Summary #
Status #
- Drafting: This framework version is not yet released. ST4S Working Group members have submitted feedback. Approvals are pending from the group.
- Planned publication date: December-2025
Key changes and items #
- Various improvements to question wording and response options.
- Updates to the classification of certain data types.
- Updates to integration category (INT).
- Improvements to access controls and password related criteria.
Dates #
- Original framework publication date: Not yet published
- Last update to this post: 27-November-2025
Description #
ST4S v2025.1 includes many changes suggested by app developers and suppliers, and the adjustment of criteria to align with new forms of authentication including password-less type options.
In addition, ST4S will see new assessment pathways piloted that are designed to focus on services not processing student data, and services which schools may utilise as part of administrative functions.
Feedback on the ST4S assessment framework can be submitted at anytime through our feedback and consultation form.
Key Features and Compliance Areas #
Various improvements:
- This framework introduces major improvements to pre-existing criteria, the majority of which do not impact critical compliance.
Passwords and password-less options:
- Passkeys, secure login links, one time passcodes (OTPs) and similar are being incorporated into the framework.
- Clarifying controls and how privacy criteria applies to services only receiving vs sending and receiving personal data.
AI Module and personal information:
- Services which use speech to text (STT), text to speech (TTS) along with AI models to improve effectiveness (e.g. AI enhanced transcribing) are assessable subject to review.
Alternative assessment pathways:
- We are piloting an alternative assessment pathway for services which do not process personal information of students, do not have logins for students and have limited functionality (e.g. no communication / AI functions).
Suppliers and App Developers #
If you are interested in how to best comply with the AI criteria we recommend reviewing the supporting resources and the criteria published in the supplier guide.
Transition options are available depending for suppliers who have had a service recently assessed under the ST4S framework including those who undertook the AI Module in its first release or as part of v2024.1.
Transitioning #
We will be publishing information after the framework is released for app developers looking to upgrade from a recent version of the framework.
Consultation and Feedback #
Providing Feedback #
The ST4S Framework has a consultation and feedback process with a range of interested persons and organisations. Notably our feedback and consultation occurs government agencies in Australia and New Zealand such as the Department of Education in each State/Territory within Australia and the Ministry of Education in New Zealand. Consultation also occurs with independent and catholic sector school representatives. These members collectively comprise the ST4S Working Group.
ST4S originally launched in 2019 and is the work of multiple organisations and persons. Cybersecurity, privacy and online safety are rapidly changing and feedback is an important part of the framework. Releases are planned twice a year. Additional updates may occur in the interim.
Feedback is open to:
- App developers / suppliers.
- Academic researchers and independent ethical hackers.
- Advocacy groups (e.g. privacy or human rights advocacy groups etc).
- Industry groups relating to cybersecurity, privacy, safety and software development.
- ST4S Working Group Members (e.g. Department of Education staff, Catholic and Independent sector representatives that are members of the group).
- Government agencies both local (e.g. Australia, New Zealand) and international.
Other Enquiries #
For general enquiries please contact us on our website. For media or press related enquiries, please contact our media team at Education Services Australia Limited (ESA).
