AIRiskAware
返回洞察阅读英文版

本文目前仅提供英文版本。

Australia 10 min read 2026

Australia's AI Safety Standard: What It Actually Requires and Who It Applies To

The Australian Government's voluntary AI Safety Standard sets out ten core guardrails for safe and responsible AI. For enterprises, voluntary doesn't mean optional — procurement, liability, and reputation make compliance effectively mandatory.

Australia's AI Safety Standard: What It Actually Requires and Who It Applies To

Key Takeaways

  • In October 2025, Australia's National AI Centre (NAIC) replaced the Voluntary AI Safety Standard (VAISS) with the Guidance for AI Adoption — the AI6 framework. AI6 consolidates the original 10 guardrails into 6 essential practices: governance and accountability, impact assessment, risk management, transparency, testing and monitoring, and human oversight.

  • AI6 is voluntary — but organisations that already aligned to the 10 guardrails do not need to start again. The underlying 10 guardrails are retained and integrated into the 6 practices. Existing policies, controls and risk registers can be mapped across.

  • The voluntary status is narrowing in practice: government procurement, enterprise buyers, and liability exposure are making AI6 alignment effectively expected for any serious AI deployment in Australia.

  • The National AI Plan (December 2025) confirmed Australia will rely on existing laws plus AI6 guidance rather than introducing mandatory guardrails — at least for now. A new AI Safety Institute (AISI) was established with AUD$29.9M in funding, operational from early 2026.

  • From 10 December 2026, a new statutory obligation from the Privacy and Other Legislation Amendment Act 2024 requires APP entities to disclose in their privacy policy when they use computer programs to make decisions that significantly affect individuals' rights or interests.

"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"

From the Voluntary AI Safety Standard to the Guidance for AI Adoption (AI6)

Australia's AI governance framework has evolved significantly since 2024. The original Voluntary AI Safety Standard (VAISS), published in September 2024 with its 10 guardrails, was superseded on 21 October 2025 by the Guidance for AI Adoption — a new national framework that consolidates the 10 guardrails into six essential practices, now commonly referred to as "AI6".

This is not a weakening of the framework. The AI6 guidance is more prescriptive and operationally focused than the VAISS, places greater emphasis on whole-of-lifecycle AI management, and is pitched at both AI developers and deployers. A crosswalk between the VAISS guardrails and the AI6 practices is published by the National AI Centre for organisations that structured their governance around the original standard.

What the National AI Plan (December 2025) means

On 2 December 2025, the Australian Government released its National AI Plan — a strategic document that definitively resolved a question that had been open for most of 2025: will Australia pursue mandatory AI guardrails for high-risk AI?

The answer is no — at least for now. The National AI Plan explicitly abandoned the proposed mandatory guardrails that had been consulted on through 2024 and 2025. Instead, Australia will rely on existing technology-neutral laws (Privacy Act, ACL, sector legislation), voluntary guidance (the AI6 framework), and a new Australian AI Safety Institute (AISI) to manage AI risks.

The AISI launched in early 2026 with AUD$29.9 million in funding. Its mandate is advisory — technical analysis, safety testing, and monitoring — not enforcement. It has no powers to impose penalties or require compliance.

The six essential practices (AI6)

The Guidance for AI Adoption sets out six essential practices that organisations are encouraged to adopt: accountability for AI systems; risk management throughout the AI lifecycle; human oversight and control appropriate to context and risk; transparency and explainability to users and affected individuals; privacy and data governance aligned with Privacy Act obligations; and continuous monitoring and improvement of AI systems.

These practices are voluntary. But "voluntary" is becoming a narrower category in practice. The Australian government's procurement framework is beginning to reference AI6. Enterprise buyers are incorporating it into vendor assessments. Directors' duty exposure creates de facto governance expectations. The OAIC, ACCC, APRA, and ASIC all have powers that apply to AI in their respective domains, and the AI6 framework signals what "reasonable" AI governance looks like when those powers are exercised.

Privacy Act reform: the AI obligation that is coming

The one significant new legal obligation on the horizon for Australian organisations is the Privacy Act reform. The Privacy and Other Legislation Amendment Bill 2024, passed by Parliament in December 2024, includes a requirement that privacy policies address substantially automated decisions that significantly affect individuals' rights or interests. This provision comes into effect in December 2026. For organisations using AI in consequential decisions — credit, employment, insurance, service access — this creates a specific disclosure obligation that is not voluntary.

What Australian organisations should do now

Given the abandonment of mandatory guardrails, some organisations may conclude that AI governance can be deferred. This conclusion is mistaken for three reasons. First, existing laws — Privacy Act, ACL, Fair Work Act, sector-specific regulation — already apply to AI and are being enforced. Second, the AI6 framework has become the de facto benchmark for what "responsible AI" means in Australia, even without legal force. Third, the regulatory direction — in Australia and globally — is toward more, not less, formal obligation. Organisations building strong governance now will find adaptation straightforward when formal requirements come.