Banyan Global Learning
AI Policy hubFree annotated template

AI Acceptable Use Policy template

Adaptable policy language for K–12 districts, with an annotation on every section explaining what it protects and where it sits in the 5-Layer AI Governance Framework. Bracketed text is yours to localize.

This template is a starting point, not legal advice — review the adapted policy with your district counsel before board adoption.

1. Purpose

This policy establishes expectations for the responsible use of artificial intelligence (AI) tools by students and staff of [District Name]. Its purpose is to enable the benefits of AI for learning and district operations while protecting student data, academic integrity, and the district's educational mission.

Why this matters: Layer 1 — Strategic Clarity. Open with intent, not restrictions. A purpose statement that names benefits AND protections tells staff, families, and auditors that this is governance, not a ban. If your board has an approved AI intent statement, cite it here.

2. Definitions

"AI tools" means software that generates content, predictions, or decisions using machine learning, including generative AI (text, image, audio, video generators), AI features embedded in approved platforms, and AI companions or agents. "District data" means any information about students, staff, or district operations, whether or not it is legally protected. "Approved tool" means an AI tool that has completed the district's evaluation process and appears on the published approved-tools list.

Why this matters: Layer 2 — Risk & Compliance. Definitions decide whether your policy still applies next year. Defining "AI tools" by capability (generates content or decisions) rather than by product name keeps the policy durable as tools change — and explicitly naming embedded AI features closes the "but it's built into the app we already use" loophole.

3. Permitted uses — staff

Staff may use approved AI tools to: draft and differentiate instructional materials; generate feedback suggestions that the educator reviews before delivery; support planning, communication drafts, and administrative tasks; and support accessibility accommodations. In all cases the responsible professional remains the author of record: AI output must be reviewed for accuracy, bias, and appropriateness before use, and staff remain accountable for anything they produce with AI assistance.

Why this matters: Layer 3 — Instructional Integration. The load-bearing sentence is "the responsible professional remains the author of record." It preserves human judgment as the non-negotiable step — the cognitive-integrity principle — without micromanaging which tasks are allowed.

4. Permitted uses — students

Student use of AI tools is governed by grade band and by assignment. [District Name] maintains differentiated expectations: [elementary — teacher-directed, whole-class use of approved tools only; middle — guided individual use of approved tools where the assignment permits; high school — individual use of approved tools where the assignment permits, with disclosure]. The teacher's assignment-level designation (see the Academic Integrity & AI policy) always controls whether and how AI may be used on specific work.

Why this matters: Layer 2 + Layer 3. One K–12 rule is the most common failure mode in real district policies — what is appropriate for a junior is not appropriate for a second-grader. Delegating the final call to the assignment level keeps the policy out of teachers' way while keeping expectations enforceable. Pair this section with our Academic Integrity template.

5. Prohibited uses

The following are prohibited for all users: entering personally identifiable information about students or staff into any AI tool not approved for that data; using AI tools to surveil, profile, or make consequential decisions about individuals without human review; presenting AI-generated work as one's own where disclosure is required; using AI to harass, impersonate, or generate prohibited content; and using unapproved AI tools for district business or coursework where approved alternatives exist.

Why this matters: Layer 2 — Risk & Compliance. Note what leads: data entry into unapproved tools is the single highest-probability FERPA incident in most districts — a well-meaning teacher pasting a student's IEP into a free chatbot. Prohibitions should target behaviors, not tool names, so the list survives the next product cycle.

6. Tool approval and inventory

The district maintains a published list of approved AI tools, reviewed at least quarterly. Requests for new tools are submitted to [owner/committee] and evaluated against district criteria, including: what data the tool collects and where it flows; the provenance of training data and known bias risks; vendor transparency and contractual data protections (including FERPA/COPPA compliance); interoperability and data portability; and instructional value. No AI tool may be used with students or district data before approval.

Why this matters: Layer 2 + Layer 5. The inventory is the control point the rest of the policy depends on — you cannot enforce "approved tools only" without a current list. The evaluation criteria here are deliberately the same ones that protect you from vendor lock-in (Layer 5): portability and transparency requirements do double duty.

7. Data privacy

AI tools are subject to all existing district data-privacy obligations, including FERPA, COPPA, and [state law]. Student data may be used with an AI tool only where the tool's contract explicitly covers that data category, prohibits its use for model training absent written consent, and provides for deletion on request. Free consumer AI tools are treated as unapproved for student data without exception.

Why this matters: Layer 2 — Risk & Compliance. The "no model training on our data" clause is the one districts most often miss and vendors most often bury. Making free consumer tools categorically unapproved for student data gives staff a bright line that requires no judgment call.

8. Incident response

Suspected incidents — including data exposure to an unapproved tool, discriminatory or harmful AI output affecting a student, or misuse of AI to impersonate or harass — are reported to [role] within [timeframe]. The district will follow its existing incident-response procedures, extended to cover AI-specific harms, and will communicate with affected families as required by law and district practice.

Why this matters: Layer 2 + Layer 4. A policy without a named reporting path is a policy that fails its first real test. The annotation to act on: staff should be able to name the person and the timeframe from memory — that is a PD outcome (Layer 4), not a document outcome.

9. Review cycle

This policy is reviewed at least annually by [owner/committee], and immediately upon: adoption of a materially new class of AI capability in district tools; a relevant change in law or state guidance; or a significant AI-related incident. The current version and revision date are published on the district website.

Why this matters: Layer 5 — Future-Readiness. An AI policy with no review trigger is stale within a year. Publishing the revision date publicly is a small transparency move that pays off with parents and press (Layer 1).

The policy is Layer 2. Where do you stand on all five?

Ten minutes with your leadership team, a maturity rating per layer, and your three most urgent priorities — free, no card, no sales call.