Federal Communications Commission
Washington, D.C. 20554
‘  April 19, 2012
DA 12-619
Small Entity Compliance Guide
Schools and Libraries Universal Service Support Mechanism; Implementation of 
the Protecting Children in the 21st Century Act Amendment to Section 254(h) of 
the Communications Act of 1934 
Report and Order
FCC 11-125
CC Docket No. 02-6
GN Docket No. 09-51
Released:  August 11, 2011
This Guide is prepared in accordance with the requirements of Section 212 of the 
Small Business Regulatory Enforcement Fairness Act of 1996.  It is intended to help 
small entities—small businesses, small organizations (non-profits), and small 
governmental jurisdictions—comply with the new rules adopted in the above-
referenced FCC rulemaking docket(s).  This Guide is not intended to replace the 
rules and, therefore, final authority rests solely with the rules.  Although we have 
attempted to cover all parts of the rules that might be especially important to small 
entities, the coverage may not be exhaustive.  This Guide may, perhaps, not apply 
in a particular situation based upon the circumstances, and the FCC retains the 
discretion to adopt approaches on a case-by-case basis that may differ from this 
Guide, where appropriate.  Any decisions regarding a particular small entity will 
be based on the statute and regulations.  
In any civil or administrative action against a small entity for a violation of rules, 
the content of the Small Entity Compliance Guide may be considered as evidence of 
the reasonableness or appropriateness of proposed fines, penalties or damages.  
Interested parties are free to file comments regarding this Guide and the 
appropriateness of its application to a particular situation; the FCC will consider 
whether the recommendations or interpretations in the Guide are appropriate in 
that situation. The FCC may decide to revise this Guide without public notice to 
reflect changes in the FCC’s approach to implementing a rule, or to clarify or 
update the text of the Guide.  Direct your comments and recommendations, or calls 
for further assistance, to the FCC’s Consumer Center:
1-888-CALL-FCC (1-888-225-5322)
TTY: 1-888-TELL-FCC (1-888-835-5322)  
Fax: 1-866-418-0232
fccinfo@fcc.gov
Background and Objectives of the Proceeding
Under the schools and libraries universal service support mechanism (also known as the E-rate program), 
eligible schools, libraries, and consortia that include eligible schools and libraries may apply for discounted 
eligible telecommunications, Internet access, and internal connections services.  Currently, the Universal 
Service Administrative Company (USAC) is the administrator of the E-rate program and processes the 
applications for discounted services.  School and library applicants that seek to receive discounts on Internet 
access or internal connections have been required to certify their compliance with the Children’s Internet 
Protection Act (CIPA) since 2001.  Congress adopted CIPA in 2001 as part of the Consolidated 
Appropriations Act, 2001. Pub. L. No. 106-554. CIPA amended section 254(h) of the Communications Act 
of 1934, as amended, 47 U.S.C. งง 151 et seq. 
CIPA requires schools and libraries that seek E-rate discounts for Internet access and internal connections to 
certify that they have in place certain Internet safety policies and technology protection measures. As 
required by CIPA, section 54.520(c) of the Commission’s rules requires that school and library Internet 
safety policies must include a technology protection measure that protects against Internet access by both 
adults and minors to visual depictions that are (1) obscene; (2) child pornography; or, with respect to use of 
the computers by minors, (3) harmful to minors. In addition, section 54.520(c)(1)(i) requires a school to 
certify that its Internet safety policy includes “monitoring the online activities of minors.”  Applicants make 
their CIPA certifications on the Receipt of Service Confirmation Form (FCC Form 486), or the Certification 
by Administrative Authority to Billed Entity of Compliance with the Children’s Internet Protection Act (FCC 
Form 479).
In the Report and Order in this proceeding, the Commission added the statutory language from the Protecting 
Children in the 21st Century Act, a statutory amendment to CIPA, regarding the education of students about 
appropriate online behavior, to the existing Commission rules implementing CIPA. (Protecting Children in 
the 21st Century Act, Pub. L. No. 110-385, Title II, 122 Stat. 4096 (2008)).  Specifically, the Protecting 
Children in the 21st Century Act directs E-rate applicants to certify that their CIPA-required Internet safety 
policies provide for the education of students regarding appropriate online behavior, including interacting 
with other individuals on social networking websites and in chat rooms, and regarding cyberbullying 
awareness and response.  This requirement is applicable to schools only.  The Commission implemented this 
statutory language verbatim at 47 C.F.R. section 54.520(c)(1)(i).  The last sentence of that rule now states 
that “[b]eginning July 1, 2012, schools’ Internet safety policies must provide for educating minors about 
appropriate online behavior, including interacting with other individuals on social networking websites and 
in chat rooms and cyberbullying awareness and response.”  The Commission also took the opportunity to 
make minor non-substantive revisions to Commission rules to conform to existing statutory language from 
the CIPA statute where necessary and two corrections to the Commission’s Schools and Libraries Sixth 
Report and Order (FCC 10-175).
