EU AI Act: A Practical Guide for UK Schools in 2024

Understanding the EU AI Act's Impact on Schools

Despite the UK's departure from the European Union, the EU AI Act has potential implications for British educational institutions. Schools that utilise AI systems or collaborate with European service providers may need to consider these regulations. Based on Matthew Wemyss's detailed research, the legislation's influence on British education warrants careful consideration.

Beginning in February 2025, British educational institutions that employ AI systems which interact with EU residents or process EU-based data may need to adhere to these regulatory requirements. Several common situations in UK schools could be affected, including:

• Processing and evaluating applications from students based in EU member states
• Utilising learning management systems or educational software hosted on servers within the EU
• Adopting educational technology solutions developed by companies based in EU countries

Under the EU AI Act's framework, AI systems are evaluated according to their potential impact. Educational technology tools typically fall within the 'limited risk' classification, which requires schools to clearly inform users when AI systems are in operation. However, applications that influence academic assessment or monitor student behaviour may be designated as 'high risk', necessitating comprehensive documentation and enhanced supervision.

To align with these classifications, institutions should consider the following requirements:

1. Creating and maintaining a comprehensive record of AI technologies deployed across educational activities
2. Conducting and documenting thorough assessments for AI systems classified as high-risk
3. Implementing clear communication protocols regarding AI usage for students, parents and guardians
4. Providing ongoing professional development to staff regarding AI system operation and regulatory compliance

These regulatory considerations complement existing data protection principles and safeguarding measures within UK educational institutions. The structured approach suggested by the EU AI Act offers additional context for developing responsible AI practices in education, particularly when integrating new technologies into teaching and learning environments.

To facilitate a smooth transition towards these regulatory requirements, educational institutions may benefit from evaluating their existing AI implementations and establishing comprehensive governance frameworks. This systematic approach can help balance innovative educational practices with appropriate safeguards and compliance measures.

Risk Levels and Real-World Applications

The risk-based framework established by the EU AI Act presents specific considerations for educational technology deployment in British schools. Understanding the practical implications of these risk classifications helps ensure appropriate governance whilst maintaining effective educational practices.

To better understand these classifications, it is helpful to examine how different AI systems commonly used in schools align with specific risk categories:

Minimal Risk Systems

Within the context of educational settings, certain AI applications are categorised as minimal risk systems, which include:

• Standard communication security tools, such as AI-powered email filtering systems
• Interactive language learning applications with foundational AI capabilities
• Accessibility tools incorporating fundamental AI features, such as text vocalisation

Limited Risk Systems

For minimal risk applications, whilst regulatory requirements are less stringent, institutions should still maintain transparency in their deployment. Key examples in this category include:

• Digital curriculum planning tools with automated suggestions
• Virtual assistants providing administrative information
• Automated academic calendar management systems

High Risk Systems

Moving up the risk hierarchy, higher-risk AI applications in educational settings require more comprehensive oversight and protective measures. Examples include:

• Automated marking and assessment platforms that influence formal evaluations
• Analytics systems designed to forecast academic outcomes
• Digital systems that analyse student conduct and engagement patterns

Unacceptable Risk Systems

At the highest level of the risk framework, certain AI applications are prohibited under the EU AI Act. Educational institutions should be aware of and avoid:

• Systems that attempt to assess or categorise students based on emotional states
• Behavioural assessment platforms that assign numerical rankings to students
• Systems that use physical or biological characteristics to classify students into groups

When evaluating AI systems within educational settings, it is advisable to maintain a detailed register of AI-enabled technologies. This should include specific information about each system's intended function, data processing methods and corresponding risk classification. Assessment platforms and student monitoring tools warrant particular scrutiny, given their potential classification as high-risk systems under the regulatory framework.

To support the evaluation process of AI technologies, schools may find value in developing a structured assessment framework. A systematic approach might include:

1. Determine the appropriate risk classification by examining the system's core functionality and data processing requirements
2. Analyse documentation provided by technology suppliers regarding regulatory compliance and data protection measures
3. Evaluate potential implications for student safeguarding, including data privacy and personal development considerations
4. Create comprehensive records of assessment findings and proposed safety protocols

Creating Your School's AI Compliance Roadmap

Building upon existing data protection frameworks, schools can develop a practical approach to AI compliance. Many institutions can adapt their current GDPR processes to encompass AI governance requirements. The following sections outline specific steps that can be implemented systematically.

1. Review AI Systems (February-March 2024): Document existing AI tools utilised within educational and administrative operations. Include both authorised institutional systems and any supplementary tools employed by staff members. Identify systems that may require additional scrutiny based on their risk classification.
2. Designate Oversight Responsibilities (March-April 2024): Consider assigning educational technology coordination duties to a qualified staff member, whilst technical compliance oversight might be integrated within existing IT management structures. These responsibilities can be incorporated into current roles.
3. Develop Evaluation Protocols (April-May 2024): Establish a structured testing environment for assessing new AI technologies. This framework should incorporate appropriate test parameters, representative data samples and evaluation criteria that align with both pedagogical goals and regulatory requirements.

Professional development regarding AI systems warrants careful consideration. By integrating AI awareness into established safeguarding and data protection training programmes, institutions can support staff understanding effectively. Regular professional development sessions might explore practical applications within specific subject areas, helping staff members develop appropriate skills whilst maintaining compliance standards.

To maintain effective oversight, consider implementing regular review sessions that complement existing governance structures. A systematic evaluation process should address:

• Technical evaluation and security implications of newly integrated AI systems
• Analysis of system utilisation metrics and educational outcomes
• Ongoing professional development requirements and implementation feedback
• Refinement of governance frameworks and operational guidelines

As educational institutions approach the 2025 implementation period, systematic documentation of AI governance processes becomes increasingly important. Maintaining detailed records of implementation strategies, including both successful approaches and areas requiring refinement, can support future compliance requirements and facilitate knowledge sharing within the education sector.

Educational institutions may benefit from participating in regional school networks or ISBA working groups that address AI governance. These collaborative forums facilitate knowledge exchange and the development of sector-specific implementation strategies. Through structured dialogue and shared experience, institutions can work towards establishing effective compliance frameworks whilst maintaining their educational priorities.