Australian AI Governance FAQ¶

Purpose: Quick answers to the most common questions about AI governance in Australia Audience: Business owners, executives, governance and compliance teams | Time: 10 minutes

Practical answers to the questions Australian organisations ask most about AI governance, regulation and risk. Each answer links to detailed resources on this site.

Regulation and law¶

Is AI regulated in Australia?¶

Australia does not yet have a standalone AI Act. Instead, existing laws apply to AI systems:

• Privacy Act 1988 — covers personal data used by AI
• Australian Consumer Law — covers misleading AI claims and outputs
• Anti-discrimination laws — covers biased AI decisions

The government relies on voluntary guidance (AI6, VAISS) and a new AI Safety Institute, rather than mandatory AI-specific regulation — for now.

Does the Privacy Act apply to AI?¶

Yes. The Privacy Act applies to any processing of personal information, including by AI. Key obligations:

• Inform people when AI processes their personal information
• Ensure AI vendors comply with the Australian Privacy Principles
• From 10 December 2026, disclose when computer programs make decisions that significantly affect individuals

See Current Legal Landscape for full details.

What is AI-washing?¶

Making misleading claims about AI capabilities — for example, claiming a product "uses AI" when it doesn't, or overstating what an AI system can do. The ACCC has flagged AI-washing as an enforcement concern under the Australian Consumer Law.

How does Australian AI regulation compare internationally?¶

Australia takes a voluntary, principles-based approach. The EU has a binding AI Act with phased compliance dates. China has specific AI regulations for generative AI. The US relies on executive orders and sector-specific rules. See International AI Legal Overview for a full comparison.

Standards and frameworks¶

What is the Voluntary AI Safety Standard (VAISS)?¶

The VAISS is an Australian Government framework consisting of 10 guardrails for safe and responsible AI, released in September 2024. It covers transparency, accountability, risk assessment, data governance, incident response, security, supply chain, human oversight, governance and lifecycle management.

The guardrails have been integrated into the newer Guidance for AI Adoption (AI6) but remain useful as a detailed control set.

→ Full VAISS guide

What is AI6 (Guidance for AI Adoption)?¶

AI6 is the Australian Government's primary voluntary guidance for responsible AI adoption, published by the National AI Centre in October 2025. It sets out six essential practices:

1. Decide accountability
2. Understand impacts
3. Measure and manage risks
4. Share information
5. Test and monitor
6. Maintain human control

→ Full AI6 guide

What is the AI Safety Institute?¶

The Australian AI Safety Institute was established in early 2026 with $29.9 million in funding. It conducts technical assessments of advanced AI systems, engages internationally through the Network of AI Safety Institutes, and publishes research. It advises government but does not have enforcement powers.

→ Government AI Policy & Frameworks

Getting started¶

Do I need an AI use policy?¶

Yes, if your organisation uses or plans to use AI tools. An AI use policy sets boundaries for acceptable use, data handling and incident escalation. Without one, staff may use AI tools without understanding the risks — or use them in ways that expose your organisation to liability.

→ Free AI Use Policy template

How do I assess AI risk?¶

1. Start with the AI Readiness Checklist to understand your organisation's preparedness
2. Use the AI Risk Assessment Checklist for each AI use case
3. Track ongoing risks in the AI Risk Register

Consider privacy, bias, accuracy, security and impact on affected people. The level of assessment should match the risk — a simple internal tool needs less scrutiny than an AI making decisions about customers.

Do small businesses need AI governance?¶

Yes, but it can be lightweight. Even a simple foundation makes a significant difference:

• An AI Use Policy (1-2 hours to adapt)
• A basic risk assessment for each AI tool (30 minutes each)
• A register of what AI you're using (15 minutes to set up)

All SafeAI-Aus templates are free and designed to be adapted to organisations of any size.

→ Safe AI Adoption — Getting Started

Are there mandatory AI requirements for government agencies?¶

Yes. The DTA's updated AI policy introduces mandatory requirements for Commonwealth agencies:

• 15 June 2026 — mandatory AI Impact Assessments, procurement guidance and foundational AI training
• December 2026 — all remaining requirements take effect

While mandatory only for Commonwealth agencies, they signal the direction for all Australian organisations.

→ Government AI Policy & Frameworks

Funding and support¶

What AI grants are available in Australia?¶

Several programs support AI adoption:

• CRC-P Round 19 — $20M dedicated AI funding stream (check current status)
• R&D Tax Incentive — tax offsets for eligible AI R&D activities
• ARC grants — research partnerships with universities
• State programs — SA ($28M AI initiative), NSW, QLD, VIC all have programs
• AI Adopt Centres — free specialist services for eligible SMEs

Availability changes frequently.

→ Current grants and deadlines

Templates and tools¶

What free AI governance templates are available?¶

SafeAI-Aus provides 11 free templates aligned with VAISS and AI6:

All templates are licensed under CC BY 4.0 — free to use, adapt and share with attribution.

→ Full template library