schools, colleges, and universities, AI compliance rests on a floor of student-privacy and civil-rights law that predates AI, plus a fast-growing layer of state and international guidance. The binding obligations are the familiar statutes: FERPA for education records, COPPA for children under 13, the Protection of Pupil Rights Amendment for surveys, and the civil-rights laws the Office for Civil Rights enforces. Federal AI policy has shifted toward encouraging adoption, while most states have written their own guidance: more than half have issued AI guidance for K-12 schools (Education Commission of the States, 2025). Underneath all of it sits the same gap: none of these frameworks was built for AI agents that act on their own through tool calls.

NIST AI RMF and ISO/IEC 42001 Are the Horizontal Backbone

Every institution’s AI program should align to two horizontal instruments first: the NIST AI Risk Management Framework supplies the methodology, and ISO/IEC 42001 supplies the certifiable management system. NIST AI RMF organizes risk work into four functions, Govern, Map, Measure, and Manage (NIST, 2024). ISO/IEC 42001, published December 2023, is the first AI management system standard an external auditor can certify against (ISO, 2023).

These give an institution one defensible governance structure that maps onto the statutes below. Education has no single AI law; it has a privacy floor, a civil-rights floor, and a patchwork of guidance. A NIST-aligned program and a 42001 certificate are what tie those obligations into a coherent program a regulator, an accreditor, or a district board can recognize.

FERPA Puts Student Education Records Inside AI Scope

Any AI system that processes personally identifiable information from student education records falls under the Family Educational Rights and Privacy Act (FERPA), which governs how institutions handle and disclose those records (FERPA, U.S. Department of Education, 2026). Sharing student data with an external AI tool generally requires either consent or a recognized exception, such as the school official exception, which carries its own conditions on control and use.

This is the catch for AI adoption in schools. A tutoring assistant, a grading tool, or an analytics model that can see grades, disciplinary records, or identifiers is processing FERPA-protected data, and feeding that data to a consumer AI tool with no agreement in place can be an unauthorized disclosure. The obligation follows the data, not the tool, so AI is a new path the same duty travels. Keeping education records out of ungoverned AI tools is the concrete compliance step.

COPPA Now Reaches Biometric Data From Children Under 13

Online services used by children under 13 must follow the Children’s Online Privacy Protection Act (COPPA), and the FTC’s amended rule, effective June 23, 2025, expanded “personal information” to include biometric identifiers such as voiceprints and facial patterns (FTC, 2025). The amended rule also requires separate opt-in consent for sharing children’s data with third parties and sets data-retention and security obligations, with a compliance deadline of April 22, 2026.

For schools, the biometric expansion matters because AI tools increasingly process voice and image data, which now counts as protected personal information for younger students. COPPA generally applies to the operators of online services, and schools can authorize collection for educational purposes under specific conditions, but the institution still has to know what student data its AI tools collect and where it goes. AI that captures a child’s voice or face is now squarely inside COPPA’s scope.

PPRA and Civil-Rights Law Round Out the Federal Floor

Two more federal layers apply. The Protection of Pupil Rights Amendment (PPRA) governs surveys and the collection of certain sensitive information from students, which can reach AI tools that gather data on attitudes, beliefs, or behavior (PPRA, U.S. Department of Education, 2026). Separately, an AI system that produces discriminatory outcomes in admissions, discipline, or instruction can implicate the civil-rights laws the Office for Civil Rights enforces, including Title VI, Title IX, Section 504, and the Americans with Disabilities Act.

The civil-rights exposure is real regardless of enforcement posture, which has shifted over time. A biased admissions model or a discipline-flagging tool that falls more heavily on protected groups creates legal risk for the institution, because the duty not to discriminate attaches to the outcome, not the technology behind it. An institution cannot delegate that responsibility to a vendor’s algorithm.

Federal AI-in-Education Policy Shifted Toward Promotion in 2025

The current federal direction on AI in education emphasizes adoption rather than a new governance mandate. An April 2025 executive order made AI literacy a national priority and created a federal task force, and the Department of Education followed with a July 2025 letter on using federal grant funds for AI, then finalized AI-focused grant priorities in 2026 (Executive Order 14277, 2025). This is a policy push to integrate and fund AI, not a federal rulebook for governing it.

