• F - P

  • Q - Z

  • Fairness

    See Guidance 4. Fairness | digital.gov.au.

    Fine-tuning

    ‘Model fine-tuning involves adjusting the parameters of foundation models or training models with small datasets for a specific task. This process adapts and enhances the model's performance for particular business needs’.

    Generative AI (GenAI)

    ‘The class of AI models that emulate the structure and characteristics of input data in order to generate derived synthetic content. This can include images, videos, audio, text, and other digital content.’ NIST definition.

    Grounding

    Providing context or relevant knowledge to an AI model by connecting it to trusted data sources at inference time. This does not update the model itself.

    Ground truth

    ‘Value of the target variable for a particular item of labelled input data. The term ground truth does not imply that the labelled input data consistently corresponds to the real-world value of the target variables.’ (ISO/IEC 22989).

    Hallucination

    ‘Outputs generated by an AI system may not always be accurate or factually correct. Generative AI systems are known to hallucinate information that is not factually correct. Organisational functions that rely on the accuracy of generative AI outputs could be negatively impacted by hallucinations, unless appropriate mitigations are implemented.’ Source: Engaging with artificial intelligence | Cyber.gov.au.

    Harm

    “Any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damaging) or an organization if the confidentiality of PII were breached.” NIST Definition.

    Hyperparameters

    ‘characteristic of a machine learning algorithm that affects its learning process Note 1 to entry: Hyperparameters are selected prior to training and can be used in processes to help estimate model parameters.’ ISO/IEC 22989.

    Infrastructure as a service (IaaS)

    ‘The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).’ NIST definition.

    Large language model (LLM)

    Based on artificial neural network technology to take natural language text as input, process it and generate text as output e.g. code generation and content creation.

    Machine learning

    ‘Process of optimizing model parameters through computational techniques, such that the model's behavior reflects the data or experience’ ISO/IEC 22989.

    Model dataset

    The dataset is used to train an AI model. It is made up of smaller datasets - train dataset, validation dataset and test dataset.

    Model explainability

    Ability of the model to provide clear and understandable reasons for model outputs to authorised humans.

    Model refresh

    Update or replace an existing model with a new model.

    Offline training

    ‘The system is trained during the development process before the system is put into production. This is similar in nature to standard software development, where the system is built and tested fully before it is put into production.’ ISO/IEC 22989:2023.

    Online training

    ‘Online learning / continuous learning – involve the incremental update of the model in the system as it operates during production. The data input to the system during operation is not only analysed to produce an output from the system, but also simultaneously used to adjust the model in the system, with the aim of improving the model on the basis of the production data. Depending on the design of the continuous learning AI system, there can be human actions required in the process, for example data labelling, validating the application of a specific incremental update or monitoring the AI system performance.’ ISO/IEC 22989:2023.

    Platform as a Service (PaaS)

    ‘The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.’ NIST definition.

    Poisoning

    ‘Adversarial attacks in which an adversary interferes with a model during its training stage, such as by inserting malicious training data (data poisoning) or modifying the training process itself (model poisoning).’ NIST - Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.

    Prompt engineering

    ‘Prompt engineering is the discipline of providing inputs, in the form of text or images, to generative AI models to specify and confine the set of responses the model can produce. The inputs prompt a set that produces a desired outcome without updating the actual weights of the model (as done with fine-tuning).’ Gartner.

    Pre-trained model

    ‘a component of the training stage in which a model learns general patterns, features, and relationships from vast amounts of unlabeled data, such as through self-supervised learning. Pre-training can equip models with knowledge of general features or patterns which may be useful in downstream tasks, and can be followed with additional training or fine-tuning that specializes the model for a specific downstream task.’ Source pre‐training - Glossary | NIST CSRC.

  • Regression

    ‘machine learning model whose expected output for a given input is a continuous variable’ ISO/IEC 23053.

    Reliability

    ‘AI systems reliably operate in accordance with their intended purpose throughout their lifecycle’ – AI Ethics principle.

    Retrieval Augmented Generation (RAG)

    ‘RAG enhances LLMs by retrieving relevant information from an external knowledge base and incorporating it into the LLM's generation process”.

    Safety

    ‘Expectation that a system does not, under defined conditions, lead to a state in which human life, health, property, or the environment is endangered.’ ISO/IEC/IEEE 12207.

