Updated May 2018
Applicants must certify compliance with the Children's Internet Protection Act (CIPA) to be eligible for Schools and Libraries (E-rate) Program discounts on Category One internet access and all Category Two services – internal connections, managed internal broadband services, and basic maintenance of internal connections. The relevant authority with responsibility for administration of the eligible school or library (the Administrative Authority) must certify that the school or library is enforcing an internet safety policy that includes measures to block or filter internet access for both minors and adults to certain visual depictions.
In general, school and library authorities must certify that: (1) they have complied with the requirements of CIPA; (2) they are undertaking actions, including any necessary procurement procedures, to comply with the requirements of CIPA; or (3) CIPA does not apply because they are receiving discounts for telecommunications services only.
CIPA requirements include the following three items:
Schools and libraries are required to adopt and enforce an internet safety policy that includes a technology protection measure that protects against access by adults and minors to visual depictions that are obscene, child pornography, or – with respect to use of computers with internet access by minors – harmful to minors. "Minor" is defined as any individual who is under the age of 17.
This internet safety policy must address all of the following:
For schools, the policy must also include monitoring the online activities of minors. As of July 1, 2012, as part of their CIPA certification, schools also certify that their internet safety policies have been updated to provide for educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, cyberbullying awareness, and response.
A technology protection measure is a specific technology that blocks or filters internet access.
The school or library must enforce the operation of the technology protection measure during the use of its computers with Internet access, although an administrator, supervisor, or other person authorized by the authority with responsibility for administration of the school or library may disable the technology protection measure during use by an adult to enable access for bona fide research or other lawful purpose. For example, a library that uses internet filtering software can set up a process for disabling that software upon request of an adult user through use of a sign-in page where an adult user can affirm that he or she intends to use the computer for bona fide research or other lawful purposes.
CIPA uses the federal criminal definitions for obscenity and child pornography. The term "harmful to minors" is defined as "any picture, image, graphic image file, or other visual depiction that – (i) taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion; (ii) depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and (iii) taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors."
Decisions about what matter is inappropriate for minors are made by the local community. E-rate Program rules specify that "[a] determination regarding matter inappropriate for minors shall be made by the school board, local educational agency, library, or other authority responsible for making the determination."
The authority with responsibility for administration of the school or library must provide reasonable public notice and hold at least one public hearing or meeting to address a proposed technology protection measure and Internet safety policy. For private schools, public notice means notice to their appropriate constituent group.
Additional meetings are not necessary – even if the policy is amended – unless those meetings are required by state or local rules or the policy itself.
The Administrative Authority for a school or library is the entity that must make the relevant certification for the purposes of CIPA. For a school, the Administrative Authority may be the school, school board, school district, local educational agency, or other authority responsible for administration of a school. For a library, the Administrative Authority may be the library, library board, or other authority with responsibility for administration of the library.
If the Administrative Authority is also the Billed Entity, the Administrative Authority certifies on the FCC Form 486 (Receipt of Service Confirmation and Children's Internet Protection Act Certification Form). If the Administrative Authority is not the Billed Entity, the Administrative Authority must complete FCC Form 479 (Certification of Administrative Authority to Billed Entity of Compliance with the Children's Internet Protection Act), and submit the FCC Form 479 to the Billed Entity. The Billed Entity then certifies on the FCC Form 486 that it has collected duly completed FCC Forms 479. The Billed Entity does not need to collect FCC Forms 479 when the Billed Entity applies only for telecommunications services.
CIPA provides that, in the first funding year following the effective date of CIPA (April 20, 2001) in which you are "applying" for funds (see Applying for Funds below), you need not be fully compliant with CIPA's requirements but can certify that you are undertaking actions to be in compliance for the next funding year. You may also make this certification in your Second Funding Year for the purposes of CIPA, if you seek a waiver due to state or local procurement rules or regulations or competitive bidding requirements. Applicants, therefore, need to determine their "first," "second," and "third" funding years after the effective date of CIPA (April 20, 2001) in which their school or library is "applying" for funds.
For the purposes of CIPA, a school or library that is a recipient of service is considered to have "applied" for funds in a funding year after USAC successfully processes an FCC Form 486 with at least one funding request for services that require CIPA compliance and that include that school or library.
The first funding year after Funding Year 2000 (the funding year beginning July 1, 2000) in which your school or library applies for funds (i.e., in which an FCC Form 486 is successfully processed) for Category One Internet access and/or any Category Two services is your First Funding Year for the purposes of CIPA. Once your First Funding Year is established, the next two funding years will be your second and third funding years for the purposes of CIPA. In the First Funding Year, the applicant must be in compliance with CIPA or undertaking actions to comply with CIPA in order to receive support for Category One internet access and all Category Two services.
Once the First Funding Year is established, the funding year immediately following becomes the Second Funding Year for the purposes of CIPA.
If the school or library applies for funds for Category One internet access and/or any Category Two services in the Second Funding Year, its Administrative Authority must certify compliance with CIPA unless state or local procurement rules or regulations or competitive bidding requirements prevent the making of the certification. A school or library so prevented can request a waiver for the Second Funding Year on FCC Form 486 or FCC Form 479, as appropriate.
The Third Funding Year for the purposes of CIPA is the funding year immediately following the Second Funding Year. If the school or library applies for funds for Category One internet access and/or any Category Two services in the Third Funding Year, it must be compliant with CIPA.
The school or library must be compliant with CIPA for any funding year thereafter.
Below is the appropriate certification that the Administrative Authority must make for "undertaking actions":
"Pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C. Section 254(h) and (l), the recipient(s) of service represented in the Funding Request Number(s) on this FCC Form 486, for whom this is the first funding year in the federal universal service support mechanism for schools and libraries, is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year."
For a school or library to be able to make the certification quoted above, it must be able to demonstrate that action was taken by the start of services. USAC will not request this documentation as part of the FCC Form 486 filing process, but the school or library must maintain this documentation in its files for audit purposes.
An undertaken action is an action that can be documented and demonstrates that the school or library is taking steps to become compliant with the CIPA requirements. If a school or library has already provided reasonable public notice and at least one public hearing or meeting relating to an internet safety policy and technology protection measure that meets all the requirements listed above, that school or library has complied with the public notice and hearing or meeting requirements of CIPA. If a school or library has not met those conditions, the statute requires that the school or library provide the required notice and hearing or meeting.
Below are examples of documentation that could demonstrate that a school or library is undertaking actions to comply with CIPA:
This list is not meant to be exhaustive, but includes examples of how applicants can demonstrate they are undertaking actions to become compliant with the CIPA requirements.
Remember that such actions must occur before the start of services in order for discounts to be paid back to the service start date reported on the FCC Form 486. Although applicants are allowed to undertake the actions described above in order to make the required certification regarding CIPA compliance during the First Funding Year, applicants should be prepared to implement all necessary measures in order to be compliant with the CIPA requirements before services start for the Second Funding Year, unless a waiver has been granted.
Below is a list of the documentation that will be requested to demonstrate CIPA compliance during an audit. A school or library should retain copies of the documentation for each funding year where a CIPA certification is required. Note that documents must be retained for at least 10 years after the latter of the last day of the applicable funding year or the service delivery deadline for the funding request.
The documentation should show that the filter was installed and was working during the funding year.
Applicants are given the opportunity to correct minor errors that could result in violations of the CIPA rules before USAC institutes recovery of E-rate Program funds. Correctable errors are those that are immaterial to CIPA compliance.
These are just two CIPA issues that have been addressed by the FCC, but there may be other CIPA-related issues that can be corrected.