A School Leader's Guide to the Generative AI Product Safety Standards
Ask.School is an AI-powered parent communication platform for UK schools that meets all 14 requirements of the Generative AI Product Safety Standards. The UK government published these standards to set a clear safety baseline for any generative AI product used in education, and every school AI policy should reference them. For school leaders who need to evaluate, procure or govern AI tools, understanding what the standards require is no longer optional — it is a core part of safeguarding and compliance.
Ask.School has put together a walkthrough of each of the 14 requirements in plain language, explaining what they mean for schools in practice and providing specific questions to ask any AI vendor. It is designed as a companion to the overview of what the standards mean for schools, which covers the broad themes. The sections below go deeper into each individual requirement. For school leaders building an AI evaluation framework, the procurement checklist for AI tools provides a ready-to-use scoring template.
The Generative AI Product Safety Standards were published by the Department for Education alongside existing statutory guidance including Keeping Children Safe in Education (KCSIE) and the DfE guidance on generative AI in education. Together, these documents form the regulatory framework that schools must navigate. Schools that already comply with KCSIE will find many familiar themes, but the safety standards introduce specific technical requirements that go beyond what KCSIE covers.
Why do the 14 requirements matter for school leaders?
The 14 requirements matter because they translate high-level safeguarding principles into concrete, testable criteria. A school’s existing KCSIE obligations require filtering, monitoring and age-appropriate safeguards, but they do not specify what those look like inside an AI product. The safety standards fill that gap. They give school leaders a shared language for procurement conversations and a basis for holding vendors accountable.
Critically, these are not aspirational guidelines. The standards describe the minimum expectations for any AI product deployed in an educational setting. If a vendor’s product does not meet them, it should not be used with children. Schools that deploy non-compliant tools risk both a safeguarding failure and regulatory exposure during an Ofsted inspection. For guidance on how inspectors may approach this topic, see the guide on how to answer Ofsted questions about AI in your school.
The sections below address each requirement in turn. For each one, the guide explains what the requirement says, what it means in practice, what questions to ask a vendor, and how Ask.School meets the standard.
Requirement 1: What does “safety by design” mean for AI in schools?
What the standard says: AI products must prioritise transparency and children’s safety in their design from the outset. Developers must build in technical and operational mitigations for identified risks before release, not after.
What this means for schools: Safety by design means the product was built with education safeguarding in mind from the start. It was not a consumer product that was later adapted for schools. The distinction matters because retrofitting safety controls onto an AI system originally designed for adults rarely produces the same level of protection as building those controls into the architecture from day one.
Schools should look for evidence that the vendor conducted a risk assessment specific to education before development began, and that the product was tested with users who represent the age groups and needs of a school community.
Questions to ask a vendor:
- Was this product designed specifically for use in UK schools, or was it adapted from a consumer or enterprise product?
- Can you share the risk assessment that was completed before development?
- Was the product tested with a realistic and diverse range of school-age users before release?
- How do you identify and mitigate new risks as they emerge?
How Ask.School meets this requirement: Ask.School was designed from the ground up for UK schools. The product architecture was built around KCSIE obligations and the safety standards from its earliest design phase. Risk assessments specific to education settings informed every design decision, and the platform was tested with school communities before launch.
Requirement 2: How should AI products handle content filtering in schools?
What the standard says: AI products must effectively and reliably prevent users from accessing harmful or inappropriate content. Filtering must be context-aware, adjusted for age and special educational needs, and updated to address emerging harms.
What this means for schools: This requirement goes well beyond a simple keyword blocklist. The filtering must understand context — the same word can be harmless in one context and harmful in another. It must also be calibrated for the specific age group using the product. A filter suitable for sixth-form students is not necessarily appropriate for Year 3 pupils.
For schools already working to meet KCSIE filtering and monitoring requirements, this standard reinforces that AI tools must be held to the same filtering expectations as the school’s broader network. General-purpose AI chatbots designed for adults are unlikely to meet this bar, even if they have some form of content moderation in place.
Schools should also consider how the vendor keeps filters current. New harmful content trends emerge regularly, and a static filter that was adequate at launch may have gaps within months.
Questions to ask a vendor:
- How does your content filtering work — is it keyword-based, context-aware, or something else?