    Semantic versioning

    ‘Version numbers and the way they change convey meaning about the underlying code and what has been modified from one version to the next.’ Source - semantic versioning standard https://semver.org/.

    Software as a Service (SaaS)

    ‘Software as a service (SaaS) is software that is owned, delivered and managed remotely by one or more providers. The provider delivers software based on one set of common code and data definitions that is consumed in a one-to-many model by all contracted customers at anytime on a pay-for-use basis or as a subscription based on use metrics.’ Gartner.

    Test dataset

    ‘data used to assess the performance of a final model’ ISO/IEC 22989.

    Train dataset

    ‘data used to train a machine learning model’ ISO/IEC 22989.

    Transparency

    ‘property of a system that appropriate information about the system is made available to relevant stakeholders’ ISO/IEC 22989.

    Validation

    ‘confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled’ ISO/IEC 22989.

    Validation dataset

    ‘data used to compare the performance of different candidate models’ ISO/IEC 22989.

    Verification

    ‘confirmation, through the provision of objective evidence, that specified requirements have been fulfilled’ ISO/IEC 22989.

    WCAG (Web Content Accessibility Guidelines)

    WCAG explains how to make web content more accessible to people with disabilities. Web ‘content’ generally refers to the information in a web page including natural information such as text, images, and sounds, or code or markup that defines structure or presentation.

  • Transition Approach

    placeholder

  • On this page: 

  • AI system lifecycle

    The practices described in the standard use a reference AI lifecycle model to ensure holistic coverage of an AI system from inception to retirement, as shown in the 'AI lifecycle diagram' below.

    The statements and criteria outlined in this standard are structured according to the relevant lifecycle stages and are intended to be implemented through an iterative process.

    The AI system lifecycle is a structured process that occurs in stages, ensuring the holistic coverage of the AI system from discovery to retirement.

    The AI lifecycle stages include:

    1. Discover: design, data, train and evaluate.
    2. Operate: integrate, deploy and monitor.
    3. Retire: decommission.

    This lifecycle model is based on the  Voluntary AI Safety Standard.

    AI lifecycle diagram

  • Applying the lifecycle and standard requirements

    AI system development is generally an iterative approach. At any point of the lifecycle, issues, risks, or opportunities may be discovered for improvement that could prompt changes to system requirements, design, data, model, or test cases. After deployment, feedback and issues could prompt changes to the requirements.

    Each agency may have existing architecture and processes relating to the adoption and implementation of AI systems. The standard complements existing architecture and processes.

    The Policy for the responsible use of AI in government encourages continuous improvement to enable AI capability uplift.

  • Whole of AI lifecycle includes statements that apply across multiple AI product lifecycle stages, for ease of use and to minimise content duplication.

  • The challenges for government use of AI are complex and linked with other governance considerations, such as:

    • the APS Code of Conduct
    • data governance
    • cyber security
    • ICT infrastructure
    • privacy
    • sourcing and procurement
    • copyright
    • ethics practices.

    Across the lifecycle stages, agencies should consider:

    • technology operations – to ensure compliance, efficiency, and ethical standards
    • reference architecture – to provide structured frameworks that guide the design, development, and management of AI solutions
    • people capabilities – having the specialised skills required for successful implementation
    • auditability – enabling external scrutiny, supporting transparency, and accountability
    • explainability – identifying what needs to be explained and when, making complex AI processes transparent and trustworthy
    • system bias – maintaining the role of positive bias in delivering meaningful outcomes, while mitigating the source and impacts of problematic bias
    • version control – tracking and managing changes to information to inform stakeholder decision-making
    • watermarking – to embed visual or hidden markers into generated content so that its creation details can be identified.

  • Notes: 

    • Agencies must consider intellectual property rights and ownership derived from procured services or datasets used (including general AI outputs) to comply with copyright law.

    • Management of bias in an AI system is critical to ensuring compliance with Australia’s anti-discrimination law.

    • All documents relating to the establishment, design, and governance of an AI implemented solution must be retained to comply with information management legislation.

    • Agencies must comply with data privacy and protection practices as per the Australian Privacy Principles.

    • Agencies must consider data and lineage compliance with Australian Government regulations.

    • Agencies should refer to the Policy of responsible use of AI in government to implement AI fundamentals training for all staff, regardless of their role. To support agencies with their implementation of the Policy, the DTA provides Guidance for staff training on AI.

    • Australian Government API guidelines mandate the use of semantic versioning.