Rules That the Commission Amended
The Commission amended section 54.520(c)(1)(i), and made minor amendments to the Commission’s rules 
with regard to CIPA, to conform with statutory language as follows:
-The Commission revised section 54.520(c)(1)(i) to include the new certification requirement added 
by the Protecting Children in the 21st Century Act.  This provision requires a certification that a school’s 
Internet safety policy provide for the education of minors about appropriate online behavior, including 
interacting with other individuals on social networking websites and in chat rooms and cyberbullying 
awareness and response.  It declined to define or interpret the terms provided in the new statutory language, 
such as “social networking” or “cyberbullying.”
-The Commission revised section 54.500(k) to make it consistent with the statute that a secondary 
school is “a nonprofit institutional day or residential school, including a public secondary charter school, that 
provides secondary education, as determined under State law, except that the term does not include any 
education beyond grade 12.”  It also revised sections 54.501(a)(1), 54.503(c)(2)(i), and 54.504(a)(1)(i) to 
refer consistently and identically to section 54.500 definitions of elementary and secondary schools.
-The Commission revised section 54.520(a)(1) to add “school board” to the definition of entities that 
are subject to CIPA certifications.  Although section 254(h) of the Act includes the term “school board” as an 
entity to which the CIPA certifications may apply, the existing rules do not include this term.
-The Commission revised section 54.520(a)(4) to add the existing statutory definitions of the terms 
“minor,” “obscene,” “child pornography,” “harmful to minors,” “sexual act,” “sexual contact,” and 
“technology protection measure,” consistent with the statute.
-The Commission revised sections 54.520(c)(1)(i) and 54.520(c)(2)(i) – consistent with sections 254 
(h)(5)(B)(ii), (h)(5)(C)(ii), (h)(6)(B)(ii), and (h)(6)(C)(ii) of the Act – to state that a school or library must 
enforce the operation of technology protection measures while the school or library computers with Internet 
access are being used.
-The Commission revised sections 54.520(c)(1)(i) and 54.520(c)(2)(i) to reflect language in sections 
254(h)(5)(D) and (h)(6)(D) of the Act that permits an administrator, supervisor, or other person authorized by 
the certifying authority to disable an entity’s technology protection measure to allow for bona fide research 
or “other lawful purpose by an adult.”
-The Commission added section 54.520(c)(4) to require local determination of what matter is 
inappropriate for minors.  Although this is mandated by the statute, it had not been codified.  
-The Commission added a rule provision requiring each Internet safety policy that is adopted 
pursuant to section 254(l) of the Act to be made available to the Commission upon request.  Although this 
requirement is mandated by the statute, it had not been codified.
- The Commission revised sections 54.520(c)(1)(iii)(B), (c)(2)(iii)(B), and (c)(3)(i)(B) to clarify that, 
in the first year of an entity’s participation in the E-rate program only, the entity’s Administrative Authority 
may certify on the FCC Form 486 or 479 that it will complete all CIPA requirements by the following 
funding year and still receive funding for the current funding year.
-The Commission also added a rule provision at 54.520(h) requiring a local public notice and a 
hearing or meeting to address any Internet safety policies newly adopted pursuant to CIPA.  Although this is 
mandated by the statute and was discussed in the CIPA Order, it had not been codified.  The requirement 
only applies to an entity that has no previous Internet safety policy or did not provide public notice and a 
hearing or meeting when it adopted its Internet safety policy.  Unless required by local or state rules, an 
additional public notice and a hearing or meeting is not necessary for amendments to Internet safety policies, 
including the changes to schools’ Internet safety policies required by the Protecting Children in the 21st
Century Act.
Other Clarifications and Findings
The Commission made several additional clarifications or findings pertaining to CIPA:
- As required by CIPA, section 54.520(c) of the Commission’s rules requires that school and library 
Internet safety policies must include a technology protection measure that blocks visual depictions that are 
(1) obscene; (2) child pornography; or, with respect to use of the computers by minors, (3) harmful to 
minors.  The statute provides that “[a] determination of what matter is inappropriate for minors is one that 
should be made by the school, school board, local educational agency, library, or other authority responsible 
for making the determination.”  47 U.S.C. ง 254(l).  In the Report and Order, the Commission clarified that 
although individual Facebook or MySpace pages could potentially contain material harmful to minors, it did 
not find that these websites are per se “harmful to minors” or fall into one of the categories that schools and 
libraries must block.