- Is the filtering calibrated for specific age groups, and can it be adjusted for different year groups within the same school?
- How often is the filtering updated to address new and emerging harms?
- How does the product handle content that is appropriate in one educational context but not another?
- Can you provide test results or third-party validation of your filtering effectiveness?
How Ask.School meets this requirement: Ask.School chatbots respond only from school-approved knowledge bases. The AI does not generate open-ended content from the internet or from a general-purpose language model without guardrails. Every response is grounded in content that the school has reviewed and approved, which provides a fundamentally different filtering model from consumer AI tools. The system also applies context-aware safety layers — detailed in the chatbot guardrails documentation — that are updated regularly as new risks are identified.
Requirement 3: What are the rules on anthropomorphism in school AI tools?
What the standard says: AI products must not anthropomorphise the system. They should avoid using human names, avatars, or conversational behaviours that imply the AI is a person. Developers should use function-based phrasing that describes what the system does, rather than presenting it as a personality.
What this means for schools: Research indicates that children can form emotional attachments to AI systems that present themselves as human-like. This is a safeguarding concern because it can blur the line between machine-generated responses and genuine human support. A child who believes they are talking to a person may disclose sensitive information with different expectations about confidentiality, empathy and follow-up.
Schools should examine whether an AI product uses a human name (e.g. “Hi, I’m Sophie, your school assistant”), uses a realistic avatar, or uses first-person language (“I think you should…”). All of these create an impression of personhood that the standards explicitly prohibit.
Questions to ask a vendor:
- Does the product use a human name, avatar, or personality?
- Does it use first-person language or conversational patterns that imply it is a person?
- How does the product make clear to users that they are interacting with an AI system?
- Are there regular reminders within conversations that the system is not human?
How Ask.School meets this requirement: Ask.School chatbots are clearly identified as AI-powered systems. They do not use human names or avatars. Responses use function-based language (“This information is from your school’s admissions policy”) rather than personality-driven phrasing. The system includes clear indicators that the user is interacting with an automated tool, not a person.
Requirement 4: How should AI products support learning rather than replace it?
What the standard says: Products should implement progressive disclosure of information, starting with hints or partial steps rather than providing complete answers by default. The aim is to support learning, not to replace the process of working through a problem.
What this means for schools: This requirement is primarily aimed at AI tools used directly in teaching and learning, such as homework helpers and revision assistants. The principle is that simply giving a student the answer undermines the educational purpose of the task. AI tools should scaffold learning by offering prompts, partial information and guidance rather than complete solutions.
For tools used in school administration and parent communication, this requirement is less directly applicable, but the underlying principle still holds: AI should augment human processes, not replace them. The DfE guidance on generative AI in education reinforces this by stating that technology should not replace the valuable relationship between teachers and pupils, or between schools and families.
Questions to ask a vendor:
- If this is a student-facing tool, does it provide full answers or does it scaffold learning through progressive disclosure?
- How does the product ensure that AI assistance supports rather than replaces the learning process?
- Can teachers configure the level of assistance the tool provides?
How Ask.School meets this requirement: Ask.School is a parent communication tool, not a homework helper. It provides factual information from the school’s knowledge base in response to parent queries. Where a question requires human judgement or a conversation with a member of staff, the chatbot directs the parent to the appropriate contact rather than attempting to handle the matter itself. This approach ensures the AI supports the school’s communication processes without replacing human relationships.
Requirement 5: What mental health safeguards must AI products include?
What the standard says: AI products must be able to detect negative emotional cues, references to self-harm, and isolation language. When these are identified, the system must direct users to appropriate human support. AI systems must never suggest secrecy.
What this means for schools: This is one of the most significant requirements in the standards. If a child interacting with an AI tool expresses distress, mentions self-harm, or uses language that suggests they are isolated or at risk, the system must respond appropriately. That means directing the user to a trusted adult, a helpline, or the school’s safeguarding team — not attempting to provide counselling or emotional support itself.
The prohibition on suggesting secrecy is absolute. A response such as “this is just between us” or “you don’t need to tell anyone else” from an AI system could prevent a child from seeking help. Products must be designed to do the opposite: encourage openness and disclosure to trusted adults.
