Short answer: FERPA-protected education records cannot be sent to ChatGPT, Claude, or Gemini without either (1) prior written consent from the parent or eligible student, or (2) a properly documented "school official" designation under 34 CFR § 99.31(a)(1). ChatGPT Free, Plus, and Pro consumer accounts cannot satisfy the school-official requirements because they have no written contract restricting data use, no direct-control commitment, and no FERPA-aligned terms. Compliant AI use in K-12 and higher education in 2026 requires either contracted enterprise tiers with appropriate terms, redaction at the source so no education record ever leaves the device, or use of dedicated EdTech platforms with FERPA-, COPPA-, and state-law-aligned data agreements. This guide explains what FERPA actually protects, where it intersects with COPPA and state student-privacy laws, and the workflow patterns that hold up under Department of Education or state-attorney-general scrutiny.

What FERPA actually protects

The Family Educational Rights and Privacy Act of 1974 (20 U.S.C. § 1232g; 34 CFR Part 99) protects the privacy of education records held by educational agencies and institutions that receive federal Department of Education funding. Three terms do most of the work:

Education record — any record directly related to a student and maintained by the institution or a party acting for the institution. This is broader than transcripts: it includes disciplinary files, IEPs, 504 plans, counselor notes (with narrow exceptions), advisor case notes, and yes — chat logs and AI-tool transcripts that contain student information.
Personally identifiable information (PII) from education records — direct identifiers (name, SSN, student ID), indirect identifiers (date of birth, place of birth, mother's maiden name), other information that would allow a reasonable person to identify the student, and biometric records.
Eligible student — once a student turns 18 or enrolls in a postsecondary institution, FERPA rights transfer from the parent to the student.

If a teacher pastes a sentence like "Maria, a 7th-grader at Lincoln Middle, scored 28% on her math benchmark and qualifies for the IEP review next week" into ChatGPT, that prompt contains PII from an education record. Sending it to a third party without consent or a school-official designation is a FERPA violation by the institution — not by the teacher personally, but the institution is the regulated entity.

The two compliant paths in 34 CFR § 99.31

FERPA is a "no disclosure without consent" statute with enumerated exceptions. The two relevant exceptions for AI tools are:

Path 1 — Prior written consent (§ 99.30)

Specific, signed, dated consent from the parent or eligible student that identifies the records to be disclosed, the purpose, and the recipient. Consent at this level of specificity is impractical for routine AI use; it's mostly used for one-off disclosures (e.g., a research project).

Path 2 — School official with legitimate educational interest (§ 99.31(a)(1))

The exception that EdTech vendors live in. A "school official" can be a contractor, consultant, volunteer, or other party to whom the institution has outsourced an institutional service or function — but only if four conditions are met:

The party performs an institutional service or function for which the school would otherwise use employees;
The party is under the direct control of the institution with respect to the use and maintenance of education records;
The party is subject to FERPA's restrictions on the further use and re-disclosure of personally identifiable information; and
The institution uses reasonable methods to ensure school officials access only those education records in which they have legitimate educational interests.

The Department of Education's 2008 amendments (and the 2011 follow-on) added the "direct control" requirement specifically to prevent the school-official exception from being used as a fig leaf for vendors with no FERPA-aligned contractual terms.

The implication for ChatGPT and similar tools. A consumer ChatGPT account (Free, Plus, Pro) cannot satisfy any of these four conditions. There is no institutional contract; the institution has no direct control over OpenAI's use of the prompts; OpenAI is not contractually subject to FERPA's re-disclosure restrictions; and there is no mechanism for the institution to limit which records OpenAI sees.

ChatGPT Enterprise (and equivalent tiers from Anthropic and Google) can satisfy the conditions if — and only if — the contracting school district or institution has a written agreement that imposes the FERPA restrictions on the vendor. This is the same pattern as cloud-storage and learning-management vendors. The agreement is the artefact that makes the vendor a "school official." Without that agreement, even Enterprise is non-compliant.

COPPA: the other shoe for K-12

COPPA — the Children's Online Privacy Protection Act — applies whenever an online service knowingly collects personal information from children under 13. The FTC's 2013 amendments brought "internal operations" of mobile and web services squarely into scope.

For schools, the FTC's COPPA guidance allows the school to provide consent on behalf of parents for educational technology used by the school — but again, only when (1) the operator collects personal information solely for the use and benefit of the school, (2) the school maintains control over the data, and (3) parents are notified of the school's role.

Most consumer AI tools fail this test. ChatGPT Free/Plus is not collecting prompts "solely for the use and benefit of the school"; it is also using prompts for product improvement and (unless opted out) training. That dual purpose breaks the school-consent path for under-13 use.

