澳大利亚AI采用指南(AI6):取代10项护栏的六项基本实践
2025年10月21日,AI6取代了旧的自愿AI安全标准。发生了什么变化以及对澳大利亚组织意味着什么。
Key Takeaways
The 2024 Voluntary AI Safety Standard (VAISS) with its 10 guardrails was superseded on 21 October 2025 by the Guidance for AI Adoption, which consolidates the 10 guardrails into six essential practices.
The AI6 framework is more prescriptive and operationally focused than the original VAISS. It places greater emphasis on whole-of-lifecycle AI management and applies to both AI developers and deployers.
The December 2025 National AI Plan confirmed Australia will not pursue mandatory AI guardrails or a standalone AI Act — the AI6 framework and existing laws are the primary governance tools.
The Australian AI Safety Institute (AISI) launched in early 2026 with AUD$29.9 million in funding. It has advisory and monitoring functions only — no enforcement powers.
A crosswalk document is available from the National AI Centre mapping the 10 VAISS guardrails to the 6 AI6 practices, helping organisations that built governance around the original standard.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
Why the standard changed
The 2024 Voluntary AI Safety Standard was designed as an interim framework while the government considered mandatory AI guardrails. With the December 2025 National AI Plan definitively ruling out mandatory guardrails — at least for now — the NAIC published updated guidance that is less focused on anticipating future regulation and more focused on providing practical, operational guidance for organisations at different stages of AI adoption.
The new Guidance for AI Adoption is also a response to industry feedback that the original VAISS was broad and principles-based in ways that made practical implementation uncertain. The AI6 framework is more prescriptive. It includes detailed "Implementation Practices" guidance for larger organisations and a "Foundations" guide for organisations at earlier stages of AI adoption.
The six essential practices
Practice 1 — Accountability: Establish clear organisational accountability for AI use. This means named responsibility for AI governance — not diffused team ownership — with appropriate authority and reporting structures. Board-level visibility for material AI risks is expected for larger organisations.
Practice 2 — Risk management: Identify, assess, and mitigate AI risks throughout the AI lifecycle, including risks to individuals, organisations, and broader society. Risk management should be proportionate to the risk level of specific AI systems — high-risk AI applications require more rigorous processes than low-risk AI tools.
Practice 3 — Human oversight: Maintain appropriate human oversight and control of AI systems. The appropriate level of oversight depends on context and risk. For AI used in high-stakes decisions affecting individuals — employment, access to services, credit — meaningful human review is expected. Rubber-stamping AI recommendations without genuine independent assessment is not oversight.
Practice 4 — Transparency: Be transparent about AI use with individuals who interact with AI systems or are affected by AI decisions. Transparency obligations interact with the Privacy Act's APP 1 requirement that privacy policies address AI use of personal information. From December 2026, a new statutory obligation requires privacy policies to address substantially automated decisions affecting individual rights.
Practice 5 — Privacy and data governance: Handle personal information in AI systems in accordance with Privacy Act obligations and APP requirements. This practice explicitly cross-references the Australian Privacy Principles and the OAIC's AI privacy guidance. AI training, inference, and monitoring pipelines all must be assessed against applicable APPs.
Practice 6 — Continuous improvement: Monitor AI system performance and safety, and improve governance practices over time. AI systems degrade. Monitoring is not optional for responsible AI governance. The practice includes requirements for incident management and learning from AI failures.
How AI6 relates to the old 10 guardrails
The NAIC has published a crosswalk document identifying corresponding provisions between the VAISS guardrails and the AI6 practices. Organisations that built governance frameworks around the original 10 guardrails do not need to rebuild from scratch — the AI6 practices cover substantially the same ground with different structure and more operational detail.
The key differences are emphasis and operationalisation. The AI6 framework places greater emphasis on the full AI lifecycle (from development through deployment to decommissioning) and provides more specific guidance on what each practice looks like in operation. It is also explicitly two-tiered: a "Foundations" guide for organisations early in their AI governance journey and "Implementation Practices" detail for more mature organisations.
The AISI: Australia's new AI safety body
The Australian AI Safety Institute launched in early 2026 with AUD$29.9 million in initial funding. The AISI's mandate is technical analysis, safety testing, monitoring of AI capabilities and risks, and provision of expert advice to regulators and government. It has no enforcement powers. It is an advisory and research body, not a regulatory authority.
The AISI joins the International Network of AI Safety Institutes alongside comparable bodies in the US, UK, Canada, South Korea, Japan, and Singapore — providing Australia with participation in international AI safety cooperation. Its work will inform whether gaps in existing laws are identified that require targeted legislative amendment.