UPDATED 2026-05-10
EdTech Compliance in Belgium: The Regulatory Landscape
Belgian educational technology companies operate within a uniquely layered compliance environment. At the foundation sits the General Data Protection Regulation (GDPR), which treats student data with the highest sensitivity—Belgium's data protection authority, the Gegevensbeschermingsautoriteit (GBA, also known as APD), has issued repeated guidance emphasizing that children's data requires extra safeguards. But GDPR alone is no longer sufficient. The EU AI Act now regulates algorithmic systems used in educational assessment, content personalisation, and student monitoring. Meanwhile, the European Accessibility Act (EAA) mandates that digital educational products meet strict accessibility standards by 2025.
What makes Belgium's environment distinct is the combination of Flemish and Walloon regulatory oversight—both regions can impose additional requirements—plus the GBA's proactive enforcement posture. Between 2020 and 2023, the GBA issued multiple decisions against educational platforms for inadequate consent mechanisms and unclear data processing disclosures. EdTech founders should expect that regulatory scrutiny will intensify. Compliance is not a one-time audit; it requires ongoing attention to data flows, algorithm transparency, and accessibility as your product evolves.
Applicable Regulations and Compliance Deadlines
General Data Protection Regulation (GDPR)
GDPR (Regulation (EU) 2016/679) applies immediately and comprehensively to any EdTech platform processing personal data of EU residents, including students and teachers in Belgium. The regulation mandates lawful bases for processing (typically parental consent for minors under 16, per Article 8), explicit data protection impact assessments (DPIAs) for high-risk processing, and data subject rights including access and erasure.
For EdTech, the critical requirement is that parental consent must be informed, specific, and freely given—pre-checked consent boxes or vague privacy policies will not satisfy Article 7. If you process data on learning outcomes, behavioural patterns, or identifiers linked to minors, you must conduct a DPIA per Article 35. The GBA expects evidence of this assessment in your records. There is no renewal deadline—GDPR compliance is perpetual—but the GBA's enforcement pattern suggests audits will intensify in 2024–2025 as data protection matures in the sector.
Reference: EUR-Lex: Regulation (EU) 2016/679.
The EU AI Act
The AI Act (Regulation (EU) 2024/1689) entered force on 1 August 2024. It categorises AI applications by risk level and imposes compliance obligations on providers and deployers. Educational AI systems—particularly those used for automated student assessment, learner profiling, or behavioural prediction—are classified as high-risk under Article 6(2)(d) and Annex III.
High-risk AI in EdTech must meet strict requirements: maintain a quality management system, conduct and document conformity assessments, keep training data registers, implement human oversight mechanisms, and provide transparent documentation to users. These obligations apply immediately; however, the European Commission and national authorities are still issuing implementation guidance. Belgium's competent authority for AI oversight is the GBA in coordination with sectoral regulators.
Critical deadline: by 2 February 2025, high-risk AI systems already in use must undergo conformity assessment and be documented. Failure to comply by this date exposes you to fines up to 30 million EUR or 6% of annual turnover (whichever is higher) from 2026 onwards. If you are rolling out new AI-powered features (adaptive learning, automated grading, student risk flagging), prioritise AI Act compliance now.
Reference: EUR-Lex: Regulation (EU) 2024/1689.
European Accessibility Act (EAA)
The EAA (Directive (EU) 2019/882) requires digital educational products to be accessible to people with disabilities. Belgium has transposed this into national law; the compliance deadline for educational software and online learning platforms is 28 June 2025.
Your platform must meet Web Content Accessibility Guidelines (WCAG) 2.1 Level AA as a minimum standard. This includes keyboard navigation, alt text for images, captions for video, colour contrast ratios, and clear labelling of form fields. Failure to meet the deadline means you may face debarment from public procurement tenders and potential enforcement action from Belgium's accessibility ombudsman or consumer protection bodies.
If you have interactive assessments, collaborative tools, or video content, you must audit these components now. Retrofitting accessibility is significantly more expensive than building it in from the start. The GBA and Belgian consumer authorities expect compliance evidence (accessibility statements, testing reports) by mid-2025.
