Skip to content

Current Legal Landscape for AI in Australia

While Australia doesn't yet have AI-specific legislation, AI use is already governed by existing laws. Australian law is technology-neutral: obligations around privacy, consumer protection, discrimination, workplace safety and intellectual property apply regardless of whether a decision is made by a human or an AI system.

In 2024 the Government released proposals for mandatory guardrails for high-risk AI applications alongside a Voluntary AI Safety Standard. In October 2025 the National AI Centre (NAIC) published updated Guidance for AI Adoption, which sets out six essential practices (AI6) and is now the primary government guidance for responsible AI governance and adoption. In December 2025 the National AI Plan confirmed that, for now, Australia will rely on existing laws and sector regulators, supported by voluntary guidance and a new AI Safety Institute, rather than introducing a standalone AI Act or immediate mandatory guardrails.

Why this matters

Understanding the current legal landscape helps organisations:

  • Avoid legal and reputational risks from misuse of AI
  • Demonstrate compliance and accountability to regulators and customers
  • Build trust by applying the same standards to AI as to human decision-making
  • Prepare for upcoming AI-related reforms and regulatory guidance in Australia
  • Align with the Guidance for AI Adoption (AI6) and, where helpful, the underlying Voluntary AI Safety Standard, to demonstrate best practice and readiness for any future mandatory requirements

Key Laws That Apply Today

Privacy Act 1988 & Australian Privacy Principles (APPs)

The Privacy Act 1988 is the principal legislation that regulates how personal information is collected, stored, used, and disclosed in Australia, including by government and private sector organisations (ag.gov.au). It establishes the Australian Privacy Principles (APPs), which apply to most organisations and agencies.

Relevance to AI:

  • Customers must be informed when AI systems process personal information
  • AI-derived insights about individuals are considered personal information
  • Consent may be required for analyzing personal data by AI
  • AI training datasets must comply with the APPs

Actions required:

  • Update privacy policies to mention AI use
  • Display “We use AI” notices where relevant
  • Ensure AI vendors are APP-compliant
  • Implement data minimisation practices

Penalties: Since 2022 reforms, serious or repeated breaches can attract penalties of up to the greater of $50 million, three times the benefit obtained, or 30% of adjusted turnover (oaic.gov.au).

Australian Consumer Law (ACL)

The Australian Consumer Law (ACL) is a national law embedded in the Competition and Consumer Act 2010. It protects consumers from unfair trading, misleading conduct, and unsafe products or services across all states and territories (consumer.gov.au).

Relevance to AI:

  • AI-generated content and claims must not be inaccurate or misleading
  • Chatbots must clearly communicate their nature and authority
  • AI-driven pricing must avoid deception
  • Recommendations should be based on reasonable grounds

Actions required:

  • Review all AI-generated marketing and promotional content
  • Implement disclaimers where chatbot responses could mislead
  • Monitor AI output quality and accuracy
  • Keep records of AI decision logic for accountability

Regulatory context: The ACCC is actively monitoring emerging AI-enabled practices, including reviews, claims, and pricing models.

Anti-Discrimination Laws

Australia maintains a federal anti‑discrimination framework, including acts like the Sex Discrimination Act 1984, Racial Discrimination Act 1975, and Disability Discrimination Act 1992. These laws prohibit unfair treatment across public life based on protected characteristics (ag.gov.au).

Relevance to AI:

  • AI must not discriminate against protected groups (e.g., based on gender, race, age, disability)
  • Recruitment or HR AI tools must mitigate bias
  • Services powered by AI must treat all users equitably
  • Credit and insurance AI must comply with anti-discrimination obligations

Actions required:

  • Regularly audit AI systems for bias and discriminatory outcomes
  • Document actions taken to ensure fairness
  • Maintain human oversight for high-impact AI decisions
  • Be prepared to explain or justify AI outputs

High-risk domains: Recruitment, lending, insurance, healthcare

Intellectual Property (IP) Laws

Australia’s IP laws—covering copyright, patents, trademarks, and design rights—aim to protect creators and innovators while balancing access to creative content and knowledge (ipaustralia.gov.au).

Relevance to AI:

  • Training AI models on copyrighted data may pose legal risk
  • AI-generated outputs might not qualify for copyright protection
  • Using client data without permission could breach confidentiality or IP rights
  • Using competitors’ content for training may contravene IP laws

Actions required:

  • Audit datasets for copyright compliance
  • Include AI use and ownership clauses in contracts
  • Avoid relying solely on AI-generated content for IP claims
  • Respect third-party IP and licensing terms

Reform note: Government is considering text and data mining exemptions to clarify how AI can safely use IP-protected content.

