The KCSIE 2026 AI provisions are the most significant online-safety change in years — explicit new duties on deepfakes, nudification apps and AI-generated imagery, and a mandatory annual filtering and monitoring review overseen by governors. Here is what the confirmed changes mean in practice for DSLs, IT leads and governing bodies.
⚠️ In force from 1 September 2026 — KCSIE 2025 applies until then
These AI-related duties form part of KCSIE 2026, which replaces KCSIE 2025 on 1 September 2026. Until then, schools must continue to follow KCSIE 2025 and the DfE's existing generative AI guidance for schools. This summary is not exhaustive — see Part One, KCSIE 2026, and the full document on GOV.UK ↗ for the complete wording.
Earlier editions of Keeping Children Safe in Education referred to online safety mainly through the "Four Cs" framework — content, contact, conduct and commerce. Generative AI tools have moved fast enough that DSLs are now dealing with real incidents: pupils using image-editing apps to create sexualised images of classmates, AI chatbots being used inappropriately, and manipulated video circulating on group chats. KCSIE 2026 responds by naming these risks explicitly rather than leaving schools to infer them from general online safety wording.
KCSIE 2026 requires schools to assess the risks from AI-generated content, deepfakes and "nudification" apps as part of their online safety arrangements — not treat them as a generic subcategory of existing harms (see Annex C, KCSIE 2026).
Filtering and monitoring provision must be formally reviewed at least once a year, with the governing body accountable for the outcome — this cannot sit solely with the IT department.
Online safety must sit within the whole-school safeguarding framework led by the DSL, with IT as a delivery partner rather than the sole owner.
AI-generated imagery is explicitly added to the child-on-child abuse definition. See our companion article: KCSIE 2026 and Serious Violence.
A "nudification" app takes an ordinary photograph — often lifted from a pupil's social media profile — and uses AI to generate a fake sexualised or nude image of that person. The resulting image is entirely fabricated, but for the pupil depicted, and for anyone who sees it circulated, the harm is real: reputational damage, humiliation, and in some cases severe distress. Because the underlying photo can be completely innocent, these images can be produced without the victim's knowledge until the fake circulates.
KCSIE 2026 requires schools to treat this as a named, foreseeable risk rather than something covered only by generic "online safety" wording. In practice this means:
⚠️ AI-generated sexual imagery of a child is treated as indecent imagery
Where a pupil creates, shares or possesses an AI-generated sexualised image of a child — including a fabricated "deepfake" of a real pupil — this must be reported to the police and the Internet Watch Foundation immediately, in the same way as any other indecent image of a child. Staff must not view, forward, print or otherwise retain the material themselves.
KCSIE 2026 makes the annual filtering and monitoring review a formal governance requirement, not just good practice. At minimum, the review should evidence:
Schools that have historically treated this as an IT-only task should use this cycle to bring it formally to governors — a gap here is one of the more straightforward Ofsted-visible risks under the new framework. See our wider DSL Autumn Term Toolkit for a broader governance preparation checklist.
What does KCSIE 2026 say about AI?
It introduces an explicit duty for schools to assess and mitigate risks from AI-generated content, including deepfakes and nudification apps, and to build this into filtering, monitoring and curriculum provision.
What is a nudification app and why does KCSIE 2026 mention it?
A nudification app manipulates an ordinary photo to generate a fake sexualised image. KCSIE 2026 names these tools specifically because pupils have used them to create non-consensual sexual imagery of peers.
Is creating an AI deepfake image of a child a criminal offence?
Yes — sexualised or intimate AI imagery of a child is treated as indecent imagery and must be reported to the police and the Internet Watch Foundation immediately.
Does the annual filtering review need to go to governors?
Yes. The governing body is formally accountable for the outcome of the annual filtering and monitoring review under KCSIE 2026, not just the DSL or IT lead.
If you suspect AI-generated indecent imagery of a child
Sources: Department for Education. Keeping Children Safe in Education 2026. GOV.UK. | DfE. Generative AI: product safety expectations for the education sector. | Internet Watch Foundation. | Data (Use and Access) Act 2025 (governs handling of personal data captured in filtering/monitoring and AI-safety records). Last reviewed: July 2026.