top of page
Search

AI Compliance for Schools: Why Ireland's New AI Guidance Leaves K-12 Leaders Exposed

  • Writer: Ryan James Purdy
    Ryan James Purdy
  • Mar 18
  • 7 min read


Key takeaways


  • Ireland's Guidance on Artificial Intelligence in Schools (Dec 2025) is presented as support for "this evolving area," but it functions more like an AI awareness pamphlet than a working compliance framework for schools.

  • The 4P model, Purpose, Planning, Policies, Practice, offers reflective questions, not a school AI policy framework that a principal or superintendent can actually implement or audit.

  • Critics in the Irish Examiner called it "too little too late" and "a monument to a moment that has already well and truly passed," while the Minister praised it, which neatly captures the gap between politics and practice.

  • The Stop-Gap AI Compliance Guide: Primary and Secondary Edition fills this gap with a complete K-12 governance system, including platform hardening checklists, vendor vetting tools, risk assessment templates, and role based oversight for superintendents, principals, ICT leads, and teachers.


I was once in a meeting where a senior administrator was reading a government AI document after ten minutes and said, "This is great, but it does not tell me what to actually do."

That is the heart of the problem. Ministries keep publishing documents that sound responsible. None of them tell a principal, ICT director, or superintendent exactly how to use AI legally in schools, how to run a practical risk assessment, or how to prove compliance with the EU AI Act when something goes wrong.

Ireland's new guidance is the clearest example so far.


Ireland's AI guidance: good intentions, no system

In December 2025, Ireland's Department of Education released Guidance on Artificial Intelligence in Schools. Minister for Education Helen McEntee welcomed it as support for "school leaders and teachers in this evolving area." Within days, the Irish Examiner published a letter calling it "too little too late" and "a monument to a moment that has already well and truly passed," pointing out that students already have AI in their pockets while teachers remain in limbo.

Both reactions are correct, which is exactly the problem.

On its own terms, the guidance is respectable. It summarises UNESCO principles, recycles EU ethical guidelines, and points toward upcoming EU AI Act obligations. It presents a neat 4P model, asking leaders to think through Purpose, Planning, Policies, and Practice. It acknowledges age restrictions, data protection, bias, and human oversight.

In other words, it says all the right things.

What it does not do is provide a working governance framework that school leaders can actually run.

There is no structured system for day to day AI compliance. No concrete vendor vetting process. No defined oversight framework for senior leaders. No clear responsibilities for principals beyond "consider" and "review." No teacher training guidelines that can be adopted as policy.

It is a glossary with questions, not a framework with answers.


What real AI compliance in schools requires in 2026

If you are a superintendent or head of a school district, your problem is not "understanding AI." Your problem is liability.

You need to know which tools are allowed, which are banned, and which are under review. You need to know how to use AI legally in schools across GDPR, COPPA, FERPA, and the EU AI Act at the same time. You need to document decisions so that, if there is an incident, you can show a proportionate risk assessment and a governance model inspectors will recognise. You need to prevent AI systems from quietly making high risk decisions about admissions, grading, or discipline without meaningful human oversight.

That requires an operational framework, not a reading list.

Real K-12 AI governance involves defined roles, including a Senior AI Administrator, AI Compliance Officer, AI Tech Officer, and policy lead, with clear authority boundaries. It involves a vendor risk assessment process so an ICT lead can evaluate tools using clear questions instead of a 60 page audit. It involves platform hardening guides for Microsoft 365 Education and Google Workspace so AI features and external sharing are compliant by design, not just compliant by marketing claim. It involves FERPA aware use of generative tools and COPPA compliance that cover both student data and student identifiers inside prompts and learning logs. And it involves teacher training guidelines that explain how to use AI safely in the classroom without violating privacy or accidentally profiling vulnerable students.

None of this appears in Ireland's 38 pages, because the guidance is not built as an implementation system. It names the mountain. It does not provide a route.


One example: "Check the age restrictions" is not a compliance strategy

Take the Irish guidance on age restrictions. It notes that many generative tools have minimum ages between 13 and 18, and tells schools to "check the age restrictions and parental consent requirements with the relevant platform." It promises that an AI in Schools Hub will provide an updated list.

That sounds sensible until you compare it to what real compliance requires.