Sectoral Regulators to Watch

  • ASIC (Financial Services): AI use in lending, trading, and advice must align with responsible lending and market integrity obligations
  • APRA (Prudential): AI in risk management and critical infrastructure oversight may attract additional standards
  • TGA (Healthcare): AI medical devices must comply with therapeutic goods regulation
  • Fair Work Commission (Employment): Algorithmic decision-making in recruitment and HR must comply with employment and discrimination laws

Emerging Reforms (2025–2027 to watch)

  • Guidance for AI Adoption (AI6) – in effect from October 2025 NAIC's Guidance for AI Adoption sets out 6 essential practices for responsible AI governance and adoption, with two versions (Foundations and Implementation practices) and supporting tools (AI screening tool, AI policy guide and template, AI register template). It updates and replaces the Voluntary AI Safety Standard as the primary government reference point for organisations using AI in Australia.

  • Voluntary AI Safety Standard (VAISS) – 10 guardrails now integrated into AI6 The Voluntary AI Safety Standard, released in 2024, introduced 10 guardrails for safe and responsible AI. These guardrails remain relevant as a detailed control set and have been fully integrated into the Guidance for AI Adoption through an official "VAISS × implementation practices" crosswalk.

  • National AI Plan and AI Safety Institute (from 2026) The National AI Plan (December 2025) sets a national roadmap to capture AI opportunities, spread benefits across the economy and keep Australians safe. The Government has paused work on standalone AI-specific legislation and mandatory guardrails, instead relying on existing "technology-neutral" laws and regulators, supported by a new AI Safety Institute from 2026 to monitor, test and advise on emerging AI risks.

  • Privacy Act reforms Privacy reforms remain on the agenda, including stronger consent rules, potential rights to explanation for high-impact automated decisions, direct rights of action, and higher penalties. These reforms will significantly shape compliant AI data practices.

  • Copyright and IP reforms Ongoing work is examining text and data-mining exceptions, the legality of using copyrighted works to train AI models, and how copyright applies to AI-generated content. These reforms are particularly important for organisations heavily relying on generative AI.

Government guidance for safe AI (AI6 and the Voluntary AI Safety Standard)

In 2024 the Australian Government released the Voluntary AI Safety Standard (VAISS) as an interim framework consisting of 10 guardrails for safe and responsible AI development and deployment across all sectors.

In October 2025 the National AI Centre released updated Guidance for AI Adoption, which:

  • condenses the 10 VAISS guardrails into 6 essential practices (AI6)
  • expands guidance to cover both AI deployers and developers
  • provides more detailed, actionable implementation guidance and supporting tools.

The Guidance for AI Adoption is now the primary source of voluntary governance guidance for Australian organisations. The 10 guardrails remain fully integrated into AI6 and are useful as a detailed control catalogue, especially when building AI policies, risk registers, and vendor due-diligence processes.

Organisations developing or deploying AI systems should:

  • adopt AI6 as their top-level framework for responsible AI governance
  • use the 10 guardrails where more granular control statements are helpful or where external documents still refer to VAISS
  • link both to their existing privacy, consumer law, safety, IP and cyber security obligations.

Summary Table

Law / Regulator AI Relevance Actions Required
Privacy Act 1988 (APPs) Personal data, AI insights, consent, training data Update policies, notices, vendor compliance, minimise data collection
Australian Consumer Law Accuracy of AI outputs, chatbots, pricing, recommendations Review marketing content, add disclaimers, monitor outputs, log decision logic
Anti-Discrimination Laws Bias in recruitment, lending, healthcare, insurance Test for bias, document fairness, human oversight, explainability
Intellectual Property (IP) Copyright in training data, AI-generated content, confidentiality Audit sources, AI contract clauses, respect third-party IP rights
ASIC AI in lending, trading, financial advice Ensure compliance with responsible lending & market integrity obligations
APRA AI in risk management and critical infrastructure Meet prudential standards for AI oversight
TGA AI in medical devices Register & test AI systems, comply with TGA rules
Fair Work Commission Algorithmic HR and recruitment Ensure compliance with employment and anti-discrimination laws
Guidance for AI Adoption (AI6) 6 essential practices for responsible AI governance and adoption; integrates the earlier Voluntary AI Safety Standard (10 guardrails) Use AI6 as the primary reference for AI governance; map existing policies and risk registers to the 6 practices; use the guardrails as detailed controls where needed

Why This Matters

Even before new AI laws are introduced, existing legislation creates clear compliance obligations. Businesses deploying AI should:

  • Treat AI as subject to the same laws as human decision-making
  • Document AI-related policies and processes
  • Engage legal review for higher-risk applications
  • Consider implementing the Guidance for AI Adoption (AI6), and where useful the underlying Voluntary AI Safety Standard, to align with emerging best practice and demonstrate responsible AI governance even in the absence of a dedicated AI Act

Key References