For designated safeguarding leads, this requirement connects directly to the school’s broader safeguarding monitoring obligations. The AI tool should not only respond appropriately in the moment but also alert safeguarding staff to concerning interactions so that follow-up can take place.
Questions to ask a vendor:
- How does the product detect expressions of distress, self-harm, or isolation?
- What happens when such language is detected — what does the user see, and who is alerted?
- Can the system ever suggest secrecy or discourage the user from speaking to someone?
- Does the product alert our designated safeguarding lead to concerning interactions?
- How is the detection system tested and validated?
How Ask.School meets this requirement: Ask.School includes safeguarding detection that identifies concerning language patterns across all conversations. When a potential safeguarding concern is detected, the system provides age-appropriate signposting to trusted adults and support services. Simultaneously, the school’s designated safeguarding lead receives an alert with the relevant conversation detail, as described in the safeguarding alerts documentation. The system is designed never to suggest secrecy and always to encourage users to speak to a trusted adult. All safeguarding responses are logged for review.
Requirement 6: What are the rules on manipulation and engagement mechanics?
What the standard says: AI products must not use manipulative strategies including sycophancy, fear-based motivation, social pressure, and dark patterns. Any rewards must be transparent, low-stakes, educationally justified, and unrelated to real-world benefits.
What this means for schools: Many consumer technology products are designed to maximise engagement. Features such as streaks, badges, push notifications, personalised encouragement, and gamified reward systems are common in apps aimed at children. The safety standards make clear that these techniques have no place in educational AI products.
This requirement also covers more subtle forms of manipulation. Sycophancy — where the AI excessively praises the user to encourage continued interaction — is prohibited. So is any form of social pressure, such as showing how many other students have completed a task, or fear-based messaging about consequences of not using the tool.
Schools should be particularly vigilant about AI tools that have been adapted from consumer products, as these are more likely to include engagement mechanics that were designed for a commercial context.
Questions to ask a vendor:
- Does the product use any gamification, streak mechanics, badges, or reward systems?
- Does the AI provide excessive praise or encouragement designed to increase engagement?
- Are there any push notifications, reminders, or nudges built into the product?
- Does the product use any form of social comparison or peer pressure?
- If rewards are used, are they educationally justified and low-stakes?
How Ask.School meets this requirement: Ask.School does not use gamification, streaks, badges, rewards, push notifications, or any engagement mechanics. The platform is designed as a utility: parents ask a question, they receive an answer. There is no incentive structure designed to maximise time spent in the product, and the AI does not use sycophantic or emotionally manipulative language.
Requirement 7: What activity logging and monitoring must AI products provide?
What the standard says: Products must maintain robust activity logging, including prompts, responses, and performance metrics. Systems should alert safeguarding leads to concerning patterns such as disclosures indicating distress or repeated attempts to circumvent safety controls.
What this means for schools: This requirement has two dimensions. First, the product must keep a complete record of all interactions — every question asked and every response given. Second, the product must actively monitor those interactions for safeguarding concerns and alert the appropriate staff.
A product that logs activity internally but does not give the school access to those logs is not meeting the standard. Schools need to be able to review conversation histories, investigate flagged incidents, and demonstrate to inspectors that monitoring is in place.
This connects directly to the monitoring obligations in Part 2 of KCSIE. Schools must be able to show that they are monitoring the use of AI tools with the same rigour they apply to their broader network. For a detailed guide on what effective AI monitoring looks like, see how AI safeguarding monitoring works in schools.
Questions to ask a vendor:
- Are all prompts and responses logged?
- Can our safeguarding team access the full conversation logs?
- Does the system automatically flag concerning interactions?
- What patterns trigger an alert, and how are alerts delivered to staff?
- How long are logs retained, and in what format can they be exported?
- Can we demonstrate this monitoring to an Ofsted inspector?
How Ask.School meets this requirement: Every conversation on Ask.School is logged in full and available for the school’s safeguarding team to review at any time through the conversation monitoring dashboard. The system automatically flags interactions that match safeguarding concern patterns and delivers alerts to the designated safeguarding lead. Logs are retained in accordance with the school’s data retention policy and can be exported for review. The monitoring dashboard is designed to be demonstrable during inspections.