Reference: EUR-Lex: Directive (EU) 2019/882.
Top 3 Compliance Pitfalls Specific to EdTech in Belgium
Pitfall 1: Weak Parental Consent and Unclear Processing Purposes
The GBA has repeatedly sanctioned EdTech platforms for consent violations. In 2021, a Belgian online learning platform was fined because its consent request bundled learning analytics, advertising, and third-party data sharing into a single checkbox. Parents could not understand what they were consenting to; the GBA found the consent invalid.
Why it matters: Under GDPR Article 8, parental consent for minors under 16 must be specific to each processing purpose. If you collect behavioural data for adaptive learning algorithms, that requires separate, explicit consent from what is needed for basic account management. Vague language like "to improve your experience" is insufficient.
How to avoid it: Unbundle your privacy notices. Create separate consent requests for different data uses: learning analytics, assessment, third-party integrations, and marketing. Document that parents can see, understand, and revoke each consent independently. Train your user-facing team to explain what data you collect and why. The GBA expects this documentation in any audit.
Pitfall 2: Deploying AI Systems Without Algorithm Transparency
A Walloon EdTech startup launched an adaptive learning engine that used student quiz responses to predict whether learners would drop out. The system flagged low-confidence students to teachers for extra support. However, the startup did not document how the algorithm made predictions, what training data was used, or how often it was audited for bias. When a parent enquired how their child's risk score was calculated, the company could not provide a clear answer. The GBA opened an investigation for AI Act non-compliance.
Why it matters: High-risk AI in education must be transparent. Teachers and parents have the right to understand how algorithmic decisions are made. If your system lacks explainability or auditing, you are vulnerable to enforcement action under the AI Act (Articles 13–15) and GDPR's right to explanation (Article 22).
How to avoid it: If you use machine learning for student assessment, prediction, or personalisation, maintain a technical documentation file explaining: training datasets, model performance metrics, bias testing results, and human oversight workflows. Provide end-users (educators and parents) with accessible summaries of how the system works. Conduct annual audits of model performance across student demographics. Store all evidence—the GBA will ask for it.
Pitfall 3: Neglecting Accessibility for Interactive and Video Content
A Belgian virtual classroom platform offered video lectures, interactive quizzes, and live chat. While the platform's static pages met WCAG AA standards, the embedded videos had no captions and the quiz system was keyboard-inaccessible. A teacher with a hearing-impaired student discovered the student could not participate in live lessons. The platform owner faced complaints to the Belgian accessibility ombudsman and risk of exclusion from school procurement contracts.
Why it matters: The EAA applies to all digital educational content, not just text. Video without captions, interactive elements without keyboard support, and PDFs without tagged structure all create barriers. By June 2025, these gaps will be enforceable violations. Schools increasingly require accessibility compliance before choosing platforms.
How to avoid it: Conduct a full accessibility audit now (WCAG 2.1 AA). Prioritise: video captions, keyboard navigation, colour contrast, form labelling, and alt text for instructional graphics. If you use third-party video hosting, verify that platform supports caption uploads and delivery. For interactive tools (quizzes, drag-and-drop exercises), test with keyboard-only and screen-reader users. Budget for remediation if gaps exist; do not wait until June 2025 to start.
Practical Next Steps
Compliance for Belgian EdTech is not a box-ticking exercise—it is a competitive advantage. Students and schools increasingly require vendors to demonstrate data protection, algorithmic transparency, and accessibility. Start now: audit your current data flows against the GDPR DPIA checklist, document any AI systems you use for conformity with the AI Act, and test your platform against WCAG 2.1 AA. The GBA publishes guidance on its website; consult it regularly.
We recommend setting up a compliance calendar tailored to your product and timeline. Use our calendar tool to map EdTech-specific regulatory milestones for Belgium. You will receive reminders for parental consent audits, AI conformity assessment deadlines, and accessibility testing windows, helping you stay ahead of enforcement actions and maintain trust with schools and families.