The Certifications Don't Exist...Yet.

Key Takeaways:

• The World Bank identifies "Competency" as one of four essential AI foundations, but focuses on worker skills, not institutional governance capacity. The gap they're missing is who governs AI in education, not who uses it.

• 37% of teachers already use generative AI for work tasks according to OECD data, yet 45% of US high schools have no AI policy and no plans to develop one. Adoption is outpacing governance infrastructure.

• No education-specific, widely recognized credential exists for AI governance in schools. General-purpose certifications don't address child safety, academic integrity, parental consent, or school operational constraints.

• Insurance carriers are beginning to ask governance questions that most institutions cannot answer. The market is creating demand for expertise the education sector cannot supply.

Global policy reports are calling for AI competency in education, but they're measuring the wrong thing. The World Bank's Digital Progress and Trends Report 2025 identifies four foundations for AI readiness: Connectivity, Compute, Context, and Competency. Their Competency pillar focuses on digital skills for workers and students. It addresses who can use AI systems. It says nothing about who governs them.

The OECD's Digital Education Outlook 2026 reports that 37% of lower secondary teachers used generative AI for work tasks in 2024 (TALIS 2024). Teachers are adopting AI faster than institutions are building governance infrastructure. The same report warns about "overreliance" undermining cognitive effort and professional skills, but the governance mechanisms to address these concerns remain undefined.

Meanwhile, research examining US educational institutions found that approximately 45% of surveyed high schools have no AI policy and no plans to develop one. This isn't a gap that training will fix. Organizations most in need of governance are frequently least equipped to implement it. They lack the internal expertise to assess their own practices, the budget to hire external help, and the institutional knowledge to know what "good" looks like.

The result is a circular problem. Schools cannot implement governance they do not understand. They cannot hire expertise that does not exist in credentialed form. They cannot properly assess vendors, despite a growing number of guidelines on the matter, because they lack the technical and regulatory fluency to evaluate claims against those guidelines. And so they wait, accumulating compliance debt: the hidden costs that build when organizations adopt surface-level policies without underlying governance infrastructure to support them.

The insurance market is already shifting.

In cyber coverage, underwriters have moved from accepting self-reported security practices to requiring documented evidence. Carriers now require screenshots, logs, test results, and third-party attestation. Organizations that cannot produce such evidence face higher premiums, coverage exclusions, or claim denials. In Travelers v. International Control Services, a cyber policy was declared void from inception after the insurer alleged that MFA controls weren't implemented as attested. Self-attestation works until it's tested. When tested, it frequently fails.

AI governance is following the same trajectory. Questionnaires are appearing on insurance applications asking about human oversight protocols, vendor risk assessments, and staff training documentation. Underwriters are not asking whether schools have policies. They are asking whether schools can prove those policies are implemented.

I recently discussed this with an insurance professional who holds both a B.Ed and M.Ed and works with educational institutions. He told me the pressure isn't universal yet: "I'm not seeing this as strongly, though that may be a function of my client mix." His work focuses on private career colleges, where AI adoption has been more cautious. Underwriting questions, he noted, "tend to surface only once AI is embedded in admissions, assessment, or data handling in a material way."

But he added: "I can see how the dynamic you're describing could emerge more clearly in board environments or at scale, particularly as AI use becomes more formalized and insurers start standardizing their questions and exclusions."

The direction is clear. The timeline varies by sector. K-12, with its heightened data privacy obligations around minors, faces the sharpest exposure.

This creates demand for a type of expertise the education sector cannot supply.

Someone who understands FERPA, COPPA, state privacy laws, and how they interact with emerging AI regulations. Someone who understands what evidence formats satisfy underwriting. Someone who understands school budgets, academic calendars, union contracts, and age-appropriate considerations. Someone who can evaluate vendor claims against actual system capabilities.

These domains rarely coexist in a single professional background. Lawyers understand regulation but not academic calendars. IT directors understand technology but not insurance questionnaires. Educators understand school context but not jurisdictional conflicts. The expertise is distributed, not integrated.

There are emerging AI governance credentials and certifiable management-system standards. But none are built for the lived realities of schools: minors, consent regimes, academic integrity, parent expectations, and classroom constraints. The gap isn't "no standards exist." The gap is that the standards which exist don't map cleanly to education.

The wider market is professionalizing, just not for schools.

The UK government published its "Trusted third-party AI assurance roadmap" in September 2025, committing to build a "world-leading AI assurance market." The UK AI assurance market is already worth approximately £1 billion, and the government established an £11 million fund to accelerate development. ISO/IEC 42006:2025 specifies requirements for bodies providing audit and certification of AI management systems.

But none of this addresses education specifically. ISO 42001 says nothing about child safety, academic integrity, or parental consent. The UK assurance market is focused on commercial AI deployment, not schools. The expertise being credentialed elsewhere does not translate directly to educational contexts.

This is the pre-certification period. The discipline of AI governance in education is being built right now by practitioners working across regulatory, insurance, educational, and technical domains. The formalization that follows will likely require credentials that don't yet exist. But organizations facing insurance renewals, regulatory deadlines, and board questions cannot wait for that formalization.

Someone has to document the frameworks before the credentialing bodies exist to validate them. That's the work.

If your organization is navigating this gap, I'd welcome a conversation. My whitepapers on AI governance in education are available through Purdy House Publishing, and the Stop-Gap AI Compliance Guide series provides operational frameworks for institutions facing these challenges now.

References:

World Bank. "Digital Progress and Trends Report 2025: Strengthening AI Foundations." 2025.

OECD. "Digital Education Outlook 2026: Effective Uses of Generative AI in Education." January 2026.

Ghimire, Aashish, and John Edwards. "From Guidelines to Governance: A Study of AI Policies in Education." arXiv:2403.15601, 2024.

UK Department for Science, Innovation and Technology. "Trusted third-party AI assurance roadmap." September 2025.

International Organization for Standardization. "ISO/IEC 42006:2025." July 2025.

Travelers Property Casualty Company of America v. International Control Services Inc., No. 22-cv-2145 (C.D. Ill. 2022).

Purdy, Ryan James. "The Case for Independent AI Assurance in Education: From Self-Attestation to External Validation." Purdy House Publishing, January 2026.