40+
Schools
Already At Work

These guidelines are rolling out into classrooms.

Built for real classrooms and tested inside them — elementary classrooms, middle school syllabi, high school assignments, and family conversations. A real framework, moving into real schools.

What's in This Template
13 sections — ready to adopt, adapt, or present to your board
01
Vision
Core principles and district commitment to responsible AI.
02
5 AI Use Tiers
Assignment-level framework from no AI through full exploration.
03
Student Acceptable Use Rules
Concrete rules on PII, deepfakes, impersonation, testing, and consequences.
04
Educator Guidance
How teachers can use AI to support — not automate — their work.
05
Standards Alignment
ISTE Standards for Students mapped to AI literacy goals.
06
Digital Literacy
Teaching digital citizenship alongside AI literacy.
07
Data Security & Privacy
FERPA, COPPA, PII protections, and approved tool vetting.
08
Academic Integrity
Transparency over detection — teaching students to work ethically with AI.
09
Risks & Ethics
Misinformation, bias, deepfakes, equity, and implementation challenges.
10
FAQs
16 questions from parents, teachers, and administrators.
11
Glossary
41 key terms — from LLMs to vendor vetting.
12
Resources
27 frameworks, standards, and research sources.
13
After Adoption
What comes next — structure, training, programs, and Phase 2.
Step 1
Create your draft
Interactive — Try It
Customize for Your District
Generate a complete working draft of the K–12 Student AI Use Guidelines for your school or district.

This template is yours to use. Fill in your district information and the tool generates a personalized cover page — ready to copy, present to your board, and share with your community. No account required.

2
Implement it
9 steps to take this template from draft to district-wide adoption

Guidelines adopted without stakeholder input don't stick. Here's a recommended process for making this template yours.

1
Form a Review Committee
Include teachers across grade bands, administrators, parents, students (if age-appropriate), school counselors, and IT/data privacy staff. Diverse perspectives surface blind spots.
2
Read the Template as a Team
Focus discussion on the tiers, academic integrity, and data privacy sections — these generate the most debate. Use the FAQs to anticipate parent and teacher questions.
3
Customize the [ADAPT] Sections
Fill in your approved AI tools list, feedback contact, and any local policy language. Use the customization tool above to generate your cover page. Align language with your existing academic integrity and technology use policies.
4
Pilot with a Small Group
Test with 2–3 teachers across different grade bands for one quarter before full rollout. Collect feedback on what's clear, what's confusing, and what's missing. Adjust before scaling.
5
Communicate to Families
Share the guidelines publicly — this framework is designed to create shared language between teachers, students, and parents. Use the parent FAQs as the basis for family communication. Consider a parent night or newsletter.
6
Train Staff
Professional development on the tier system, documentation expectations, and the AI Classroom Toolkit. Teachers need practical tools, not just policy documents. Focus on shifting from policing misuse to mentoring responsible use.
7
Set a Review Cycle
Plan to revisit annually. AI tools and research evolve rapidly — your guidelines must keep pace. Assign an owner. Schedule the review before school starts, not after problems emerge.
8
Share It Widely
These guidelines work best when everyone sees them. Consider: posting the full document on your district website, printing a one-page tier summary for classroom walls, including the link in back-to-school packets, adding it to your family handbook, and referencing it in syllabi and assignment sheets. The shared language only works if it's actually shared.
9
Connect to Phase 2
Guidelines are the starting line, not the finish. The Intelligent Technology in Education Framework provides the instructional system for what comes next — building the cognitive capacities that make good AI use possible.
Need governance language for formal board adoption? The Policy vs. Guidelines Companion below includes eleven starting-point policy clauses — including deepfake / CSAM / harassment language, DPA requirements, breach response, retention, and due process — with adaptation notes for your state.
§
Policy vs. Guidelines — Companion Guide
How to decide which content belongs in formal policy vs. administrative guidelines · 11 sample clauses · starting-point language
The short version

Policy = governing-body-adopted, formal, harder to amend. Used for provisions with legal weight, governance obligations, or state-mandated content.

Guidelines = administrative, updateable by the superintendent, head of school, or cabinet without a governing-body vote. Used for pedagogy, implementation details, and anything that needs to evolve as technology changes.

Most schools need both layers. The question is which content goes where.

