A free, public-facing district implementation template. Customize it for your community and start the real work.
Built for real classrooms and tested inside them — elementary classrooms, middle school syllabi, high school assignments, and family conversations. A real framework, moving into real schools.
This template is yours to use. Fill in your district information and the tool generates a personalized cover page — ready to copy, present to your board, and share with your community. No account required.
We update this template as AI policy evolves. Get notified when a new version drops.
The formatted template pastes directly into Google Docs or Word — fully editable by your team.
Guidelines adopted without stakeholder input don't stick. Here's a recommended process for making this template yours.
Policy = governing-body-adopted, formal, harder to amend. Used for provisions with legal weight, governance obligations, or state-mandated content.
Guidelines = administrative, updateable by the superintendent, head of school, or cabinet without a governing-body vote. Used for pedagogy, implementation details, and anything that needs to evolve as technology changes.
Most schools need both layers. The question is which content goes where.
"Governing body" means different things depending on your school type:
Wherever this guide says "board," read "your school's governing body." Where it says "state law," verify whether your school type is subject to that law.
AI moves faster than governance cycles. A school that codifies tier definitions, approved-tools lists, or classroom practices in formal policy will be amending policy 3–4 times a year just to keep up — expensive (board time, public notice, legal review) and slow.
But some provisions genuinely need governance-body adoption: anything with legal weight, anything that implements state law, anything that could be challenged in court, anything that affects students' due-process rights.
The hybrid approach — formal policy for the legal scaffolding, guidelines for the pedagogy and implementation — gives schools both legal defensibility and adaptability.
States requiring district AI policy adopted by the board: Ohio (HB 96 — policy by July 1, 2026), Tennessee.
States with state-level guidance expecting district implementation: California (SB 1288, Jan 2026), Virginia (EO 30), Washington, North Carolina, Colorado, Arizona, Michigan, Mississippi, and others.
States without AI-specific mandate (yet): Most remaining states — local decision.
Regardless of state posture, FERPA, COPPA, CIPA, and state-specific student-data-privacy laws (California AB 1584, Illinois SOPPA, New York Education Law § 2-d, Connecticut § 10-234aa, Colorado HB 16-1423) have compliance expectations that typically land in formal policy.
Eleven categories that most commonly need governing-body adoption. Starting-point sample language for each is below.
This template is published as guidelines because most of what's inside — tier definitions, the teacher playbook cross-link, FAQs, glossary, the Governance Committee cadence — needs to move faster than a board calendar allows. Where the template covers legal-weight content (§3 Prohibited Uses, §7 Data Security & Privacy, Breach Response, Family Notification), schools should mirror those specific sections into formal policy.
Pattern A — Guidelines with a Policy Mirror. Adopt these guidelines administratively. Draft a shorter parallel policy (2–4 pages) that the governing body adopts, covering the legal scaffolding. Guidelines reference the policy; policy references the guidelines.
Pattern B — Layered Sections within One Document. Adopt the whole document, but mark specific sections as "Adopted Policy" and others as "Administrative Guidelines." One document, two governance cadences.
For each section of your adoption, ask:
Starting-point clauses for each of the eleven policy categories above. Each is intentionally short, uses placeholders for state-specific references, and should be reviewed with counsel and adapted to your school's context before adoption.
Click each to expand.
The District complies with all [STATE] statutory requirements governing student use of personal wireless communication devices, social media platforms, and related technologies during the school day. Specific implementation practices — including grade-level variation, exceptions for educational use, emergencies, and documented medical need — are maintained in administrative guidelines and may be updated by the superintendent to reflect statutory changes.
Reference the specific [STATE] statute (e.g., Arizona ARS 15-120.05) in your adoption. Confirm your state's current requirements with counsel.
Only devices approved by District administration may be connected to the District network. District-provided computers, telecommunications, and network resources are to be used for educational purposes only. Electronic communications — including email, chat, internet activity, and on-screen content accessed through District systems — are not private and may be reviewed by authorized school personnel. The District may use instructional-technology tools, including classroom screen-viewing software, during instructional minutes to support teaching, learning, and classroom management. These tools are not used for continuous surveillance; student device activity may be reviewed when necessary to maintain a safe and effective learning environment.
Adapt monitoring disclosure language to match your district's actual practice. Student and family notice requirements vary by state.
The District complies with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Children's Internet Protection Act (CIPA), and [applicable STATE student-data-privacy law]. All educational technology vendors with access to student data or education records must be vetted through the District's technology approval process and must execute a Data Privacy Agreement before deployment.
Name the specific [STATE] statute (e.g., California AB 1584/SOPIPA, Illinois SOPPA, New York Education Law § 2-d, Colorado HB 16-1423). COPPA's 2025–2026 updates shift from opt-out to opt-in consent — verify your practice matches.
Data Privacy Agreements with educational technology vendors shall include, at minimum:
· Prohibition on use of student data to train, fine-tune, or improve vendor AI models
· Data retention limits and deletion requirements at end of contract
· Sub-processor disclosure (what other vendors receive the data)
· Breach notification within [72 hours] of vendor's discovery
· Data-return-and-deletion obligations on student offboarding or contract termination
· Jurisdictional and governing-law terms
Consider using the Student Data Privacy Consortium (SDPC) National DPA or your state-specific DPA template as a starting point. Adjust breach-notification window to match [STATE] statute.
