This week has felt like a microcosm of where education technology now sits: exponential promise matched by equally exponential risk.
On one hand, we are seeing rapid innovation. AI-enabled tutoring platforms are scaling at pace, rolling out new tools and demonstrating that the idea of personalised, intelligent support for learners is no longer theoretical. It is operational. It is commercial. It is here. At the same time, schools and communities are actively experimenting with AI in real classroom settings, embedding it into creativity, collaboration and problem-solving experiences for pupils. The narrative that edtech is still “emerging” is becoming increasingly difficult to defend.
And yet, in the same week, we have seen one of the most significant education data breaches in recent memory. A global cyberattack against a widely used learning platform exposed data linked to thousands of institutions and millions of users. For many, this was not an abstract headline. It was real disruption, at the worst possible moment, during assessments, coursework submission, and everyday teaching. It was a stark reminder that the infrastructure underpinning modern education is not as resilient as we might assume.
Alongside this, quieter developments continue to show the positive potential of technology in the system. Tools designed to reduce administrative burden are evolving, breaking down barriers for families, increasing access to funding, and streamlining processes that have historically been slow, manual, and inequitable. In isolation, these are genuinely encouraging developments. They point to a system becoming more efficient, more responsive, and more inclusive.
But taken together, these signals tell a different story.
They show a system that is accelerating faster than it is stabilising.
The challenge we now face is not whether edtech will transform education. That question has already been answered. The challenge is whether we can build the structures, governance, and capability around it quickly enough to ensure that transformation is intentional rather than accidental.
The recent cyberattack is not just a security incident. It is a systems issue. Education has become structurally dependent on digital platforms. Learning management systems are no longer optional tools sitting at the edge of practice; they are central infrastructure. They hold lesson content, assignments, communication, assessment data, and increasingly, the digital identity of both staff and students.
This introduces a new kind of risk. Not the risk of a single school being compromised, but the risk of entire systems being disrupted simultaneously. When a widely adopted platform fails, the impact is not localised. It is systemic. It affects thousands of institutions at once, exposing the fragility created by shared infrastructure and supplier concentration.
For leaders, this demands a shift in thinking. The question is no longer whether systems are secure at the school level. It is whether the wider ecosystem on which those schools depend is resilient. Procurement decisions that were once driven by functionality and cost now need to be reframed through the lens of dependency, resilience, and exit strategy. This is a level of operational maturity that many parts of the sector have not yet fully developed.
At the same time, innovation continues at speed. AI is not waiting for policy to catch up. It is being embedded into workflows, influencing teaching, shaping workload and creating entirely new possibilities for how learning is supported. This changes the nature of the conversation. We are no longer asking whether AI should be used in schools. We are dealing with a reality in which it already is.
That shift is subtle but profound. Once technology becomes operational, it stops being optional. It begins to shape behaviour, expectations and systems. It introduces new risks, but also new dependencies. And it exposes weaknesses in existing structures more quickly than ever before.
This is where one of the biggest mismatches in the sector is emerging. The capability of the technology is moving quickly. The policy frameworks designed to support it are moving much more slowly. Schools are often given high-level guidance around safety, ethics, and data protection, but far less clarity on how to operationalise those principles at scale.
The result is inconsistency. Different schools adopt different approaches. Staff interpret guidance in different ways. Safeguarding responses vary. Accountability becomes blurred. Leaders find themselves navigating a space where the expectations are high, but the structures to support those expectations are still forming.
This is not a technology problem. It is a governance problem.
And underneath all of this sits a more fundamental issue: trust.
Education, more than most sectors, relies on trust as its foundation. Parents trust schools to act in the best interests of their children. Staff trust systems to support them, not expose them. Students trust that the environments they learn in are safe, predictable, and fair.
When that trust is challenged, whether through a data breach, unclear use of AI, or inconsistent policy, it has a ripple effect that goes far beyond the initial incident. It shapes perception. It influences behaviour. And it determines how willing people are to engage with the next wave of innovation.
We are starting to see the early signs of this. Questions are being asked—not just by leaders, but by parents and communities—about the pace of technological change in schools. About what is being used, how it is being controlled, and whether it is always in the best interests of learners.
These are healthy questions. But they also highlight the importance of getting this next phase right.
If the system continues to adopt technology without building the corresponding governance and capability, then trust becomes fragile. And once trust is lost, it is significantly harder to rebuild than it is to maintain.
So what does this mean in practice?
Firstly, it requires a shift from thinking about tools to thinking about systems. Edtech is no longer something that can be assessed in isolation. Every platform sits within a wider ecosystem of data, safeguarding, teaching and operations. Decisions need to reflect that complexity.
Secondly, it requires treating suppliers as part of the risk landscape. Every platform is not just a product, but a data processor, a security dependency and a critical component of daily operations. Due diligence needs to move beyond surface-level checks and into a deeper understanding of how systems behave under pressure.
Thirdly, it requires moving beyond high-level policy into operational clarity. Principles are important, but they are not enough. Schools need clear, practical guidance that defines acceptable use, establishes boundaries, outlines escalation routes, and integrates technology into existing safeguarding frameworks.
And finally, it requires investment in people, not just platforms. The most resilient organisations are not those with the most tools, but those with the capability to understand, challenge, and shape how those tools are used. Digital leaders, informed safeguarding teams, and confident staff are the true infrastructure of modern education systems.
The quiet reality is that the shift has already happened.
Digital platforms, AI tools, and connected systems are now embedded into the fabric of education. The sector is no longer at the starting line of transformation. It is already moving at pace.
The question is not whether this change will continue. It is whether we will lead it deliberately, or allow it to evolve by default.
This week has shown both possibilities.
The difference between them is leadership.
