• Policy aims

  • Implementation

  • Explore the principles and requirements of the policy.

  • Strategy and oversight

  • Hosting & domains

    Create and host websites that are secure, modern and accessible to the public.

  • Preparedness and operations

  • AI use case impact assessment

  • Download the policy

    Download a PDF of the policy for responsible use of AI in government.

  • Explore related frameworks

    A non-exhaustive list of existing frameworks related to AI.

  • Definitions

    For the purposes of this policy, agencies should apply the definition of AI provided by the Organisation for Economic Co-operation and Development (OECD) and the following definition of AI use case:

  • "An AI use case is a specific application of an AI system or systems to achieve certain objectives or perform certain tasks."

  • Definitions and how to apply them – including an optional approach to group AI use cases for some general-purpose AI solutions – is available in Appendix B. The appendix also defines an AI incident.

    Timeframes

    This policy provides implementation timeframes for agencies to meet some of its requirements. While agencies may need this time to action requirements, agencies should implement them sooner if practicable. Agencies could consider putting in place interim processes and building out their approach as they reach the specified implementation deadline.

    In-scope AI use cases

    This policy specifies actions that apply at the use case level. AI use cases in scope of this policy (referred to as in-scope AI use cases) are use cases that meet any criteria in Appendix C.

    In addition to the criteria, the appendix lists areas of AI use to consider that are not automatically high risk, but are more likely to involve risks that require careful attention through an impact assessment. It also provides information on how to apply the policy for agencies experimenting with AI.

  • Next page

    1. Basic information

  • Open data

    Value for growing the economy, improving service delivery & transforming policy outcomes.

  • Next page

    11. Accountability

  • Next page

    12. Use case review and next steps

  • Next page

    Appendix: Risk consequence guidance table

  • Strategy and oversight

    The principles and requirements included in this section are designed to enable a forward-leaning approach to agency AI adoption. These requirements set out AI accountability at the agency level and use case level and seek to build trust through transparency.

  • "An AI system is a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. Different AI systems vary in their levels of autonomy and adaptiveness after deployment."

  • Agencies may refer to further explanatory material on the OECD website.

    Given the rapidly changing nature of AI, agencies should keep up to date on any updates or changes to this definition. The definition in this policy will be reviewed as the broader, whole-of-economy regulatory environment matures to ensure an aligned approach.

    AI use case

    This policy uses the term 'AI use case' in some of its requirements. AI systems can have one or more applications, which can each differ in their intended purpose, functionality and risk level. The policy focuses on conducting assessments and applying actions at the AI use case level. Agencies are to use the following definition of AI use case in applying this policy:

  • "An AI use case is a specific application of an AI system or systems to achieve certain objectives or perform certain tasks."

  • Some general-purpose AI solutions, such as Microsoft Copilot, may include a variety of use cases. When applying the policy to these solutions, agencies can choose one of the following approaches:

    • treat the AI solution as a single complex use case and undertake policy actions appropriate for the highest level of risk
    • treat each use case separately and undertake policy actions appropriate to each use case's respective risk, including appointing separate accountable use case owner and registering each in-scope use case on the agency's internal register.

    AI incident

    This policy requires agencies to provide a way to manage AI incidents through operationalising the responsible use of AI. The definition of an AI incident is still being considered globally. As this evolves, the policy will adapt to changes in the policy environment as necessary.

    For the purposes of applying this policy, the following definition of an AI incident has been adapted from the OECD's draft definition to better suit the Australian government context:

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession