What is CIPA?
Published May 8, 2026
CIPA — the Children's Internet Protection Act — is a federal law requiring schools and libraries receiving E-Rate Category 1 or Category 2 funding to maintain an internet-safety policy and a technology-protection measure that blocks visual content harmful to minors. CIPA compliance is certified annually on Form 486.
What does CIPA require?
Three pillars: (1) an internet-safety policy adopted after at least one public hearing or meeting with reasonable notice; (2) a technology-protection measure — a content filter — that blocks access to visual depictions that are obscene, child pornography, or harmful to minors; (3) monitoring of online activities of minors.
The policy must address access by minors to inappropriate matter, the safety and security of minors using electronic communications, unauthorized access (including "hacking"), unauthorized disclosure of personal information about minors, and measures restricting minors' access to harmful materials.
How is CIPA compliance certified?
Most applicants certify CIPA compliance on Form 486 (Receipt of Service Confirmation), which is filed after E-Rate-funded services begin. Some billed-entity arrangements use Form 479 instead. The certification is per funding year.
An applicant in its first funding year may certify that it is "undertaking actions" toward CIPA compliance and complete certification later, with limits on how long that grace period lasts.
What happens if an applicant isn't CIPA-compliant?
Non-compliant applicants forfeit E-Rate funding for the affected FRNs in the funding year of non-compliance. USAC may also recover already-disbursed amounts. The compliance burden sits on the applicant; service providers are not the certifying party.
Common questions
- Does CIPA apply to all E-Rate applicants?
- It applies to applicants receiving E-Rate Category 1 (telecommunications and internet access) or Category 2 (internal connections) funding. Narrow library exemptions exist for entities receiving only certain limited services.
- Where is CIPA compliance certified?
- On Form 486 for most applicants. Form 479 is used for certain billed-entity arrangements where the billed entity certifies on behalf of recipient sites.
- Is web-filtering required by CIPA?
- Yes. A "technology-protection measure" — a content filter capable of blocking visual depictions that are obscene, child pornography, or harmful to minors — is required.
- Can a library opt out of CIPA?
- A library that takes only narrow categories of service may avoid the certification requirement, but virtually any library taking E-Rate Category 1 or Category 2 funding must certify CIPA compliance.
Track this in real product data.
ERateSignal turns the public USAC datasets behind CIPA into a working tool for E-Rate sellers — Form 470 alerts, SPIN market share, and territory analytics on the apex domain.
This entry summarizes publicly available FCC and USAC guidance for educational purposes and is not legal or procurement advice. Verify all information directly with USAC or qualified counsel before making business decisions. ERateSignal is not affiliated with, endorsed by, or sponsored by USAC, the FCC, or the U.S. Government.