Public-sector AI governance under DTA Policy 2.0 and the state frameworks.

The Digital Transformation Agency's Policy for Responsible Use of AI in Government (Version 2.0, effective 15 December 2025) requires designated accountable officials, published transparency statements, risk-based impact assessments using the DTA AI Impact Assessment Tool, and AI fundamentals training for all APS staff by June 2026. High-risk use cases involving security-relevant capabilities, critical infrastructure, or large-scale decision-making must be referred to the AI Review Committee.

The Robodebt scheme resulted in a $1.73 billion settlement after the Royal Commission found unlawful automated decision-making. Recommendation 17.1 calls for a consistent framework ensuring ADM systems are fit for purpose, lawful, fair, and do not adversely affect human and legal rights. Services Australia now commits: "No AI used to process claims. Final decisions always made by humans." The Attorney-General's Department ADM reform consultation closed January 2025. The Law Council emphasises that automated decisions must satisfy lawfulness, procedural fairness, rationality, and explainability.

NSW mandates its AI Assessment Framework under Circular DCS-2024-04, with five principles (Trust, Transparency, Customer Benefit, Fairness, Privacy and Accountability) and AI Review Committee referral for High or Critical use cases. Victoria's Administrative Guideline (June 2025) applies under the Public Administration Act 2004 and requires Charter of Human Rights compatibility. Queensland was the first jurisdiction nationally to mandate ISO 38507 for public-sector AI governance, with the FAIRA risk assessment framework. Multi-jurisdictional organisations need unified strategies that satisfy all of them.

AI systems used in government decision-making are subject to FOI obligations and produce outputs that must be explained, documented, and disclosable. The Privacy and Other Legislation Amendment Bill 2024 requires entities to disclose the types of personal information used in automated decisions that have legal or similarly significant effect on individuals. The AI Model Clauses (Version 2.0, March 2025) require vendors to obtain prior written approval for AI use, ensure human oversight, provide transparency of outputs, and adopt ISO/IEC 42001 where risk assessments indicate heightened exposure. PSPF Directions 001/002 restrict certain products on security grounds.