    • Agencies should refer to the Australian parliamentary recommendations on AI including risk management, people capabilities, and implement measures for algorithmic bias.

    • Any infrastructure, both software and hardware, for AI services and solutions must adhere to Australian Government regulations and should consider security as priority as recommended by the Australian Government guidance on AI System Development, Deploying AI Systems Securely and Engaging with AI. The recommendations include secure well-architected environments, whether on-premises, cloud-based, or hybrid, to maintain the confidentiality, integrity, and availability of AI services.

    • Agencies using cloud-based systems should refer to Cloud Financial Optimisation (Cloud FinOps).

    • Agencies must consider security frameworks, controls and practices with respect to the Information security manual (ISM), Essential Eight maturity model, Protective Security Policy Framework and Strategies to mitigate cyber security incidents.

    • Reuse digital, ICT, data and AI solutions in line with the Australian Government Reuse standard. This includes pre-existing AI assets and components from organisational repositories or open-source platforms.

    • The Budget Process Operational Rules (BPORs) mandate that entities must consult with the DTA before seeking authority to come forward for Expenditure Review Committee agreement to digital and ICT-enabled New Policy Proposals, to meet the requirements of the Digital and ICT Investment Oversight Framework. Digital proposals likely to have financial implications of $30 million or more, may be subject to the ICT Investment Approval Process (IIAP).

    • Management of human, society and environmental impact should ensure alignment with National Agreement on Closing the Gap, Working for Women – A Strategy for Gender Equality, Australia’s Disability Strategy 2021-2031, National Plan to End Gender Based Violence, APS Net Zero Emissions by 2030 Strategy, Environmentally Sustainable Procurement Policy and Environmental impact assessment.

    • The DTA oversees sourcing of digital and ICT for the whole of government and provides a suite of policies and guidelines to support responsible procurement practices of agencies, such as the Procurement and Sourcing | aga and Lifecycle - BuyICT guidance. AI model clauses provide guidance for purchasing AI systems.

  • Statements: whole of AI lifecycle 

  • Statement 1: Define an operational model

    Agencies should:

    • Criterion 1: Identify a suitable operational model to design, develop, and deliver the system securely and efficiently.

      Implementing effective operational models for AI systems needs careful consideration to ensure compliance, efficiency, and ethical standards. They also provide tools for traceability, reproducibility, and modularity.

      Existing operational models can be used or extended for AI systems. Operational models can streamline the iterative nature of design, and develop and deliver AI systems more securely, efficiently, and reliably. Some examples include:

      • Model operations (ModelOps) – set of practices and technologies to streamline lifecycle management for decision models, using interdisciplinary approaches and automation tools
      • Machine learning operations (MLOps) – like ModelOps but for machine learning
      • Large language model operations (LLMOps) – like ModelOps but for large language models
      • Data operations (DataOps) – practices to streamline lifecycle management for data using interdisciplinary approaches and automated pipelines
      • Development operations (DevOps) – a software development methodology combining software development and ICT operations for streamlined workflows.

    The above list contains examples that are at varying levels of abstraction. For example, LLMOps is a type of MLOps as it inherits many of the same properties.

    Ensure governance and security are integrated into the operational model.

    • Criterion 2: Consider the technology impacts of the operating model.

      These include:

      • the resources required for system development and maintenance, including computational power and data storage
      • AI requirements including potential harm and bias, human oversight and intervention, AI model configuration, and pre and post processing options for fine-tuning models
      • the data requirements of the system including sourcing and usage, provenance training, data diversity, data used in pre-trained models, and intellectual property rights.

      Note: The source of the impacts listed will be tied to selection decisions of the data and model, and additional training applied to the model.

    • Criterion 3: Consider suitable technology hosting strategies.

      The hosting strategy can involve one of the following models:

      • Infrastructure as a service (IaaS) – for maximum control and flexibility; generally suitable for complex AI
      • Platform as a service (PaaS) – generally for AI experimentation and development; no in-house infrastructure management required
      • Software as a service (SaaS) – generally for ready-made AI solutions; no in-house infrastructure management and no in-house AI system development required.

      The strategy to adopt should consider:

      • use case and enterprise needs
      • flexibility, scalability, control, computational performance
      • AI development and support costs
      • customisation
      • vendor lock-in
      • security and privacy considerations.

