Appendix 3: Informing procurement

AI PoCs are essential for informing procurement decisions for AI initiatives because they transform a theoretical investment into a validated business case. They provide measurable evidence that helps mitigate the financial, technical and operational risks associated with adopting new, and usually complex, AI technologies.

PoCs inform procurement decisions for AI initiatives across key areas:

  • Risk mitigation – a PoC can identify risks at a small scale before significant funding, contracts and resources are committed.
  • Validation of business value – a PoC can prove whether the AI technology can solve the specific business problem.
  • Data readiness assessment – a PoC can reveal early on if necessary data exists and is good enough for the AI, or determine gaps in the data holdings and governance.
  • Technical feasibility – a PoC can provide confidence on the feasibility of the technical solution.
  • Scope and requirements – PoCs can dictate technical requirements for the final solution; sets measurable threshold for vendor selection; identifies necessary pre-work to inform total budget.
  • Enables vendor and solution comparisons – PoCs allow for more direct and controlled competition (e.g. PoC-validated metrics, cost-benefit analysis).
  • Provide negotiation leverage – PoCs inform risk-adjusted pricing and service level agreements.

Below is a summary of the key procurement considerations for PoC implementation:

Problem definition & scope

  • Clearly define the business problem and desired learning outcomes of the PoC.
  • Rationale/APS context: Commonwealth Procurement Rules (CPRs) require value for money and a clear purpose – AI PoCs must show measurable learning, not 'AI for AI's sake.'
  • Practical actions: Draft a concise statement of objectives (problem to solve, expected insights, duration, exit criteria). Tie to agency strategy or policy objectives.

Market approach

  • Use flexible procurement mechanisms suited to experimentation (for example, limited tender, innovation panels).
  • Rationale/APS context: PoCs require agility and rapid iteration; rigid procurement may delay innovation.
  • Practical actions: Use the DTA's Digital Marketplace or AI panels. Consider the ICT Procurement Framework Streamlined Approach for short-term engagements.

Vendor prequalification & ethical assessment

  • Vet AI suppliers for ethical, security and data governance maturity.
  • Rationale/APS context: Under the AI technical standard and AI Ethics Principles, vendors must demonstrate explainability, fairness and data governance capabilities.
  • Practical actions: Include mandatory criteria or evaluation questions covering responsible AI, security compliance (ISM) and alignment with AI Ethics Principles.

Intellectual property (IP) ownership

  • Define ownership of models, datasets and code generated during the PoC.
  • Rationale/APS context: AI PoCs often produce reusable assets – the APS must retain rights to adapt or scale.
  • Practical actions: Specify IP terms upfront: government retains IP or receives a perpetual licence for all deliverables. Reference CPR Section 4 on long-term value.

Data access & sovereignty

  • Ensure compliance with PSPF, ISM and Privacy Act for data handling and storage.
  • Rationale/APS context: Sensitive or citizen data may be used; data must stay within Australian jurisdictions and meet hosting certifications.
  • Practical actions: Require data to be processed and stored on Certified Hosting Framework (PROTECTED) providers or Australian sovereign cloud.

Security & privacy obligations

  • Integrate ISM, PSPF and Privacy Impact Assessments (PIA) into procurement conditions.
  • Rationale/APS context: AI solutions must not compromise citizen trust or government integrity.
  • Practical actions: Include security and privacy compliance clauses; vendors must commence risk assessments and PIAs before PoC commencement.

Explainability & transparency requirements

  • Require transparency of AI models, training data and logic. Note: Vendors may push back claiming difficulty revealing corporate IP.
  • Rationale/APS context: Aligns with the National AI Assurance Framework and AI Ethics Principles (Transparency, Accountability).
  • Practical actions: Mandate that vendors document model logic, limitations and decision paths; require plain-language explanations suitable for non-technical users.

Risk & assurance controls

  • Apply lightweight but effective risk and assurance frameworks for PoCs.
  • Rationale/APS context: Even small PoCs should align to an AI impact assessment's risk tier.
  • Practical actions: Require vendors to align with an AI impact assessment checklist, including bias testing and model performance validation.

Contract structure & duration

  • Keep contracts short, with defined exit or pivot points.
  • Rationale/APS context: CPRs encourage proportionality – PoCs should not commit long-term funding before evidence of value.
  • Practical actions: Use staged contracts with clear deliverables, short timelines (3–6 months) and evaluation gates for scaling.

Value for money & cost transparency

  • Require vendors to demonstrate cost breakdowns and reuse potential.
  • Rationale/APS context: Prevents overspend and ensures learning outcomes justify investment.
  • Practical actions: Ask for transparent pricing by work package (data preparation, modelling, evaluation). Evaluate based on cost/benefit learning potential.

Open standards & interoperability

  • Prefer open architectures and reusable APIs.
  • Rationale/APS context: Supports the Whole-of-Government ICT Strategy and avoids vendor lock-in.
  • Practical actions: Include mandatory criteria for open data formats, APIs and interoperability with the Australian Government Architecture (AGA).

Vendor lock-in mitigation

  • Ensure ability to transition, replace, or re-host the solution after the PoC.
  • Rationale/APS context: Lock-in risks long-term cost escalation.
  • Practical actions: Require export of model artefacts and documentation; ensure government retains access to underlying datasets and configurations.

Ethical AI & fairness clauses

  • Mandate adherence to the Australian Government AI Ethics Principles and relevant state policies.
  • Rationale/APS context: APS agencies must demonstrate responsible AI use in line with ethics guidelines.
  • Practical actions: Include contract clauses requiring ethical assurance reports and bias testing results.

Performance measurement & evaluation

  • Define success metrics for assessing the PoC outcome and vendor performance.
  • Rationale/APS context: Supports accountability and informs whether to scale to production.
  • Practical actions: Include performance indicators such as accuracy, fairness, explainability and user satisfaction. Link payments to evidence of learning outcomes.

Exit & transition planning

  • Require exit criteria and knowledge transfer deliverables.
  • Rationale/APS context: Prevents stranded investment and supports scaling if successful.
  • Practical actions: Define handover deliverables (documentation, model artefacts, lessons learned report). Include government right to reuse learnings.

Next page

Appendix 4: Mapping of dimensions to the Technical standard for government’s use of artificial intelligence

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession