AI Governance in Education: Academic Integrity, Privacy, Pedagogy, and the Institutional Operating Model

Educational institutions in 2026 are navigating AI use across teaching, learning, assessment, research, and administration — often simultaneously, often with different stakeholder groups holding different views. Universities, schools, and EdTech providers face a regulatory environment that includes high-risk classification under the EU AI Act, sector-specific guidance from TEQSA, the Department for Education, and state-level regulators, and student privacy law that varies significantly by jurisdiction. This guide covers the five domains that institutional AI governance must address, the regulatory framework, and the operating model that holds it together.

1. Academic integrity

Academic integrity is the most visible AI governance issue in education. The simplistic framing — "AI use is cheating" — does not survive contact with the reality that AI is now embedded in tools students and staff use daily (search, writing assistants, productivity software, research tools). More useful framings distinguish between use types: prohibited use (e.g., generating final assessment responses, fabricating data in research, AI use that violates examination rules); permitted with disclosure (using AI for brainstorming, drafting, language polishing — with required acknowledgement); permitted without disclosure (using AI in ways analogous to existing tools — spell-check, grammar suggestions, citation formatting); required use (assessments specifically testing AI capability or critical evaluation of AI outputs). The Australian Tertiary Education Quality and Standards Agency (TEQSA) has issued guidance; UK higher education institutions have published similar frameworks through HESA and individual universities; the US institutional response varies but Harvard, MIT, and Princeton have published institutional positions.

2. Teaching and learning

Beyond integrity, AI in teaching and learning raises pedagogical questions. Personalised learning AI, intelligent tutoring systems, AI-powered feedback, and AI-augmented content development are all in active use. The governance considerations: pedagogical effectiveness evidence (does the AI actually improve learning outcomes?), equity (does AI use create or reduce educational disparities?), accessibility (does AI use support or hinder students with disabilities?), and student development (does AI use support or undermine the development of capabilities that matter beyond the assessment?). The Australian Framework for Generative AI in Schools (November 2023, updated 2025) addresses these questions for the school sector; the UK Department for Education has issued similar guidance.

3. Assessment

Assessment is where academic integrity, pedagogy, and regulation converge. The EU AI Act classifies AI systems used in education for assessment and grading as high-risk, with obligations applying from 2 December 2027 under the Digital Omnibus delay (previously 2 August 2026). Specific obligations: risk management, data governance, technical documentation, transparency to deployers, human oversight, accuracy, robustness, and cybersecurity. The Australian Universities Accord (2024) and TEQSA guidance address assessment integrity. Practical considerations: assessment redesign to be AI-resilient or AI-integrated, oral examinations and viva structures, on-site supervised assessment, process-based assessment over product-based.

4. Research

Research AI use raises distinct considerations. Research ethics committee (HREC, IRB) oversight applies to AI use that affects research subjects. Funder requirements increasingly address AI disclosure (NHMRC, ARC, NIH, NSF, UKRI, ERC). Publisher policies on AI in manuscripts have crystallised — most major publishers (Nature, Science, Elsevier, Wiley, T&F) require disclosure of AI use, do not accept AI as author, and have specific policies on AI-generated content. Research data governance applies to AI training data, particularly where data subjects are research participants.

5. Administration

Administrative AI use — admissions, financial aid, scheduling, communications, HR — is often the largest category by volume. The EU AI Act classifies AI for educational admission and access decisions as high-risk. US Civil Rights laws (Title VI, Title IX) apply to AI-influenced administrative decisions. Australian Privacy Act and state-equivalent laws apply to student data. The ADM transparency obligation (10 December 2026) applies to substantially automated decisions affecting students. The governance work: AI inventory across administration, classification, control framework, transparency to affected parties.

Institutional operating model

An institutional AI governance operating model typically includes: AI use policy for students and staff; academic integrity policy updated for AI; research ethics committee processes that address AI; data governance including AI-specific data handling; EdTech procurement with AI-specific evaluation; staff training across faculty, professional staff, and students; monitoring and assurance covering integrity, equity, effectiveness; governance structure typically including an AI governance committee with academic, professional, and student representation.

Useful third-party resources

• TEQSA (Australia) — Tertiary Education Quality and Standards Agency AI guidance
• Australian Framework for Generative AI in Schools
• UK Department for Education — Generative AI guidance
• HESA — UK higher education statistics agency, AI considerations
• US Department of Education — AI and the future of teaching and learning
• UNESCO — AI in Education global guidance
• EU AI Act — Annex III high-risk classification including education

Related reading on AIRiskAware

• AI Governance in Education
• AI in Hiring: Governance Risks
• AI Bias Auditing and Testing Guide
• Education Sector Hub
• For General Counsel