Insight,

AI & Virtual,Privacy,Data,

Have your say on the regulation of Artificial Intelligence in Australia: Recent Developments

26 June 2023

Our People
AU | EN
Current site :    AU   |   EN
Australia
EN |
Singapore
EN |
Sidebar
Tell me in twenty seconds

Three recent developments in Australia indicate the nation is playing “catch up” in its regulation of AI. A clear regulatory framework and strong corporate governance is going to be important if Australia is to keep abreast of such rapid technological change. If you would like a say in how AI is regulated in Australia, the Australian government is calling for submissions on the Department of Industry, Science and Resources’ Safe and responsible AI in Australia: Discussion Paper. Submissions close 26 July 2023. 

Artificial Intelligence (AI) is increasingly becoming a focal point for lawmakers and regulators around the world. Like many nascent technologies, AI has the potential for both harmful as well as positive outcomes, with algorithmic biases and the generation of misleading or erroneous outputs of particular concern. Consequently, safety and the effective management of AI risk has been at the forefront of the minds of Australian regulators. While some overseas jurisdictions are already further down the path towards AI regulation (see our recent article here), there have been three recent significant developments in Australia:

We describe each of these developments in further detail below. However, they each clearly indicate the importance of a clear regulatory framework and strong corporate governance if Australia is to successfully ride the rapidly-cresting AI wave.

The current state of AI Regulation in Australia

Overall, these recent developments reveal three key features about the current state of AI regulation in Australia:

  • Australia is very much playing “catch up” in its regulation of AI, having adopted a “wait and see” approach until now of observing how its international peers manage this emerging issue. As a result, AI is largely regulated in Australia by existing laws not specifically designed for AI, rather than by a purpose-built regulatory regime.
  • Given the AI “gold rush” as major tech companies scramble to harness the potential of AI, along with international developments such as the European Union’s recent passing of the EU Artificial Intelligence Act (see our article here), there is a risk of Australia being left behind if it does not move swiftly to establish a framework of regulations and guidance that will actively encourage and facilitate responsible use of AI technologies. For example, while the Australian government has produced an AI Ethics Framework – a voluntary, aspirational set of principles designed to complement existing laws of general application – the US National Institute of Standards and Technology has developed an AI Risk Management Framework and Playbook, which comprehensively sets out the approaches organisations can take to mitigate the risks involved in developing and deploying AI.
  • Government regulation is unlikely to ever provide all the answers - corporate governance will play in this space, such as through the development of appropriate risk management frameworks. Corporate Australia therefore will have to contribute to the hard thinking that must be done about the role that AI should play in our society. This includes engaging with Government on developing regulatory frameworks, but also working on organisational policies and procedures to guide internal decision-making on AI. In our view, organisations that are most willing to engage with these challenges – rather than adopt a more cautious “hands off” approach, while others chart a path forward – are most likely to be the winners in a new AI-enabled economy.

Make a submission to the Australian Government?

The Department of Industry, Science and Resources’ Safe and responsible AI in Australia: Discussion Paper has sought public engagement on whether further governance and regulatory responses are needed in Australia. This is a great opportunity for organisations to provide input into how they think AI should be governed and regulated. In particular, should Australia have a dedicated law dealing with AI, or should we leave this to existing laws of general application (e.g. existing or enhanced copyright, privacy, consumer and corporate laws etc.)? Submissions close on 26 July 2023. Please reach out if you would like to discuss making a submission.

The three significant developments:

Safe and Responsible AI in Australia: Discussion Paper

The Department of Industry, Science and Resources released a discussion paper on the safe and responsible use of AI in Australia, which:

  • seeks public engagement on whether further governance and regulatory responses are needed in Australia (submissions close soon on 26 July 2023),
  • considers whether Australia should ban high-risk applications or technologies and introduces a risk management approach, and
  • provides an overview of the existing regulatory and governance frameworks in Australia, and of ongoing and diverging international developments in AI regulation (i.e. from voluntary approaches in Singapore, to more direct regulation in places such as the EU and Canada).

The discussion paper proposes a regulatory model based on risk management, with more onerous compliance obligations applying for higher risk applications of AI technology. The paper suggests that the benefits of this approach include that it would:

  • cater to context-specific risks of AI, so requirements can change depending on how the AI is deployed,
  • allow for less onerous obligations for lower risk AI uses, and
  • allow AI to be used in high-risk settings where the risk and costs are justified and can be explained.

