K-12 School AI Procurement & Student Privacy

Procurement Is Where Schools Have the Most Power

AI tools are entering classrooms faster than most districts can review them. Teachers adopt free chatbots on personal accounts, existing ed-tech vendors switch on AI features inside products the district already licensed, and startups pitch tutoring bots, grading assistants, and early-warning systems directly to principals. Procurement spending tracking shows hundreds of districts collectively buying millions of dollars in AI tools within months — most without a formal RFP or district-level review.

The moment a district has real leverage is before the contract is signed. After signature, a vendor’s terms of service control what happens to student data; before signature, the district can demand data ownership, prohibit model training on student information, set deletion deadlines, and walk away from vendors who refuse. That is why the most practical school AI policies are procurement policies: they decide which tools get in, under what contract terms, and what happens when a tool changes or a vendor fails.

The gap is real. Center for Democracy & Technology research has found that a large share of districts using AI tools never executed a data privacy agreement with the vendor at all, and many administrators could not identify which federal law governs student data. The good news: districts do not have to invent this from scratch. Standard contract templates, state model policies, and published vetting rubrics now exist, and this guide walks through them in plain English.

The Legal Baseline: FERPA, COPPA, PPRA, and State Law

No federal law regulates "AI in schools" by name. Instead, AI tools inherit the existing student-privacy framework — and a few 2025 changes made that framework more demanding for AI vendors specifically.

FERPA and the school official exception

The Family Educational Rights and Privacy Act protects personally identifiable information in education records. Districts typically share student data with ed-tech vendors under the "school official" exception, which requires that the vendor performs a service the school would otherwise use its own staff for, stays under the district’s direct control regarding data use, and uses the data only for the authorized educational purpose. An AI vendor that uses student data to improve its commercial model is operating outside that exception. Re-disclosure to other parties without consent is prohibited.

COPPA after the 2025 amendments

The FTC finalized the first major COPPA update since 2013 in January 2025; the amended rule took effect June 23, 2025, with full compliance required by April 22, 2026. Key changes for school AI tools: operators need separate opt-in consent before disclosing children’s data to third parties for advertising or other non-essential purposes, indefinite data retention is banned and a written retention policy is required, biometric identifiers are now covered personal information, and operators must run a written security program and oversee their service providers. FTC commissioners flagged AI training data hunger explicitly: a claim that data must be kept forever to "improve the algorithm" does not satisfy the rule.

School consent instead of parental consent — with limits

Under longstanding FTC guidance, schools may consent to data collection on parents’ behalf — but only for use limited to the educational context. The moment student data feeds advertising, commercial profiling, or general model training, school authorization no longer covers it and separate parental consent is required. The 2025 rulemaking left this guidance in place rather than codifying it, so the educational-purpose boundary remains the operative test.

PPRA

The Protection of Pupil Rights Amendment applies when tools collect information in protected areas — political beliefs, mental or psychological problems, sex behavior or attitudes, religious practices, and income — or when information is collected from students for marketing purposes. AI wellness bots, survey tools, and behavioral analytics can trigger PPRA notice and opt-out duties.

State student-privacy laws

Most states layer their own rules on top. California’s SOPIPA bans targeted advertising, profiling, and sale of K-12 student data by online services, and AB 1584 sets required terms for district ed-tech contracts, including district ownership of pupil records. New York Education Law 2-d requires a parents’ bill of rights and specific contract terms. Several states now add AI-specific procurement language; some, like a pending California proposal, would restrict using student data to train AI models unless it directly benefits the school.

What Districts and States Are Actually Doing

District AI procurement policy moved from optional to expected between 2024 and 2026. A few patterns dominate.

Ohio: the first statewide mandate

Ohio HB 96 (signed June 30, 2025) made Ohio the first state to require AI policies in K-12: every public district, community school, and STEM school must adopt a board-approved policy on student and staff AI use by July 1, 2026. The Department of Education and Workforce published a model policy on December 30, 2025 that districts can adopt or adapt; it requires AI tools to comply with existing data-privacy protections, FERPA, and PII safeguards, and covers evaluating third-party AI tools.

New York City: central vetting before classroom use

New York City Public Schools — the nation’s largest district — requires AI tools to pass a central vetting process before school-level deployment, including review for privacy, algorithmic bias, equity impact, and developmental appropriateness, with dedicated governance bodies overseeing implementation. For vendors, demonstrating compliance with the district’s privacy and equity standards is now a condition of market access.

Alabama: model procurement contract language

Alabama released a procurement model policy recommending a data usage restriction clause for district contracts — plug-and-play language that gives even small districts leverage in vendor negotiations without drafting standards from scratch. Policy groups have urged other states to copy this approach.

Tennessee: board policies required

Tennessee legislation requires local school boards to adopt policies governing AI use by students, faculty, and staff — an earlier wave of mandates focused on acceptable use that districts are now extending into procurement.

Grade-banded guidance

Vermont’s 2026 guidance recommends no AI chatbot use for PreK-2, curriculum-embedded AI only for grades 3-5, structured education-specific chatbots for grades 6-8, and broader AI fluency work in grades 9-12. Age-tiering like this increasingly shows up in district tool-approval matrices.