For under-13 students:

OpenAI ChatGPT prohibits use by children under 13 in its terms of service. Children 13-18 require parental permission. Schools should not be using consumer ChatGPT directly with under-13 students under any configuration.
Anthropic Claude has similar age restrictions in its Acceptable Use Policy.
Google Gemini is not generally available to under-13 users on consumer accounts; Workspace for Education has separate terms.
Microsoft Copilot for Education is designed for K-12 use under the Microsoft Education contractual framework.

State student-privacy laws stack on top

Beyond FERPA and COPPA, every state has at least one student-privacy statute, and many have multiple:

California — SOPIPA (Student Online Personal Information Protection Act, 2014). Prohibits operators of K-12 educational sites and services from selling student data, using it for targeted advertising, or building profiles for non-educational purposes. AB 1584 added a parallel requirement for school-vendor contracts.
New York — Education Law § 2-d. Requires every contract for an educational technology product to include specific data-protection provisions and to publish a "supplemental information" notice. Created the Chief Privacy Officer role at the state level.
Illinois — SOPPA (Student Online Personal Protection Act). Requires school districts to publish a list of operators they share data with, requires written contracts with specific terms, and requires breach notification within 30 days.
Colorado — Student Data Transparency and Security Act. Requires districts to maintain a list of "School Service Contract Providers" and "School Service On-Demand Providers" and to publish privacy policies.
Connecticut — Public Act 16-189. Specific contract requirements for student data; broad re-disclosure prohibitions.
Texas — TX Ed Code § 32.151. Vendor consent and data-protection requirements.
Utah — Student Data Protection Act. Adds data-security and breach-notification requirements.

Each of these statutes typically requires (a) a written contract with the operator, (b) prohibitions on selling or using the data for advertising, and (c) breach notification. Consumer AI accounts fail every one of these contractual requirements because there is no contract.

What goes wrong in real schools

Across the deployments we've seen, four patterns recur:

A teacher copies an IEP excerpt into ChatGPT for "rewording suggestions." IEPs are education records and often contain disability information that triggers heightened state-law protections. The student's identifiable information now sits in OpenAI's logs with no contract, no direct-control commitment, and no FERPA-aligned restrictions.
A principal asks Gemini to draft a behavioral-incident write-up using student names. Discipline records are education records under FERPA; this is a textbook unauthorized disclosure.
A college advisor uses ChatGPT to summarize advising notes for a referral. Advising notes can be education records depending on how they're maintained. If they identify the student, the same FERPA analysis applies.
An EdTech vendor adds an "AI assistant" feature that calls OpenAI's API. The school's contract with the EdTech vendor permits FERPA-protected processing, but the EdTech vendor's downstream use of OpenAI's API may or may not pass through FERPA-aligned restrictions. The school is on the hook for the chain — not the EdTech vendor.

The first three are obvious in hindsight; the fourth is the one that catches institutions off-guard during state-AG audits.

The control layers that hold up under scrutiny

A defensible 2026 deployment is a stack:

Contract layer

Written agreement with each AI provider that meets the four § 99.31(a)(1) conditions. ChatGPT Enterprise, Claude for Education / Work, Gemini for Workspace Education, and Microsoft 365 Copilot for Education all have terms designed for this.
State-law addendum as required (NY ED 2-d, IL SOPPA, CA AB 1584, etc.). Many districts have a standard student-data addendum they require all vendors to sign.
Sub-processor disclosure so the institution knows where data flows after the primary vendor.
Breach notification clauses matching the strictest applicable state-law timeline.

Tier-and-settings layer

No personal-account use for any work involving student data. This is a written policy with consequences.
Training disabled on all sanctioned tiers.
Data residency in-region where state law expects it (some state RFPs require US data residency).
Memory features off by default for staff accounts, with an institutional review before enabling.
Logging on so that the institution can produce records of AI use during an audit or in response to a parent's § 99.10 request.

Data-minimisation layer (the one that prevents the breach)

This is the layer that protects the institution from the "teacher pastes IEP into ChatGPT" pattern — which no policy will fully prevent, because the policy can't see what's on a screen. A local-first browser extension that detects student names, dates of birth, student IDs, IEP/504 markers, and similar education-record signals in the browser, before the prompt leaves the device, gives the institution a technical control that doesn't depend on staff discipline.

Sonomos sits in this layer. Detection happens client-side; the model sees pseudonymised tokens; the user gets a useful response; and the unmasked text never crosses the wire — including to Sonomos. Importantly, because Sonomos doesn't see student data, installing Sonomos doesn't create a new school-official relationship that needs its own FERPA agreement.

Governance layer

Acceptable-use policy that names AI tools explicitly and distinguishes sanctioned tiers from prohibited consumer accounts.
Training for staff that goes beyond "don't paste student names" — covers indirect identifiers, IEP content, advising notes, and edge cases.
Vendor inventory maintained to the level required by state law (IL SOPPA-style published lists are increasingly the norm).
Annual audit of which staff have accessed which AI tools, with what data, on which tier.
Parent / eligible-student transparency through the annual FERPA notice and as state law requires.