The practical consequence for compliance teams is that the binding obligations remain the privacy and civil-rights statutes above, not a dedicated federal AI law. Earlier federal guidance from the Department’s educational-technology office had emphasized keeping humans in the loop, and that principle still holds as good practice, but the current federal stance is oriented toward encouraging use. Institutions that adopt AI under this push still answer to FERPA, COPPA, PPRA, and civil-rights law for how that AI handles student data and decisions.

UNESCO and State Guidance Fill the Governance Gap

With no single federal AI rulebook, international and state guidance carry much of the governance weight. UNESCO published guidance for generative AI in education and research in 2023, setting out human-centered principles, age thresholds, and data-protection expectations for schools and universities (UNESCO, 2023). It is guidance, not law, but it is among the most widely referenced international frameworks for the sector.

At the state level, the guidance is now widespread. More than half of US states have issued AI guidance for K-12 schools, most of it converging on the same themes: data privacy, academic integrity, equity, and keeping educators in control of AI-assisted decisions (Education Commission of the States, 2025). For a district or institution, this means the operative governance expectations often live in state guidance and local policy rather than a single federal source.

EU Institutions Also Answer to the EU AI Act

For institutions operating in Europe, the EU AI Act classifies several education uses of AI as high-risk under Annex III: systems that determine admission or assignment to institutions, evaluate learning outcomes, assess the appropriate level of education a person should receive, or monitor and detect prohibited behavior during tests (EU AI Act Annex III, 2024). High-risk status brings obligations on risk management, data quality, logging, transparency, and human oversight.

The Act is extraterritorial, so a non-EU institution using AI on students in the EU, or an admissions tool affecting EU applicants, can be in scope. The education provisions target exactly the decisions that affect a student’s path: who gets in, how they are graded, and how they are monitored. An institution using AI for any of those in Europe carries the full set of high-risk obligations.

How the Education AI Compliance Stack Lines Up

Each instrument governs a different slice of education AI, and almost none of it reaches autonomous agents. The table below maps what each one governs, whether it is mandatory, and how far it extends into agentic AI. The pattern holds across privacy, civil rights, and guidance: solid coverage of human-operated AI, little for agents.

Read down the last column. Each instrument governs a person operating the AI. The agent that acts on its own falls between them.

Every Framework Assumes a Human Educator in the Loop, and Agents Broke That Assumption

The education frameworks assume a person operates and oversees the AI, and AI agents acting through Model Context Protocol (MCP) tool calls remove that person from the chain. MCP is the open standard that lets an agent connect to external tools, systems, and data sources and act through them. An agent that pulls student records, updates a grade, or processes an application is taking actions no educator or administrator reviewed in the moment.

This is the hinge. FERPA assumes an institution controlling who sees student records. COPPA assumes an operator with verifiable consent. Civil-rights law assumes a human accountable for a decision. An agent chaining tool calls across a student information system, a learning platform, and an admissions database satisfies none of those assumptions cleanly, because the action surface moved from a screen an administrator reads to a tool call that fires in milliseconds. Singapore’s Infocomm Media Development Authority launched the first governance framework written specifically for autonomous AI agents in January 2026, the first official signal that the existing stack does not reach agents. The control for that gap has to come from architecture, not the frameworks.

You Cannot Comply With What You Cannot See

Aurascape catalogues more than 20,000 AI applications and ships production-ready connectors within 48 hours of a new tool appearing, which is the inventory layer the education frameworks assume an institution already has (Aurascape Product Brief, 2026). A FERPA program and an ISO/IEC 42001 scope statement both assume an institution knows what AI is in use. Most do not.

Discovery is where policy meets reality. A school or university can have an AI policy and still be blind to the personal ChatGPT accounts faculty and staff use, the AI features switched on inside an approved learning platform, and the copilots employees enabled without asking. Aurascape secures user activity across tens of thousands of AI apps with prompt and response decoding and automated remediation, governing the AI interaction layer that sits alongside, not in place of, the institution’s existing controls and vendor agreements. You cannot govern, or document for a regulator, the AI you have not found.

Sensitive Data Controls Keep Student Records Out of External AI

Aurascape’s real-time, multimodal data classification catches sensitive information at the prompt, before it reaches any external AI service, which matters in education because the data at risk includes FERPA-protected records, COPPA-covered data from younger students, and other student identifiers. The AI Proxy inspects prompts, responses, file uploads, and multi-turn conversations, then enforces policy inline: allow, block, redact, or coach. The control fires at the moment of exposure, not after the data has left.

