CIPA Requirements

CIPA Requirements hedgesst

Public Library Requirements for Complying with CIPA


This document is presented for information purposes only. Libraries should consult their own legal counsel for an analysis of any specific policy.


The American Library Association (ALA) provides a lot of background information about the Children's Internet Protection Act (CIPA) and the Neighborhood Internet Protection Act (NCIPA), which taken together are commonly referred to as "CIPA." (NCIPA is a subtitle of CIPA; NCIPA only affects E-rate applicants.) CIPA requires public libraries to install Internet filtering software on all Internet computers (public and staff) if the library receives federal money from Library Services & Technology Act grants (LSTA) to purchase computers that will access the Internet, or receives federal E-rate (Universal Services) discounts for anything other than services classified as telecommunications.

Brief History

Both CIPA and NCIPA were included in a large federal appropriations bill that passed Congress in December 2000. In March 2001, the ALA, the American Civil Liberties Union (ACLU) and several other groups filed suit to prevent the enforcement of CIPA's filtering requirement in public libraries. This litigation eventually made its way to the U.S. Supreme Court, which upheld CIPA in June 2003.

When must a public library comply with CIPA?

If the library:

  • receives E-rate discounts for any item or service classified as Internal Connections or Internet Access; or
  • receives LSTA funds to purchase any computers that will access the Internet, or Internet access (i.e. pay an Internet Service Provider);

then the library must be CIPA-compliant.

A library does NOT have to be CIPA-compliant to receive E-rate discounts on the Data Transmission services only, or to receive LSTA money for any other purpose than buying Internet access or computers that will access the Internet.

How to comply

There are three requirements that must be met.

Requirement #1: Use a technology protection measure

"Technology protection measure" means a filter on the Internet that blocks visual depictions that are obscene, child pornography, or harmful to minors (defined as any person less than 17 years of age). The filter need not affect text or audio, whatever the content. "Obscene" and "child pornography" have rather vague definitions in U.S. obscenity law. The CIPA legislation defines "harmful to minors" as nudity and sex without literary, artistic, political, or scientific value. See the Ohio Library Council's CIPA FAQ [pdf] for the complete definition.

You must be able to turn off the filter at the request of an adult "without significant delay."

Possible filter configuration:

If you are using the OpenDNS Web Content Filtering available free from OPLIN, the easiest way to meet this requirement is to select content filtering level "Low," which filters websites in the categories Pornography, Tasteless, Sexuality, and Proxy/Anonymizer (to prevent bypassing the filter). The descriptions of these categories can be found at If you want to select your own filtering categories, rather than using the pre-selected categories in the Low level, the Tasteless category is probably not necessary for CIPA compliance.

Note that OpenDNS also has a Nudity category that is not selected in the Low level. CIPA requires blocking images that "appeal to a prurient interest in nudity," and OpenDNS almost always tags websites in the Pornography category with a Nudity tag, too. Websites that only have a Nudity tag and no Pornography tag likely have artistic or scientific value and are not intended to be prurient.

Proving that you have a filter:

E-rate's Program Integrity Assurance (PIA) process for reviewing applications sometimes requests proof that a library has a filter. A screenshot of a filtering log or a purchase order should be sufficient. If you are using the free OPLIN OpenDNS filtering, then the email from OPLIN confirming the establishment of your account would take the place of a purchase order.

Requirement #2: Adopt an Internet Safety Policy

The library must adopt and enforce an Internet Safety Policy that includes the use of a technology protection measure. If the library is applying for E-rate discounts, the policy must address the following items:

  • access by minors to inappropriate matter on the Internet and the Web;
  • the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications;
  • unauthorized access and other unlawful activities by minors online;
  • unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and
  • measures designed to restrict minors' access to materials harmful to minors.

Note that the Ohio Revised Code (3375.64-C) already requires that libraries receiving OPLIN Internet connections "…establish and enforce procedures designed to keep juveniles who use the participant's services from having access to materials or performances that may be obscene or harmful to juveniles and to keep persons who are not juveniles and who use the participant's services from having access to materials or performances that may be obscene." The OPLIN office has copies of such policies on file from every Ohio public library.

Requirement #3: Hold a public hearing

The Internet Safety Policy must be adopted after a public hearing, or as the CIPA language says, libraries "shall provide reasonable public notice and hold at least one public hearing or meeting to address the proposed Internet safety policy." [Title 47, §254(h)(6)] The regularly scheduled library board of trustees meeting may be used as the required public meeting, assuming the agenda is made public before the meeting and the meeting allows for public comments.

Declaring CIPA compliance

Libraries must certify their CIPA compliance, and there are several ways to do this. Libraries with OPLIN Internet connections are required to send OPLIN an E-rate Form 479 each year that declares whether or not the library is CIPA-compliant. No additional certification is necessary, but if a library is applying for E-rate discounts, the filing of a Form 486 also confirms CIPA compliance.