The DSL Compliance Guide: What KCSIE 2025 Demands of Your School

What Changed from KCSIE 2025 to KCSIE 2025

KCSIE 2025 is primarily a technical update. The Department for Education confirmed at publication that Part 1 — the section all staff must read — is unchanged. Schools that achieved full compliance with KCSIE 2025 need only address the specific additions below. There are no wholesale policy changes or new safeguarding categories.

That said, the additions that are present carry real compliance weight for DSLs — particularly around online safety, artificial intelligence, and filtering. Here is what changed:

The DSL Role: Statutory Duties Under KCSIE 2025

The core architecture of the DSL role is unchanged in the 2025 edition. Every school and college must have a Designated Safeguarding Lead who is a member of the senior leadership team. The DSL's role is not delegable — while a deputy can act in the DSL's absence, ultimate accountability remains with the named DSL.^[1]

KCSIE 2025 Part 2 sets out the DSL's core statutory functions:

Responsibility	Statutory Basis
Manage referrals to MASH, children's services, police and specialist agencies	KCSIE 2025 Part 2 / s.47 Children Act 1989
Liaise with the local authority and attend multi-agency meetings (e.g. Child Protection Conferences, CIN reviews)	Working Together 2026
Maintain confidential safeguarding records securely — separate from general pupil records	KCSIE 2025 Annex C / UK GDPR
Provide induction, training and regular updates to all staff on safeguarding	KCSIE 2025 Part 1
Ensure safer recruitment procedures are followed for all appointments	KCSIE 2025 Part 3
Maintain the Single Central Record (SCR) of all staff and volunteer checks	KCSIE 2025 Part 3 / Annex B
Act as the point of contact for the designated teacher for looked-after children	KCSIE 2025 Part 2
Ensure the governing body receives an annual safeguarding report	KCSIE 2025 Part 2
Lead the school's response to online safety, including filtering and monitoring oversight	KCSIE 2025 Para 135–143
Assess and oversee AI tools deployed with pupils (new in 2025)	KCSIE 2025 / DfE AI guidance

The DSL must also attend Child Protection Case Conferences and, where the school is not invited, ensure the school submits a written report in advance. Where a child has a Child Protection Plan, the DSL should be the primary contact for the allocated social worker.

Training Requirements

KCSIE 2025 sets out that the DSL must receive training that is updated at least every two years. In addition to formal training, the DSL must receive regular (at least annual) briefings to keep pace with emerging risks — this is distinct from the two-yearly formal requirement and is a separate obligation.^[1]

All other staff must receive safeguarding training at induction and then at regular intervals. The frequency is not prescribed but should be sufficient to ensure staff can identify and report concerns. Annual refreshers are standard practice and expected by Ofsted.

Online Safety: The Four Cs Expanded

KCSIE 2025 (Para 135) updates the Four Cs framework that structures online risk for schools. Previously covering content, contact, conduct, and commerce, the content category now explicitly names three new harm types:

Schools and colleges should be aware that technology is a significant component in many safeguarding and wellbeing issues — including online forms of abuse. Children can be exposed to misinformation, disinformation and conspiracy theories online, and schools should equip them with the critical thinking skills to navigate these safely.

What "Misinformation" Means in Practice

Misinformation is false information shared without deliberate intent to deceive. It spreads rapidly through peer-sharing on social platforms. For safeguarding purposes, the concern is when misinformation causes distress, leads to harmful decisions, or forms part of the pathway into more serious harm (for example, health misinformation discouraging help-seeking, or radicalisation that begins with misleading content about social groups).

Disinformation and Deepfakes

Disinformation is deliberately false information. The safeguarding relevance for schools is significant: AI-generated deepfakes — including non-consensual intimate imagery and manipulated video — fall within disinformation as a harm vector. A pupil who believes they are viewing authentic footage of a peer or teacher is being deceived; the school has a role both in educating pupils to question authenticity and in responding when deepfake content is created or shared.

Conspiracy Theories as a Safeguarding Indicator

KCSIE 2025's explicit inclusion of conspiracy theories is particularly significant for DSLs. Sustained engagement with conspiracy theory content is now a documented gateway into extremist ideology — particularly far-right and anti-government movements. A pupil who presents with intense, inflexible belief in conspiracy theories, or who is actively recruiting peers to such views, should be considered under the Prevent framework as well as the broader safeguarding threshold.

This does not mean every pupil who questions a news story requires a Prevent referral. It means DSLs should include conspiracy theory awareness in staff training so that early indicators — argumentative rejection of factual sources, specific conspiratorial narratives about protected groups — are recognised and escalated appropriately.

Generative AI: What KCSIE 2025 Requires of Schools

KCSIE 2025 is the first edition to explicitly address generative AI, reflecting the pace at which these tools have entered school settings. The statutory expectations are built on the DfE's Generative AI: product safety expectations for the education sector guidance, published 2023.