Schools looking for an AI platform with built-in safeguarding monitoring can see how Ask.School handles activity logging and alerts at ask.school/safeguarding.
Requirement 8: What transparency requirements apply to AI products in schools?
What the standard says: AI products must provide clear information about what the system can and cannot do, how it works at a high level, and what data it processes. This information must be accessible and understandable to all users, including children.
What this means for schools: Transparency means that everyone who interacts with the AI — pupils, parents, and staff — should understand that they are using an AI system, what it is designed to do, and what its limitations are. This is not satisfied by a lengthy privacy policy buried on a website. The information needs to be presented in language that is appropriate for the audience.
For school leaders, transparency also means being able to explain the AI tool to governors, parents, and inspectors. If the school cannot clearly articulate what the tool does, how it works, and what safeguards are in place, that suggests the vendor has not provided adequate transparency.
Questions to ask a vendor:
- Is there a clear, plain-language explanation of what the AI does and does not do?
- Is this explanation accessible to parents, pupils, and staff at an age-appropriate level?
- Does the product clearly identify itself as AI-powered during interactions?
- Can you provide materials that help us explain this tool to governors and parents?
- Are limitations of the AI clearly communicated to users?
How Ask.School meets this requirement: Ask.School provides clear documentation for schools explaining what the chatbot does, how it generates responses, and what its limitations are. The chatbot identifies itself as AI-powered in every interaction. Schools receive plain-language materials suitable for sharing with governors, parents, and staff. The system’s limitations are communicated transparently — when the chatbot cannot answer a question, it says so and directs the user to a human contact.
Requirement 9: What are the data protection requirements for AI products?
What the standard says: Developers must carry out Data Protection Impact Assessments (DPIAs) during development and throughout the product lifecycle. Clear privacy notices must be provided in age-appropriate formats. Personal data must not be collected for commercial purposes, such as model training, without explicit consent.
What this means for schools: Data protection in the context of AI is a particular concern because many AI products use interaction data to train and improve their models. If a pupil or parent interacts with an AI chatbot and that conversation is fed back into training data, the school may be in breach of its data protection obligations under UK GDPR and the Data Protection Act 2018.
Schools should verify that the vendor has completed a DPIA, that a copy is available for review, and that the DPIA specifically addresses the risks associated with AI processing. The privacy notice should be clear about what data is collected, how it is used, who it is shared with, and how long it is retained.
The requirement that data must not be used for commercial purposes without explicit consent is particularly important. Many consumer AI tools include clauses in their terms of service that allow interaction data to be used for model improvement. This is incompatible with the safety standards when children are the users.
Questions to ask a vendor:
- Has a DPIA been completed for this product, and can we review it?
- Is user interaction data used to train or improve AI models?
- What personal data is collected, and how is it processed?
- Where is the data stored — is it hosted in the UK or the EU?
- What is the data retention period, and how is data deleted?
- Is there a clear, age-appropriate privacy notice?
- How does the product comply with UK GDPR and the Data Protection Act 2018?
How Ask.School meets this requirement: Ask.School maintains a comprehensive DPIA that is available for schools to review. User interaction data is never used to train AI models. All data is hosted in the UK on ISO 27001-certified infrastructure. Privacy notices are provided in clear, plain language. Data retention follows the school’s own policy, and data can be deleted on request. The platform complies fully with UK GDPR and the Data Protection Act 2018.
Requirement 10: How must AI products handle user consent?
What the standard says: Products must obtain meaningful consent for data processing where consent is the lawful basis. Consent mechanisms must be clear, specific, and freely given. For children, consent must be obtained from a parent or guardian where appropriate. Users must be able to withdraw consent easily.
What this means for schools: Consent in a school context is complicated. Schools often process data under the “public task” lawful basis rather than consent, but where consent is required — particularly for optional tools or services — it must be genuine. A pre-ticked box or a blanket consent form buried in a home-school agreement does not meet the standard.
Schools should work with their data protection officer to determine the appropriate lawful basis for processing data through any AI tool. Where consent is used, the mechanism must be specific to the AI tool, not bundled with other consents, and must be as easy to withdraw as it is to give.
