by
Simon May
In June 2026, the Department for Education updated its filtering and monitoring standard for schools and colleges, alongside the UK Safer Internet Centre's revised Appropriate Filtering and Monitoring guidance. Together, the updates give schools and providers clearer direction on illegal content, mobile apps, off-site devices, user identification, generative AI and how to assess whether filtering and monitoring systems are working effectively in practice.
UK schools have been expected to provide appropriate filtering and monitoring in line with Keeping Children Safe in Education and the DfE’s standards since 2022. The 2026 updates do not introduce a new duty. They set clearer expectations around AI-generated content, provider assurance, technical coverage and how quickly schools should respond when monitoring identifies a safeguarding concern.
The 2026 updates to filtering and monitoring guidance further raise expectations that schools understand how their filtering and monitoring provisions work in practice, not just whether they have been installed.
The DfE says: “A review of filtering and monitoring should be carried out to identify your current provision, any gaps, and your students’ and staff’s specific needs.”
In practice, this means schools need to look beyond standard web browsing on the school network to
The updated guidance is more explicit about protections against illegal content.
The DfE statutory guidance says blocklists must be used to prevent access to child sexual abuse material (CSAM) and unlawful terrorist content must not be capable of being 'disabled, overridden, or altered by any user', including system administrators.
Schools outsourcing their filtering provision should seek assurance that their provider applies the relevant Counter-Terrorism Internet Referral Unit and Internet Watch Foundation lists, keeps them up to date, and prevents those protections from being switched off.
The updates place much greater emphasis on content that changes in real time.
The DfE now asks schools to consider whether their filtering and monitoring systems can handle 'real-time, dynamic, personalised and AI-generated content.'
Schools should consider their environment and consider whether they need a filtering solution that can dynamically analyse user-generated and AI-generated content, rather than just blocking via broad categories and URLs.
Under UKSIC's updated guidance, filtering providers are expected to 'clearly explain how filtering works on encrypted traffic and where technical limitations may affect their effectiveness.'
Schools should therefore ask what can be inspected, what remains encrypted, whether filtering works inside apps and embedded browsers and where the provider knows coverage may be limited.
As content is increasingly accessed through apps and cloud services, UKSIC's updated guidance says schools need to understand 'what filtering applies within apps and where it may not.'
That means confirming whether filtering works within mobile apps, embedded browsers and cloud platforms, rather than assuming the controls used for standard web browsing apply everywhere else. Schools should also ask how encrypted traffic is handled and whether protection continues when school-managed devices are used off-site.
Taken together, these changes move filtering requirements from a set-and-forget control to an ongoing process of system checks, checking where protections are applied to apps and devices, and understanding the technical limitations applicable in your school environment.
The updated guidance advises schools to choose monitoring approaches that reflect their school's individual safeguarding risks and technology environment
UKSIC says schools should choose the right mix of direct staff supervision, logfile monitoring and active monitoring systems based on their 'specific safeguarding risks and context'.
The DfE says the right monitoring solution will depend on the school’s setting, including student age, risk profile, whether screens are easy to see, the number of devices in use and whether devices are used off-site.
UKSIC says that monitoring must be supported by 'sufficient staff capacity ', ' appropriate safeguarding expertise ', and processes to 'review, prioritise and act on alerts'.
The DfE also requires clear reporting and response processes, including immediate reports for high-risk incidents and a record of the action taken.
Schools should know who receives routine reports, who handles urgent alerts, when IT takes the lead and when your designated safeguarding lead (DSL) does, and how outcomes are recorded.
Our Online Safety Alert Response Workflows help schools define those responsibilities clearly, so alerts reach the right person, and the next step is already understood.
Monitoring systems should be able to identify users and attribute activity.
The DfE says monitoring data should be understandable and users should be identifiable “so concerns can be traced back to an individual”, including guest accounts where possible.
Schools should confirm whether activity can be linked to a named user, account or device, particularly in BYOD and shared-device environments.
Schools need to understand how monitoring applies across mobile devices, apps, and embedded browsers, as well as the remote use of school-owned devices.
The emphasis is on knowing what is covered, where monitoring systems are limited and what happens when a device leaves the school network.
