EdTech companies and educational institutions handle sensitive student data protected by FERPA (Family Educational Rights and Privacy Act). K-12 vendors must comply with COPPA for children under 13. Higher education institutions receiving federal funding face additional requirements. SOC 2 and ISO 27001 are common requirements when selling to school districts and universities. State student privacy laws (like California's SOPIPA) add another compliance layer.