AIRiskAware
Australian sectors
OAICACCCDCCEEWAGD

AI governance for Australian technology companies.

Australian tech companies face Privacy Act obligations, ACCC consumer law, Consumer Data Right rules, and growing government expectations around the AI6 framework. No single AI-specific law yet — but the existing obligations already bite.

Regulatory obligations at a glance

Six frameworks. All active. None specifically labelled "AI law" — but all apply.

APP 1, 3, 6, 11
OAIC

Privacy policy must describe AI use of personal data. Collection, use, and disclosure of personal information for AI training or inference must comply with the purpose for which data was originally collected.

High
Mandatory DBN
OAIC

Eligible data breaches involving AI systems (including unauthorised model output disclosures or training data leakage) must be notified to the OAIC and affected individuals within 30 days.

High
Section 18 ACL
ACCC

AI-generated content, product descriptions, reviews, or recommendations must not be misleading or deceptive. Synthetic content and AI-generated testimonials are in scope.

High
CDR Rules
ACCC/OAIC

Consumer Data Right accredited data recipients using AI to analyse consumer data must comply with CDR purpose restrictions — AI cannot use CDR data for purposes beyond those disclosed at point of consent.

Medium
AI6 Framework
DCCEEW

Voluntary but increasingly expected by government and enterprise customers: transparency, fairness, accountability, and contestability obligations across the AI lifecycle.

Medium
ADM Disclosure
AGD

Statutory obligation to notify individuals of automated decision-making in government or government-adjacent contexts takes effect December 2026. Technology suppliers to government must be ready.

High

Guidance for Australian technology AI governance

Analysis of the frameworks that apply to Australian tech companies.

10 min read

Australia's AI Governance Gap: What the Absence of Mandatory AI Law Means for Your Business

Read
11 min read

Australia's AI Safety Standard: What It Is, What It Isn't, and What It Means for Your Organisation

Read
9 min read

Australia's AI6 Framework: What the October 2025 Guidance Means for Australian Organisations

Read
11 min read

The Privacy Act, AI, and What the OAIC Expects from Australian Organisations

Read

Priority actions for technology sector AI governance

Audit your privacy policy — does it accurately describe how AI systems use personal data? APP 1 requires current, accurate disclosure

Map all AI systems that process personal data to the Australian Privacy Principles — identify collection purpose mismatches

Review AI-generated content and product descriptions for ACL Section 18 compliance — misleading AI outputs are your liability

If you hold CDR accreditation: confirm AI models are not using CDR data beyond disclosed purposes

Prepare for the December 2026 automated decision-making disclosure obligation — audit which decisions in your platform are automated

Align AI development practices with the AI6 framework — transparency, fairness, accountability, and contestability — ahead of likely government procurement requirements

Stay ahead of AI governance

Regulatory updates, practical frameworks, and analysis. No spam, unsubscribe anytime.

No spam. Unsubscribe anytime. We'll never share your email.