The Commonwealth’s Digital Transformation Agency (DTA) has issued new guidance on the use of public generative AI tools for Australian Government agencies and staff. This guidance replaces previous interim guidance, and represents a shift from a cautionary position to a risk-based approach that encourages controlled access to public generative AI and explicitly allows its use with OFFICIAL information (but not OFFICIAL: Sensitive or above).
The guidance should be read alongside the Protective Security Policy Framework Policy Advisory 001-2025 on OFFICIAL Information Use with Generative Artificial Intelligence, recently released by the Department of Home Affairs, which:
- provides agencies and stakeholders with confirmation that OFFICIAL information—including data used for business and service delivery—can be used with generative AI (subject to any policies covering the PSPF entity), and
- requires entities to only allow access to gen AI products hosted on providers certified under the Hosting Certification Framework OpenAI and Anthropic (or hosted by a provider that has undertaken a Foreign Ownership and Control assessment).
This alert summarises these developments and outlines key takeaways, including steps to take now.
Time to reap the benefits
The DTA’s new guidance for agencies and staff[1] reflects the Australian Government’s controlled enablement approach to public generative AI, seeking to maximise its benefits by integrating it into agency work while managing its risks and limitations. The guidance documents operate at an enterprise level (ie need to be embedded into systems and processes) and a personal level (ie individuals need to comply), respectively.
Gen AI is here, and it is here to stay
Gen AI is now widely available and increasingly integrated in tools and services we use every day, often without explicit user notification. This includes via search engines, productivity applications and software platforms. Even if someone is not seeking to use Gen AI, a simple Google search will often prompt an ‘AI Overview’ to pop up. Because AI is often embedded in tools that are already used, its presence is not always obvious.
Australian Government agencies restricting access to Gen AI has not removed demand or interest in these tools. Rather, it means that staff:
- may use these tools without proper training or security safeguards, and
- lack practical experience using a technology that is becoming increasingly ubiquitous in professional and personal lives.
What does the DTA’s new guidance mean for public AI use in Government?
The DTA has responded to the proliferation and potential of public generative AI by providing a clearer, more enabling direction for its use in Government.
Public generative AI refers to web-based public generative AI tools. Public generative AI is in contrast to enterprise-grade generative AI, which is deployed in controlled environments to meet specific governance standards, and security and data protection requirements.
Public generative AI products hosted by providers certified under the Hosting Certification Framework or hosted on OpenAI (such as ChatGPT) or Anthropic (such as Claude) are approved under the PSPF Advisory note. Otherwise, the provider must have undergone a foreign ownership control, or influence (FOCI) risk assessment.[2]
The DTA’s updated guidance recognises the benefits of public generative AI – faster research, development of cleaner drafts, and more thorough analysis of documents and data. However, it also acknowledges the potential for security and privacy risks associated with misuse of these tools.
The updated guidance reflects this balancing act, and provides a clear way forward, distinguishing between staff and agency responsibilities.
For staff, the guidance is simplified into three overarching principles:
- protect privacy and safeguard government information
- use judgement and critically assess generative AI outputs
- be able to explain, justify and take ownership of your advice and decisions
For agencies, it recommends measures to manage access and include safeguards, such as monitoring and human validation requirements, while prioritising enterprise-grade AI for sensitive or classified material. The update to the DTA’s guidance elevates AI literacy as a core workforce capability, calling for training, competency frameworks and practical experience.
What does the PSPF Advisory note say?
Three key things entities (being agencies and accredited persons) must do:
- only provide access to generative AI products hosted on Hosting Certification Framework providers, OpenAI or Anthropic or which have undergone a Foreign Ownership, Control, or Influence (FOCI) risk assessment,
- ensure staff training includes guidance on handling security classified information when using generative AI, and
- follow the existing PSPF technology authorisation process and consider relevant Australian Signals Directorate Guidance when approving access to generative AI tools for use with OFFICIAL information.
The DTA guidance encourages agencies and staff to use public generative AI safely and responsibly. The PSPF Advisory note complements this guidance by providing mandatory guardrails that agencies must apply when enabling that use, in order to protect sensitive and classified government information.
Key takeaways for agencies and staff
Staff is defined to include employees, contractors and consultants and the guidance applies to anyone that is ‘working with government information’ and provides guidance about using AI on government systems.
Agencies providing access to generative AI products certified under the Hosting Certification Framework, OpenAI and Anthropic, do not require additional FOCI assessment to the assurance provided by the Department of Home Affairs. All other providers must be assessed in accordance with PSPF Direction 001-2024 before allowing access.
|
DTA RECOMMENDATION
|
KEY TAKEAWAYS FOR AGENCIES
|
KEY TAKEAWAYS FOR STAFF
|
|
Enable use of public generative AI tools
|
The DTA recommends an ‘enable where appropriate’ position for public generative AI access for government information classified up to OFFICIAL. |
Staff should refer to their agency’s internal policies relating to AI use to determine whether they can access public generative AI tools. Staff must not put security classified, personal information, or third-party copyright protected information into public generative AI tools. Public generative AI tools are different from non-public or enterprise tools that have been configured to meet agency requirements. When using public tools, inputs and outputs could be made public, and staff must be aware of whether they are using public or non-public generative AI tools. |
|
Adopt a risk-based approach
|
AI use should be accompanied by technical safeguards (such as upload blockers, splash screens and data loss prevention tools) and should be managed in accordance with the Protective Security Policy Framework, including the Policy Advisory 001-2025 on OFFICIAL Information Use with Generative Artificial Intelligence. |
Staff must ensure that their use of generative AI supports public trust and upholds the standards and frameworks expected of government employees. Generative AI must not make final decisions on government advice, services or outputs. Staff remain responsible and accountable for content they create, share or use. |
|
Develop AI literacy
|
Agencies should prioritise developing AI literacy for its staff through training and hands on experience with the AI tools, establishing competency frameworks, and knowledge sharing across agencies. |
AI literacy is becoming a baseline capability for the APS workforce. Staff should:
When using generative AI, staff must use judgement and critically assess its outputs. |
|
Integrate AI governance and build on existing training to reduce risks
|
Agencies should ensure they are providing training relating to privacy, security, professional conduct and integrity expectations to support generative AI use and reduce risks. Agency policies and governance relating to AI use should be integrated with existing frameworks including usage monitoring, incident response procedures, human validation requirements and documentation of AI use. |
Staff should ensure they have a strong and comprehensive understanding of their privacy, security, professional conduct and integrity expectations. Staff must complete mandatory training including on security and privacy awareness. |
What do you need to do now?
- While the DTA recommends agencies enable public generative AI use, it is up to agencies to decide whether to enable access to public generative AI on their systems.
- Agencies should review their current public generative AI-related policies in light of the guidance materials from the DTA – this covers both enterprise policies and those applying at an individual level.
- APS employees, contractors and consultants should confirm their agency’s policy position and approved tools, complete any required training and ensure they are verifying the AI tool’s outputs before any external release of work.
- Contracts with contractors and consultants should be reviewed to ensure that the clauses reflect the agency’s circumstances.
- Check that you have only provided access to generative AI products hosted on Hosting Certification Framework providers, OpenAI or Anthropic. If not, do you have a FOCI clearance?
Insights by our specialists to guide you through the risks and opportunities of the fast-paced AI and GenAI landscape.