  • Statement 2: Define the reference architecture

    Next Page

  • Statement 2: Define the reference architecture

  • Services covered by the Digital Service Standard

    The Digital Service Standard is mandatory and applies to digital services that are:

    • owned by non-corporate Commonwealth entities
    • informational or transactional
    • new or existing public facing
    • new staff facing.

    This includes services provided through a website, mobile app or other digital platform.

    Version 2.0 of the Digital Service Standard will be assessed and enforced in 2 phases. Refer to the Transition approach section for details about the 2 phases.

  • The use of a reference architecture provides a structured framework that guides the design, development, and management of an AI system.

    Agencies must:

    • Criterion 4: Evaluate existing reference architectures.

      Make use of the Australian Government Architecture to:

      • consider reusing pretrained models when applicable
      • consider whether to build in-house or use off-the-shelf software or services
      • ensure strategic alignment with government's digital direction
      • ensure consistency and interoperability across agencies.

    Agencies should:

    • Criterion 5: Monitor emerging reference architectures to evaluate and update the AI system.

      New architectural paradigms are emerging that address complex AI applications, including:

      • Large Language Model (LLM) architectures: These architectures focus on deploying and managing large-scale language models. They encompass systems, tools, and design patterns that facilitate the integration of LLMs into applications, ensuring scalability and efficiency.
      • AI infrastructure architectures: Conceptualised to streamline the production of AI models, AI factories provide comprehensive guidelines for building high-performance, scalable, and secure data centres dedicated to AI development. These architectures support the end-to-end lifecycle of AI system creation, from development to deployment.
      • Generative AI (GenAI) reference architecture: This architecture outlines interfaces and components for GenAI applications, enabling users to interact with AI systems effectively. It emphasises modularity and flexibility, allowing for the integration of various AI functionalities to meet diverse user needs.

  • Statement 3: Identify and build people capabilities

    Next Page

  • Statement 3: Identify and build people capabilities

  • Statement 3: Identify and build people capabilities

  • Use case assessment

    The standard was assessed against a selection of use cases across government agencies.  Outcomes were collated to identify how the standard can be used across each lifecycle stage.

    The assessment considered:

    • proof of concept to those in operation
    • the nature of the applications, whether used by internal staff or public facing
    • the type of data involved, whether private, public, or a combination of both
    • the risk level of the applications, ranging from low to high.

    The applicability of the standard varied, based on who built each part of the AI system:

    1. Fully built and managed in-house: Involves building AI systems from scratch.
    2. Partially built and fully managed in-house: This includes using pre-trained or off-the-shelf models with or without grounding, RAG, and prompt engineering, such as large language models (LLMs) or reusing existing pre-trained machine learning or computer vision models. Note that fine-tuning a model would transfer the responsibility of applying the standard from the vendor to the agency.
    3. Largely built and managed externally: Sourcing or procuring an AI system or SaaS product that is managed by a third-party or an external provider, such as Copilot.
    4. Incidental usage of AI: Using off-the-shelf software with AI as incidental feature.
      Examples include:
      • AI features built into desktop software such as grammar checks
      • internet search with AI functionality

    Applicability of the statements in the standard was tested against each AI use case. The process determined whether the standard could be applied to the use case or not. In some cases, such as when a pre-trained model is used, the applicability may be conditional. This means that the applicability depends on the use case, vendor responsibility, and how AI is integrated into the environment. 

    Applicability of the standard has been categorised as:

    • Applicable: The statements in the standard fully apply to the use case.
    • Conditional: The statements in the standard are applicable, but their implementation may require agreement with third-party providers or rigorous testing and monitoring. For example, when using GenAI without fine-tuning or grounding, parts of the standard will be implemented by the provider.
    • N/A (not applicable): The use case falls outside the scope of the standard, and therefore the statements do not apply.

    The following table shows the applicability of the standard against each lifecycle phase:

    PhaseBuilt and managed in-house Partially built and fully managed in-house Largely built and managed externallyIncidental usage of AI
    Whole of AI LifecycleApplicableApplicableApplicableN/A
    DesignApplicableApplicableApplicableN/A
    DataApplicableConditionalConditional N/A
    TrainApplicableConditionalConditionalN/A
    EvaluateApplicableApplicableConditionalN/A
    IntegrateApplicableApplicableConditionalN/A
    DeployApplicableApplicableConditionalN/A
    MonitorApplicableApplicableApplicableN/A
    DecommissionApplicableApplicableApplicableN/A

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession