Keeping children safe in the age of AI: updated DfE guidance

AI is no longer a distant prospect for schools. According to Ofcom’s 2025 report, half of children aged eight to 17 have used AI tools, rising to three in five among 13 to 15-year-olds.

The use of AI for educational purposes has increased significantly, from 35% in 2023 to 45%. AI is now integrated into the daily lives of pupils, and schools must respond accordingly – not only to harness the technology’s potential, but to safeguard children against its risks.

AI and children’s online safety is firmly on the national and international agenda. The UK government’s consultation ‘Growing Up in the Online World’ closed on 26 May 2026. Potential age restrictions on social media, addictive design features and the proposition for statutory guidance on the use of mobile phones in schools were among the many considerations.

On 29 May 2026, the G7 Digital and Technology Ministers agreed for the first time a set of shared principles to shield children and young people from online harm, centered on safety by design, effective age assurance and addressing the risks posed by AI.

Against this backdrop, the Department for Education (DfE) has updated its suite of free AI in education support materials, developed by the Chiltern Learning Trust and the Chartered College of Teaching. The updated guidance comprises four staff training modules and a leadership toolkit, with significantly expanded safeguarding content. Schools should now be encouraging their staff to engage with these materials as a priority for training and development.

The safeguarding risks schools must understand

The guidance identifies several AI-specific safeguarding risks that schools need to address as a matter of priority.

Deepfakes and AI-generated child sexual abuse material (CSAM) remain a serious and evolving threat. Recent analysis indicates that most criminal AI-generated CSAM is now virtually indistinguishable from real imagery, and that perpetrators are deploying these materials to groom, blackmail and coerce children. Because the digital tools needed to produce such content are freely accessible, there’s a growing risk that young people may themselves generate images they would otherwise be blocked from accessing online. Government guidance on incidents involving nudes and semi-nudes applies equally to AI-generated sexualised deepfakes.

Closely related is the issue of nudification tools. The Crime and Policing Act 2026 has now received Royal Assent, making it a criminal offence — for the first time — to make, adapt, supply or offer to supply AI-powered nudification tools, apps and services designed to digitally strip clothing from images of real individuals. However, there’s currently no date for these offences to become enforceable, and browser-based nudification services aren’t caught by this legislation.

Research from Smoothwall in March 2026 found that 26.5% of educators had identified instances of students using AI to create CSAM or nude content. Schools must treat this as an active, ongoing risk.

A less obvious but equally important risk identified in the guidance is cognitive offloading. This describes the tendency for pupils to hand over their thinking to AI systems instead of building their own knowledge and capabilities. The DfE frames this not simply as a teaching and learning issue but as a child protection risk: where pupils turn to AI rather than to people, they’re less likely to seek help from trusted adults and the opportunities for staff to identify and act on disclosures diminish.

Schools should also be aware of the risks posed by emotional attachment to AI chatbots. Certain tools are built in ways that prompt children to develop emotional bonds with them. For vulnerable children, this is particularly concerning: these tools can replace genuine human relationships and circumvent contact with trusted adults, upon which effective safeguarding depends. The guidance highlights that AI companion apps carry particular dangers: they can create emotional dependency and, alarmingly, have been found to engage in sexually explicit conversations even after a user has identified themselves as a child. This is a particular concern for schools working with the most vulnerable pupils.

Image scraping is also flagged as a safeguarding risk. Automated tools can harvest photographs from public online platforms, including school websites and social media, and those images can then be used without consent to create AI-generated deepfake abuse materials or for extortion. Schools need to consider carefully what images they publish and on which platforms, as this is no longer a hypothetical risk.

A further concern is the use of AI in radicalisation. Terrorist and extremist groups are already exploiting generative AI to accelerate the production of propaganda, to deploy AI-driven chatbots for targeted recruitment and to improve instructional material for carrying out attacks. The sophistication of AI chatbots introduces an additional dimension to this threat, as vulnerable or isolated individuals may now be drawn towards extremism through private, one-to-one exchanges with an AI system, without any human moderator in the loop.

What schools need to do

The DfE guidance is clear on the steps schools should be taking.

Child protection and online safety policies must be updated to reflect AI-specific risks, including deepfakes, AI-generated images, cognitive offloading and emotional dependency on AI tools. This should be reviewed regularly in line with Keeping Children Safe in Education (KCSIE).

Filtering and monitoring systems must be reviewed at least annually, and that review must now explicitly consider how the school uses generative AI tools. Systems should be capable of identifying and managing harmful AI-generated content.

Any app or online tool offering mental health support to pupils must be regulated by the Medicines and Healthcare Products Regulatory Agency (MHRA). Designated safeguarding leads should check whether any tools currently in use meet this requirement.

In respect of the public visibility of pupil images, the UK Safer Internet Centre recommends restricting the public availability of pupil photographs and, where appropriate, hosting them behind a secure, password-protected platform such as a parent portal.

Staff must only use AI tools approved by their school or college, and those tools should meet the DfE’s generative AI product safety standards and KCSIE requirements. Free AI tools are unlikely to have appropriate safeguards in place.

Staff training on AI-specific risks should be treated as a safeguarding priority, not a technology initiative. The DfE recommends that all staff complete Module 3, which addresses the safe use of AI, regardless of their level of experience. The leadership toolkit should be worked through by school management or leadership teams as part of their strategic planning and used consistently rather than as a ‘one off’ training exercise.

The full suite of DfE materials is available free of charge. This technology is developing faster than the regulatory framework around it, and schools can’t afford to wait for the law to catch up before taking practical steps to protect their pupils.

How we can help

Our Education team at HCR Law works with independent schools across the country on the legal and regulatory challenges they face, including those arising from AI and online safety.

We can support your school in the following ways:

• We can carry out a comprehensive policy review, examining your child protection, online safety, acceptable use, data protection and related policies to ensure they address AI-specific risks and comply with KCSIE and current DfE guidance. Where gaps are identified, we can draft updated provisions or entirely new policy wording for your governing body to adopt
• For schools that don’t yet have a standalone AI use policy, we can prepare one tailored to your setting. This would cover staff and pupil use of AI tools, approved tool lists, data protection requirements, intellectual property considerations and expectations around academic integrity — providing a clear framework that staff, parents and pupils can understand and follow
• We can advise on the data protection implications of AI tool procurement and use, including whether a data protection impact assessment is required, what lawful basis applies to the processing of pupil data and how to ensure compliance with UK GDPR when evaluating or onboarding new AI products
• We also support schools with safeguarding compliance more broadly, including advising on filtering and monitoring obligations, responding to incidents involving AI-generated imagery and ensuring your policies and training are aligned with the latest statutory guidance.