KCSIE 2026 Draft: What the New AI Safeguarding Language Means for Schools
The draft Keeping Children Safe in Education (KCSIE) 2026 introduces explicit references to artificial intelligence and deepfake technology as safeguarding risks. For the first time, the statutory guidance directs schools to DfE AI safety resources and expects them to address AI-related risks within their safeguarding arrangements. The final version is expected to come into force in September 2026.
This article sets out what the draft changes, what schools need to do before September, and how AI safeguarding connects to the wider policy requirements that many schools are still working through.
What the KCSIE 2026 draft changes
KCSIE has always required schools to address online safety risks as part of their safeguarding duties. The 2026 draft makes AI-specific risks explicit rather than leaving them implicit under the broader online safety umbrella.
AI and deepfakes named as safeguarding risks
The draft adds language that specifically identifies AI-generated content — including deepfakes — as a category of online safety risk that schools must address. This is significant because it moves AI from an emerging issue that schools might consider to a named risk that they are expected to address within their safeguarding policies and procedures.
Deepfake technology is particularly relevant in a school context. AI tools can now generate realistic images, audio, and video of individuals without their consent. In a safeguarding context, this creates risks around:
- Non-consensual intimate imagery: AI-generated intimate images of students or staff, sometimes used for bullying or coercion
- Impersonation: Deepfake audio or video used to impersonate staff, parents, or other trusted adults
- Grooming: AI-generated content used as part of grooming behaviour by external actors
- Harassment: AI-manipulated images or videos used for peer-on-peer abuse
Schools directed to DfE AI safety resources
The draft points schools toward DfE AI safety resources, including the DfE’s generative AI in education guidance and product safety standards. This is a signal that the DfE expects schools to actively engage with AI safety guidance rather than treat it as optional background reading.
Implications for DSLs and safeguarding leads
Designated Safeguarding Leads will need to ensure that:
- AI-related risks are covered in the school’s safeguarding policy and online safety policy
- Staff are trained to recognise AI-generated content as a safeguarding concern
- Reporting procedures account for AI-specific incidents (e.g. deepfake imagery, AI-facilitated grooming)
- Filtering and monitoring arrangements consider AI tools that students may access
What this means alongside existing AI policy requirements
KCSIE 2026 does not exist in isolation. Schools already face AI policy requirements from multiple regulatory bodies. The safeguarding dimension adds a fourth pillar to what is already a complex picture.
The four pillars of school AI policy
Schools now need to address AI across four distinct but connected areas:
- Staff use: How employees may and may not use AI tools in their professional work (DfE guidance, ICO data protection)
- Assessment integrity: Preventing and detecting AI misuse in assessed work, reporting malpractice (JCQ, Ofqual)
- Data protection: DPIA requirements for AI tools processing personal data, Children’s Code compliance (ICO)
- Safeguarding: AI and deepfake risks in child protection, online safety, filtering and monitoring (KCSIE 2026)
Most schools that have started AI policy work have focused on the first two areas — staff acceptable use and assessment integrity. The KCSIE 2026 draft makes it clear that safeguarding cannot be left as an afterthought.
Why existing policies are unlikely to be sufficient
Many schools have safeguarding policies that address online safety in general terms. These policies typically reference social media, messaging apps, and online predation — but do not mention AI-generated content, deepfakes, or AI-facilitated grooming.
Once KCSIE 2026 comes into force, inspectors and local authority designated officers are likely to expect AI-related risks to be addressed explicitly within safeguarding arrangements. A safeguarding policy that covers “online safety” without mentioning AI will look incomplete against the new language.
What schools should do before September 2026
1. Review your safeguarding policy for AI coverage
Check whether your current safeguarding and child protection policy mentions AI, deepfakes, or AI-generated content as specific risk categories. If it does not, it will need updating before the new academic year.
2. Update your online safety policy
Your online safety policy should address AI tools that students may access — both school-provided tools and personal devices. Consider how your filtering and monitoring arrangements account for AI platforms.
3. Brief staff on AI safeguarding risks
Staff need to understand that AI-generated content can be a safeguarding concern, not just an academic integrity issue. A student creating deepfake images of a classmate is a safeguarding matter, not a behaviour matter.
4. Review reporting procedures
Ensure that your reporting procedures cover AI-specific incidents. Staff should know how to report concerns about deepfakes, AI-generated content, or AI-facilitated abuse through the same safeguarding channels used for other online safety incidents.
5. Address AI in your staff acceptable use policy
Staff use of AI tools also has safeguarding implications. Your staff AUP should address the risks of processing pupil data through AI tools, sharing student work with AI platforms, and the school’s position on AI-generated reports or communications to parents.
The timing challenge
KCSIE 2026 is expected to come into force in September 2026. Given the typical governance cycle — drafting, consultation with staff, review by the safeguarding governor, full governing body approval — policy work started in the autumn term may already be tight.
Schools that begin reviewing their AI safeguarding coverage now, during the summer term, will have time to update policies through normal governance processes. Schools that wait until September risk starting the new academic year with safeguarding policies that do not reflect the updated statutory guidance.
This timing also aligns with the JCQ assessment integrity requirements. The Head of Centre annual declaration (JCQ General Regulations for Approved Centres 2025-26, §1.9) requires confirmation that appropriate assessment procedures are in place. Addressing AI safeguarding and AI assessment integrity together is more efficient than treating them as separate exercises.
How this connects to the wider picture
The KCSIE 2026 draft is part of a broader pattern of regulatory bodies making AI-specific requirements explicit. In the past six months:
- Ofqual tightened enforcement expectations around AI malpractice (Chief Regulator letter on malpractice, March 2026)
- JCQ updated its AI assessment guidance for the 2025–26 cycle
- The DfE published AI product safety standards (January 2026)
- The ICO began reviewing its AI guidance in light of the Data (Use and Access) Act 2025
Taken together, these developments mean that schools can no longer treat AI policy as a “nice to have” or a project for next year. Multiple regulatory bodies now expect schools to have explicit AI coverage across assessment, safeguarding, data protection, and staff conduct.
Next steps
If you are responsible for safeguarding or AI policy at your school or trust, there are two practical starting points:
- Assess where you stand now. Our free AI Policy Checklist for School Leaders covers nine areas including safeguarding and governance. It takes about ten minutes and will show you where your gaps are.
- Get the policy documents in place. If you need source-referenced, board-ready policy documents that bring together guidance from DfE, JCQ, ICO, Ofqual, and KCSIE, see our AI Policy Packs — designed for individual schools and multi-academy trusts.