Keywords
Cybersecurity
Students’ Rights
GDPR
AI Act
NIS2
Trust Architecture
How to Cite
Abstract
Objective: This article examines how artificial intelligence in higher education may affect students’ rights, particularly privacy, autonomy, equality, fair assessment, and institutional trust.
Method: The study adopts a qualitative, doctrinal, and documentary approach, combining legal analysis of the main European Union regulatory instruments, including the AI Act, the GDPR, and the NIS2 Directive, with a technical perspective on artificial intelligence and cybersecurity risks.
Results: The article shows that formal legal compliance alone is not sufficient to ensure trustworthy AI in education. Automated assessment systems, learning analytics, proctoring tools, chatbots, large language models, and vulnerable digital infrastructures may create significant risks for students’ rights. In response, the article proposes a rights-based Cyber-AI trust architecture structured around three operational layers: the AI system, the educational data flow, and the cybersecurity infrastructure.
Contribution: The main contribution of the article is to present an operational model that translates legal requirements into practical institutional and technological design principles, including human oversight, data minimization, cybersecurity-by-design, responsible EdTech procurement, continuous auditing, incident-response procedures, and student participation in AI governance.
Conclusion: AI can support the future of education only if legal, technical, and pedagogical safeguards are integrated into a coherent institutional architecture centered on the student.
References
Cheng, E. C. K., & Wang, T. (2022). Institutional strategies for cybersecurity in higher education institutions. Information, 13(4), 192. https://doi.org/10.3390/info13040192
Colonna, L. (2025). Artificial Intelligence in Education (AIED): Towards more effective regulation. European Journal of Risk Regulation, 17(1), 161–181. https://doi.org/10.1017/err.2025.10039
Cormack, A. (2016). A data protection framework for learning analytics. Journal of Learning Analytics, 3(1), 91–106. https://doi.org/10.18608/jla.2016.31.6
Directive (EU) 2022/2555 of the European Parliament and of the Council. (2022). Directive on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2 Directive).
Official Journal of the European Union, L 333, 80–152. https://eur-lex.europa.eu/eli/dir/2022/2555/oj
European Commission. (2022). Ethical guidelines on the use of artificial intelligence (AI) and data in teaching and learning for educators. Publications Office of the European Union. https://data.europa.eu/doi/10.2766/153756
González-Calatayud, V., Prendes-Espinosa, P., & Roig-Vila, R. (2021). Artificial Intelligence for student assessment: A systematic review. Applied Sciences, 11(12), 5467. https://doi.org/10.3390/app11125467
Halkiopoulos, C., & Gkintoni, E. (2024). Leveraging AI in e-learning: Personalized learning and adaptive assessment through cognitive neuropsychology—A systematic analysis. Electronics, 13(18), 3762. https://doi.org/10.3390/electronics13183762
Holmes, W., Bialik, M., & Fadel, C. (2019). Artificial intelligence in education: Promises and implications for teaching and learning. Center for Curriculum Redesign.
Huang, L. (2023). Ethics of artificial intelligence in education: Student privacy and data protection. Science Insights Education Frontiers, 16(2), 2577–2587. https://doi.org/10.15354/sief.23.re202
Jones, K. M. L. (2019). Learning analytics and higher education: A proposed model for establishing informed consent mechanisms to promote student privacy and autonomy. International Journal of Educational Technology in Higher Education, 16, 24. https://doi.org/10.1186/s41239-019-0155-0
Jones, K. M. L., Asher, A., Goben, A., Perry, M. R., Salo, D., Briney, K. A., & Robertshaw, M. B. (2020). “We’re being tracked at all times”: Student perspectives of their privacy in relation to learning analytics in higher education. Journal of the Association for Information Science and Technology, 71(9), 1044–1059. https://doi.org/10.1002/asi.24358
Karunaratne, T. (2021). For learning analytics to be sustainable under GDPR—Consequences and way forward. Sustainability, 13(20), 11524. https://doi.org/10.3390/su132011524
Klimova, B., Pikhart, M., & Kacetl, J. (2023). Ethical issues of the use of AI-driven mobile apps for education. Frontiers in Public Health, 10, 1118116. https://doi.org/10.3389/fpubh.2022.1118116
Lallie, H. S., Thompson, A., Titis, E., & Stephens, P. (2025). Analysing cyber attacks and cyber security vulnerabilities in the university sector. Computers, 14(2), 49. https://doi.org/10.3390/computers14020049
Li, W., Sun, K., Schaub, F., & Brooks, C. (2022). Disparities in students’ propensity to consent to learning analytics. International Journal of Artificial Intelligence in Education, 32, 564–608. https://doi.org/10.1007/s40593-021-00254-2
Lin, C.-C., Huang, A. Y. Q., & Lu, O. H. T. (2023). Artificial intelligence in intelligent tutoring systems toward sustainable education: A systematic review. Smart Learning Environments, 10, 41. https://doi.org/10.1186/s40561-023-00260-y
OWASP. (2025). OWASP Top 10 for Large Language Model Applications 2025. OWASP Foundation. https://genai.owasp.org/llm-top-10/
Owan, V. J., Abang, K. B., Idika, D. O., Etta, E. O., & Bassey, B. A. (2023). Exploring the potential of artificial intelligence tools in educational measurement and assessment. EURASIA Journal of Mathematics, Science and Technology Education, 19(8), em2307. https://doi.org/10.29333/ejmste/13428
Panagopoulou, F., Parpoula, C., & Karpouzis, K. (2025). Legal perspectives on AI and the right to digital literacy in education. Frontiers in Computer Science, 7, 1692268. https://doi.org/10.3389/fcomp.2025.1692268
Pierrès, O., Christen, M., Schmitt-Koopmann, F., & Darvishy, A. (2024). Could the use of AI in higher education hinder students with disabilities? A scoping review. IEEE Access, 12, 27810–27839. https://doi.org/10.1109/ACCESS.2024.3365368
Regulation (EU) 2016/679 of the European Parliament and of the Council. (2016). Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119, 1–88. https://eur-lex.europa.eu/eli/reg/2016/679/oj
Regulation (EU) 2024/1689 of the European Parliament and of the Council. (2024). Regulation laying down harmonised rules on artificial intelligence and amending Regulations and Directives in certain Union legislative acts (Artificial Intelligence Act). Official Journal of the European Union, L 2024/1689. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Wang, T., Lund, B. D., Marengo, A., Pagano, A., Mannuru, N. R., Teel, Z. A., & Pange, J. (2023). Exploring the potential impact of artificial intelligence (AI) on international students in higher education: Generative AI, chatbots, analytics, and international student success. Applied Sciences, 13(11), 6716. https://doi.org/10.3390/app13116716
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright (c) 2026 Andreea Nicoleta Dragomir, Ovidiu Bernaschi