Este artigo está disponível apenas em inglês no momento.
AI for Procurement Teams in Australia: Buying AI Responsibly and Governing What You Buy
Procurement teams face a dual challenge: using AI to improve procurement processes, and governing AI tool purchases across the organisation. Both carry specific legal and regulatory obligations.
Key Takeaways
Procurement teams hold two AI roles: using AI in their own processes and governing AI tool purchases by other business units. Most organisations have the first by accident and the second inadequately designed.
Standard software contract terms are inadequate for AI tools. AI-specific provisions needed include: data handling and model training practices; incident notification obligations; audit rights over vendor AI governance; expectations around AI output accuracy; and liability for AI-generated errors.
Shadow AI — business units deploying AI tools without procurement review — is a significant governance problem. Procurement teams should establish a lightweight AI procurement review gate for any AI tool before organisational use.
Supplier risk assessments must now explicitly cover AI: whether suppliers use AI in delivering contracted services; what oversight exists; and whether AI-assisted outputs meet the same standards as human-delivered ones.
The Privacy Act applies to all personal information processed through procured AI tools. Vendor contracts must include adequate data processing agreements, data sovereignty provisions for Australian personal information, and incident notification obligations.
For Australian government procurement and suppliers to government, the DTAs AI policy and APS AI Plan requirements — including AI Impact Assessments and mandatory AI literacy for staff — are now part of the procurement environment.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
Two roles, both underdeveloped
Procurement teams occupy two distinct positions in AI governance: users of AI for contract analysis, supplier due diligence, spend analytics and market intelligence; and governors of AI procurement across the organisation. Most organisations have the first by accident and the second inadequately designed.
Negotiating AI-specific contract provisions
Standard software contract terms often fail to address the specific risks of AI tools. Key provisions procurement teams should ensure are addressed:
Data handling: Where is data processed? Who can access it? Is it used to train the model? Does processing comply with APP 8 and sector-specific data sovereignty requirements?
Incident notification: The Privacy Act requires notification of eligible data breaches to the OAIC and affected individuals. Your contract must ensure you receive timely vendor notice to meet these obligations within required timeframes.
Audit rights: Can you audit the vendors AI governance practices, security controls, and contract compliance? For AI tools supporting critical functions, this right is increasingly expected by auditors and regulators.
AI output accuracy: Standard uptime SLAs do not capture AI-specific performance requirements. Consider whether contracts should include commitments around accuracy, bias monitoring, and model drift management.
Liability: Most vendor contracts limit liability significantly. Assess whether additional indemnification or insurance is required for high-stakes AI use cases where AI-generated errors could cause material loss.
Governing AI procurement across the organisation
Shadow AI — business units accessing AI tools on a credit card or through software subscription channels without procurement review — is a significant governance problem. Establish a lightweight AI procurement review process covering data handling, security, privacy compliance, and alignment with the AI governance framework. The National AI Centres AI system register template provides a useful structure for documenting each tool in use.
Supplier risk in an AI-enabled landscape
Your suppliers are increasingly using AI in their operations. Supplier due diligence questionnaires should now ask whether suppliers use AI in delivering contracted services; what oversight exists; and whether AI-assisted delivery is disclosed to and consented to by clients. Suppliers using AI that creates WHS risks for their workers — including under NSWs Digital Work Systems Act 2026 — may have compliance obligations affecting your supply chain risk profile.