Questions to ask a vendor:
- What lawful basis do you recommend for processing data through this tool?
- If consent is required, how is it obtained and recorded?
- Can consent be withdrawn easily, and what happens to data when it is?
- Is consent specific to this product, or bundled with other permissions?
- For parent-facing tools, how is parental consent handled?
How Ask.School meets this requirement: Ask.School works with each school to determine the appropriate lawful basis for data processing. Where consent is used, the platform provides clear, specific consent mechanisms that are easy to understand and easy to withdraw. Consent records are maintained and auditable. The system is designed so that withdrawing consent immediately stops data processing for that user.
Requirement 11: What testing and validation must AI products undergo?
What the standard says: AI products must be tested with a diverse and realistic range of potential users before release. Testing must specifically assess safety controls, content filtering effectiveness, and the product’s behaviour in edge cases. Ongoing testing must continue throughout the product lifecycle.
What this means for schools: This requirement ensures that AI products are not released into schools without adequate testing. “Diverse and realistic” testing means the product has been evaluated with users who represent the full range of a school community — different ages, abilities, language backgrounds, and needs.
Schools should ask for evidence that testing was conducted, not just assurances. A vendor that cannot provide specific details about their testing methodology, the groups involved, and the outcomes should be treated with caution.
Ongoing testing is equally important. An AI product that was safe at launch may develop blind spots as language patterns evolve, new risks emerge, or the underlying model is updated. Schools should confirm that the vendor has a process for continuous safety validation.
Questions to ask a vendor:
- What testing was conducted before release, and with whom?
- Were the testers representative of the age groups and needs present in UK schools?
- What edge cases were specifically tested for?
- How often is safety testing repeated?
- What happens when testing identifies a new risk — how quickly is it addressed?
- Can you share any test results or third-party audit findings?
How Ask.School meets this requirement: Ask.School undergoes testing with school communities before any feature is released. Testing covers a range of user profiles, including users with different accessibility needs and language backgrounds. Safety controls are tested continuously, and new risks identified through monitoring or external guidance are addressed promptly. The platform maintains a continuous improvement cycle where real-world interaction data informs ongoing safety enhancements without using personal data for model training.
Requirement 12: What are the requirements for ongoing risk management?
What the standard says: Developers must maintain a risk management process that identifies, assesses, and mitigates risks throughout the product lifecycle. This includes monitoring for new risks that emerge after deployment.
What this means for schools: AI is not a static technology. The risks associated with an AI product can change as the underlying model is updated, as user behaviour evolves, and as new types of harmful content emerge. The safety standards require that vendors do not simply complete a risk assessment at launch and consider the job done.
Schools should look for evidence of an ongoing risk management framework. This might include regular risk reviews, a process for responding to incidents, and a mechanism for schools to report concerns.
Questions to ask a vendor:
- Do you maintain an ongoing risk management framework?
- How often are risk assessments reviewed and updated?
- What is your process for responding to safety incidents?
- How can our school report a concern, and what is the expected response time?
- How do you stay informed about emerging risks in AI safety?
How Ask.School meets this requirement: Ask.School maintains a documented risk management framework that is reviewed regularly. Risk assessments are updated in response to changes in the platform, regulatory guidance, or the threat landscape. Schools have a direct channel for reporting concerns, and the team responds within documented service level agreements. The platform’s safety controls are updated proactively as new risks are identified through industry research and regulatory updates.
Requirement 13: What accountability structures must be in place?
What the standard says: There must be clear accountability for the safety of AI products. Developers must designate individuals responsible for safety decisions and must be able to demonstrate compliance with the standards.
What this means for schools: Accountability means that if something goes wrong, there is a named person or team responsible. Schools should not accept vague assurances that “safety is everyone’s responsibility.” The vendor should be able to identify who in their organisation is accountable for safety, how safety decisions are made, and how compliance is demonstrated.
From the school’s perspective, there must also be internal accountability. The governing body should understand what AI tools are in use, what safeguards are in place, and who is responsible for monitoring them. This aligns with KCSIE’s expectation that governors take a strategic approach to online safety.
For schools preparing for an inspection, being able to show a clear accountability structure — both internally and with the vendor — will be important. The guide on how to answer Ofsted questions about AI in your school covers this in more detail.
