Current Legal Landscape for AI in Australia¶

Purpose: Navigate current Australian laws and regulations that apply to AI systems Audience: Legal, compliance, risk and governance teams | Time: 45-60 minutes

While Australia doesn't yet have AI-specific legislation, AI use is already governed by existing laws. Australian law is technology-neutral: obligations around privacy, consumer protection, discrimination, workplace safety and intellectual property apply regardless of whether a decision is made by a human or an AI system.

In 2024 the Government released proposals for mandatory guardrails for high-risk AI applications alongside a Voluntary AI Safety Standard. In October 2025 the National AI Centre (NAIC) published updated Guidance for AI Adoption, which sets out six essential practices (AI6) and is now the primary government guidance for responsible AI governance and adoption. In December 2025 the National AI Plan confirmed that, for now, Australia will rely on existing laws and sector regulators, supported by voluntary guidance and a new AI Safety Institute, rather than introducing a standalone AI Act or immediate mandatory guardrails.

Policy is evolving

The Australian AI policy landscape is changing rapidly. The information below reflects the position as of April 2026. For government policy, guidance and institutional developments, see Australian Government AI Policy and Frameworks. Monitor industry.gov.au/ai and the AI Safety Institute for updates.

Why This Matters

Understanding the current legal landscape helps organisations:

🛡️ Avoid legal and reputational risks from misuse of AI
✅ Demonstrate compliance and accountability to regulators and customers
🤝 Build trust by applying the same standards to AI as to human decision-making
🔮 Prepare for upcoming reforms and regulatory guidance in Australia
📊 Align with AI6 and VAISS to demonstrate best practice and readiness for any future mandatory requirements

Key Laws That Apply Today¶

Privacy Act 1988 & Australian Privacy Principles (APPs)¶

The Privacy Act 1988 is the principal legislation that regulates how personal information is collected, stored, used and disclosed in Australia, including by government and private sector organisations (ag.gov.au). It establishes the Australian Privacy Principles (APPs), which apply to most organisations and agencies.

Relevance to AI:

Customers must be informed when AI systems process personal information
AI-derived insights about individuals are considered personal information
Consent may be required for analysing personal data by AI
AI training datasets must comply with the APPs

Actions Required

✅ Update privacy policies to mention AI use
✅ Display "We use AI" notices where relevant
✅ Ensure AI vendors are APP-compliant
✅ Implement data minimisation practices

Automated decision-making transparency (effective 10 December 2026): The Privacy and Other Legislation Amendment Act 2024 introduces new APP 1.7, 1.8 and 1.9 obligations. From 10 December 2026, APP entities must disclose in their privacy policies:

The types of personal information used in substantially automated decisions
The nature of decisions made solely or significantly by computer programs
Where those decisions could reasonably be expected to significantly affect individual rights or interests

The OAIC is progressively publishing guidance on these new obligations throughout 2026. Organisations using AI in automated decision-making should begin privacy policy reviews now.

Penalties: Since 2022 reforms, serious or repeated breaches can attract penalties of up to the greater of $50 million, three times the benefit obtained, or 30% of adjusted turnover (oaic.gov.au).

Australian Consumer Law (ACL)¶

The Australian Consumer Law (ACL) is a national law embedded in the Competition and Consumer Act 2010. It protects consumers from unfair trading, misleading conduct and unsafe products or services across all states and territories (consumer.gov.au).

Relevance to AI:

AI-generated content and claims must not be inaccurate or misleading
Chatbots must clearly communicate their nature and authority
AI-driven pricing must avoid deception
Recommendations should be based on reasonable grounds

Actions Required

✅ Review all AI-generated marketing and promotional content
✅ Implement disclaimers where chatbot responses could mislead
✅ Monitor AI output quality and accuracy
✅ Keep records of AI decision logic for accountability

Regulatory context: The ACCC is actively monitoring emerging AI-enabled practices, including reviews, claims and pricing models. In February 2026 the ACCC published its own AI transparency statement disclosing how it uses AI internally, and has flagged "AI-washing" (misleading claims about AI capabilities) as an enforcement concern. The Treasury's review of AI and the Australian Consumer Law found the existing framework "fit for purpose", making dedicated AI consumer legislation unlikely in the near term.

