← All Articles & Guides
For Professionals DSL KCSIE 2026 Online Safety

AI, Deepfakes and KCSIE 2026: New Safeguarding Duties Explained

The KCSIE 2026 AI provisions are the most significant online-safety change in years — explicit new duties on deepfakes, nudification apps and AI-generated imagery, and a mandatory annual filtering and monitoring review overseen by governors. Here is what the confirmed changes mean in practice for DSLs, IT leads and governing bodies.

✍️ By The Safeguard Hub Team 📅 July 2026 · Last reviewed July 2026 ⌛ 12 min read Part of The Safeguard Hub Articles Series
AI and deepfake safeguarding duties under KCSIE 2026

⚠️ In force from 1 September 2026 — KCSIE 2025 applies until then

These AI-related duties form part of KCSIE 2026, which replaces KCSIE 2025 on 1 September 2026. Until then, schools must continue to follow KCSIE 2025 and the DfE's existing generative AI guidance for schools. This summary is not exhaustive — see Part One, KCSIE 2026, and the full document on GOV.UK ↗ for the complete wording.

Why AI Is Now a Named KCSIE Duty

Earlier editions of Keeping Children Safe in Education referred to online safety mainly through the "Four Cs" framework — content, contact, conduct and commerce. Generative AI tools have moved fast enough that DSLs are now dealing with real incidents: pupils using image-editing apps to create sexualised images of classmates, AI chatbots being used inappropriately, and manipulated video circulating on group chats. KCSIE 2026 responds by naming these risks explicitly rather than leaving schools to infer them from general online safety wording.

What's New: The Confirmed AI and Online Safety Changes

🤖

AI-generated content, deepfakes and nudification apps named as risks

KCSIE 2026 requires schools to assess the risks from AI-generated content, deepfakes and "nudification" apps as part of their online safety arrangements — not treat them as a generic subcategory of existing harms (see Annex C, KCSIE 2026).

🛡️

Mandatory annual filtering and monitoring review

Filtering and monitoring provision must be formally reviewed at least once a year, with the governing body accountable for the outcome — this cannot sit solely with the IT department.

🌐

Whole-school ownership of online safety

Online safety must sit within the whole-school safeguarding framework led by the DSL, with IT as a delivery partner rather than the sole owner.

📋

Broadened child-on-child abuse categories

AI-generated imagery is explicitly added to the child-on-child abuse definition. See our companion article: KCSIE 2026 and Serious Violence.

Nudification Apps: What DSLs Need to Understand

A "nudification" app takes an ordinary photograph — often lifted from a pupil's social media profile — and uses AI to generate a fake sexualised or nude image of that person. The resulting image is entirely fabricated, but for the pupil depicted, and for anyone who sees it circulated, the harm is real: reputational damage, humiliation, and in some cases severe distress. Because the underlying photo can be completely innocent, these images can be produced without the victim's knowledge until the fake circulates.

KCSIE 2026 requires schools to treat this as a named, foreseeable risk rather than something covered only by generic "online safety" wording. In practice this means:

  • Filtering and monitoring provision should be checked specifically against known nudification and AI image-editing tools, not just general adult content categories
  • Staff training should name deepfakes and nudification apps explicitly, so staff recognise a disclosure or a shared image for what it is
  • Curriculum content (RSHE/PSHE) should address AI-generated image abuse directly, alongside existing content on sexting and image-sharing

⚠️ AI-generated sexual imagery of a child is treated as indecent imagery

Where a pupil creates, shares or possesses an AI-generated sexualised image of a child — including a fabricated "deepfake" of a real pupil — this must be reported to the police and the Internet Watch Foundation immediately, in the same way as any other indecent image of a child. Staff must not view, forward, print or otherwise retain the material themselves.

The Annual Filtering and Monitoring Review: What It Must Cover

KCSIE 2026 makes the annual filtering and monitoring review a formal governance requirement, not just good practice. At minimum, the review should evidence:

  • Whether filtering actively covers devices used on school networks, including school-owned devices used off-site
  • Whether monitoring systems and alert triage are functioning and reviewed by a named responsible person
  • Whether the provision has been checked specifically against AI-generated content, deepfake and nudification risks, not only long-standing harm categories
  • Sign-off by the governing body, recorded in minutes, confirming the review has taken place and any gaps have an action plan

Schools that have historically treated this as an IT-only task should use this cycle to bring it formally to governors — a gap here is one of the more straightforward Ofsted-visible risks under the new framework. See our wider DSL Autumn Term Toolkit for a broader governance preparation checklist.

Preparing Before September 2026

  1. Update your acceptable use and online safety policies to name AI-generated content, deepfakes and nudification apps explicitly, rather than relying on generic "online harms" wording.
  2. Schedule the annual filtering and monitoring review with a fixed date and a governor sign-off step built in.
  3. Brief pastoral and safeguarding staff on how to respond if a pupil discloses that a fake image has been made of them or a peer — the response mirrors existing sexting/indecent image protocols, not a new process.
  4. Review RSHE/PSHE content so pupils understand what AI-generated image abuse is, that it is a form of abuse regardless of whether the image is "real", and how to report it.
  5. Cross-check your child-on-child abuse policy against the broadened definition — see our guide to the serious violence and child-on-child abuse changes.

Frequently Asked Questions

What does KCSIE 2026 say about AI?

It introduces an explicit duty for schools to assess and mitigate risks from AI-generated content, including deepfakes and nudification apps, and to build this into filtering, monitoring and curriculum provision.

What is a nudification app and why does KCSIE 2026 mention it?

A nudification app manipulates an ordinary photo to generate a fake sexualised image. KCSIE 2026 names these tools specifically because pupils have used them to create non-consensual sexual imagery of peers.

Is creating an AI deepfake image of a child a criminal offence?

Yes — sexualised or intimate AI imagery of a child is treated as indecent imagery and must be reported to the police and the Internet Watch Foundation immediately.

Does the annual filtering review need to go to governors?

Yes. The governing body is formally accountable for the outcome of the annual filtering and monitoring review under KCSIE 2026, not just the DSL or IT lead.

Who to Contact

If you suspect AI-generated indecent imagery of a child

  • Immediate danger: Call 999
  • Report to police: Call 101, and report the imagery to the Internet Watch Foundation
  • CEOP (online child sexual abuse): ceop.police.uk/safety-centre
  • Mental health crisis, out of hours: NHS 111, option 2 — see our mental health and safeguarding guide
  • Childline: 0800 1111

Sources: Department for Education. Keeping Children Safe in Education 2026. GOV.UK. | DfE. Generative AI: product safety expectations for the education sector. | Internet Watch Foundation. | Data (Use and Access) Act 2025 (governs handling of personal data captured in filtering/monitoring and AI-safety records). Last reviewed: July 2026.