KCSIE 2025: An Online Safety Checklist for Schools

Keeping Children Safe in Education (KCSIE) sets the statutory safeguarding framework for schools and colleges in England, and online safety sits at its core. KCSIE 2025 builds on previous editions with a sharper focus on filtering and monitoring oversight, generative AI, peer-on-peer harmful sexual behaviour involving images, and the impact of mobile phones in school. This checklist gives Designated Safeguarding Leads, senior leaders, governors, and IT leads a structured way to align day-to-day practice with the latest expectations. Leadership and governance. Confirm that the governing body has named a link governor for safeguarding who can describe how filtering and monitoring is reviewed at least annually. Ensure the headteacher and DSL meet regularly with the IT lead to review filtering reports and incident trends. The online safety policy should be a live document, signed off annually, with named owners for each section. Risk assessments should be reviewed whenever new technologies, year groups, or trips introduce new exposure. Filtering and monitoring. KCSIE 2025 expects schools to be able to evidence how their filtering blocks harmful categories, including child sexual abuse material (using IWF lists), terrorism and extremism (using the Home Office Counter Terrorism Internet Referral Unit list), pornography, gambling, and self-harm and suicide content. Monitoring systems must alert DSL teams to concerning behaviour without over-collecting personal data. Test filtering termly using approved test pages, and document the result. Curriculum and pupil voice. Online safety must be planned across the curriculum, not just delivered as one-off assemblies. Use a recognised framework such as Education for a Connected World to map progression from Reception to Year 13. Build in opportunities for pupils to feed back — through pupil voice sessions, anonymous reporting tools, and surveys — and triangulate these with incident data. Make sure SEND and EAL pupils can access materials in formats they understand. Staff training and culture. Every staff member, including non-teaching staff and supply teachers, should complete annual safeguarding training that includes online safety. The DSL and deputies must receive enhanced training every two years. Build in short, role-specific updates each term covering current platforms, AI tools, harmful sexual behaviour, sexting and intimate image sharing, and county lines online. Encourage a culture where staff feel confident raising 'low-level' concerns early. Incident response. Maintain a clear flowchart from initial concern to escalation, with named contacts for children's social care, the police, the LADO, CEOP, the Internet Watch Foundation, and the Revenge Porn Helpline. Ensure all online incidents are logged in your safeguarding system, even where the incident took place outside school hours, and that records support pattern analysis. Review serious incidents in detail, capturing what worked and what to improve. Generative AI and mobile phones. KCSIE 2025 expects schools to have an explicit position on generative AI use by pupils and staff, covering academic integrity, data protection, and the risk of harmful synthetic content. Schools should also have a clear mobile phone policy aligned to current government guidance, with consistent enforcement and a route for parents and pupils to raise concerns. This checklist is not a substitute for the full KCSIE document. Use it as a self-evaluation tool alongside Ofsted's framework, your Local Authority's safeguarding guidance, and the 360 Safe self-review.