Trustworthiness of Legal Considerations for the Use of LLMs in Education

As Artificial Intelligence (AI), particularly Large Language Models (LLMs), becomes increasingly embedded in education systems worldwide, ensuring their ethical, legal, and contextually appropriate deployment has become a critical policy concern. This paper offers a comparative analysis of AI-related regulatory and ethical frameworks across key global regions, including the European Union, United Kingdom, United States, China, and Gulf Cooperation Council (GCC) countries. It maps how core trustworthiness principles, such as transparency, fairness, accountability, data privacy, and human oversight are embedded in regional legislation and AI governance structures. Special emphasis is placed on the evolving landscape in the GCC, where countries are rapidly advancing national AI strategies and education-sector innovation. To support this development, the paper introduces a Compliance-Centered AI Governance Framework tailored to the GCC context. This includes a tiered typology and institutional checklist designed to help regulators, educators, and developers align AI adoption with both international norms and local values. By synthesizing global best practices with region-specific challenges, the paper contributes practical guidance for building legally sound, ethically grounded, and culturally sensitive AI systems in education. These insights are intended to inform future regulatory harmonization and promote responsible AI integration across diverse educational environments.

💡 Research Summary

The paper addresses the pressing policy challenge of deploying large language models (LLMs) in education in a manner that is both legally sound and ethically trustworthy. It begins by outlining the transformative potential of LLMs—personalised learning, automated assessment, academic support—and simultaneously flags the legal risks they raise, such as student data privacy, intellectual‑property ownership, academic misconduct, and algorithmic bias. Trustworthy AI is defined through five core dimensions—transparency, fairness/non‑discrimination, accountability, data privacy, and human oversight—drawn from OECD, UNESCO, and European expert group guidelines.

A comparative legal analysis was conducted on five major jurisdictions (EU, United Kingdom, United States, China, and the Gulf Cooperation Council) using official statutes, policy papers, and peer‑reviewed literature from 2016‑2025. Each framework was coded against the five trustworthiness dimensions. The study finds that the European Union leads with the AI Act, which classifies AI systems by risk, mandates pre‑market conformity assessments, and embeds transparency and human‑in‑the‑loop requirements. GDPR provides the overarching data‑protection backbone. The United Kingdom pairs its Data Protection Act with a separate AI ethics policy, emphasising pre‑deployment ethical reviews. The United States relies on sector‑specific privacy laws such as FERPA and COPPA; a comprehensive federal AI law is still nascent, leaving much to state‑level or voluntary corporate governance. China’s “Next Generation AI Development Plan” and Cybersecurity Law stress national data sovereignty and security, offering ethical guidance but limited enforceability.

The GCC region is highlighted as a fast‑moving arena. Saudi Arabia, the UAE, Qatar, Oman and Bahrain have enacted personal data protection laws (e.g., Saudi PDPL, Bahrain PDPL) and launched national AI strategies (e.g., Saudi National Strategy for Data and AI, UAE Ministry of State for AI). However, dedicated AI legislation remains in draft form. The authors map these developments on a timeline, showing a clear acceleration of institutional AI bodies and sector‑specific initiatives in the GCC compared with the more cautious, risk‑management‑oriented approaches of the EU and UK.

A notable contribution is the global “ChatGPT ban” map, which categorises countries by ban duration and rationale (privacy vs. political control). This analysis demonstrates how the provenance of an LLM (U.S., Chinese, European) can affect perceived trustworthiness and regulatory acceptance, an insight directly relevant to educational institutions deciding which models to adopt.

To bridge the regulatory gap in the GCC, the paper proposes a “Compliance‑Centred AI Governance Framework” tailored to the region’s legal and cultural context. The framework consists of three layers: (1) Strategic – alignment of national AI strategies with education policy; (2) Operational – concrete artefacts such as data‑minimisation design, transparency reports, fairness‑testing protocols, and contractual liability clauses; (3) Oversight – human‑in‑the‑loop procedures, audit mechanisms, and designated Data Protection Officers. A practical checklist accompanies each layer, enabling regulators, educators, and developers to simultaneously satisfy international standards (GDPR, EU AI Act) and regional imperatives (sharia‑compliant data handling, state data‑sovereignty).

The authors also juxtapose legal compliance (enforceable obligations, liability, sanctions) with broader ethical frameworks (fairness, human rights, moral responsibility). They argue that in education, compliance alone cannot guarantee responsible AI use; ethical considerations must be codified into institutional policies and, where feasible, into law.

In conclusion, while the core trustworthiness principles are globally recognised, their implementation diverges: the EU/UK focus on pre‑emptive regulation and ethical review, whereas GCC states prioritise rapid innovation under top‑down governance. The proposed compliance‑centred framework offers a pragmatic roadmap for GCC educational stakeholders to adopt LLMs responsibly, and the paper calls for empirical pilots to validate the framework’s effectiveness on learning outcomes and legal risk mitigation.