The NDPA as the contract floor

The Student Data Privacy Consortium’s National Data Privacy Agreement — version 2 released in 2024 — standardizes student-data contract terms across participating state alliances, with state-specific exhibits layered on top. Hundreds of thousands of DPAs have been executed on SDPC templates. Districts increasingly treat "will you sign the NDPA (or our state DPA)?" as the first vendor screening question; many state registries let districts piggyback on agreements a vendor already signed elsewhere in the state.

A Cautionary Tale: LAUSD’s "Ed" Chatbot

In March 2024, Los Angeles Unified launched "Ed," an AI chatbot for students and families, under a five-year, $6 million contract with the startup AllHere — the first district in the country to deploy AI at this scale. Three months later AllHere’s CEO departed, most staff were furloughed, and the district pulled the chatbot offline after paying roughly $3 million. A whistleblower alleged the system had handled student records in ways that conflicted with district privacy policy, and the district’s inspector general opened an investigation.

Two details matter for every other district. First, the contract’s protective clauses — LAUSD’s exclusive ownership of all project data and a deletion-on-request requirement — were the district’s main lever once the vendor collapsed. Second, none of the warning signs were exotic: an early-stage, venture-funded vendor with no AI track record, an aggressive timeline, and a loosely defined problem statement.

• ●Vet vendor viability, not just the product. Ask about funding runway, customer base, and what happens to data and service continuity if the company fails. Require wind-down and data-return obligations in the contract.
• ●Define the problem before the purchase. A tool bought to "bring AI to the district" has no success criteria. A tool bought to reduce missed parent communications can be tested and judged.
• ●Pilot small and scale slowly. Methodical multi-year rollouts with teacher feedback have aged far better than district-wide launches.
• ●Get data ownership and deletion rights in writing before launch. They are worth the most exactly when things go wrong.
• ●Plan for supervision. If a tool needs vendor staff "in the loop" to run safely, vendor instability becomes a student-safety issue, not just a budget issue.

What a District AI Procurement Policy Should Cover

A workable policy does not need to be long, but it needs to close the specific gaps AI creates: tools arriving outside normal purchasing, features changing silently, and data flowing into models. The strongest district policies cover these elements.

One front door for every AI tool

A single intake and approval path that covers paid contracts, free tools, pilots, and AI features switched on inside already-approved products. Free tools are procurement events too — the payment is the data.

A maintained AI tool inventory

A public or board-visible list of approved tools recording vendor, purpose, grade levels, data categories collected, the governing contract or DPA, and the next review date. The inventory is what makes every other control auditable.

Risk tiers with matching review depth

A grammar-practice tool with no student accounts does not need the same scrutiny as a wellness chatbot or an early-warning analytics system. Tier by data sensitivity and decision impact, and reserve deep review — bias evidence, efficacy claims, human-oversight design — for tools that touch consequential decisions about students.

A signed DPA as a non-negotiable

No student data flows until the vendor signs the district or state DPA (or the NDPA with state exhibits). A vendor that refuses to sign a standard student-data agreement has answered the screening question.

Age and grade-band rules

Which tool categories are allowed at which grade levels, consistent with COPPA’s under-13 rules and state guidance — including whether open-ended chatbots are permitted at all in lower grades.

Pilot, approval, and sunset

Defined pilot scope and success criteria before scaling; board or cabinet approval for high-tier tools; automatic re-review at renewal and whenever the vendor adds AI features, changes models, or adds subprocessors.

Incident and exit protocols

Who acts when a tool fails, a vendor is breached or acquired, or a company shuts down: pulling access, notifying families when required, exercising deletion rights, and recovering district data.

Staff training and acknowledgment

Teachers are the de facto procurement officers for free AI tools. The policy only works if staff know the approved list, the request path, and the rule against putting student PII into unapproved tools — and have acknowledged it.

Contract Clauses That Protect Students

These are the terms districts and their counsel most often negotiate into AI vendor agreements — and the ones standard DPAs are being extended to cover. The model-training clause is the defining AI-era addition: it is the single most contested term, and the one with the longest consequences if it is missing.

District ownership of student data

All student data remains the exclusive property of the district. No sub-licensing or re-disclosure without written district (or parental) permission. This clause is what gave LAUSD leverage when its vendor collapsed.

No training on student data

The vendor may not use student data — including prompts, chat logs, uploads, and outputs — to train, fine-tune, or improve any AI model, whether its own or a third party’s, beyond the district’s own instance. Once student information enters a training set, it cannot meaningfully be recalled and could potentially resurface in outputs.

Purpose limitation and no advertising

Data may be used only to deliver the contracted educational service. No targeted advertising, no commercial profiling, no building products unrelated to the contract — consistent with the FERPA school-official exception, SOPIPA-style state laws, and the 2025 COPPA opt-in disclosure rules.

Enumerated data categories

The contract lists exactly which data elements the tool collects — names, IDs, demographics, academic records, special-education and health information, behavioral data, biometrics, location — and commits to data minimization. Vague answers should be treated as a worst-case answer.

