本文目前仅提供英文版本。
AI Governance for Australian Charities and Not-for-Profits: ACNC Obligations and Practical Compliance
The ACNC does not yet have AI-specific guidance, but the governance standards it enforces — accountability, transparency, responsible management — apply directly to AI deployments by registered charities and NFPs. What boards and executives need to know.
Key Takeaways
The ACNC Governance Standards — particularly Standard 5 (duties of responsible persons) — require charity boards to exercise due care and diligence over all significant operational decisions, including AI deployments.
Charities using AI in grant assessment, client eligibility, service delivery, or fundraising face the same privacy and anti-discrimination obligations as commercial organisations — the charitable purpose does not create an exemption.
The OAIC's Australian Privacy Principles apply to charities with annual turnover above $3M and all health service providers — AI systems processing donor, client, or beneficiary data must comply with APP obligations.
AI in fundraising — predictive analytics for donor targeting, AI-generated appeal content, algorithmic gift matching — creates obligations under state and territory fundraising legislation and ACNC transparency standards.
Boards of large charities (those with revenue above $1M) face specific accountability obligations under the ACNC Act that extend to material technology risks — AI governance is a board matter, not a management matter.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
Why the NFP sector cannot ignore AI governance
The not-for-profit sector in Australia is a significant and growing user of AI. Charities use AI for donor prospecting and fundraising analytics, for grant assessment and beneficiary eligibility determination, for service delivery optimisation, and increasingly for client-facing communications and support. The governance frameworks that apply to these uses are the same frameworks that apply to commercial organisations — the charitable purpose does not create regulatory exemptions.
The ACNC has not yet issued AI-specific guidance, but its existing governance standards create clear obligations that reach AI deployment decisions. The five ACNC Governance Standards require registered charities to be accountable and transparent, to act lawfully and in the interests of the charity's purpose, and for responsible persons to exercise reasonable care and diligence in managing the charity. AI deployments that create legal, reputational, or operational risk are squarely within the scope of these obligations.
ACNC Governance Standard 5 and AI
Governance Standard 5 imposes duties on responsible persons — charity board members and executives — to act with reasonable care and diligence, to act in good faith in the best interests of the charity, not to misuse their position, and to disclose conflicts of interest. The reasonable care and diligence obligation is the most directly relevant to AI governance. A responsible person who approves an AI deployment without understanding its risks, without ensuring appropriate governance is in place, or without considering whether the AI is consistent with the charity's purpose and values may not be satisfying this obligation.
The practical implication: charity boards considering significant AI deployments should ensure the board has received adequate briefing on the AI system's purpose, the data it uses, the risks it creates, and the governance arrangements in place. This briefing should be documented in board minutes. The governance standard does not require boards to be AI experts — it requires them to exercise the care and diligence that a reasonable person in their position would exercise.
Privacy obligations for charities using AI
The Australian Privacy Principles under the Privacy Act 1988 apply to charities with annual turnover above $3M and to all organisations that provide health services regardless of turnover. For large charities — including most peak bodies, hospitals, disability service providers, and aged care organisations — APP obligations apply fully to AI systems that process personal information about donors, clients, beneficiaries, or employees.
APP 3 (collection of solicited personal information) requires that personal information collected for a specific purpose is only used for that purpose — using donor contact information collected for gift processing to train a predictive analytics model may not be consistent with this principle without appropriate disclosure and consent. APP 5 (notification of collection) requires that individuals are notified when their personal information is collected — AI-driven donor prospecting that draws on third-party data sources may create collection notification obligations. And APP 11 (security of personal information) requires appropriate security measures for personal information — the AI systems processing this information must be secured accordingly.
AI in service delivery: the equity and access dimension
Many charities use AI in client-facing service delivery — automated triage systems, eligibility assessment tools, chatbots for client enquiries, predictive tools for identifying clients at risk. These applications create specific governance obligations related to equity and access. The clients of most charities are often from disadvantaged or vulnerable populations — people experiencing financial hardship, disability, mental health challenges, or domestic violence. AI systems that work well for the general population may perform poorly for these groups, whose circumstances may not be well-represented in training data and who may have less capacity to identify and contest AI errors.