Delaware compliance for e-learning platforms

I conducted multi-source research to collect authoritative, up-to-date Delaware-specific and federal compliance information relevant to US-based e-learning platforms (LLC founders / business owners). I searched and scraped Delaware state agency pages, the Delaware Code, the Delaware Attorney General guidance, and relevant federal guidance (FTC, U.S. Department of Education, DOJ/ADA) to identify statutory obligations, practical compliance steps, and recommended best practices. Below is a consolidated summary of findings and practical checklist that you can use to create the requested blog/newsletter content about Delaware compliance for e-learning platforms.Summary of key findings (Delaware-specific + federal requirements affecting e-learning platforms):1) Delaware company formation and ongoing entity compliance- Registered agent: Delaware law requires every business entity to have and maintain a Registered Agent with a physical street address in Delaware. (Delaware Division of Corporations). - LLC annual tax: Domestic LLCs/LPs/GPs formed in Delaware are required to pay an annual tax of $300 (flat) due June 1 each year; LLCs do not file an annual report but must pay this tax to remain in good standing. (Delaware Division of Corporations). - Formation filings and fees: File a Certificate of Formation with the Delaware Division of Corporations and follow Division guidance for forms, fees, and expedited services. (Delaware Division of Corporations). - Other steps: Obtain an EIN, create an operating agreement, and register for Delaware tax accounts if you have employees or taxable activity in Delaware. Use the One Stop business registration portal for licenses/permits where relevant. (Division of Corporations and Division of Revenue guidance).2) Delaware tax environment relevant to digital/e-learning sales- No state sales tax: Delaware does not impose a state sales tax (useful for sellers), however Delaware imposes other business taxes (e.g., gross receipts tax) and requires appropriate business licensing/registration when doing business in-state or selling to Delaware residents. Register with Delaware Division of Revenue and check gross receipts tax guidance if you have taxable receipts attributable to Delaware. (Delaware Division of Revenue pages; grossreceiptstax resource link on DOR site).3) Delaware data breach and data-security obligations- Statutory breach notice duty: Delaware’s Computer Security Breaches statute (Title 6, Chapter 12B) requires any person who conducts business in Delaware and owns/licences computerized personal information to implement reasonable security practices and to notify affected Delaware residents of a breach without unreasonable delay but not later than 60 days after determination of the breach (with limited exceptions). If more than 500 Delaware residents are affected, the business must also notify the Delaware Attorney General. The statute also requires offering credit monitoring for breaches that include Social Security numbers in many cases. (Delaware Code Title 6, Chapter 12B; Delaware AG guidance). - AG forms & resources: Delaware Attorney General’s Consumer Protection Unit provides model notification forms and an online form for notifying the AG when required, plus a public breach database for notices affecting Delaware residents. (Delaware AG site).4) Delaware Personal Data Privacy Act (DPDPA) and state privacy law landscape- New state privacy law: Delaware adopted a personal data privacy law (DPDPA) with consumer rights (access, correction, deletion, portability; opt-out rights for targeted advertising and sales; opt-in for sensitive data and for minors) and business obligations (transparency, data minimization, security measures). The law is enforced by the Delaware Department of Justice/Attorney General, includes a cure period during an initial enforcement window, and contains civil penalties (summaries and guidance available from legal firms/analysts). E-learning platforms that process Delaware residents’ personal data must assess whether they meet thresholds/exemptions and implement privacy policies and consumer request processes accordingly. (DPDPA summaries / guidance).5) Federal laws that commonly apply to e-learning platforms- COPPA (Children’s Online Privacy Protection Act): If the platform is directed to children under 13, or has actual knowledge it is collecting personal information from children under 13, COPPA (enforced by the FTC) applies. Operators must post privacy policies, provide notice to parents, and obtain verifiable parental consent (with some limited exceptions). School-authorized use: schools can, in some circumstances, act as agents of parents to consent for educational uses — but limits apply (COPPA and FERPA interplay). (FTC COPPA guidance).- FERPA (Family Educational Rights and Privacy Act): When providing services to schools/districts that receive federal education funding, FERPA can apply to “education records.” Vendors/ed-tech providers used by schools should follow FERPA guidance, execute appropriate agreements, and implement contractual and technical safeguards for student education records. The Dept. of Education provides guidance for cloud computing and third-party service providers. (U.S. Department of Education student privacy guidance).