A note on governance structures

"Governing body" means different things depending on your school type:

  • Public districts — elected school board; subject to state-mandated policy requirements.
  • Public charter schools — charter board; hybrid public/private obligations vary by state.
  • Independent / private schools — Board of Trustees; few state mandates (FERPA applies only if federally funded; COPPA always applies). Policy vs. guidelines is a governance-maturity choice rather than a legal necessity, though still important for insurance, accreditation, and litigation risk.
  • Parochial / diocesan schools — policy frequently sits at the diocese level, with the individual school operating under administrative guidelines within that framework.
  • Proprietary / micro-schools — often no formal board; head of school is the authority. The policy/guidelines distinction may be less formal, but the legal-exposure items still apply.

Wherever this guide says "board," read "your school's governing body." Where it says "state law," verify whether your school type is subject to that law.

Why the distinction matters

AI moves faster than governance cycles. A school that codifies tier definitions, approved-tools lists, or classroom practices in formal policy will be amending policy 3–4 times a year just to keep up — expensive (board time, public notice, legal review) and slow.

But some provisions genuinely need governance-body adoption: anything with legal weight, anything that implements state law, anything that could be challenged in court, anything that affects students' due-process rights.

The hybrid approach — formal policy for the legal scaffolding, guidelines for the pedagogy and implementation — gives schools both legal defensibility and adaptability.

State law considerations

States requiring district AI policy adopted by the board: Ohio (HB 96 — policy by July 1, 2026), Tennessee.

States with state-level guidance expecting district implementation: California (SB 1288, Jan 2026), Virginia (EO 30), Washington, North Carolina, Colorado, Arizona, Michigan, Mississippi, and others.

States without AI-specific mandate (yet): Most remaining states — local decision.

Regardless of state posture, FERPA, COPPA, CIPA, and state-specific student-data-privacy laws (California AB 1584, Illinois SOPPA, New York Education Law § 2-d, Connecticut § 10-234aa, Colorado HB 16-1423) have compliance expectations that typically land in formal policy.

What typically belongs in policy

Eleven categories that most commonly need governing-body adoption. Starting-point sample language for each is below.

  1. State statutory compliance (cell-phone restrictions, social media restrictions, age-appropriate use rules). Why: State laws increasingly mandate specific school practices — Arizona ARS 15-120.05 on cell phones is one example. Codifying statutory compliance in policy anchors the school's practice to the authority of the law.
  2. Operational device rules, monitoring rights, and classroom screen-viewing software disclosures. Why: Rules about school-provided devices, acceptable use, and monitoring practices affect privacy expectations and due process. Notice is stronger when it comes from formally adopted policy.
  3. Data privacy and vendor vetting (FERPA / COPPA / state-specific). Why: Federal and state laws expect documented compliance programs. Policy provides the scaffolding that survives audit and legal challenge.
  4. Required Data Privacy Agreement (DPA) clauses. Why: Contract requirements for vendors handling student data are legally binding. Codifying non-negotiables (no training on student data, retention limits, sub-processor disclosure, breach notification) ensures every procurement decision meets the same standard.
  5. Prohibited uses — deepfakes, CSAM, harassment, impersonation. Why: These carry criminal exposure under federal (TAKE IT DOWN Act, 2025) and state laws. Specific prohibited-act language gives counsel a clean enforcement basis. General "obscene / threatening" catch-all language is no longer sufficient for defensible enforcement.
  6. Consequences and enforcement. Why: Disciplinary consequences and the enforcement pathway must be clearly established to survive due-process challenge. Formal policy establishes authority, scope, and process.
  7. Family notification and opt-out rights (where state law mandates). Why: Several states and the updated COPPA (2025–2026 opt-in shift) require specific notification and consent procedures. Governing-body adoption ensures consistent application and documented compliance.
  8. Breach response and notification timelines. Why: State breach-notification laws impose specific timelines — often 24 to 72 hours from discovery. Policy codifies who acts, when, and whom to notify, protecting the school in a time-sensitive situation.
  9. Record retention and deletion. Why: Education record retention is governed by federal (FERPA) and state law. Formal policy establishes the retention schedule and provides legal cover when records are destroyed on that schedule.
  10. Photography / recording consent (Title IX, privacy-adjacent). Why: Image use, recording rights, and consent practices have ballooned with phones and AI-generated content. Policy establishes baseline expectations that protect both students and the school.
  11. Anything affecting student due process. Why: Substantive rights that could lead to suspension, expulsion, or other serious consequence must be codified in policy. Procedural due process requires clear, publicly-available rules.
What typically belongs in guidelines
  • Tier definitions, examples, assignment-level selection
  • Teacher misuse response playbook
  • Classroom practices and scaffolds
  • Professional development approach
  • AI literacy scope and sequence
  • FAQs (parents / teachers / admins)
  • Glossary
  • Approved-tools lists (change frequently)
  • Implementation timeline and phases
How this template is structured

This template is published as guidelines because most of what's inside — tier definitions, the teacher playbook cross-link, FAQs, glossary, the Governance Committee cadence — needs to move faster than a board calendar allows. Where the template covers legal-weight content (§3 Prohibited Uses, §7 Data Security & Privacy, Breach Response, Family Notification), schools should mirror those specific sections into formal policy.