Prohibited AI-Generated Content. Students shall not:
1. Create, share, request, or distribute AI-generated images, video, audio, or text that depicts or imitates a real person — including classmates, staff, or community members — without that person's verifiable consent. This includes deepfake images, synthetic voices, impersonation accounts, and fabricated statements, emails, or messages attributed to real people.
2. Create, knowingly possess, share, or distribute AI-generated sexual content depicting any person who is or appears to be a minor. This conduct is prohibited regardless of whether the depicted minor is real, is subject to mandatory reporting under federal and [STATE] law, and will be referred to law enforcement in every instance.
3. Use AI to generate, amplify, or distribute content intended to harass, threaten, defame, intimidate, or humiliate another person — or content that has the foreseeable effect of doing so — including content targeting any person or group on the basis of race, ethnicity, national origin, sex, gender, sexual orientation, age, disability, religion, or other protected class.
Educational exception. AI-generated content may be analyzed, discussed, or produced in classroom contexts for clearly educational purposes when the use is directed or approved by a teacher and does not depict identifiable real people in a damaging way.
Enforcement. Violations may result in disciplinary consequences under this policy and, in cases involving deepfakes, non-consensual intimate imagery, sexual content depicting minors, threats, or harassment, may be reported to law enforcement under applicable federal and [STATE] law.
Three enumerated clauses cover general deepfake/impersonation, AI-generated CSAM (with "knowingly possess" and mandated-reporter language), and AI-enabled harassment. The educational exception protects legitimate classroom work. The enforcement paragraph references federal and state law without overclaiming institutional obligation under the TAKE IT DOWN Act.
Violations of this policy may result in disciplinary consequences consistent with the District's student code of conduct, up to and including suspension and expulsion. Consequences may also include loss of access to District technology resources, mandatory educational response, and — in cases involving conduct that violates federal or [STATE] criminal law — referral to law enforcement. All disciplinary action is subject to the District's due-process procedures.
Cross-reference your specific district code-of-conduct policy and due-process procedure documents.
The District will notify families, at least annually and when material changes occur, of: (a) the student-facing AI tools approved for classroom use; (b) the categories of student data shared with those tools; and (c) the Data Privacy Agreements in place. Families may submit a written request for narrow opt-outs — including opting out of a specific named AI tool for a specific assignment, opting out of AI-assisted feedback on a student's written work, or declining participation in an optional AI pilot. Families may not opt students out of AI embedded in district-required systems (accessibility tools, learning-management systems, state-required assessment platforms). Students who opt out of narrow uses are not penalized academically; equivalent alternatives are provided where reasonably practicable.
Where [STATE] law mandates specific opt-out procedures, conform to those requirements. The underlying principle: opt-out is narrow and deliverable, not blanket.
A data breach is any unauthorized access, use, or disclosure of student or staff data — including AI-tool incidents such as PII entered into an unapproved tool, credential compromise, or vendor security incidents. Suspected breaches must be reported immediately. The District privacy officer and IT director are notified within [24 hours] of discovery; affected students and families are notified consistent with [STATE breach-notification law]; where required by law, state authorities and law enforcement are notified. The incident is documented for annual policy review.
Adapt timelines to match [STATE] breach-notification statute. Consult counsel before final adoption.
Student data retained by the District or held by approved educational technology vendors on the District's behalf is retained only as long as necessary for the educational purpose and in accordance with the District's records-retention schedule. AI chat logs generated by student interactions with approved AI tools are retained for [90 days] unless subject to an active investigation or legal hold. Vendor-held student data shall be deleted within [30 days] of contract termination or student offboarding, consistent with the vendor's Data Privacy Agreement. Student data must not be retained by vendors for AI model training, fine-tuning, or product development.
Align retention periods with [STATE] records-retention statute and your existing district retention schedule.
Visitors, students, and staff may not use personal or District-owned electronic devices to surreptitiously photograph, record, transmit, or post images, audio, video, or personally identifiable information of others at school, on District transportation, or at school-related activities. Where photography or recording is approved for educational purposes, participants must protect the privacy of those depicted — obtaining consent before recording or posting, framing to exclude unintended individuals, and avoiding public identification of students or staff without prior permission. Creating, possessing, or sharing AI-generated images, audio, or video depicting a real student, staff member, or community member is governed by the Prohibited AI-Generated Content provisions above.
Cross-reference your Title IX policy and bullying/harassment policy.
Students, families, and staff are entitled to the District's standard due-process procedures when facing significant consequences arising from this policy — including notice of the alleged conduct, opportunity to respond, and fair review. When AI-related evidence is considered (including but not limited to AI-detector output), it serves as one data point among multiple sources. Final determinations rest on professional judgment, the full evidentiary record, and applicable due-process protections.
Cross-reference your district's due-process, discipline, and academic-integrity procedures.
Verified April 20, 2026. State and federal law are evolving rapidly — verify citations against your state's current statutes and consult counsel before adoption. This companion is reviewed annually alongside the template.