- ADA / Accessibility: Title II/III guidance from DOJ and federal materials make clear that online services provided to the public or used to deliver programs must be accessible to people with disabilities. Agencies recommend following WCAG technical standards (e.g., WCAG 2.1 AA) as the practical benchmark for website/app accessibility. E-learning products should include accessibility features, testing, and remediation processes. (DOJ/ADA web guidance, WCAG references).6) Practical compliance checklist and recommended actions for Delaware e-learning platforms- Corporate/legal & tax setup (Delaware-focused): - Form your Delaware LLC properly: file Certificate of Formation, designate a registered agent with a Delaware street address, obtain EIN, and adopt an operating agreement (recommended). (Division of Corporations). - Maintain Delaware filings and payments: pay the $300 annual LLC/LP/GP tax by June 1; monitor franchise tax requirements if you create a Delaware corporation; order Certificates of Good Standing if needed for banking or contracting. (Division of Corporations). - Register with Division of Revenue/One Stop as required: register for gross receipts tax and other business tax accounts if your Delaware activity requires it; check local license requirements if maintaining a physical presence. (Division of Revenue / OneStop).- Privacy & data protection: - Inventory data: map personal data you collect (students, parents, employees), classify data (sensitive vs non-sensitive), and record processing purposes and legal bases. - Privacy policy & notices: publish a clear privacy policy compliant with DPDPA and applicable federal laws (COPPA/FERPA where relevant). Include retention policies, children's data practices, and resident rights procedures for Delaware consumers. - Minimize and secure: implement data minimization, encryption at rest/in transit, access controls, logging, and regular security testing. Follow sector best practices (SOC 2, ISO 27001 if achievable). - DPDPA readiness: implement consumer request handling (access/correct/delete/opt-out) and data protection assessments for targeted processing; include opt-in for sensitive data and special handling for minors per DPDPA. - Children & education-specific rules: - COPPA compliance: if your platform targets under-13 users or collects their personal info, implement parental consent flows, parental access/deletion, and strict limits on third-party marketing or data sales. If working with schools, carefully document whether the school is acting as consent agent and limit data use to educational purposes. (FTC COPPA guidance). - FERPA compliance: if the platform is covered by FERPA through contracts with schools/districts, ensure contractual terms, data handling, deletion policies, and access rights meet FERPA and Department of Education guidance for cloud services and third-party vendors. (ED guidance).- Accessibility & discrimination considerations: - Adopt WCAG 2.1 AA (or later) as your baseline for website/app accessibility; include accessibility statements, testing, and remediation cycles. Ensure effective communication and reasonable accommodations as required by ADA guidance for public-facing services and state/local government contexts. (DOJ/ADA web guidance; W3C WCAG resources).- Incident response & breach readiness: - Put an incident response plan in place that includes detection, investigation, containment, and notification steps. Maintain a breach notice template. - Delaware statutory rules: notify affected Delaware residents without unreasonable delay but no later than 60 days after determination of a breach, unless a limited exception applies; notify the Delaware Attorney General when more than 500 Delaware residents are affected and consider offering credit monitoring where SSNs are involved. Use the AG’s model forms and online reporting form. (Del. Code Title 6 Ch. 12B; Delaware AG guidance). - Contracts & procurement: - Use Data Processing Agreements (DPA) with subprocessors and clear vendor security and deletion obligations. - For B2B or school contracts, include data ownership, permitted uses, breach notification timing (align with Delaware 60-day rule), indemnities, and audit rights. - Records, documentation & insurance: - Keep records of data inventories, security controls, vulnerability assessments, penetration tests, employee training, privacy notices, and consumer request handling. - Consider cyber insurance that covers breach notification costs, credit monitoring, and defense/settlement exposures.7) Practical messaging & SEO-ready points for the blog/newsletter- Headline: Delaware compliance for e-learning platforms — what an LLC founder needs to know.- Quick bullets to include at top (for busy readers): register & pick a registered agent; pay $300 annual LLC tax by June 1; no Delaware sales tax but check gross receipts & register with Division of Revenue; prepare COPPA/FERPA/DPDPA readiness; adopt accessibility (WCAG) and a 60-day breach-notice plan.- CTA: Encourage readers to run a privacy & security audit, implement DPAs, and consult counsel for state privacy thresholds and cross-border processing.Sources and supporting excerpts (authoritative state and federal sources scraped during research):