The Commission also determined that the maintenance of the Internet safety policy should be in 
accordance with the existing audit and recordkeeping requirements of rule section 54.516(a) and existing 
certification number 10 on the FCC Form 486, which require schools and libraries to retain documents for at 
least five years after the last day of service delivered in a particular funding year.
-The Commission determined that USAC should give applicants the opportunity to correct minor 
errors that could result in violations of the Commission’s CIPA rules before instituting recovery of E-rate 
funds, but such errors must be immaterial to statutory CIPA certification compliance.  
The Commission took the opportunity to make minor corrections to the Schools and Libraries Sixth Report 
and Order (FCC 10-175).
-In the discussion of dark fiber in the Sixth Report and Order, the seventh sentence in paragraph 9 
read: “We emphasize that selecting a telecommunications carrier as a service provider does not absolve 
schools and libraries of their obligation to adhere to the Children's Internet Protection Act (CIPA) 
requirements when they use that service to obtain Internet service or access to the Internet.”  The 
Commission revised the last part of that sentence to read: “. . . when they use USF funding to obtain 
discounted Internet access service.”
- The Commission also corrected 54.507(g)(1)(i) of the final rules to the Schools and Libraries Sixth 
Report and Order to change “Schools and Libraries Corporation” to “Administrator” and to reflect that voice 
mail, although eligible for E-rate discounts, does not need to be listed as an individual eligible service in our 
rules.  The revised rule states: “(i) The Administrator shall first calculate the demand for services listed under 
the telecommunications services, telecommunications, and Internet access categories on the eligible services 
list for all discount levels, as determined by the schools and libraries discount matrix in ง 54.505(c).  These 
services shall receive first priority for the available funding.”
Impact on Small Business
Although the Commission encouraged schools to update their Internet safety policies as soon as 
practicable, it made this requirement effective beginning July 1, 2012, giving schools adequate time to 
amend their Internet safety policies and to implement procedures to comply with the new requirements.  
Many schools already participate in the E-rate program and have existing Internet safety policies.  Unless 
required by local or state rules, schools are not required to issue an additional public notice and hold a 
hearing in order to update these policies.  Also, the Commission determined that if a school’s existing 
Internet safety policy contains language sufficient to encompass the new requirements of the Protecting 
Children in the 21st Century Act, then no amendment to the policy would be required.  
With regard to development of a program to provide for the education of students regarding 
appropriate online behavior including interacting with other individuals on social networking websites and in 
chat rooms, and regarding cyberbullying awareness and response, the Commission declined to detail specific 
procedures or curriculum for schools to use.  It decided that these are determinations that are better made by 
the local schools implementing this policy.      
The other rule revisions included in the Report and Order should have little impact on small 
businesses because those schools and libraries receiving E-rate funds for the provision of Internet access and 
internal connections are already required to comply with CIPA.  Even though some of the provisions of the 
CIPA statute were not codified previously, current E-rate beneficiaries have already implemented and have 
been operating under these requirements.  Currently, schools and libraries file the FCC Form 486 or FCC 
Form 479 to certify their compliance with the requirements regarding Internet safety policies and technology 
protection measures.  Because schools and libraries will continue to use the same forms to certify their 
compliance with these requirements, there will be no additional forms to file or other reporting requirements.  
Steps a School Must Take for Implementation 
The certification required by the Protecting Children in the 21st Century Act requires a school to adopt an 
Internet safety policy or amend an existing Internet safety policy that, among the other requirements for 
CIPA, provides for educating minors about appropriate online behavior.  This certification, which includes 
the appropriate online behavior for interacting with other individuals on social networking websites and in 
chat rooms and cyberbullying awareness and response, is required only of schools beginning July 1, 2012.  
When schools certify their compliance with CIPA, by filing FCC Forms 486 or 479, they will also be 
providing a certification that their Internet safety policies provide for the education of minors about 
appropriate online behavior.  In order to make this certification, they will have needed to update their Internet 
safety policies with the plan they are using to provide education about appropriate online behavior.
Weblink and Citations
A copy of the Report and Order is available at http://fjallfoss.fcc.gov/edocs_public/attachmatch/FCC-11-
125A1.pdf, FCC 11-125, 26 FCC Rcd 11819 (2011).
The required forms to demonstrate CIPA compliance are available at:
http://www.usac.org/_res/documents/sl/pdf/486.pdf (FCC Form 486)
http://www.usac.org/_res/documents/sl/pdf/486i.pdf (FCC Form 486 -Instructions)
http://www.usac.org/_res/documents/sl/pdf/479.pdf (FCC Form 479)
http://www.usac.org/_res/documents/sl/pdf/479i.pdf (FCC Form 479 - Instructions)