Retention limits and certified deletion

Data is kept only as long as needed for the contracted purpose (now also a COPPA requirement for under-13 users), and on termination the vendor deletes all student data including backups within a defined window — commonly 30 to 60 days — with written certification of destruction.

Subprocessor disclosure and control

Most classroom AI tools are wrappers over third-party foundation models. The contract should name underlying model providers and other subprocessors, bind them to the same data terms, and require advance notice before new ones are added. The amended COPPA rule expects operators to actively oversee service providers.

Breach notification and security program

A specific notification timeline (72 hours is a common ask), a written security program, encryption in transit and at rest, and the right to review security documentation or third-party audit reports.

Change notice for AI features

Advance written notice before material changes: new AI features, model swaps, new data collection, or terms-of-service changes — each of which triggers district re-review. AI products change far faster than annual renewal cycles.

Transparency and audit rights

For tools that influence decisions about students — placement, intervention flags, discipline — the right to explanations of how outputs are generated, evidence of bias and accuracy testing, and audit access. Advocates also recommend auditable interaction logs for student-facing chatbots.

Continuity and wind-down

Obligations that survive vendor acquisition, bankruptcy, or shutdown: data return in usable formats, deletion certification, transition assistance, and a commitment that student data is not an asset transferable in a sale.

The Conversation to Have With Every AI Vendor

Most vendor conversations go wrong by staying at the demo level. These questions move the conversation to the commitments that end up in (or out of) the contract. A vendor with good answers will have them ready; hesitation on the first three rows is itself an answer.

Red Flags Worth a Hard Stop

Privacy advocates and district technology leaders converge on a short list of disqualifiers. None of these are rare, and all of them are easier to act on before signature than after.

• ●The vendor refuses to sign a DPA or negotiate standard student-data terms. Treat the refusal as the final answer and find an alternative.
• ●Terms reserve the right to use data to "improve our services" or "develop new products" without an explicit carve-out for model training on student data.
• ●The vendor cannot enumerate what data the product collects, or where it is stored and processed.
• ●A consumer product with consumer terms of service is being pitched for classroom use — consumer chatbot terms generally permit data uses that fail FERPA’s school-official test and were never designed for minors in school settings.
• ●No clear answer on under-13 handling, age gates, or COPPA compliance after the 2025 amendments.
• ●"Free for teachers" tools with no contract at all — no DPA means no enforceable limits on what happens to whatever students and teachers type in.
• ●The vendor cannot name its foundation-model providers or subprocessors, or its agreements with them do not pass through your data restrictions.
• ●Indefinite or unspecified retention, or no deletion-with-certification commitment for contract end.
• ●High-stakes claims (early warning, risk scoring, placement) with no bias or accuracy evidence the district can review.
• ●An early-stage vendor proposing a district-wide deployment on an aggressive timeline with no pilot phase and no wind-down obligations.

Where Families and the Community Fit

Procurement protections work best when they are visible. Districts that publish their approved-tool lists, explain in plain language what data each tool collects, and give families a real channel for questions tend to face less backlash when something changes — and AI tools change constantly. The LAUSD episode generated community demands for transparency precisely because families learned about the data questions after the vendor collapsed, not before the launch.

Practical transparency measures districts are adopting: a public AI tool inventory with data categories and contract links, plain-language notice to parents when a student-facing AI tool is introduced (and what the opt-out path is, where one exists), PPRA-compliant notice for anything touching protected areas, board-level review for high-impact tools so decisions happen in public session, and a standing channel for parent questions about specific tools. New York Education Law 2-d’s parents’ bill of rights is a useful template even outside New York.

Community input also belongs upstream: several state frameworks now recommend AI task forces or advisory groups that include teachers, parents, and students in tool selection — not just in after-the-fact communication.

A Practical Starting Sequence

For a district, charter network, or private school starting from zero, the order of operations matters less than starting with visibility. A reasonable 90-day sequence:

Weeks 1–4 — see what you have. Inventory every AI tool already in use, including free tools on teacher accounts and AI features inside existing products. Survey staff with amnesty: the goal is a real list, not enforcement. Flag anything touching student PII with no contract behind it.

Weeks 5–8 — set the front door. Stand up the single intake path and an interim rule: no new AI tools, and no student data into existing unapproved ones, until reviewed. Adopt a state model policy (such as Ohio’s) or your state DPA/NDPA as the baseline rather than drafting from a blank page. Define your risk tiers.

Weeks 9–12 — work the highest-risk list. Send the vendor questions above to the tools that touch the most sensitive data, get DPAs signed or tools retired, and bring the policy to the board with the inventory attached. Schedule re-reviews at renewal dates.

Free planning resources: the Future of Privacy Forum’s generative-AI vetting checklist, the SDPC’s NDPA and state registries, CDT’s procurement policy recommendations, and your state education agency’s AI guidance. AIRegReady’s free AI readiness checklist and the Vendor AI Review Packet cover the same inventory-first, vendor-questions workflow in editable document form. None of this replaces review by your district’s counsel — student-privacy obligations vary by state, and contract terms should always get qualified legal review.

Timeline

Source Documents