Before the Policy: Two Questions Every Virginia Superintendent Should Be Able to Answer.

April 16, 2026

Virginia Code Section 22.1-20.2:1 requires every Virginia school board to establish, implement, and enforce policies governing the use of artificial intelligence (AI) in instructional settings. Those policies must align with guidance the Virginia Department of Education (VDOE) is developing regarding the Division-Managed AIS Platform. The Pilot Program is still being developed and will be published soon.

While that guidance is in development, there is foundational work that costs nothing and requires no outside expertise. It begins with two questions directed to the right people inside your division. The answers establish a factual baseline for understanding your division’s current position under the new law. This onsite local AI inventory will also be required if any system moves forward for state-level review or registration.

Neither answer is a crisis. Divisions that understand their position now will move with purpose when the guidance arrives. Divisions that do not will be starting that work under greater pressure later.

Question One:

What AI systems are currently active in our schools?

The IT department needs to produce a list of every software platform currently licensed or deployed across the division that uses artificial intelligence in any form – this includes tools purchased specifically for AI features and tools where AI has been added to something licensed for a different purpose.

The list should capture, for each tool: what it does, which students and staff use it, where student or staff data is processed and stored (division-managed, vendor cloud, or other), whether there is a signed data privacy agreement on file, and who authorized its use.

Two things typically surface when divisions do this for the first time.

The first discovery is typically tools that central administration did not know were active. Building-level adoption of educational technology happens routinely and does not always get reported back to the central technology office, which means central administration updates on usage lags. This is normal and not a problem.

The second discovery involves the issue of tools originally approved for non-AI use that later added AI features through routine software updates. A platform approved in 2022 may have added generative AI capabilities in a 2024 or 2025 update. The original approval did not cover those features, and in most cases, no one flagged that the terms of the contract had changed.

Question Two:

Do our vendor agreements contain the specific language the law requires?

The law requires that any approved AI platform used in instruction come with a data privacy agreement that prohibits the vendor from using division-level or student data to train or improve external AI models.

Pull the agreements on file for the tools your inventory identified and look for that specific clause. If that prohibition is not explicitly present, not just implied by a general privacy clause, not covered by a FERPA acknowledgment, not buried in a broad data security statement, then the agreement does not meet the statutory standards. Identify which agreements are deficient.

This does not require immediate action. It requires a record. When each agreement comes up for renewal, the required language becomes a condition of that renewal. That is a manageable process.

The questions cost nothing. The answers are worth knowing.

Two Questions Answered. Then What?

Document what you find. A simple spreadsheet with one row per AI tool is sufficient: tool name, vendor, student-facing or staff-only, data privacy agreement on file (yes/no), agreement contains AI training prohibition (yes/no/unknown), who approved it, and the renewal date. That document becomes your baseline and your evidence of due diligence.

Flag the gaps, not the violations. If agreements are missing the required language, note the renewal date and calendar a review. If tools are running without any approval record, note them for a technology committee conversation. You are not conducting an investigation. You are building a map.

Hold the map until guidance arrives. VDOE will publish AI safety guidance soon. When that guidance drops, the map you have built tells you immediately which tools are compliant as-is, which need contract amendments, and which need to be replaced or removed.

The next step is the AI tools inventory that already lives inside your building: You now have a map of approved tools and a record of your vendor agreements. The next task is to find out what your staff and teachers are already using on their own. What Is Everyone Already Using? →

This analysis is provided for informational purposes only by Strategic AI Link (SAIL), an independent AI compliance consultancy based in Virginia Beach, Virginia. It does not constitute legal advice. School divisions should consult legal counsel for division-specific compliance decisions.  ·  This is a living document. Content reflects current understanding and is subject to update as the field evolves.  ·  Strategic AI Education LLC  ·  June 2026