Before Deploying Any AI Tool with Pupils

• Data Protection Impact Assessment (DPIA): Mandatory for any AI tool processing pupil data. The DPO must be consulted and the DPIA documented.
• Product safety expectations check: Assess the tool against the DfE's framework, which covers age appropriateness, data handling, content moderation, and transparency of AI-generated outputs.
• Staff training: Staff using AI tools with pupils must understand the risks, including how generative AI can produce plausible but inaccurate content, how it can be misused for bullying or harassment, and the risk of AI-facilitated grooming.

AI-Generated CSAM and Deepfake Imagery

The generation of child sexual abuse material using AI tools is a criminal offence under the Sexual Offences Act 2003 as amended. KCSIE 2025 makes clear that schools must have policies covering AI-generated imagery — particularly non-consensual deepfake intimate images — alongside existing policies on the sharing of indecent images of minors. Any incident involving AI-generated CSAM must be reported to the police and the Internet Watch Foundation immediately.

AI in the Classroom — Permitted Use Policies

Schools should have a written AI acceptable use policy (or incorporate AI into their existing acceptable use policy) covering: which tools are approved, what data pupils may input, how AI outputs must be handled, and what constitutes misuse. Governors should receive a briefing on AI risks at least annually.

Filtering and Monitoring: Updated Standards

KCSIE 2025 strengthens the expectation that governing bodies take an active role in ensuring filtering and monitoring provision is adequate. The governing body — not only the DSL or IT lead — is accountable for the standard of filtering in the school.

The DfE Self-Assessment Tool

Schools must use the DfE's Plan technology for your school self-assessment tool to verify their provision against minimum standards. This covers:

• Whether the filtering solution is active on all devices used by pupils on school networks
• Whether BYOD (Bring Your Own Device) policies adequately extend filtering to personal devices on the school network
• Whether monitoring is active and alerts are reviewed by a responsible person in a timely way
• Whether the filtering solution is updated regularly to address new harmful content categories

Monitoring vs Filtering: A Critical Distinction

Many schools have strong filtering but weak monitoring. Filtering prevents access to known harmful content. Monitoring detects harmful behaviour that filtering cannot prevent — including a pupil researching self-harm methods via a search engine that returns non-blocked results, or accessing grooming conversations via an end-to-end encrypted messaging app on a school device. KCSIE 2025 requires both, and a school that can demonstrate filtering but not monitoring does not meet the standard.

Alignment with Working Together 2026

Working Together to Safeguard Children 2026 — in force since 18 March 2026 — operates alongside KCSIE 2025 as the second pillar of the statutory framework for schools. KCSIE requires schools to follow the multi-agency arrangements set out in Working Together, so DSLs must read both documents together.^[2]

Key Working Together 2026 Requirements That Affect Schools

• Early help: Schools are identified as key partners in early help provision. The DSL should be actively engaged in local early help networks — not only making statutory referrals at threshold, but contributing to early help assessments where a child is known to the school.
• Information sharing: Working Together 2026 strengthens the presumption in favour of sharing information where a child may be at risk. DSLs must not allow concerns about GDPR to prevent them from sharing relevant information with other agencies — the legal gateway is safeguarding, and the duty to share is explicit.
• Child Protection Conferences: Updated guidance on school contributions at conferences and reviews. Schools should submit written reports in advance and attend where possible. The report must reflect the school's professional assessment of the child's welfare, not simply attendance and attainment data.
• Multi-agency safeguarding arrangements (MASAs): Working Together 2026 replaces the previous LSCB and MASH structures with strengthened multi-agency safeguarding arrangements. DSLs should ensure they know their local MASA structure and the referral thresholds that apply.

20-Point KCSIE 2025 Compliance Checklist

Use this checklist at the start of each academic year and following any significant staffing or policy change. Print and retain a completed copy for Ofsted and governor records.

Statutory References

All DSLs should hold current copies of, and be familiar with, the following:

• Keeping Children Safe in Education 2025 — DfE, in force 1 September 2025. gov.uk ↗
• Working Together to Safeguard Children 2026 — HM Government, in force March 2026. gov.uk ↗
• Children Act 1989 — Section 17 (child in need), Section 47 (child protection enquiry)
• Children Act 2004 — Section 10 (duty to cooperate) and Section 11 (duty to safeguard)
• Online Safety Act 2023 — Platform duties relevant to schools and families
• Counter-Terrorism and Security Act 2015 — Prevent duty for specified authorities including schools
• DfE: Generative AI — product safety expectations for the education sector (2023)
• DfE: Plan technology for your school — filtering and monitoring self-assessment

Sources: [1] Department for Education (2025). Keeping Children Safe in Education 2025. gov.uk. [2] HM Government (2026). Working Together to Safeguard Children 2026. gov.uk. [3] Department for Education (2023). Generative AI: product safety expectations for the education sector. gov.uk. [4] Ofsted (2024). Education Inspection Framework. gov.uk. Last reviewed: May 2026.