AI governance in education.

EU AI Act

AI used in admissions decisions, assessment of students, and educational or vocational training is classified as high-risk under the EU AI Act. Institutions with EU students are directly in scope, including many English-language universities with international enrolments.

Student data privacy

Student data is among the most sensitive personal data categories. GDPR, Australia's Privacy Act, FERPA (US), and COPPA (for under-13s in the US) create obligations that significantly constrain how AI vendors may process student data.

Anti-discrimination obligations

AI used in admissions and scholarship allocation must comply with anti-discrimination law. Documented false positive rates in AI academic integrity tools have disproportionately flagged non-native English speakers, creating discrimination risk.

Duty of care

Educational institutions have duty of care obligations to students. AI systems deployed in student mental health support, wellbeing monitoring, or pastoral roles carry those obligations directly.

AI academic integrity false positives

AI plagiarism and content detection tools have documented and significant false positive rates. Multiple students have faced academic misconduct proceedings for human-authored work incorrectly flagged as AI-generated. AI detection output alone is not sufficient basis for an academic misconduct finding.

Student data use by AI vendors

AI tools deployed in educational settings sometimes use student interaction data for model training or share it with third parties. This frequently violates applicable student privacy law. Vendor contracts must be reviewed against privacy obligations before deployment.

Admissions AI without human oversight

AI-assisted admissions scoring without adequate human review creates EU AI Act compliance gaps and due process concerns for affected applicants. Deployer obligations under the Act apply regardless of who built the AI system.

AI mental health tools without escalation pathways

AI chatbots deployed in student welfare roles without clear human escalation protocols for crisis situations create serious duty of care exposure. The AI is not a substitute for professional support; governance must define when human escalation is mandatory.

Have you classified your AI systems — admissions scoring, assessment tools, student support chatbots — against the EU AI Act's high-risk category?

Have your AI vendor contracts been reviewed against student privacy law — specifically, what student data vendors may use for training and third-party sharing?

What is your policy on AI detection tools for academic integrity — specifically, what standard of evidence is required before a misconduct finding is made?

For AI systems in student-facing support roles, what are the mandatory human escalation pathways, and how are they monitored?

Have you conducted a fundamental rights impact assessment for AI systems used in admissions, scholarship allocation, or student progression decisions?

What is your institutional position on student use of AI in assessed work, and how is it consistently applied across departments?