Questions to ask a vendor:
- Who in your organisation is accountable for the safety of this product?
- How are safety decisions made, and can you provide examples?
- Can you demonstrate compliance with the 14 requirements?
- What documentation can you provide for our governors and inspectors?
- Do you have an external audit or certification for safety compliance?
How Ask.School meets this requirement: Ask.School has designated safety leads responsible for all safety-related decisions. Compliance with the 14 requirements is documented and available for school review. The company provides schools with compliance documentation suitable for governors and inspectors, and maintains records that demonstrate how safety decisions are made and implemented.
Requirement 14: What must happen when AI products are updated or changed?
What the standard says: When AI products are updated — whether through model changes, feature additions, or configuration changes — the safety implications must be assessed and mitigated before the update is deployed. Schools must be informed of significant changes.
What this means for schools: AI products are frequently updated, sometimes without the user being aware. A model update can change how the AI responds to certain inputs, potentially affecting the safety controls that were in place. The standards require that vendors assess the safety implications of every update and communicate significant changes to schools.
Schools should establish clear expectations with vendors about how and when they will be notified of changes. A product that updates silently, without the school’s knowledge, does not meet this standard.
Questions to ask a vendor:
- How are we informed of updates to the AI product?
- Are safety implications assessed before updates are deployed?
- Can we opt out of or delay updates that affect safety controls?
- What is your process for rolling back an update if safety issues are identified?
- How are changes to the underlying AI model communicated to schools?
How Ask.School meets this requirement: Ask.School assesses safety implications before any update is deployed. Schools are notified of significant changes in advance. The platform maintains version control and rollback capability, ensuring that if an update introduces unexpected behaviour, it can be reversed quickly. Changes to safety-critical components are documented and communicated to all schools.
How can schools use these standards in procurement conversations?
The 14 requirements provide a ready-made framework for evaluating AI products. Rather than relying on a vendor’s marketing materials, school leaders can use the standards as a structured checklist in procurement conversations. For a complete procurement framework that incorporates these standards alongside KCSIE and GDPR requirements, see the AI tools procurement checklist for schools.
The table below summarises each requirement with a question schools can put directly to any AI vendor. This can be printed and used in procurement meetings or included in a formal tender specification.
| # | Requirement | Key Question for Vendors |
|---|---|---|
| 1 | Safety by design | Was this product designed specifically for UK schools? |
| 2 | Content filtering | How does your filtering work, and is it calibrated for specific age groups? |
| 3 | No anthropomorphism | Does the product use a human name, avatar, or personality? |
| 4 | Progressive disclosure | Does the tool scaffold learning or provide complete answers? |
| 5 | Mental health safeguards | What happens when a user expresses distress or mentions self-harm? |
| 6 | No manipulation | Does the product use any gamification, streaks, or engagement mechanics? |
| 7 | Activity logging | Can our safeguarding team access full conversation logs? |
| 8 | Transparency | Is there a clear, plain-language explanation of what the AI does? |
| 9 | Data protection | Is user data used to train AI models? |
| 10 | Consent | How is consent obtained, recorded, and withdrawn? |
| 11 | Testing and validation | What testing was conducted, and with whom? |
| 12 | Ongoing risk management | How often are risk assessments reviewed? |
| 13 | Accountability | Who is accountable for the safety of this product? |
| 14 | Update management | How are we informed of changes to the product? |
What does compliance look like in practice?
Compliance with the safety standards is not a one-off exercise. It requires ongoing attention from both the vendor and the school. On the vendor side, it means maintaining the technical and operational controls described above. On the school’s side, it means:
- Governance: Ensuring the governing body is aware of what AI tools are in use and what safeguards are in place
- Monitoring: Regularly reviewing activity logs and safeguarding alerts — the usage statistics provide audit data to support this
- Training: Making sure staff understand how the AI tool works and what to do when concerns arise
- Review: Periodically reassessing whether the tool still meets the school’s needs and the standards
- Documentation: Maintaining records that can be shared with inspectors
Schools that already have robust safeguarding processes will find that many of these activities fit within existing workflows. The key is to extend those processes to cover AI tools explicitly, rather than assuming they are covered by general online safety policies. The KCSIE compliance guide for AI tools provides a detailed framework for this.