Sensitive Data Fingerprinting tags student and regulated content so enforcement is context-aware rather than blunt. A staff member pasting a class roster with grades into a consumer chatbot, or uploading disciplinary records to summarize them, is the kind of leak that turns routine work into a FERPA problem. This is the AI-layer complement to the institution’s privacy obligations and vendor agreements, not a replacement for either.

Audit Logging Is How You Prove It to a Regulator or Auditor

FERPA oversight, the EU AI Act, and state guidance all treat traceable records as an evidence requirement, not a best practice. Aurascape generates audit-ready, conversation-level logs of every AI interaction: what was prompted, what was returned, what data was involved, and what policy decision fired. That is the record a regulator reviewing student-data handling, an EU AI Act assessment, or an institutional auditor expects to see for the AI a school uses.

This is the difference between asserting governance and demonstrating it. A FERPA review, an EU AI Act assessment of a high-risk admissions or grading tool, and an internal audit all want the same thing: a traceable record that the stated controls actually ran. Decoded interaction histories and policy-decision logs are that record for the AI layer. The platform does not make an institution compliant and does not replace legal counsel. It produces the evidence compliance and IT teams use to demonstrate the AI controls were in place and enforced.

Copilot Readiness Helps Close the AI Privacy Gap

Microsoft 365 Copilot and similar AI Copilots surface everything a user can technically reach, which turns a tolerable permissions mess into a live FERPA exposure the moment someone runs a cross-department summary prompt. Aurascape’s Copilot Readiness module finds overshared permissions before a rollout, Copilot Oversight monitors live usage, and Copilot Unlearning removes sensitive data already ingested by the AI system.

In a school or university, an AI Copilot deployed across the environment can summarize across student records, financial aid data, and disciplinary files in a single prompt. Finding the oversharing before go-live is the readiness step. Monitoring usage and removing exposed data afterward is the ongoing control. All three map to the data-protection duties FERPA, COPPA, and the EU AI Act impose on the channel copilots opened.

The Zero-Bypass MCP Gateway Is the Control the Frameworks Are Missing

Only 31% of organizations say they are fully equipped to control and secure agentic AI systems, even as 83% plan to deploy them (Cisco AI Readiness Index, 2025), and the gap is structural: the education frameworks assume a human oversees the action. Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, signs, and controls every Model Context Protocol tool call, API invocation, and data retrieval before an agent reaches any external system. Secure Agentic AI wraps the rest of the lifecycle: pre-build adversarial testing, Code Path and CVE Detection, and Safe Output Governance at runtime.

Where the frameworks assume a human in the loop, the Gateway treats the agent as a privileged user and inspects both legs of its behavior: the agent-to-model leg and the agent-to-tool leg. The control fires at the tool call itself, where an agent reaches a student information system, a learning platform, or an admissions database, not at a network destination it already moved past.

Auri Gives Compliance Teams the Evidence Without the Console

Auri, Aurascape’s natural-language agent, gives compliance, privacy, and IT teams role-based access to AI activity records, summaries, and audit evidence through plain-language questions, with no dashboard login or query syntax required (Aurascape, 2026). The people who own a FERPA or EU AI Act obligation are rarely the people who run the security tooling.

A privacy officer responding to a FERPA question, or a compliance lead assembling evidence for an EU AI Act assessment, needs to pull relevant interaction records and policy decisions on their own timeline. Self-service, role-bound access to that evidence lets compliance operate the program rather than filing a ticket and waiting on the IT team for every request.

The Stack Holds, but Only If Something Watches the Agents

The education frameworks cover the human-operated AI surface well when an institution builds to them together: NIST AI RMF as the methodology, ISO/IEC 42001 as the external proof, FERPA, COPPA, and PPRA for student data, civil-rights law for fair outcomes, and UNESCO and state guidance for responsible practice. The crosswalks are real, and an institution that builds to the strongest common denominator can satisfy several layers at once.

