Ed. Dept. extends deadline on expanded vendor oversight, but concerns linger

The Education Department agreed to extend the commenting period for new vendor-reporting requirements, but some are still concerned.
SAP logo
(Daniel Roland / AFP via Getty Images)

The Department of Education on Tuesday announced it’s giving higher education institutions more time to comment on and comply with new vendor reporting requirements.

The announcement extends the deadline of a Feb. 15 guidance document that expanded the department’s definition of ‘third-party servicers’ — a category of higher education vendors that are already subject to special oversight and reporting requirements — to include online program management companies and myriad other technology organizations. The deadline extension follows a plea from the American Council on Education to give institutions more time to process the guidance, provide feedback and comply.

In a Feb. 23 letter to Education Secretary Miguel Cardona, ACE President Ted Mitchell wrote that to provide “meaningful comments” on the guidance, institutions need time “conduct an in-depth review of each and every contract or relationship with an outside entity – which at some institutions, could number in the hundreds.” The letter was co-signed by dozens of prominent higher education associations and groups.

The initial guidance gave institutions a May 1 deadline to provide details of their relationships with ‘third-party servicers’ and was effective immediately. Institutions will now have until Sept. 1 to review their vendor contracts, determine if vendors fit the Department of Education’s expanded definition and provide the requested information.


While universities expected increased oversight of OPM deals, the broad inclusion of other technology companies that touch student data in any capacity has prompted confusion and concern.

‘Dear Colleague’ letter

Student information systems, learning management systems, enterprise resource planning systems and other enterprise software used at higher education institutions could now all be subject to additional oversight, according to some interpretations of the guidance in the Education Department’s recent “Dear Colleague” letter – a mechanism used by the department to convey instructions to institutions receiving Title IV federal financial aid.

The letter, published Feb. 15, introduces new reporting and auditing standards for online program management companies and their higher education partners, expanding the department’s definition of what constitutes a “third-party servicer,” or TPS, such that it could be interpreted to apply to hundreds of higher education technology vendors.

“Basically, if a vendor provides software and services enabling in almost any way an academic program eligible for Title IV financial aid, that vendor may be considered a TPS with all of the increased regulations,” edtech analyst Phil Hill wrote on his PhilOnEdTech blog.


According to the American Council on Education, a wide range of entities could fall under the expanded third-party servicer definition, such as an online extension campus providing services to another campus of the same university, a nonprofit providing tools to improve student outcomes or a publisher providing online educational materials.

‘Overreach and misguided regulation’

Some comments on the guidance have already been submitted, including one from Michael Horn, an adjunct lecturer at the Harvard Graduate School of Education.

“This is an extraordinary show of overreach and misguided regulation that steps into the internal affairs of accredited colleges and universities,” Horn wrote. “The proper way to regulate this industry is by regulating the colleges and universities themselves at the point of accreditation based on student outcomes.”

By introducing new reporting requirements, the education department’s guidance would burden institutions and edtech companies, which would pass new costs on to students and stunt innovation, Horn told EdScoop in an interview before the Education Department’s Tuesday update.


“I’d be shocked if the department doesn’t have to go back on this guidance, because the amount of turmoil it would create on college campuses if actually followed would be huge,” Horn said.

International barriers

Horn said he’s also concerned about a new provision in the guidance stating that third-party servicers “cannot be (1) located outside the United States or (2) owned or operated by an individual who is not a US citizen or national or a lawful US permanent resident.”

Horn said this would bar institutions from partnering with several major technology companies, including the German software publisher SAP and the Canadian edtech company D2L. Startups founded by foreigners would also be out, he said.

“My understanding is that if they’re a foreign company, or led by a foreign national, they literally would not be able to service the contract, which seems insane to me,” Horn said. “And I’m sure it violates international trade treaties.”


Horn questioned the feasibility of this provision in his comments.

“The chances of a university successfully replacing its back-end systems by the May deadline are nil, so how will this be enforced? Is Cal State-Chico really supposed to rip out its SIS because SAP is the company behind it?” he wrote.

SAP declined to comment for this story.

D2L — which has offices in Canada, the U.S., Australia, Brazil, Europe and Singapore — stated that its learning management system will not fall under the expanded definition of third-party servicer, and additionally said it was a “US corporation with US employees.”

Lack of clarity


Policy analysts have also noted the guidance’s unclear terms.

“The initial press release from the department contained information on OPMs and associated listening sessions, with a second part on the third-party servicers,” said Cheryl Dowd, a senior director at the Western Interstate Commission for Higher Education’s Cooperative for Educational Technologies, a nonprofit focused on digital learning. “It wasn’t completely clear to everyone that there were two different comment options with different docket ID. It took a while for us to piece it apart, to see what the actual components were.”

Russ Poulin, vice president for technology-enabled education at WICHE, said the definition expansion was a surprise.

“There are those in the department, and those in the consumer protection world, who are distrustful of anything done with technology or distance education beyond OPMs,” Poulin said. “There have been at least three, if not more, efforts by the department to get more information about OPMs – who they serve, what the contracts say, and I think the department decided to short circuit that.”

By making so many contracted services subject to third-party servicer reporting requirements, the Education Department may be looking for an easier route to access data so that it can further regulate these services, Poulin said.


‘Significant reporting burdens’

While the exact scope of the guidance remains unclear, an Education Department spokesperson told The Chronicle of Higher Education that “broadly used software solutions” are not a key focus. Yet some — like Jarret Cummings, a senior adviser at Educause — remain concerned. Cummings said the new guidance could impose “significant reporting burdens on institutions and providers.”

Matt Winn, a senior analyst at the IT research firm The Tambellini Group, said that while the new September deadline is welcome, the feasibility of complying will depend on how much clarification the Education Department provides.

“If the rules do indeed remain as broad as they initially seem, larger and more complex institutions may still struggle to meet the new deadline whilst continuing to focus on other competing internal priorities,” Winn said.

He said some institutions will have a “hard time wading through this” because they’ll have hundreds of contracts to review.


Winn, a former chief information officer of Dallas Baptist University, recommended institutions begin reviewing their contracts proactively.

“There probably will be something that goes into effect that resembles this guidance, so I personally would not wait to see what the final iteration was before I started,” Winn said.

There’s no need for “all-out panic,” he said, “but I would start pulling every contract we owned.”

Latest Podcasts