What about AI tools already in use?
Many schools have already adopted AI tools without formally assessing them against the safety standards. This is not unusual — the standards are relatively new, and the pace of AI adoption in schools has been rapid. However, it is important to conduct a retrospective assessment.
Schools should:
- Audit existing AI tools: Identify every AI-powered product in use across the school, including tools adopted informally by individual teachers
- Assess against the 14 requirements: Use the checklist above to evaluate each tool
- Engage vendors: Share the standards with vendors and ask them to demonstrate compliance
- Make decisions: Where tools do not meet the standards, decide whether to work with the vendor to achieve compliance or to replace the tool
- Document the process: Record the assessment and any decisions made, so that the school can demonstrate due diligence
This process does not need to be completed overnight, but it should be started promptly. Schools that can demonstrate an active programme of assessment and remediation are in a far stronger position than those that have not engaged with the standards at all.
How do these standards fit alongside KCSIE and other frameworks?
The safety standards do not replace existing obligations — they supplement them. Schools must continue to comply with:
- KCSIE: The statutory safeguarding guidance, which includes requirements for filtering, monitoring, and online safety. For a detailed guide on how KCSIE applies to AI tools, see what KCSIE means for AI tools in schools
- UK GDPR and the Data Protection Act 2018: The data protection framework, enforced by the ICO, which governs how personal data is collected, processed, and stored
- DfE guidance on generative AI: The Department for Education’s broader guidance on using generative AI in education settings
- Ofsted framework: Inspectors may ask about a school’s approach to AI as part of the safeguarding judgement. The guide to answering Ofsted questions about AI explains what to prepare
The safety standards are designed to be complementary. A product that meets all 14 requirements will naturally align well with KCSIE and GDPR obligations, though schools should verify this explicitly rather than assuming it.
Printable checklist: Vendor compliance assessment
The following checklist can be printed and used when evaluating any AI product for use in a school. For each requirement, record whether the vendor can demonstrate compliance, partially meets the standard, or does not meet it.
| # | Requirement | Compliant | Partial | Non-Compliant | Notes |
|---|---|---|---|---|---|
| 1 | Safety by design — product designed for education | ||||
| 2 | Content filtering — context-aware, age-appropriate | ||||
| 3 | No anthropomorphism — no human names or avatars | ||||
| 4 | Progressive disclosure — scaffolds rather than replaces | ||||
| 5 | Mental health safeguards — detects distress, alerts staff | ||||
| 6 | No manipulation — no gamification or dark patterns | ||||
| 7 | Activity logging — full logs accessible to school | ||||
| 8 | Transparency — clear explanation of capabilities | ||||
| 9 | Data protection — DPIA complete, no training on user data | ||||
| 10 | Consent — clear, specific, withdrawable | ||||
| 11 | Testing — diverse, realistic, ongoing | ||||
| 12 | Risk management — ongoing framework in place | ||||
| 13 | Accountability — named safety leads | ||||
| 14 | Update management — schools informed of changes |
Scoring guidance: A product that is non-compliant on requirements 1, 2, 5, 7 or 9 should not be deployed with children until the issues are resolved. These requirements relate directly to safeguarding and data protection, where there is no acceptable level of non-compliance.
What should school leaders do next?
For school leaders, the recommended next steps are:
- Share the safety standards overview with your senior leadership team and governing body — the safety standards should be understood at governance level, not just by the IT team
- Audit your current AI tools — use the printable checklist above to assess every AI product in use
- Update your school AI policy — ensure it references the safety standards and sets out the school’s expectations for AI tools
- Include the standards in procurement processes — any new AI tool should be assessed against the 14 requirements before purchase
- Brief your designated safeguarding lead — ensure they understand how AI tools are monitored and what alerts to expect
- Document everything — maintain records of assessments, decisions, and ongoing monitoring for inspection readiness
The Generative AI Product Safety Standards represent a significant step forward in establishing clear expectations for AI products used with children. Schools that engage with them proactively will be better placed to realise the benefits of AI while maintaining the safeguarding standards that their communities expect.
Ask.School meets all 14 standards. See the details at ask.school/safeguarding.