← All guides

Guide

What does KCSIE say about pupil images online?

Keeping Children Safe in Education is the statutory guidance every school works to. It does not list rules for website photos line by line, but it does set the framework that makes pupil images online a safeguarding matter. Here is how the two connect.

Published: 11 June 2026·Reading time: 6 minutes

The short answer

KCSIE does not contain a specific instruction such as “you must anonymise photos on your website.” What it does is make online safety a core part of every school’s safeguarding duty. Identifiable images of children on a public website fall squarely inside that duty, because they create exactly the kind of online risk KCSIE asks schools to manage.

So the right way to read it is this: the detailed data protection rules about photos come from UK GDPR and the ICO, while KCSIE provides the safeguarding lens that says you should be actively thinking about how children’s images can be seen, copied and misused online in the first place.

What KCSIE actually is

Keeping Children Safe in Education (KCSIE) is statutory safeguarding guidance issued by the Department for Education. Schools and colleges in England must have regard to it, and all staff are expected to read at least the relevant parts. It is updated regularly, so the edition in force changes from year to year.

Its purpose is broad: to set out the legal duties and good practice that keep children safe across every part of school life. Online safety is one of the areas it covers, and it has grown in prominence in recent editions as more of children’s lives, and risks, have moved online.

Online safety and the four Cs

KCSIE frames online risk to children using four categories, often called the four Cs. They are a useful way to see where a website photo fits:

  • ContentBeing exposed to harmful material. A child's image becomes content that others can take and reuse.
  • ContactBeing contacted or targeted by others. An identifiable photo, paired with a school name, can help a stranger identify and locate a child.
  • ConductBehaviour that increases risk, including how images are shared and what happens to them once published.
  • CommerceCommercial or financial exploitation, including the misuse of images for scams or fraud.

A photograph of an identifiable pupil on an open web page touches several of these at once. That is why online safety guidance treats published images as a risk to assess, not simply a marketing decision.

What this means for pupil images online

Putting the framework into practice, the safeguarding question KCSIE points you toward is not just “do we have consent?” but “what could happen to this image once it is public, and have we done what is reasonable to reduce that risk?”

Any image on an open website can be downloaded, copied or altered by anyone. Once an identifiable photo of a child is online, the school no longer controls where it goes. This is the heart of why online safety and data protection guidance both encourage schools to minimise identifiable images of children in public-facing materials, and to consider protective measures where images are used.

For the related question of consent and UK GDPR, see our guide on parental consent for photos on your school website.

Policies KCSIE expects you to have

KCSIE expects safeguarding to be backed by clear, current policies rather than informal habits. In the context of images and online safety, the documents that usually matter are:

  • A child protection and safeguarding policy that reflects the current edition of KCSIE.
  • An online safety approach covering how the school manages digital risk, including published content.
  • An acceptable use policy for staff covering how images are captured, stored, shared and published.
  • A clear photography and images policy, often linked to your data protection and consent process.

These should work together. A consent form on its own is not a substitute for thinking about the safeguarding risk of publishing an identifiable image in the first place.

Practical steps for your school

  • Read the online safety sections of the current KCSIE edition, and make sure your designated safeguarding lead has signed off your approach to published images.
  • Treat your website photos as a safeguarding question, not only a data protection or marketing one.
  • Review what is already live on your site. Identifiable images can outlast both the consent and the staff who published them.
  • Where you can tell your school's story without identifiable faces, consider doing so.
  • Keep your photography, consent and online safety policies aligned and up to date.

A practical way to reduce the risk

Anonymising children’s faces in your website photos addresses the safeguarding concern directly, while keeping the warmth of real school images. Anonymé can process your existing images and return them ready to publish, fully GDPR compliant.

Book a chat →

This guide is general information to help school staff understand the issues. It is not legal advice, and it summarises the framework rather than reproducing the guidance. KCSIE is updated regularly, so always refer to the current edition published by the Department for Education, along with the ICO and your designated safeguarding lead, when making decisions for your school.