AI for UK Universities — UK GDPR and Jisc

Quick Take / Direct Answer

UK universities deploying AI on student and staff data must meet: UK GDPR Article 28 DPA with any AI vendor, DPIA for high-risk processing of student personal data, data residency compliance (UK jurisdiction for UK personal data), and Jisc's AI governance recommendations (documented in Jisc's 2024 AI in HE guidance). Private deployment on Azure UK South or AWS eu-west-2 satisfies all current UK data residency requirements. **Jisc guidance summary (2024):** Jisc recommends UK HEIs establish an AI governance framework including designated AI lead, written AI use policy, staff training programme, regular risk assessment process, and transparency measures for students where AI affects their experience. Jisc's Connected Learning Analytics toolkit provides implementation guidance for learning analytics AI applications specifically.