Every September brings a new version of Keeping Children Safe in Education. Most years, the updates are manageable - a clarification here, a process update there. KCSiE 2026 feels very different.
Described widely as a "significant overhaul," it represents the most substantial rewrite of statutory safeguarding guidance in years. And for safeguarding schools, the impact reaches far beyond policies stored in shared drives.
For the first time, the guidance connects cyber security, visitor management, and child protection as part of one safeguarding ecosystem - not separate operational responsibilities.
"The 2026 proposals feel 'quite unmanageable' for schools due to the volume of new requirements." - Heather Fowler, Head of Safeguarding, Endeavour Learning Trust (Tes, May 2026)
That word - unmanageable - is important. Designated Safeguarding Leads are already balancing growing responsibilities, training expectations, and compliance pressures. Now, new requirements are being added to processes that, in many schools, still rely heavily on paper logs and manual administration.
So what’s actually changing? And more importantly, what does it mean for how your school manages visitors, contractors, and safeguarding compliance?
The KCSiE 2026 consultation opened on 12 February 2026 and closed on 22 April 2026. Implementation is planned for 1 September 2026 - giving schools one summer term to prepare.
Here are the changes that directly impact visitor management and site security:
Cyber security is no longer just an IT issue - it’s now a safeguarding responsibility.
Previously treated as a technical function, it’s been elevated under Part 2 of the guidance (para 170). Compromised data - including safeguarding records, visitor logs, and student information - is now considered a direct risk to child wellbeing.
What this means for visitor management: Paper sign-in books can expose visitor information to unauthorised viewing, creating potential data protection and safeguarding concerns for schools. Schools need systems that protect visitor information by default while still providing clear audit trails for authorised staff.
AI is now part of the safeguarding conversation, explicitly.
The definition of child-on-child abuse now includes AI-generated images and deepfakes. Schools are expected to assess AI tools as "contact" risks, not just "content" risks.
What this means for visitor management: Schools are being encouraged to think more broadly about how AI-related safeguarding risks could be introduced and managed across the school environment. Without structured check-in protocols and clear safeguarding instructions at sign-in, there’s no evidence that visitors understood their responsibilities while on site.
Annual reviews are no longer best practice - they’re mandatory.
Governing bodies must now review and document filtering and monitoring effectiveness at least once every academic year (Part 2, para 166).
What this means for visitor management: While the guidance specifically references filtering and monitoring, many schools are reviewing how other safeguarding processes are documented and audited as well. If your visitor management process hasn’t been formally reviewed and documented in the past 12 months, it won’t meet the proposed standard.
Visitor supervision is no longer implied. It must be provable.
Schools must have "clear, effective arrangements" for identifying and supervising visitors. Anyone without full DBS clearance must be risk-assessed, and schools are expected to have clear processes for supervising visitors and documenting appropriate checks.
What this means in practice: You need evidence. Every visitor must be identified, their DBS status understood, and supervision arrangements recorded. A handwritten name in a paper log no longer provides the level of accountability schools are expected to demonstrate.
The expectation is clear: mobile phones should not be part of the school day.
The 2026 draft states that schools should operate as mobile-phone-free environments, with limited, controlled exceptions.
What this means for visitor management: Visitor sign-in becomes an important moment for communicating and acknowledging mobile phone expectations. Digital sign-in systems can present device policies and require visitors to acknowledge them - creating a clear, auditable record that expectations were communicated.
The KCSiE 2026 overhaul is a response to real, measurable vulnerabilities.
A 2024 school safety audit found that during unannounced tests, unauthorised access was gained in approximately 2.5% of visits - with over half of those individuals reaching the main office without being challenged. In schools relying on paper sign-in books, there’s often no way to identify a risk until it’s already inside the building.
At the same time, the Information Commissioner's Office reported in 2025 that 57% of school data breaches were caused by students - and nearly one-third of insider attacks involved passwords spotted on paper or guessed.
Physical and digital security are no longer separate conversations.
For schools managing visitors on paper, three critical gaps exist under KCSiE 2026:
The timeline is tight and widely debated.
With implementation set for 1 September 2026, many school leaders have raised understandable concerns about how quickly these changes need to be absorbed.
But waiting creates a bigger challenge.
Schools that delay action until final guidance is published could face a compressed, high-pressure transition at the start of a new academic year. The consultation has already closed. The direction of travel is clear. The deadline isn’t expected to move.
Digital visitor management stands out as one of the fastest ways to close compliance gaps. It brings together identity verification, audit trails, safeguarding communication, and emergency readiness in a single process - without creating additional administrative burden for school teams.
As the Safeguarding Network highlights, schools that act early consistently demonstrate stronger compliance outcomes than those reacting under pressure.
Compliance under the new framework isn’t about ticking boxes, it’s about proving control, visibility, and accountability.
A compliant visitor management process needs to demonstrate:
Visitors are identified, photographed, and matched against pre-screened records. Their DBS status is visible before entry is granted. If a contractor’s clearance has expired, it’s flagged immediately - not discovered weeks later.
Every visitor reads and digitally signs safeguarding policies before entering. This creates a clear record that the school communicated expectations - something that becomes especially important during inspections.
Cloud-based evacuation lists, accessible from any device, give staff instant visibility during emergencies. No clipboards. No guesswork.
When visitor management connects to your SCR, compliance checks happen in real time. If a visitor is flagged as "escorted only," staff see that before access is granted - not after an incident.
Timestamped audit trails show that your visitor management process has been reviewed, updated, and is working as intended - helping schools meet annual review requirements without adding unnecessary admin.
The window is tight, but there’s still time to prepare effectively - especially if action starts now.
Sign In App replaces paper visitor logs with a secure, digital sign-in system designed for safeguarding schools.
Visitors check in via an iPad or Android kiosk, are photographed, and receive a printed badge displaying their DBS status - making supervision requirements immediately visible to staff.
Custom sign-in flows allow schools to tailor processes for parents, governors, and contractors. Each visitor reads and acknowledges safeguarding policies before entry, creating a clear compliance record.
Attendance tracking is automated, with integrations into MIS platforms like SIMS, Bromcom, and iSAMS - helping schools keep records accurate without creating extra admin.
In emergencies, the Companion app provides real-time evacuation lists accessible from any device, with live roll call and multi-device coordination.
For the Single Central Record (SCR), Sign In App’s integrated Central Record tool replaces spreadsheets with a secure, searchable, audit-ready system. It flags expiring DBS checks and compliance documents automatically, alerting administrators before issues arise. When synced with visitor management, compliance data is surfaced at the front desk - blocking access when requirements aren’t met.
Over 6,000 schools trust Sign In App to manage visitor safety and safeguarding compliance. Book a demonstration before summer term ends and give your school the time it needs to be ready for September.