Special cases that need extra care

IEPs and 504 plans. These often contain disability information that triggers Section 504 / ADA confidentiality, IDEA-specific protections, and (sometimes) HIPAA if delivered through a covered entity such as a school nurse. Treat IEP content as the highest-sensitivity category; never permit consumer AI use, and configure the data-minimisation layer to specifically detect IEP markers.

Disciplinary records. Subject to FERPA but with narrow disclosure exceptions for health-and-safety emergencies (§ 99.36) and to the student themselves once eligible. Discipline records used in AI workflows should be redacted or pseudonymised at the source.

Advising and counseling notes. The "sole possession" exception (§ 99.3, "education records" definition) is narrow and is generally lost the moment a note is shared with anyone, including an AI tool. Treat advisor and counsellor notes as education records for AI purposes.

Higher education research. FERPA permits disclosure to organizations conducting studies for or on behalf of the institution under § 99.31(a)(6) — but only if the institution and the organization enter into a written agreement that meets specified terms. AI-assisted research analysis runs through this exception, not the school-official exception.

Library and information-resource records. Many states have specific statutes (e.g., NY CPLR 4509) protecting library records; those overlay FERPA when applicable.

Frequently asked questions

Can a teacher use ChatGPT to plan lessons if no student data is in the prompt?

Yes — that workflow does not implicate FERPA at all. FERPA protects education records; a generic lesson-planning prompt that doesn't reference any specific student isn't an education record. The risk arises when staff move from "draft a lesson on photosynthesis" to "draft a remedial plan for a 6th grader who scored 28% on the photosynthesis quiz" — the second prompt may contain identifiable student information depending on context.

Is ChatGPT Edu FERPA compliant?

ChatGPT Edu is OpenAI's tier specifically designed for higher-education institutions, with FERPA-aligned contractual terms available. Used under a properly executed agreement, with training disabled, data residency configured, and admin tooling in place, it can satisfy the school-official exception. As with HIPAA, "FERPA compliant" is not a label that attaches to a product; it's a posture that combines the tier, the contract, the configuration, and the institution's own controls. Edu makes that posture achievable; it does not deliver it on its own.

What about Google Workspace for Education's Gemini integration?

Workspace for Education customers in eligible plans can enable Gemini features under the Workspace for Education terms, which are generally aligned with FERPA. The contractual posture is similar to Workspace's longstanding K-12 deployment. Districts should confirm the specific Gemini features enabled, the data-residency posture, and that the relevant state-law addenda (CA SOPIPA, NY ED 2-d, IL SOPPA, etc.) cover the AI features specifically — older addenda may not.

Can students under 13 use ChatGPT for homework with parent permission?

OpenAI's terms prohibit ChatGPT use under 13 entirely; parental permission cannot override that contractual restriction. For ages 13-17, OpenAI requires parental permission. For school-sanctioned use of any AI tool with under-13 students, the institution needs (1) a tool whose terms permit under-13 use, (2) a school-consent posture under COPPA's school-consent guidance, and (3) underlying contractual terms that meet the FERPA school-official exception. Microsoft 365 Copilot for Education and dedicated K-12 EdTech tools designed for the under-13 market are the typical answer; consumer ChatGPT is not.

Do AI tools count as "directory information" disclosure?

No. Directory information (§ 99.37) is a narrow category — name, address, telephone, dates of attendance, etc. — that institutions may disclose without consent unless the parent or eligible student opts out. Sending an AI tool a prompt that includes a student's name plus information beyond the directory list (grades, behavior, services received) is a disclosure of education records, not directory information, and the directory information exception does not apply.

What should districts include in an AI-tool RFP or contract?

At minimum: (1) explicit FERPA school-official designation language with the four § 99.31(a)(1) conditions, (2) state-law addendum incorporating the strictest applicable requirements, (3) prohibition on use of student data for training or advertising, (4) data-residency commitment matching state-RFP expectations, (5) sub-processor list and change-notification, (6) breach-notification timing matching the strictest applicable state law, (7) deletion or return of student data on contract termination, (8) the right to audit or to receive third-party audit reports (SOC 2 Type II is now table stakes), and (9) for providers using third-party LLMs as a sub-processor, an explicit pass-through of all FERPA obligations to that LLM.

The bottom line

FERPA was written in 1974, before the consumer internet, let alone consumer LLMs. The framework still works — but only if institutions stop treating AI tools as something special. They are EdTech vendors. They need contracts. They need direct-control commitments. They need to be on the institutional vendor inventory.

The fastest way for a district or college to get its FERPA posture under control in 2026 is the same as for any other vendor category: tier the tools, contract the sanctioned ones, prohibit the unsanctioned ones, and put a technical control between the staff member's keyboard and the prompt — so the policy survives the inevitable moments when a deadline beats the rule.

FERPA and AI: Can Schools and EdTech Use ChatGPT With Student Data? (2026 Guide)