The stack’s one structural gap is the agent. Only one in five companies has a mature model for governing autonomous AI agents, even as agentic AI use is set to rise sharply (Deloitte State of AI in the Enterprise, 2026). Agentic AI is already moving into tutoring, advising, and administrative workflows faster than the sector’s guidance can adapt. Gartner predicts guardian agents will capture 10 to 15% of the agentic AI market by 2030, establishing AI-on-AI governance as a defined category (Gartner, 2025). Until the frameworks catch up, the control for autonomous education AI has to come from architecture that inspects the tool call directly.

Frequently Asked Questions

Does FERPA apply to AI tools schools use?

Yes, if the AI processes personally identifiable information from student education records. FERPA governs how institutions handle and disclose those records, so sharing student data with an external AI tool generally requires consent or a recognized exception, such as the school official exception with its conditions. Feeding student records to a consumer AI tool with no agreement in place can be an unauthorized disclosure.

What changed in COPPA for AI in 2025?

The FTC’s amended COPPA Rule, effective June 23, 2025, expanded “personal information” to include biometric identifiers such as voiceprints and facial patterns, added separate opt-in consent for third-party data sharing, and set data-retention and security obligations. The compliance deadline is April 22, 2026. For schools, the biometric change matters because AI tools increasingly process voice and image data from younger students.

Is there a federal AI law for schools?

No. There is no single federal AI law for education. Federal policy in 2025 and 2026 has emphasized promoting and funding AI adoption rather than governing it. The binding obligations remain the privacy and civil-rights statutes, FERPA, COPPA, PPRA, and the laws the Office for Civil Rights enforces, which apply to how AI handles student data and decisions regardless of the promotion push.

Can an AI tool create civil-rights liability for a school?

Yes. An AI system that produces discriminatory outcomes in admissions, discipline, or instruction can implicate civil-rights laws including Title VI, Title IX, Section 504, and the ADA. The duty not to discriminate attaches to the outcome, not the technology, so an institution cannot delegate that responsibility to a vendor’s algorithm. The exposure exists regardless of how enforcement priorities shift.

How does the EU AI Act treat education AI?

It treats several education uses as high-risk under Annex III: AI that determines admission or assignment, evaluates learning outcomes, assesses the appropriate level of education, or monitors students during tests. High-risk status brings obligations on risk management, data quality, logging, transparency, and human oversight. The Act is extraterritorial, so AI affecting students in the EU can be in scope.

Do state guidelines carry legal weight?

It varies. Most state AI guidance for K-12 is guidance rather than binding law, but it sets the operative expectations districts are measured against, and some states have moved toward policy requirements. More than half of US states have issued such guidance, converging on data privacy, academic integrity, equity, and human oversight, so for many institutions the practical governance bar lives in state guidance and local policy.

Can a security platform make my institution compliant?

No. A platform like Aurascape operationalizes and evidences AI compliance: it discovers AI use, enforces data controls at the prompt, governs agent tool calls, and produces audit-ready records. It complements, rather than replaces, the institution’s privacy obligations and vendor agreements. Compliance itself is a legal and regulatory determination that requires counsel and formal assessment.

How Aurascape Operationalizes Education AI Compliance Across Every AI Interaction

Aurascape’s Zero-Bypass MCP Gateway inspects, verifies, and signs every agent tool call before it executes, closing the gap the education frameworks leave open: autonomous agents acting through Model Context Protocol connections that existing SSE, SASE, and DLP controls never see. The platform discovers every AI app and agent including shadow AI, Embedded AI, and AI Copilots, classifies and controls FERPA-protected and other student data inline before it reaches an external tool, and produces the conversation-level audit records that student-privacy oversight and the EU AI Act expect for the AI layer.

For the agentic surface specifically, Secure Agentic AI adds adversarial testing and runtime guardrails across the full agent lifecycle, from pre-build Code Path and CVE Detection through Safe Output Governance at runtime. The platform sits alongside an existing SSE, SASE, or DLP stack and the institution’s existing controls rather than replacing them, and Auri gives compliance teams self-service, natural-language access to the evidence. Aurascape does not make an institution compliant or replace legal counsel. It operationalizes the AI controls and produces the proof that compliance and IT teams use to demonstrate the program is real.

This page is one of a set. For the cross-industry version, see AI Compliance Frameworks, Standards, and Governance for Enterprise AI.

---

Aurascape is the AI-native control layer for the one place the education compliance stack still goes blind: autonomous agents acting through tool calls your existing controls never see. Every deployment runs through a tailored demo with your security team.

See how Aurascape governs every AI interaction in the live path →