Introduction to the Online Learning Regulatory Landscape

In the United States, the oversight of institutions of higher education is a shared responsibility divided among state governments, the federal government, and accreditors. Collectively, this group is often referred to as the “regulatory triad.” Each segment of the triad plays a distinct role in shaping and regulating higher education, offering a unique set of perspectives and responsibilities. The triad provides a balance of regional specificity, national coherence, as well as the third-party non-governmental quality assurance from accreditors to enable collaboration, coordination, and funding opportunities to address the diverse needs of students, institutions, and employers in the ever-evolving landscape of higher education.  

Where interstate education is concerned, most states (currently, all except California) and several territories have joined the State Authorization Reciprocity Agreements (SARA), which simplifies the authorization process and overall regulatory burden for participating institutions within these states through providing one, unified set of authorization requirements. As a result, SARA has become a significant focus area of state-level compliance efforts within the regulatory triad.

The U.S. Department of Education (ED) has promulgated a variety of regulations that uniquely address (or have unique application to) online courses and programs. Implementing regulations for Title IV of the Higher Education Act set criteria for institutional and programmatic federal student aid eligibility, including for what ED considers “distance education.” For example, aid eligibility depends in part on the frequency and quality of opportunities for academic engagement and instructor-student interactions which can (and should) influence course design considerations. More broadly applicable requirements, such as those concerning professional licensure eligibility disclosures and state authorization, are also more likely to impact online programs as these are based on the student’s location rather than the location of the institution. 

Rulemaking and enforcement activities from other federal agencies and offices can also impact online learning compliance efforts. For instance, the U.S. Department of Justice shares jurisdiction with ED over enforcement of the Americans with Disabilities Act and Section 504 of the Rehabilitation Act, which can have unique implications for digital accessibility and accommodations in the context of online learning. And rulemaking and guidance by the U.S. Copyright Office can impact course-level decisions around the use of third-party media and embedding practices.

State governments can make determinations as to which institutions can legally operate within their geographic boundaries, including with regard to purely online learning offerings should they choose. State workforce boards also focus on aligning education and training programs with the needs of the local job market, promoting workforce development, and ensuring that educational offerings are responsive to the evolving demands of employers. States also have a significant role to play in their own public institutions of higher education.

With regard to “out-of-state” institutions, states have created various authorization application and review procedures that more clearly define a state’s oversight role and institutional responsibilities. The applicability of these requirements to certain institution types and activities varies by state. 

The State Authorization Reciprocity Agreements (SARA), which are governed by the National Council for SARA (NC-SARA), provide a single set of rules to follow for participating institutions in all SARA member states, at least with regard to authorization requirements and consumer protections specific to institutions of higher education. As is further detailed below, however, states can still enforce various general purpose laws and regulations, such as those relating to data privacy, general consumer protections, professional licensure requirements, anti-discrimination laws, tax, and business operations. 

Accrediting agencies are private, third-party, non-governmental educational associations responsible for evaluating and ensuring educational institutions and their programs meet acceptable levels of quality. They provide external validation and assurance to students, employers, and the public, helping to maintain the integrity and reputation of higher education while informing federal policies relating to accreditation standards and accountability. Accreditors also work to ensure consistency of experience and resources (e.g.,  libraries and studios). 

In order for students to receive federal student aid for their education, the institution must be accredited by an agency recognized by ED to accredit a school at the institution level. Institutional accreditors also support federal enforcement of certain requirements tied to these federal student aid programs as a condition of their recognition under ED. Enforcement is often carried out by requiring institutions to submit assurance statements and federal compliance filings during accreditation review periods. Individual programs may also be subject to programmatic or specialized accreditation which can involve additional academic quality standards specific to a discipline or profession and are sometimes tied to state-specific requirements for professional licensure.  

This regulatory landscape expands significantly when offering online courses and programs to individuals located outside of the United States. Consider the following, for example: 

• Individual countries may have unique requirements for seeking authorization through a ministry of education as well as unique expectations regarding marketing practices and student-consumer protections. 
• Individual countries may have unique tax frameworks (e.g., Digital Services Tax and Value Added Tax frameworks that have become more popular in recent years) and extraterritorial data privacy frameworks, such as the European Union’s General Data Protection Regulation (GDPR) which may attach to online learning initiatives even where there is no direct physical presence aside from the physical location of a participating student.  
• Online degrees and certificates may not be recognized or viewed as equal to those earned through traditional education in all countries. 
• U.S. export controls, which are a set of national security regulations enforced through multiple federal agencies (e.g., the Departments of State, Commerce, and the Treasury) that restrict both the physical and electronic export of sensitive items, software, information, and services, also need to be closely followed. These regulations can even restrict the export of most or all services being offered to anyone located in certain countries or regions through comprehensive or near-comprehensive sanctions. They may be more targeted around individuals and organizations through blocked persons lists.  
• Local restrictions can impact which tools and content students located abroad, whether through banned categories of technology (e.g., encryption technologies that can sometimes be used for student identity verification purposes) or through censorship restrictions enforced through controlled versions of the Internet.