Penalty increase (effective 28 March 2026): The Treasury Laws Amendment (Doubling Penalties for ACCC Enforcement) Act 2026 doubled the maximum corporate penalty under the Competition and Consumer Act 2010 and the ACL from $50 million to **$100 million per contravention** for the most serious breaches. The amendment applies across all CCA/ACL provisions including misleading and deceptive conduct — the primary legal risk for businesses making unsubstantiated AI capability claims. The ACCC has publicly stated it will seek the highest penalties appropriate in cases it brings to court. The ACCC's 2026–27 enforcement priorities include manipulative conduct in digital markets (dark patterns, subscription traps, misleading pricing claims) — AI-enabled variants are within scope (whitecase.com, nortonrosefulbright.com).

Anti-Discrimination Laws¶

Australia maintains a federal anti‑discrimination framework, including acts like the Sex Discrimination Act 1984, Racial Discrimination Act 1975, and Disability Discrimination Act 1992. These laws prohibit unfair treatment across public life based on protected characteristics (ag.gov.au).

Relevance to AI:

AI must not discriminate against protected groups (e.g., based on gender, race, age, disability)
Recruitment or HR AI tools must mitigate bias
Services powered by AI must treat all users equitably
Credit and insurance AI must comply with anti-discrimination obligations

Actions Required

✅ Regularly audit AI systems for bias and discriminatory outcomes
✅ Document actions taken to support fairness
✅ Maintain human oversight for high-impact AI decisions
✅ Be prepared to explain or justify AI outputs

High-risk domains: Recruitment, lending, insurance, healthcare

Intellectual Property (IP) Laws¶

Australia's IP laws—covering copyright, patents, trademarks and design rights—aim to protect creators and innovators while balancing access to creative content and knowledge (ipaustralia.gov.au).

Relevance to AI:

Training AI models on copyrighted data may pose legal risk
AI-generated outputs might not qualify for copyright protection
Using client data without permission could breach confidentiality or IP rights
Using competitors' content for training may contravene IP laws

Actions Required

✅ Audit datasets for copyright compliance
✅ Include AI use and ownership clauses in contracts
✅ Avoid relying solely on AI-generated content for IP claims
✅ Respect third-party IP and licensing terms

Copyright reform (Copyright Amendment (Orphan Works and Other Measures) Act 2026, passed 1 April 2026): Parliament passed the Copyright Amendment (Orphan Works and Other Measures) Act 2026 on 1 April 2026, establishing Australia's first orphan works scheme — providing legal certainty for use of works where the copyright holder is unknown or unlocatable, with libraries, museums and educational institutions among the primary beneficiaries. Importantly for AI, the Government rejected a text-and-data-mining (TDM) exemption for AI training — a proposal supported by technology firms — and is instead exploring a paid licensing model. The Copyright and AI Reference Group (CAIRG), established within the Attorney-General's Department, is engaging stakeholders on fair and legal use of copyrighted material in AI training, copyright law's applicability to AI-generated outputs, and enforcement mechanisms including a potential small claims forum. Organisations training AI models on copyrighted content in Australia must continue to rely on existing copyright exceptions or obtain licences from rights holders (ministers.ag.gov.au).

Sectoral Regulators to Watch¶

Key Regulators

🏦 ASIC (Financial Services): AI use in lending, trading and advice must align with responsible lending and market integrity obligations
🏛️ APRA (Prudential): AI in risk management and critical infrastructure oversight may attract additional standards
🏥 TGA (Healthcare): AI medical devices must comply with therapeutic goods regulation. Two January 2026 reports confirm the existing technology-agnostic framework is fit for purpose; no new mandatory AI requirements introduced (TGA outcomes report; Department of Health Safe and Responsible AI in Health Care final report, January 2026)
👥 Fair Work Commission (Employment): Algorithmic decision-making in recruitment and HR must comply with employment and discrimination laws
🦺 SafeWork NSW (Workplace AI in NSW): The NSW Work Health and Safety Amendment (Digital Work Systems) Act 2026 (passed 12 February 2026) imposes specific WHS duties on PCBUs using AI, algorithms, automation or online platforms to allocate work. Commencement is by proclamation. See NSW section in state/territory resources for full provisions. Other states may follow.