Schools should therefore confirm:
Which devices and apps are monitored
Whether activity remains visible off-site
Whether embedded browsers are included
What the system cannot inspect
How are any gaps managed through other controls
The DfE also expects schools to review technical limitations and seek assurance that filtering and monitoring continue to work on school-managed devices after changes to systems or equipment.
The updated UKSIC guidance reinforces the distinction between filtering and monitoring:
Filtering controls access to content and services
Monitoring observes and reports activity to support safeguarding intervention
Filtering is preventative. It identifies and blocks illegal, inappropriate or potentially harmful content before the user can access it.
Monitoring is reactive. It records or observes what users are actually doing on devices and generates reports or alerts when that activity may require investigation.
Schools need both functions, but they may be delivered by different systems. A web filter (or education firewall) can block access to a harmful site, while a monitoring system helps the school understand who attempted to access it, what happened and whether safeguarding action is needed.
Generative AI is now explicitly included in the DfE filtering and monitoring standard.
Schools are asked to consider whether they need systems capable of handling “real-time, dynamic, personalised and AI-generated content” and to understand any technical limitations in their current provision.
UKSIC adds that filtering should prevent access to harmful AI-generated content, while monitoring systems should maintain robust logging of interactions with AI tools. Schools should also assess which tools are approved and develop clear policies for their use.
This does not mean every school must inspect every AI prompt or response. It means schools should know which AI tools are in use, what their filtering and monitoring systems can see, and where technical gaps remain.
For monitoring, the 2026 updates shift the focus from simply collecting activity to ensuring concerns can be identified, attributed, prioritised, and acted upon by the right people.
Fastvue Reporter for Education is an online safety-monitoring system that transforms your school firewall data into reports and alerts designed for your safeguarding, pastoral, IT and senior leadership teams.
Once your firewall is configured to record usernames, Fastvue links online activity directly to users, making it easy to investigate concerning searches, blocked access attempts, and application use.
The updated guidance places more emphasis on whether schools can review, prioritise and act on monitoring alerts.
Fastvue AI Risk Assessment reviews safeguarding keyword matches in context, filters out obvious false positives and assigns a risk score so staff can quickly see what is harmless, what needs attention and what should be reviewed first.
Each assessed incident can include a risk level, reason, confidence score and safeguarding category, while activity not sent to AI remains visible as Unscored.
Fastvue can then send routine reports and urgent alerts directly to the people responsible for acting on them. Our Online Safety Alert Response Workflows help schools define who receives each type of alert, when IT should be involved, when the DSL should take the lead and how the response should be recorded in your wider safeguarding tech stack.
Together, this gives safeguarding teams a clearer path from detection to action and helps them focus their time on the activity most likely to require attention.
Fastvue AI Risk Assessment is currently being tested with early beta schools.
Fastvue can report on remote device activity where traffic is routed through supported cloud-delivered security services, including:
Fortinet FortiSASE
Palo Alto Networks Prisma Access
This gives schools a clearer view of internet activity on school-managed devices when students are working away from the school network.
Fastvue’s new Microsoft 365 Monitoring adds another layer of visibility beyond web and firewall activity.
It can surface relevant activity from school-managed Microsoft 365 services, including:
Teams chats
Channel messages
Reactions
Emails
Draft emails
This helps schools investigate concerns that may span web activity, email, and Teams, while keeping those signals within the same reporting and alerting workflow.
Together, firewall reporting, Microsoft 365 monitoring, and AI Risk Assessment give schools a broader view of internet activity, remote device use, and school-managed communications.
Instead of asking safeguarding staff to piece together raw firewall logs, separate platform records and scattered alerts, Fastvue brings the available information into reports and workflows they can use.
The 2026 updates give schools clearer expectations, but the real work is checking how those requirements apply across your own devices, apps, users and safeguarding processes.
Our downloadable checklist brings the updated DfE standard and UKSIC guidance together in a single practical review document. Use it with your senior leadership, safeguarding, IT and governance teams to assess:
Filtering coverage and illegal-content protection
Mobile, app and off-site use
Monitoring strategy and staff response
User identification and activity attribution
Generative AI
Technical limitations
Provider assurance
Actions, owners and review dates
The updated guidance does not ask schools to find a system that sees everything. It asks them to understand what is covered, where the gaps are and whether the right people can act when a concern is identified.
That is the standard schools should be testing against in 2026.
Download Fastvue Reporter and try it free for 14 days, or schedule a demo and we'll show you how it works.


