01
Public pupil imagery exposure
Galleries, fixtures coverage and prospectus material now supply identifiable training data for generative tools. Existing image consent regimes were not written with synthetic generation in mind.
Risk Register
The principal risks now facing independent schools.
A consolidated view, prepared in the format expected by governing bodies. Each item is supported in engagement by relevant case material and recommended controls.
For Governors
The contents of this register are intended as a starting point for a board-level conversation, not as a finished compliance instrument.
02
Deepfake sexual image creation
Indecent synthetic imagery of named pupils can be generated in minutes by a peer, a parent or an outside actor. The school's response framework must assume this is a present, not future, threat.
03
Voice clone and impersonation
Short audio samples — assembly recordings, podcasts, public lectures — are sufficient to clone a head's voice. Impersonation against parents, staff and finance functions is an emerging vector.
04
Personal data leakage into consumer AI
Pastoral notes, SEND records, safeguarding minutes and references are routinely pasted into public AI tools. The data leaves the school's control irretrievably.
05
Tool sprawl and absence of approval controls
Departments adopt AI tools individually. There is no register, no review, and no defensible record of what processes pupil data. Governance has no line of sight.
06
Incident response paralysis
When an incident occurs, the first hours determine the reputational outcome. Schools without rehearsed protocols default to delay, ambiguity and improvisation.
07
Reputation and parental confidence
Parents do not assess your technology decisions. They assess the visible composure of the institution. AI readiness is now part of that assessment.