A school can ban a phone in a morning. Teaching a pupil to think with a tool takes a good deal longer.

In February 2026 the Department for Education updated its guidance, Mobile phones in schools, setting the clear expectation that schools should be mobile phone-free environments by default, with exceptions only where genuinely necessary. At the same time, schools are being encouraged to adopt artificial intelligence thoughtfully and responsibly to improve teaching and administration. The DfE’s AI guidance emphasises professional judgement, governance and human oversight. The contrast is therefore not absolute. What is striking is how much of the public conversation focuses on banning one technology while accelerating adoption of another.

We are not really arguing about devices. We are arguing about process.

A phone is banned because, in a classroom, there is rarely a process for using it well, and the risk is distraction, disruption and, as the DfE itself notes, an increase in bullying. AI is welcomed because it promises time saved and new ways of working. Yet any tool introduced without a process carries the same weakness as a tool removed because no process exists for using it safely.

The capabilities themselves illustrate the point. Image generation, voice cloning and deepfakes are extraordinarily creative technologies. Without clear processes governing when and how they should be used, however, they quickly become tools for impersonation, bullying, misinformation or fraud.

The internet did not replace the library

The internet did not replace books and libraries, although a great deal of what was once on a shelf is now on a screen. A physical book remains a good thing. The lesson is that a powerful new medium tends to sit alongside what came before rather than erasing it.

AI should be understood in the same way. It does not replace teaching, pedagogy or a teacher who knows a child. It is another tool, and like any tool its value depends entirely on the process around it.

A library without the Dewey Decimal System is simply a room full of books. The process for finding knowledge matters just as much as the knowledge itself.

Why fact-checking is the whole point

One approach discussed in higher education allows students to use AI to help produce assignments, provided they keep a complete prompt log, independently verify every factual claim and defend the finished work in a viva. Whether or not a particular example can be traced to a published study, the principle aligns closely with current computing education research. Process-oriented assessment using AI interaction logs and oral examination is increasingly recommended because it reveals understanding rather than simply measuring output.

Where pupils have to log their prompts and verify every claim, the assessment measures thinking, not typing.

There is another distinction worth making. A phone policy is largely about attention. AI policy is largely about judgement. One asks whether a pupil can resist distraction. The other asks whether they can recognise when an answer is wrong. Those are different educational challenges, but both are ultimately solved through habits rather than hardware.

The data protection question is not box-ticking

On 24 June 2026 the Information Commissioner’s Office published Edtech examined, a report drawing on consensual audits of 28 edtech providers carried out across 2024 and 2025. The auditors found good practice in information security, but also widespread compliance gaps. Providers had not always established whether they were acting as controllers or processors, particularly where children’s data was being used for product development or analytics. Contracts with schools often lacked sufficient detail. Data flows were not fully mapped, and retention periods for children’s information were sometimes unclear, with data kept for longer than necessary.

It is fair to ask whether deciding whether you are a controller or a processor genuinely improves a child’s data security, or whether it is simply compliance language that creates paperwork without reducing risk.

The label itself is not the point.

The thinking the label forces is the point.

Deciding that you are a controller for analytics means deciding, and recording, that you intend to use a child’s data for a purpose the school did not ask you to perform. That decision becomes visible. Schools, governors and parents can question it. Without that exercise, the same use may still happen, but without anyone consciously asking whether it should.

The classification is a forcing function for a conversation that might otherwise never take place.

Paying for AI is not the same as buying organisational safeguards

This is where staff and pupil training matters most, and where questions of data sovereignty, jurisdiction and contractual responsibility need to be asked before a service is adopted.

There is a widespread assumption that paying for a consumer AI subscription automatically makes information private. It does not.

Consumer ChatGPT or Claude accounts are governed by consumer terms rather than organisational data processing agreements. Depending on the provider and the account settings, inputs to consumer services may be used to improve future models unless the user changes the available controls. OpenAI, for example, provides an “Improve the model for everyone” setting within consumer accounts. By contrast, API services and enterprise products are designed for organisations, where data processing agreements and contractual commitments around model training are available.

The practical training need is for every member of staff and every pupil to understand what happens to the information they enter into an AI service, and why the answer depends on which product and licensing model they are using.

The providers themselves increasingly recognise that safe adoption depends on informed use rather than capability alone. OpenAI’s own guidance for parents is a useful example of this shift in emphasis.

How we apply this at iTCHYROBOT

The thread running through all of this is process.

We build systems for primary schools on the assumption that a tool is only as good as the workflow around it, and that data handling should be agreed before a feature is switched on, not afterwards.

When we use Claude in our own work, the value comes from a defined process: a clear instruction, trusted source material that can be checked, and an output that is reviewed by a person before it goes anywhere. The same discipline that makes AI useful in a school office is the discipline that makes it appropriate to introduce to pupils.

So the question is not whether to ban phones or welcome AI. It is whether there is a process.

A phone with no process becomes a distraction.

AI without a process produces confident-sounding mistakes. AI without proper data governance leaves schools unable to explain where information went or why it was shared.

Schools should not judge technology by whether it is new, exciting or worrying. They should judge it by whether they have a process that makes its use deliberate, accountable, explainable and safe.

That philosophy shapes how we build software. Every decision about school data starts with a simple question: what is the minimum information needed to achieve the intended outcome safely? From there we apply technical controls that reflect that principle. Data is encrypted at rest, access to school MIS systems is read-only through trusted integration partners, original MIS identifiers are replaced with internal application keys wherever possible, and MIS data is never exposed on the public-facing website. Every design decision involves trade-offs, but our default position is consistent: safety, privacy and explainability come before convenience or functionality.

Good process does not suppress creativity. It gives teachers, pupils and parents the confidence to embrace powerful new tools responsibly.

Sources