Upcoming Legislative Reforms¶

🔒 Privacy Act — automated decision-making transparency (10 December 2026) New APP 1.7–1.9 obligations require disclosure when computer programs use personal information to make decisions significantly affecting individuals. See the Privacy Act section above for details. The OAIC is publishing guidance progressively throughout 2026.
📝 Copyright reform — TDM exemption rejected (April 2026) Parliament rejected a text-and-data-mining exemption for AI training and is exploring a paid licensing model instead. See the IP section above for details. Further consultations on AI's impact on the creative sector are expected through the next National Cultural Policy process.
⚖️ Consumer law — no standalone AI legislation The Treasury review found the Australian Consumer Law "fit for purpose" for AI. No dedicated AI consumer legislation is expected in the near term. The ACCC continues to monitor AI-washing and misleading AI claims.

Government Policy and Guidance

For coverage of the National AI Plan, AI Safety Institute, DTA mandatory requirements, Senate Committee response and other government policy developments, see Australian Government AI Policy and Frameworks.

Summary Table¶

Law / Regulator	AI Relevance	Actions Required
Privacy Act 1988 (APPs)	Personal data, AI insights, consent, training data	Update policies, notices, vendor compliance, minimise data collection
Australian Consumer Law	Accuracy of AI outputs, chatbots, pricing, recommendations	Review marketing content, add disclaimers, monitor outputs, log decision logic
Anti-Discrimination Laws	Bias in recruitment, lending, healthcare, insurance	Test for bias, document fairness, human oversight, explainability
Intellectual Property (IP)	Copyright in training data, AI-generated content, confidentiality	Audit sources, AI contract clauses, respect third-party IP rights
ASIC	AI in lending, trading, financial advice	Ensure compliance with responsible lending & market integrity obligations
APRA	AI in risk management and critical infrastructure	Meet prudential standards for AI oversight
TGA	AI in medical devices	Register & test AI systems, comply with TGA rules
Fair Work Commission	Algorithmic HR and recruitment	Ensure compliance with employment and anti-discrimination laws
Guidance for AI Adoption (AI6)	6 essential practices for responsible AI governance and adoption; integrates the earlier Voluntary AI Safety Standard (10 guardrails)	Use AI6 as the primary reference for AI governance; map existing policies and risk registers to the 6 practices; use the guardrails as detailed controls where needed

Key Takeaways

Even before new AI laws are introduced, existing legislation creates clear compliance obligations. Businesses deploying AI should:

⚖️ Treat AI as subject to the same laws as human decision-making
📝 Document AI-related policies and processes
👨‍⚖️ Engage legal review for higher-risk applications
📊 Consider implementing AI6 and VAISS to align with emerging best practice and demonstrate responsible AI governance even in the absence of a dedicated AI Act

Key References¶

OAIC – Privacy Act & AI Guidance
ACCC – AI and Consumer Law
Australian Human Rights Commission – Anti-Discrimination Guidance
IP Australia – Intellectual Property and AI
Australian Government – Privacy Act Reforms 2024
Voluntary AI Safety Standard (September 2024): Department of Industry, Science and Resources
Proposals Paper: Safe and Responsible AI - Mandatory Guardrails (September 2024): Department of Industry, Science and Resources

Disclaimer & Licence

Disclaimer: This guide provides general information about Australian legislation and is not legal advice. SafeAI-Aus has exercised care in preparation but does not guarantee accuracy, reliability, or completeness. Organisations should adapt to their specific context and seek advice from legal professionals before making decisions based on this information.

Licence: Licensed under Creative Commons Attribution 4.0 (CC BY 4.0). You are free to copy, adapt and redistribute with attribution: "Source: SafeAI-Aus (safeaiaus.org)"