Licentium

AI Regulation Hub

Australia

Australia has no comprehensive AI Act. Its framework combines a Voluntary AI Safety Standard, a mandatory public-sector AI policy, existing privacy / consumer / discrimination laws, and ongoing consultation on mandatory guardrails for high-risk AI.

Key provisions

Voluntary AI Safety Standard

In force

Practical guardrails across the AI supply chain: accountability, risk management, system & data protection, testing & monitoring, human control, user information, challenge mechanisms, supply-chain transparency, record-keeping, stakeholder engagement.

AI adoption guidance

In force

Essential practices: accountability, impact understanding, planning, risk management, information sharing, testing & monitoring, and human control. Especially relevant for complex or higher-risk AI.

Mandatory policy for AI in government

In force

Applies to non-corporate Commonwealth entities (with specified exceptions). Requires accountable officials, transparency statements, strategic planning, internal AI use-case accountability, AI use-case registers, staff training and impact assessments.

Mandatory guardrails for high-risk AI

Draft

Government consultation on whether and how high-risk AI should be subject to mandatory requirements. Currently policy development, not binding law.

Existing-law overlays

In force

Privacy, consumer protection, anti-discrimination, employment, product safety, copyright, financial services, healthcare, telecommunications and online safety laws may apply.

Detailed overview

Australia does not currently have a single comprehensive AI Act equivalent to the EU AI Act. Its AI framework is based on voluntary AI safety standards, government AI policy, existing laws and ongoing work on possible mandatory guardrails for high-risk AI.

Voluntary AI Safety Standard

The Australian Government has published a Voluntary AI Safety Standard. The standard applies across the AI supply chain and is designed to help organisations develop and deploy AI safely and reliably. It is not a new law by itself, but it provides practical guardrails for organisations building, procuring, deploying or using AI systems.

The voluntary guardrails cover governance and operational controls. They include accountability processes, risk management, protection of AI systems and data, testing and monitoring of AI performance, human control or intervention, user information about AI-enabled decisions or content, mechanisms for impacted people to challenge AI use or outcomes, supply-chain transparency, record-keeping and stakeholder engagement on safety, fairness, diversity and inclusion.

Australia has also published guidance for AI adoption. The guidance identifies essential practices such as deciding who is accountable, understanding impacts, planning AI use, measuring and managing risks, sharing information, testing and monitoring systems, and maintaining human control. It is especially relevant for complex or higher-risk AI systems.

Public-sector AI policy

For the public sector, Australia has a mandatory Policy for the responsible use of AI in government. The policy applies to non-corporate Commonwealth entities, subject to specified exceptions. It requires accountable officials, transparency statements, strategic planning, internal AI use-case accountability, AI use-case registers, staff training and AI use-case impact assessments.

Mandatory guardrails (in development)

Australia is also considering mandatory guardrails for AI in high-risk settings. Government consultation materials address whether and how high-risk AI should be subject to mandatory requirements. Until such rules are enacted, these proposals should be treated as policy development rather than binding law for all private-sector AI use.

Penalties

Private-sector AI systems may still be regulated under existing Australian laws, including privacy, consumer protection, anti-discrimination, employment, product safety, copyright, financial services, healthcare, telecommunications and online safety laws. There is no single Australian AI-specific fine table for private-sector AI use under the voluntary standard. Penalties depend on the underlying legal regime that is breached.

Practical requirements & details

Sourced from the Voluntary AI Safety Standard (DISR, 2024), the Policy for the responsible use of AI in government, the Privacy Act 1988 + reform package, the proposed Mandatory Guardrails for High-Risk AI consultation, and OAIC AI guidance.

Voluntary AI Safety Standard — 10 guardrails

  • 1. Establish accountability processes, organisational policies, roles and training.
  • 2. Establish a risk management process.
  • 3. Protect AI systems and implement data governance.
  • 4. Test AI models and systems; evaluate and monitor.
  • 5. Enable human control or intervention.
  • 6. Inform end-users about AI-enabled decisions and content.
  • 7. Establish processes for people impacted by AI to contest outcomes.
  • 8. Be transparent across the supply chain on data, models and risks.
  • 9. Keep records to allow third parties to assess compliance.
  • 10. Engage with stakeholders and evaluate their needs and circumstances.

Mandatory public-sector policy

  • Applies to non-corporate Commonwealth entities.
  • Requires accountable officials, transparency statements, strategic planning, internal AI use-case accountability, AI use-case registers, staff training, impact assessments.

Mandatory guardrails (consultation)

  • Government has consulted on mandatory guardrails for high-risk AI; not yet enacted.
  • Likely to track the voluntary standard's 10 guardrails with binding force.

Existing-law overlays

  • Privacy Act 1988 + APPs (reform in progress) for AI processing personal information.
  • Australian Consumer Law for misleading AI claims and unsafe products.
  • Age Discrimination, Disability Discrimination, Racial Discrimination, Sex Discrimination Acts for AI in employment, services, education.
  • Therapeutic Goods Administration: AI-enabled medical devices subject to TGA conformity assessment.
  • ASIC + APRA for AI in financial services.
  • Online Safety Act 2021 for AI-generated harmful content.

Penalties

  • No AI-specific fine table.
  • Privacy Act: serious or repeated breaches — up to the greater of AUD 50M, 3x benefit, or 30% of adjusted turnover.
  • ACL: up to AUD 50M, 3x benefit, or 30% of adjusted turnover.
  • Online Safety Act: civil penalties up to ~AUD 9.9M per contravention.

Ready to launch without the regulatory guesswork?

Book a 30-minute consultation. We'll map your AI or licensing path and tell you exactly what's required, in plain language.

Get Started