What states have passed edtech vetting laws in 2026?

Utah signed its Software in Education bill into law on March 18, 2026. Vermont's edtech certification bill passed the House on March 27. Rhode Island's Safe School Technology Act passed the House on April 14.

Does Utah's law ban screen time in schools?

Utah's Classroom Technology Amendments ban screen time for K-3 except for CS and assessments. Middle schoolers need parent opt-in for device take-home. High schoolers can take devices home unless parents opt out.

How should schools prepare for edtech vetting legislation?

Schools should audit all vendors, implement grade-level policies, build a vendor evaluation framework, ensure web filtering supports granular controls, and proactively publish technology policies.

Will other states follow with similar laws?

Industry observers expect 10-15 additional states to propose similar legislation within two years, with potential federal action following.

Does web filtering count as additive or protective technology?

Web filtering is protective technology — it doesn't add screen time. It makes existing screen time safer by enforcing content policies, blocking distractions, and monitoring for safety concerns.

New EdTech Vetting Laws: What K-12 IT Directors Need to Know in 2026

Vermont, Utah, and Rhode Island are passing laws requiring schools to vet education software. Here is what IT directors need to prepare for.

Something significant is happening in state legislatures across the country, and most K-12 IT directors haven't fully grasped the implications yet.

Three states — Vermont, Utah, and Rhode Island — have simultaneously pushed legislation that fundamentally changes how schools must evaluate, approve, and monitor the education technology products they use. These aren't vague resolutions or aspirational guidelines. They're enforceable laws with specific requirements, timelines, and consequences.

And they're almost certainly just the beginning.

The Three Bills Every IT Director Should Know

Vermont: Annual Registration and State Certification

Vermont's "An Act Relating to Educational Technology Products" passed the House on March 27, 2026 and is currently before the Senate Committee on Education. If approved, it takes effect July 1, 2026.

The bill requires every provider of student-facing educational technology to:

Register annually with the Vermont Secretary of State
Pay a $100 registration fee per product
Submit current terms of service and privacy policies for review
Undergo a certification process before schools can use the product

The certification criteria are substantive. The state will evaluate whether products comply with curriculum standards, whether they offer genuine advantages over non-digital methods, whether they were explicitly designed for educational purposes, and whether they use AI, geotracking, or targeted advertising.

What this means for IT directors: You may soon need state approval before deploying new ed tech tools. Your current vendor evaluation process — however thorough — may not satisfy the state's certification requirements. Start documenting your vetting process now.

Utah: Screen Time Limits and Mandatory Software Reviews

Utah's approach is the most aggressive. Governor signed the "Software in Education" bill into law on March 18, 2026, making it the first state to enact this type of legislation.

The law requires the Utah Board of Education to study the use of software and digital practices in public schools, review best practices, and provide guidance for responsible use.

But the companion bill — Classroom Technology Amendments — goes much further:

Kindergarten through 3rd grade: Screen time banned entirely, except for computer science instruction and assessments
Middle school: Parents must actively opt in for students to take devices home
High school: Students may take devices home unless parents opt out

"We're not anti-technology," said Rep. Ariel Defay (R-UT), a sponsor of the bill. "We just want to ensure that education technology is used intentionally and actually helps students to learn."

What this means for IT directors: You need granular control over when, where, and how devices are used — broken down by grade level. Schedule-based web filtering that can adjust policies by grade, time, and location becomes essential, not optional.

Rhode Island: The Safe School Technology Act

Rhode Island's Safe School Technology Act passed the House on April 14, 2026 and is currently in the Senate Education Committee. It's part of a six-bill package focused on protecting children from social media, AI, and digital platforms.

The bill targets three specific areas:

Audio/video access: Bans software providers from activating or accessing any audio or video functions on student devices outside of school-related activities
Location data: Bans the use of student location data
Privacy protections: Requires consistent protections across all schools in the state

State Representative June Speakman (D-RI), who sponsored the bill, pointed to alarming gaps: roughly two-thirds of Rhode Island school districts do not limit software's ability to activate audio and video on school-issued devices.

"Passing this bill will provide clear, consistent protection across all schools in the state that assures students and their families that their devices cannot be used to invade their privacy or track their activities," Speakman said.

What this means for IT directors: You need to know exactly what data your tools collect, when they access device hardware, and whether that access is limited to school activities. Your web filtering solution needs to provide the transparency and controls that prove compliance.

Why This Is Happening Now

These bills didn't emerge from nowhere. They're the legislative response to years of mounting concern from parents, teachers, and researchers.

Kim Whitman, co-lead for Smartphone Free Childhood US, captured the frustration: "There is nobody right now that is confirming these products are safe, effective and legal. It should not fall on the district's IT director; it would be impossible for them to do it. And the companies should not be tasked with doing it — that would be like nicotine companies vetting their own cigarettes."

The comparison to tobacco regulation is deliberate — and it signals how seriously legislators are approaching this. Several forces are converging:

The Surgeon General's advisory on social media and youth mental health established the medical case for concern
The cellphone ban movement proved that schools can and will restrict technology when evidence demands it
The Canvas/Instructure breach demonstrated that even major vendors can't be trusted to protect student data
Post-pandemic screen time data showed students spending unprecedented hours on devices without proportional learning gains

The ed tech industry had years to self-regulate. It didn't. Now the states are stepping in.

What IT Directors Should Do Right Now

1. Audit Every Vendor in Your Stack

Create a comprehensive inventory of every ed tech product in use across your district. For each one, document what student data it collects, how that data is stored and shared, whether it has COPPA/FERPA compliance documentation, whether it accesses audio, video, or location, and what evidence exists that it improves learning outcomes.

This audit will be painful. Many districts discover they have 100-200+ vendors, many adopted by individual teachers without formal vetting.

2. Implement Granular, Grade-Based Policies

Utah's K-3 screen time ban is the most aggressive example, but the principle applies everywhere: different grade levels need different technology policies.

Your web filtering and device management platform should support grade-level policy groups, schedule-based controls, teacher-level overrides, and parent visibility into what controls are in place.

3. Build a Vendor Evaluation Framework

Don't wait for your state to mandate a vetting process — build one now. A defensible framework should include privacy review, efficacy evidence, security posture assessment, data minimization checks, and an exit strategy for each vendor.

4. Separate Protective Tech from Additive Tech

Additive technology puts another screen or app in front of students. Protective technology doesn't add screen time — it makes existing screen time safer. Web filtering, device management, and student safety monitoring fall in the protective category. Make this distinction explicit when presenting your technology budget.

5. Get Ahead of Transparency Requirements

Every one of these bills includes transparency provisions. Districts that proactively publish their technology policies, approved vendor lists, and filtering practices will be in a stronger position than those caught scrambling after a mandate.

The Compliance Advantage

Here's the silver lining: if your district already runs comprehensive web filtering with CIPA compliance, granular policy controls, activity reporting, and student safety monitoring, you're already aligned with what these laws require.

The districts that will struggle are the ones running legacy tools with static blocklists, no grade-level differentiation, limited reporting, and no way to demonstrate what protections are actually in place.

Looking Ahead

Vermont, Utah, and Rhode Island are the first movers, not the last. Expect similar legislation in 10-15 states within the next two years, with potential federal action following.

The message from legislators is clear: the era of unvetted, unregulated ed tech in schools is ending. Districts that prepare now will navigate this transition smoothly. Those that wait will be playing catch-up.

Need help preparing for the new wave of ed tech regulation? Schedule a demo of KyberFilter and see how comprehensive web filtering with grade-level policies, real-time reporting, and built-in CIPA/COPPA/FERPA compliance can position your district ahead of the curve.