Kerala introduces Cyber Safety Protocol to protect students in AI era

Thiruvananthapuram: The Kerala Infrastructure and Technology for Education (KITE) has published the ‘Cyber Safety Protocol 2026’ in a bid to address the unique cyber-security threats posed by the Artificial Intelligence era. KITE is the technology wing of the General Education Department of the state government.

According to an official statement released on Friday, the framework aims to ensure a secure digital learning environment and robust cyber defences for students across Kerala's public school system. It is developed through an analyis of emerging AI-driven challenges and cybercrimes.

The protocol, which aligns with existing legal standards, aims to provide targeted directives for institutional heads, teachers, parents, and students, the statement said.

KITE CEO K Anvar Sadath said the initiative encompasses 13 core objectives, including fostering awareness regarding the risks of sharing confidential data with Generative AI, cultivating critical thinking toward digital content, identifying misinformation, and nurturing responsible digital citizenship.

Further, it defines nine key operational areas, also ranging from academic AI integration and administrative data management to the maintenance of secure online learning spaces, he said.

Heads of schools are tasked with 17 specific mandates such as ensuring uninterrupted, teacher-supervised internet access during school hours and establishing dedicated School Cyber Security Committees led by a designated Coordinator.

"To protect student privacy, the protocol mandates 'Privacy by Design' principles, specifically advising against real-time CCTV monitoring via private servers in classrooms," Sadath explained.

Furthermore, to bridge the digital divide, teachers are instructed to avoid home assignments that mandate internet access. But they must provide school-based facilities for students who cannot otherwise access programmes like ‘Key to Entrance’.

The protocol also prohibits the use of unverified online data during instruction and the collection of sensitive student information via social media platforms, he explained.

For students, the protocol outlines 25 essential safety guidelines, such as identifying suspicious links, protecting live locations and private data on social media, and managing camera or chat permissions in online gaming.

Parents are provided with 16 actionable guidelines focusing on screen time management, understanding the long-term impact of digital footprints, and utilising monitoring tools like Family Link, the statement added.

To support this, KITE offers specialised Cyber Security and AI literacy programmes for families. The protocol integrates protections from the IT Act 2000, DPDP Act 2023, and POCSO Act, while incorporating 2026 IT rule amendments specifically addressing Synthetically Generated Information (SGI).

The document also details 11 general safety measures, such as two-factor authentication and secure downloading practices, alongside a clear roadmap for reporting grievances.

It also defines 20 major cyber threats—including deepfakes, AI grooming, and "digital arrest"—providing both legal contexts and precautionary measures.

Sadath noted that this protocol serves as a strategic extension of the ‘Sarvam AI Mayam’ training provided to six lakh parents this year, and will be supported by ongoing training sessions and cyber safety clinics for the entire educational community.