AI Acceptable Use Policies: A Practical Template for K-12 Districts

Most districts already have an acceptable use policy for technology. It was probably written sometime between 2008 and 2015, covers internet filtering and device care, and has not been meaningfully updated since. That policy does not address what happens when a teacher uses ChatGPT to generate lesson plans, a student submits AI-written essays, or an ed-tech vendor quietly integrates a large language model into a product the district already purchased.

Districts need an AI-specific acceptable use policy now — not because AI is new, but because it is already in use across classrooms, administrative offices, and vendor platforms whether anyone authorized it or not. What follows is a template structure built from the operational realities districts actually face, not from a conference keynote.

Why a Separate AI AUP Matters

Your existing technology AUP was designed for a world of web browsers, school-issued laptops, and content filters. AI tools introduce problems that document was never meant to address: data flowing to third-party model providers, student work attribution questions, outputs that can be biased or factually wrong, and vendor contracts that may or may not cover how training data is handled.

A standalone AI AUP — or a clearly delineated addendum to your existing policy — creates a single reference point for teachers, administrators, students, and vendors. It also gives your technology team something concrete to point to when a principal asks whether staff can use Gemini for IEP summaries (the answer should be no, but without a policy it becomes a judgment call repeated hundreds of times across the district).

Template Structure

Section 1: Scope and Definitions

Define what the policy covers. “Artificial intelligence tools” is too vague on its own. Your definition section should explicitly include:

• Generative AI (text, image, code, audio generation tools)
• AI features embedded in existing platforms (autocomplete in Google Docs, AI tutoring features in an LMS, smart compose in email)
• AI-powered analytics and decision-support tools used by administration
• Student-facing AI tools, whether district-provided or accessed independently

Be specific about who is covered: staff, students, contractors, and volunteers. If your policy only addresses students, you have a gap that will surface the first time an HR complaint involves AI-generated content.

Section 2: Approved and Prohibited Uses

This is where most district policies fail by being either too permissive or too restrictive. A blanket ban on AI tools is unenforceable and ignores that AI is already embedded in platforms like Google Workspace for Education and Microsoft 365. A blanket approval without guardrails is negligent.

Structure this section as a tiered system:

• Tier 1 — Approved for general use: AI features within district-contracted platforms that have completed your vendor review process. Example: grammar suggestions in Google Docs, reading level analysis in your LMS.
• Tier 2 — Approved with restrictions: Tools that may be used for specific instructional or administrative purposes with documented guidelines. Example: a teacher using an AI tool to generate quiz questions, with a requirement to review all output before student exposure.
• Tier 3 — Requires individual approval: Tools not yet reviewed by the district technology team. Staff must submit a request through a defined process before use.
• Tier 4 — Prohibited: Any AI tool that processes student personally identifiable information (PII) without a signed data processing agreement. Any tool used to make or inform decisions about student discipline, placement, or special education eligibility without human review and override capability.

Section 3: Data Privacy and Compliance

This section carries legal weight. It must address FERPA, COPPA (for districts serving students under 13), and any applicable state student privacy law. Key provisions:

• No student PII may be entered into any AI tool that has not been vetted and approved through the district’s data privacy review process.
• Staff must not enter student names, ID numbers, grades, behavioral records, IEP details, or any other FERPA-protected information into general-purpose AI tools (ChatGPT, Claude, Gemini, Copilot, etc.) unless the district has a signed data processing agreement with the provider that meets FERPA school official exception requirements.
• For students under 13, COPPA consent requirements apply to any AI tool that collects student data. The district — not individual teachers — must manage this consent.
• Data residency: specify whether the district requires that student data processed by AI tools remain within the United States, or within specific cloud regions. This matters more than most districts realize, and several state laws now have explicit data residency provisions.

If your district uses a student data privacy consortium or framework like the Student Data Privacy Consortium (SDPC) National Data Processing Agreement, reference it here and require that AI vendors sign it before any classroom deployment.

Section 4: Academic Integrity

Students are using AI tools. Pretending otherwise wastes everyone’s time. Your policy should:

• Define what constitutes acceptable and unacceptable use of AI in student work, with the understanding that this will vary by grade level and assignment.
• Require teachers to specify AI use expectations in assignment instructions — not rely on a blanket district rule to cover every context.
• Prohibit the use of AI detection tools as the sole basis for academic dishonesty findings. These tools have documented false positive rates, disproportionately flag non-native English speakers, and are not reliable enough to serve as evidence in a disciplinary proceeding.
• Establish a process for addressing suspected AI misuse that includes conversation with the student before any disciplinary action.

Section 5: Staff Professional Use

Teachers and administrators will use AI tools for productivity — lesson planning, email drafting, report writing, data analysis. The policy should support this while setting boundaries:

• AI-generated content used in official communications, reports, or parent-facing documents must be reviewed by the staff member and accurately reflect their professional judgment.
• AI tools must not be used to generate content for IEPs, 504 plans, disciplinary records, or any legal document without attorney or compliance officer review of the workflow.
• Staff are responsible for the accuracy of any AI-assisted output they produce in their professional capacity.

Section 6: Vendor and Procurement Requirements

This is the section that prevents problems six months from now. When ed-tech vendors integrate AI features into products you already own, your existing contract may not cover the new data flows. Require:

• Vendors must disclose any AI or machine learning features in their products, including what data is used for model training.
• Vendors must confirm whether student data is used to train AI models. If yes, the district must have the ability to opt out.
• New AI features added to existing products trigger a re-review under the district’s data privacy process.
• Vendors providing AI tools must provide a plain-language explanation of how the tool works, what data it processes, and where that data is stored.

Section 7: Review Cycle and Governance

An AI policy written in 2026 will be partially outdated by 2027. Build in a mandatory annual review with a named responsible party — not “the technology department” but a specific role (CTO, Director of Technology, Data Privacy Officer). Include a mechanism for interim updates when significant new tools or regulatory changes emerge.

Establish a cross-functional AI governance committee that includes at minimum: a technology administrator, a curriculum leader, a building principal, a teacher representative, and a parent representative. This committee reviews Tier 3 tool requests and recommends policy updates.

Implementation Notes

Writing the policy is the easier part. Getting it adopted requires buy-in from building administrators who will enforce it and professional development for teachers who will operate under it. Budget at least two hours of PD time for initial rollout and plan for ongoing support. If your district is in a position where there is no budget for AI-specific PD — and many are — integrate the policy training into existing technology PD sessions rather than skipping it entirely.

Distribute the policy as a standalone document with a signature acknowledgment for staff, and integrate the student-facing sections into your existing student handbook and AUP signature process. Post the full policy on your district website alongside your other governance documents.

Districts that wait for state or federal guidance to finalize before acting will find themselves writing policy retroactively to explain decisions that were already made without guardrails. The template above is a starting point — adapt it to your state’s legal framework, your district’s size and capacity, and the tools your community is actually using.