Pattern A — Guidelines with a Policy Mirror. Adopt these guidelines administratively. Draft a shorter parallel policy (2–4 pages) that the governing body adopts, covering the legal scaffolding. Guidelines reference the policy; policy references the guidelines.

Pattern B — Layered Sections within One Document. Adopt the whole document, but mark specific sections as "Adopted Policy" and others as "Administrative Guidelines." One document, two governance cadences.

A decision worksheet

For each section of your adoption, ask:

  1. Does state or federal law require this in formal policy? → if yes, policy.
  2. Does this affect due-process rights, enforcement, or data-privacy obligations? → if yes, policy.
  3. Is this likely to need changes 2+ times per school year? → if yes, guidelines.
  4. Is this a pedagogical or implementation detail? → if yes, guidelines.
  5. When in doubt, consult your counsel.

Sample Policy Language — Starting Points

Starting-point clauses for each of the eleven policy categories above. Each is intentionally short, uses placeholders for state-specific references, and should be reviewed with counsel and adapted to your school's context before adoption.

Click each to expand.

01State statutory compliance
The District complies with all [STATE] statutory requirements governing student use of personal wireless communication devices, social media platforms, and related technologies during the school day. Specific implementation practices — including grade-level variation, exceptions for educational use, emergencies, and documented medical need — are maintained in administrative guidelines and may be updated by the superintendent to reflect statutory changes.

Reference the specific [STATE] statute (e.g., Arizona ARS 15-120.05) in your adoption. Confirm your state's current requirements with counsel.

02Operational device rules, monitoring rights, classroom screen-viewing disclosures
Only devices approved by District administration may be connected to the District network. District-provided computers, telecommunications, and network resources are to be used for educational purposes only. Electronic communications — including email, chat, internet activity, and on-screen content accessed through District systems — are not private and may be reviewed by authorized school personnel. The District may use instructional-technology tools, including classroom screen-viewing software, during instructional minutes to support teaching, learning, and classroom management. These tools are not used for continuous surveillance; student device activity may be reviewed when necessary to maintain a safe and effective learning environment.

Adapt monitoring disclosure language to match your district's actual practice. Student and family notice requirements vary by state.

03Data privacy and vendor vetting (FERPA / COPPA / state-specific)
The District complies with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Children's Internet Protection Act (CIPA), and [applicable STATE student-data-privacy law]. All educational technology vendors with access to student data or education records must be vetted through the District's technology approval process and must execute a Data Privacy Agreement before deployment.

Name the specific [STATE] statute (e.g., California AB 1584/SOPIPA, Illinois SOPPA, New York Education Law § 2-d, Colorado HB 16-1423). COPPA's 2025–2026 updates shift from opt-out to opt-in consent — verify your practice matches.

04Required Data Privacy Agreement (DPA) clauses
Data Privacy Agreements with educational technology vendors shall include, at minimum:
· Prohibition on use of student data to train, fine-tune, or improve vendor AI models
· Data retention limits and deletion requirements at end of contract
· Sub-processor disclosure (what other vendors receive the data)
· Breach notification within [72 hours] of vendor's discovery
· Data-return-and-deletion obligations on student offboarding or contract termination
· Jurisdictional and governing-law terms

Consider using the Student Data Privacy Consortium (SDPC) National DPA or your state-specific DPA template as a starting point. Adjust breach-notification window to match [STATE] statute.

05Prohibited uses — deepfakes, CSAM, harassment, impersonation
Prohibited AI-Generated Content. Students shall not:

1. Create, share, request, or distribute AI-generated images, video, audio, or text that depicts or imitates a real person — including classmates, staff, or community members — without that person's verifiable consent. This includes deepfake images, synthetic voices, impersonation accounts, and fabricated statements, emails, or messages attributed to real people.

2. Create, knowingly possess, share, or distribute AI-generated sexual content depicting any person who is or appears to be a minor. This conduct is prohibited regardless of whether the depicted minor is real, is subject to mandatory reporting under federal and [STATE] law, and will be referred to law enforcement in every instance.