In Ryan James Purdy's Stop-Gap AI Compliance Guide, age restrictions are not a paragraph. They are a legal and technical section that explains why students under 13 cannot legally use commercial large language models at school, even indirectly. It cites COPPA, GDPR Article 8, and vendor terms. Then it shows administrators exactly how to configure Entra ID and Google Workspace so that elementary student accounts simply cannot reach those tools.

Ireland's guidance asks a question. Stop-Gap shows how to implement the answer.


Another example: "Trustworthy AI" without tools to test it

The Irish guidance tells schools to ensure AI systems are "reliable, fair, safe, and trustworthy." It sounds like modern K-12 AI governance. In practice, it offers no test, no checklist, and no documentation model.

The Stop-Gap framework treats that phrase as a job description.

It provides 29 forms and templates, including vendor questionnaires that ask about training data, opt out options, retention limits, appeal rights, and bias testing. It includes whitelisting criteria that allow ICT leads to tag tools as Tier 1 (Microsoft, Google) or Tier 2 (startups) with different levels of scrutiny. And it includes documentation sheets that let a principal or superintendent show exactly how a school policy framework was applied when approving or rejecting a tool.

That is what a governance system that leaders can defend actually looks like.


Platform security: where guidance becomes hand waving

Ireland's document quite rightly states that AI raises serious questions for data protection and privacy. It encourages schools to be cautious, to consult Data Protection Officers, and to follow GDPR.

What it does not say is that Microsoft 365 Education environments often ship with external sharing open, which directly affects compliance. It does not say that Gemini features in Google Workspace can remain active and send data to external servers unless explicitly disabled. And it does not say that certain Connected Experiences can use student work to train models unless they are turned off, which touches both FERPA and COPPA obligations.

The Stop-Gap AI Compliance Guide does not treat this as a footnote. It includes emergency 30 minute hardening guides that tell an ICT lead exactly where to click.

For Microsoft, that means specific Admin Center paths through Settings and Org Settings. For Google, that means precise steps in Admin Console, Apps, and Additional Google Services.

Again, the contrast is simple: one document describes a risk. The other provides an executable fix.


Ireland's questions versus Stop-Gap answers

This is not about Ireland alone. The same pattern appears in many countries. Ministries now talk confidently about AI compliance, AI literacy for educators, and human oversight, but they leave superintendents and principals without any concrete oversight framework or defined responsibilities beyond "consider, consult, reflect."

In my work with boards and ministries, the need is painfully clear. Leaders do not need another concept paper. They need a system that can be deployed this term.

That is what the Stop-Gap AI Compliance Guide: Primary and Secondary Edition is designed to be: a cross jurisdictional operational framework that unifies GDPR, FERPA, COPPA, the EU AI Act, and other major regimes into one working governance system for K-12.

It gives role specific handbooks for superintendents, principals, AI Compliance Officers, and teachers. It gives a structured oversight approach that ties AI decisions to regular governance cycles. It gives a practical risk assessment process with forms and timelines. It gives vendor evaluation tools a busy ICT director can run without a legal team. And it gives teacher training guidelines that explain how to use AI in the classroom safely and lawfully, not just whether AI is "exciting" or "concerning."

Government guidance documents, including Ireland's, are helpful as context. They get the questions on the table. But they do not protect anyone when a parent demands to know why an AI flag led to a grade penalty, or when a data protection authority asks to see evidence of algorithmic accountability in school decision making.

That administrator I mentioned at the start now has a working system on her desk. She does not need another guidance document. She needs forms she can file, configurations she can verify, and evidence she can produce when someone asks.

In that moment, you either have an operational framework your staff can point to, or you do not.

Ireland got the questions right. Schools still need a book that gives them the answers.


About the author

Ryan James Purdy is an AI governance and compliance advisor with nearly 30 years of experience across public and private education in North America and Europe. His Stop-Gap AI Policy Guide series is the first cross jurisdictional operational compliance framework for schools that can be implemented without external consultants. Contact: jamespurdy624@gmail.com | LinkedIn: @purdyhouse

References


  • Department of Education and Youth (Ireland). Guidance on Artificial Intelligence in Schools, Version 1. October 2025.

  • Government of Ireland. "Minister McEntee welcomes new national guidance on the use of AI in schools." Press release, 21 October 2025.

  • Irish Examiner. "Letters to the Editor: AI guidance for schools is too little too late." 26 October 2025.

  • Purdy, Ryan James. Stop-Gap AI Compliance: Primary and Secondary Edition. Purdy House Publishing, 2025.



 
 
 

Comments

bottom of page