Obviously the critical first step in any such system will be determining the level of risk associated with each proposed new AI application. The table below summarises the three main risk levels contemplated in the discussion paper:

Risk level
Permitted use
Examples

Low risk AI 

Minor impacts that are limited, reversible or brief

can be used subject to a basic self-assessment, general explanation and with user training
  • use of AI in computer chess systems
  • algorithm-based spam filters that identify and block unwanted or dangerous emails
  • AI-enabled chatbots that direct consumers to service options according to existing processes

Medium risk AI

High impacts that are ongoing and difficult to reverse

can be used subject to a comprehensive and specific self-assessment, provision of plain language notices, and additional risk management obligations
  • AI-enabled application that preliminarily assesses a business loan applicant’s creditworthiness
  • use of Generative AI in educational settings to assess the performance of teachers and students
  • use of AI-enabled chatbots to direct citizens to essential or emergency services

High risk AI

Very high impacts that are systemic, irreversible or perpetual

can only be used subject to an impact assessment peer reviewed by external experts, published system explanations, and additional risk management obligations
  • use of AI-enabled robots for medical surgery
  • use of AI in safety-related car components and in self-driving cars to make real-time decisions

This type of risk management approach is already guiding regulatory responses in other jurisdictions, such as the EU’s AI Act, Canada’s mandatory directive on automated decision making and the US NIST’s AI Risk Frameworks. It will be important for Australia to continue monitoring these international developments in order to ensure that its regulatory framework can work in harmony with international counterparts, so that Australia does not become a jurisdiction that is in the “too hard” basket and risk being over-looked as a jurisdiction for multinational companies to make AI investments.

Rapid Response Information Report: Generative AI

The Minister for Industry and Science commissioned a report from Australia’s National Science and Technology Council on generative AI, which was delivered in March 2023 but only recently released for public review.  The report examines the opportunities and risks associated with generative AI built on large language models (LLMs) and multimodal foundation models (MFMs) (ChatGPT is an early example of generative AI built on LLMs and MFMs), and outlines the need for risk management strategies as more services, applications and business are built on top of this technology. The report identifies three categories of risk as being important to manage:

Culture elements
Category of risk
Example of types of risk
Technical systems risks

Security and resilience, privacy, explainability, trust and system accountability and transparency.
Contextual and social risks

Risks to human rights and values arising from AI use in high-stakes contexts (such as law enforcement, health and social services), and risks arising from other AI developments that may accelerate existing social inequalities.
Systemic social and economic risk

Negative impacts on democratic systems, environmental impacts, and competition concerns (market dominance by a small number of transnational corporations providing generative AI as a platform or service).

This thinking obviously dovetails with the risk management approach contemplated in the Government’s discussion paper, as flagged above. Each of these risk categories should be considered in determining the relevant risk level of a new AI application and, therefore, the extent of regulatory compliance requirements that should apply. These risks, and any associated categorisation, will need to be continually reviewed and considered as the implications of AI may only become apparent through practice and experimentation – there may well be risks (as well as opportunities!) from this type of technology that we cannot yet anticipate. This is one reason why a flexible risk management approach may ultimately be preferred over a more rigid set of fixed rules that may quickly become outdated as underlying technology continues to advance.

The State of AI Governance in Australia

Shortly before the Government’s discussion paper was released, the Human Technology Institute at the University of Technology Sydney released a report providing an overview of the current state of AI-related governance in corporate Australia.  The report is based on surveys, structured interviews and workshops engaging over 300 Australian company directors and executives, and concludes that current organisational risk management and governance approaches are inadequate to address potential AI-related harms.

To govern AI appropriately, the report recommends that corporate leaders should invest in four areas:

  • capacity building and developing strategic expertise in AI
  • creating a suitable AI strategy
  • implementing governance systems that effectively address risks associated with AI
  • supporting a human-centred culture regarding their use of AI

This echoes some of KWM’s early thinking on the topic, as reflected in our alert on ChatGPT and the Importance of AI governance.

Categories

Key Contacts

Show MoreShow Less
Latest Thinking
Insight
Bendel: Commissioner ‘A loan’ in view that UPE was a loan for Division 7A purposes
The long-awaited High Court decision in Bendel has arrived!

12 June 2026

Insight
Queensland goes all in on critical minerals: Key changes under the SDPWO Amendment Bill 2026
Queensland has fired the legislative starting gun in the race for critical minerals investment.

05 June 2026

Insight
The forfeiture rule and superannuation death benefits: emerging issues for trustees
While the forfeiture rule is a longstanding position in law, its application to superannuation is not always clear.

05 June 2026

Explore Latest Thinking
Our People
Media Centre
About Us
Contact Us
Explore Our Expertise
Explore insights

Advertising and Targeting Cookies