3. Use AI to generate, amplify, or distribute content intended to harass, threaten, defame, intimidate, or humiliate another person — or content that has the foreseeable effect of doing so — including content targeting any person or group on the basis of race, ethnicity, national origin, sex, gender, sexual orientation, age, disability, religion, or other protected class.

Educational exception. AI-generated content may be analyzed, discussed, or produced in classroom contexts for clearly educational purposes when the use is directed or approved by a teacher and does not depict identifiable real people in a damaging way.

Enforcement. Violations may result in disciplinary consequences under this policy and, in cases involving deepfakes, non-consensual intimate imagery, sexual content depicting minors, threats, or harassment, may be reported to law enforcement under applicable federal and [STATE] law.

Three enumerated clauses cover general deepfake/impersonation, AI-generated CSAM (with "knowingly possess" and mandated-reporter language), and AI-enabled harassment. The educational exception protects legitimate classroom work. The enforcement paragraph references federal and state law without overclaiming institutional obligation under the TAKE IT DOWN Act.

06Consequences and enforcement
Violations of this policy may result in disciplinary consequences consistent with the District's student code of conduct, up to and including suspension and expulsion. Consequences may also include loss of access to District technology resources, mandatory educational response, and — in cases involving conduct that violates federal or [STATE] criminal law — referral to law enforcement. All disciplinary action is subject to the District's due-process procedures.

Cross-reference your specific district code-of-conduct policy and due-process procedure documents.

07Family notification and opt-out rights
The District will notify families, at least annually and when material changes occur, of: (a) the student-facing AI tools approved for classroom use; (b) the categories of student data shared with those tools; and (c) the Data Privacy Agreements in place. Families may submit a written request for narrow opt-outs — including opting out of a specific named AI tool for a specific assignment, opting out of AI-assisted feedback on a student's written work, or declining participation in an optional AI pilot. Families may not opt students out of AI embedded in district-required systems (accessibility tools, learning-management systems, state-required assessment platforms). Students who opt out of narrow uses are not penalized academically; equivalent alternatives are provided where reasonably practicable.

Where [STATE] law mandates specific opt-out procedures, conform to those requirements. The underlying principle: opt-out is narrow and deliverable, not blanket.

08Breach response and notification timelines
A data breach is any unauthorized access, use, or disclosure of student or staff data — including AI-tool incidents such as PII entered into an unapproved tool, credential compromise, or vendor security incidents. Suspected breaches must be reported immediately. The District privacy officer and IT director are notified within [24 hours] of discovery; affected students and families are notified consistent with [STATE breach-notification law]; where required by law, state authorities and law enforcement are notified. The incident is documented for annual policy review.

Adapt timelines to match [STATE] breach-notification statute. Consult counsel before final adoption.

09Record retention and deletion
Student data retained by the District or held by approved educational technology vendors on the District's behalf is retained only as long as necessary for the educational purpose and in accordance with the District's records-retention schedule. AI chat logs generated by student interactions with approved AI tools are retained for [90 days] unless subject to an active investigation or legal hold. Vendor-held student data shall be deleted within [30 days] of contract termination or student offboarding, consistent with the vendor's Data Privacy Agreement. Student data must not be retained by vendors for AI model training, fine-tuning, or product development.

Align retention periods with [STATE] records-retention statute and your existing district retention schedule.

10Photography / recording consent
Visitors, students, and staff may not use personal or District-owned electronic devices to surreptitiously photograph, record, transmit, or post images, audio, video, or personally identifiable information of others at school, on District transportation, or at school-related activities. Where photography or recording is approved for educational purposes, participants must protect the privacy of those depicted — obtaining consent before recording or posting, framing to exclude unintended individuals, and avoiding public identification of students or staff without prior permission. Creating, possessing, or sharing AI-generated images, audio, or video depicting a real student, staff member, or community member is governed by the Prohibited AI-Generated Content provisions above.

Cross-reference your Title IX policy and bullying/harassment policy.

11Anything affecting student due process
Students, families, and staff are entitled to the District's standard due-process procedures when facing significant consequences arising from this policy — including notice of the alleged conduct, opportunity to respond, and fair review. When AI-related evidence is considered (including but not limited to AI-detector output), it serves as one data point among multiple sources. Final determinations rest on professional judgment, the full evidentiary record, and applicable due-process protections.

Cross-reference your district's due-process, discipline, and academic-integrity procedures.

Verified April 20, 2026. State and federal law are evolving rapidly — verify citations against your state's current statutes and consult counsel before adoption. This companion is reviewed annually alongside the template.