Search

Questions about policy implementation
AOs can contact the DTA with questions about policy implementation by emailing ai@dta.gov.au.
APS conduct
APS Code of Conduct
Public Service Act 1999
Related frameworks for AI
While this section lists frameworks that are related to AI, it is not exhaustive. Agencies should consider what existing frameworks apply to them and their specific AI use cases.

Risk assessment for use of AI

Risk matrix

	Consequence – Insignificant	Consequence – Minor	Consequence – Moderate	Consequence – Major	Consequence – Severe
Likelihood – Almost certain	Medium	Medium	High	High	High
Likelihood – Likely	Medium	Medium	Medium	High	High
Likelihood – Possible	Low	Medium	Medium	High	High
Likelihood – Unlikely	Low	Low	Medium	Medium	High
Likelihood – Rare	Low	Low	Low	Medium	Medium

Figure 1: Risk matrix for use of AI

Using the risk matrix, determine the severity of the risks. In considering the consequence and likelihood consult with relevant stakeholders. The risk assessment should reflect the intended scope, function and risk controls of the AI use case.
The following are examples of risks that an agency can consider as part of their assessment.
What is the risk that the use of AI:
negatively affects public accessibility or inclusivity of government services
unfairly discriminates against individuals or communities
perpetuates stereotypes or demeaning representations of individuals or communities
causes harm to individuals, communities, businesses or the environment
results in privacy concerns due to the sensitivity of the data being manipulated, parsed or transformed by the system
results in security concerns due to the sensitivity or classification of the data being manipulated, parsed or transformed by the system
results in security concerns due to the implementation, sourcing or characteristics of the system
influences decision-making that affects individuals, communities, businesses or the environment
poses a reputational risk or undermines public confidence in government
results in intellectual property concerns due to the system manipulating, transforming or reproducing material for which a third party owns copyright.
Agencies should refer to existing risk management frameworks, such as the Commonwealth Risk Management Policy and internal agency risk management approaches, for guidance in assessing the concepts under the risk matrix at Figure 1.
What is the risk that the use of AI:
negatively affects public accessibility or inclusivity of government services
unfairly discriminates against individuals or communities
perpetuates stereotypes or demeaning representations of individuals or communities
causes harm to individuals, communities, businesses or the environment
results in privacy concerns due to the sensitivity of the data being manipulated, parsed or transformed by the system
results in security concerns due to the sensitivity or classification of the data being manipulated, parsed or transformed by the system
results in security concerns due to the implementation, sourcing or characteristics of the system
influences decision-making that affects individuals, communities, businesses or the environment
poses a reputational risk or undermines public confidence in government
results in intellectual property concerns due to the system manipulating, transforming or reproducing material for which a third party owns copyright.
Agencies should refer to existing risk management frameworks, such as the Commonwealth Risk Management Policy and internal agency risk management approaches, for guidance in assessing the concepts under the risk matrix at Figure 1.
Content
Risk
Commonwealth Risk Management Policy
Procurement
Commonwealth Procurement Rules and other procurement policies.
Digital Sourcing Contract Limits and Reviews Policy
Privacy
Privacy Act 1988
Cyber and protective security
2023-2030 Australian Cyber Security Strategy
Protective Security Policy Framework
Cyber Security Guidelines
Data
Framework for Governance Indigenous Data
Foundational Four
Archives Act 1983
Data-matching Act 1990
Data Availability and Transparency Act 2022
Notifiable Data Breaches scheme
Digital investment
Investment Oversight Framework
Data and Digital Government Strategy
Data and digital
Data and Digital Government Strategy
Artificial intelligence
Australia’s AI Ethics Principles
Engaging with Artificial Intelligence (AI) guidance
Interim guidance on government use of public generative AI tools (Generative AI guidance)
Automated decision-making
Automated Decision-making Better Practice Guide
Related frameworks

A non-exhaustive list of frameworks for agencies to consider applying to their specific AI use cases.
Policy resources
Risk matrix

A matrix to help agencies identify risks related to their use of AI, their likelihood and consequences.

Related frameworks

A non-exhaustive list of frameworks for agencies to consider applying to their specific AI use cases.

Use classification

A classification system to represent how AI is commonly used in government and the domains where they are applied.
Risk matrix

A matrix to help agencies identify risks related to their use of AI, their likelihood and consequences.
Policy aim
Principles and requirements
The following sections outline the policy principles and requirements under the ‘enable, engage and evolve’ framework.
Visit the AGA

View the guidance for generative AI
Visit the AGA

View the guidance for generative AI
Standard for accountable officials

Find further information at the standard for accountable officials.

Questions about policy implementation

APS conduct

Related frameworks for AI

Risk assessment for use of AI

Risk matrix

Risk

Procurement

Privacy

Cyber and protective security

Data

Digital investment

Data and digital

Artificial intelligence

Automated decision-making

Related frameworks

Policy resources

Risk matrix

Related frameworks

Use classification

Risk matrix

Policy aim

Principles and requirements

View the guidance for generative AI

View the guidance for generative AI

Standard for accountable officials

Connect with the digital community