AI Governance in K-12 Education

Why AI Governance Matters Now

In the 2024-25 school year, over 70% of U.S. teachers reported that students were already using generative AI tools, according to surveys from the RAND Corporation and the Pew Research Center. Most districts had no formal policy in place.

The result was predictable: inconsistent use from classroom to classroom, unanswered questions about student data, and administrators with no visibility into what was happening. Some teachers embraced AI as a learning tool. Others banned it entirely. Neither approach was governed.

AI governance is not about choosing to allow or ban AI. It is about building the system that lets a district make deliberate, enforceable decisions about how AI is used in every classroom, for every student, every day.

What uncontrolled AI adoption looks like

• Teachers using free AI tools that have no data processing agreements with the district
• Students entering personally identifiable information into consumer AI products
• No audit trail for how AI-generated content is being used in grading or instruction
• Administrators unable to answer board or parent questions about AI use
• Inconsistent student experiences depending on which teacher they have

A Practical Governance Framework

Effective AI governance in K-12 operates at four levels. Each level has distinct responsibilities, and the system only works when all four are connected.

Most districts get stuck between Level 1 and Level 2. They write a policy but have no mechanism to enforce it at the technical level. The policy sits in a binder or a PDF. Teachers are left to interpret it on their own. This is the gap that governance platforms are designed to close.

Federal Law: FERPA, COPPA, and Section 504

Three federal laws form the baseline for any AI governance framework in K-12. Districts cannot delegate responsibility for these — they apply regardless of which AI vendor is involved.

FERPA (Family Educational Rights and Privacy Act)

FERPA protects the privacy of student education records. When an AI tool processes, stores, or generates content based on student data, FERPA applies. Key requirements for districts:

• Legitimate educational interest. AI tools can only access student records if the district determines there is a legitimate educational interest, typically through a designated school official designation in the vendor agreement.
• Direct control. The district must maintain direct control over how the vendor uses student data. This means a signed data processing agreement (DPA) with specific terms about data use, retention, and deletion.
• Annual notification. Parents must be notified annually about the types of information the district discloses and to whom, including AI tool vendors.
• No re-disclosure. Vendors cannot share student data with third parties without the district's explicit authorization.

COPPA (Children's Online Privacy Protection Act)

COPPA applies when online services (including AI tools) collect personal information from children under 13. In school settings, teachers can consent on behalf of parents, but only if the data is used solely for educational purposes. Districts must:

• Verify that AI tools have COPPA-compliant privacy practices
• Ensure parental consent mechanisms exist for non-educational data use
• Confirm that the tool does not use children's data for advertising or profiling

Section 504 and IDEA

AI tools deployed in classrooms must be accessible to students with disabilities. This means:

• AI interfaces must work with screen readers and assistive technology
• Content generated by AI must be available in accessible formats
• AI-driven recommendations or groupings cannot discriminate against students with IEPs or 504 plans
• Districts must evaluate whether AI tools provide equivalent access across all learner populations

State AI Education Policy Landscape

The state policy landscape is moving fast. Since 2023, more than 30 states have introduced legislation addressing AI in education. Requirements vary significantly:

States with enacted AI education legislation

• California (AB 2885, 2024). Requires the California Department of Education to develop guidance on the use of AI in public schools, including recommendations for AI literacy and ethical use.
• Virginia (HB 2094, 2024). Directs the Department of Education to develop guidelines for AI use in K-12, focusing on student data privacy and teacher training.
• Texas (HB 1709, 2023). Requires the Texas Education Agency to study AI use in public schools and develop policy recommendations for districts.
• Ohio (HB 96, 2024). Mandates that school districts develop acceptable use policies for AI tools and provide AI literacy instruction.
• Illinois (HB 3563, 2024). Establishes requirements for transparency in AI-driven educational tools and student data protections.
• Colorado (SB 24-205, 2024). Addresses AI-driven decision-making in educational settings, requiring impact assessments for high-risk AI systems.
• Connecticut (SB 1103, 2024). Creates an AI task force for education and requires districts to disclose AI tool use to parents.

Common state requirements

While specific mandates vary, most state legislation addresses one or more of these areas:

• AI acceptable use policies. Districts must adopt formal policies governing AI use by staff and students.
• AI literacy standards. Students must receive instruction on what AI is, how it works, and how to use it responsibly.
• Transparency and disclosure. Districts must inform parents about which AI tools are in use and how student data is handled.
• Teacher professional development. Educators must receive training on AI tools, governance policies, and integration strategies.
• Vendor vetting and procurement. New processes for evaluating and approving AI tools before they enter classrooms.

Implementing AI Governance: A Practical Roadmap

Building a governance system is not a one-time project. It is an ongoing operational commitment. Here is a practical sequence for districts getting started:

Phase 1: Assessment (Weeks 1-4)

• Inventory all AI tools currently in use across the district (authorized and unauthorized)
• Review existing acceptable use policies and identify gaps for AI
• Assess current data processing agreements with technology vendors
• Survey teachers on current AI use and training needs
• Identify state and local requirements that apply

Phase 2: Policy Development (Weeks 4-8)

• Draft or update the district AI acceptable use policy
• Establish the AI tool vetting and approval process
• Define roles and responsibilities (who approves tools, who configures controls, who monitors use)
• Create communication templates for parents, teachers, and board members
• Set the governance review cadence (quarterly is common for AI given the pace of change)

Phase 3: Technical Implementation (Weeks 8-16)

• Select and deploy governance tools that connect policy to classroom controls
• Configure access levels, content filters, and monitoring for approved AI tools
• Establish data routing to ensure student information stays within compliant systems
• Set up reporting dashboards for administrators
• Test controls with a pilot group of teachers before district-wide rollout

Phase 4: Training and Launch (Weeks 12-20)

• Train teachers on the governance system, approved tools, and classroom controls
• Train administrators on monitoring, reporting, and escalation procedures
• Communicate with parents about the district's approach to AI
• Launch governance system with ongoing support channels

Phase 5: Ongoing Governance (Continuous)

• Review usage data and compliance reports monthly
• Update policies as state and federal guidance evolves
• Re-evaluate approved tool list quarterly
• Gather teacher feedback and adjust controls based on classroom needs
• Report to the board on AI governance status annually

Policy vs. Governance: Understanding the Difference

This distinction matters because most districts have invested in the policy side but not the governance side. Here is how they differ:

Policy is the document. It states the district's rules, expectations, and boundaries for AI use. It is approved by the board, published for staff and parents, and updated periodically. A policy answers the question: What do we allow?

Governance is the system. It includes the technical controls, monitoring tools, reporting processes, and feedback loops that make the policy operational. Governance answers the question: How do we enforce, monitor, and improve what we allow?

This is the problem Beni was built to solve. Policy Cards turn policy language into configurable technical controls. Teacher Controls give educators the ability to deploy those controls for specific lessons and assignments. Compliance reporting gives administrators real-time visibility. The policy stays in the boardroom. The governance runs in the classroom.