AI Compliance: Australia 2026

Sawai Gyoseishoshi Office • 2026
FREE CHAPTER

Chapter 1: Regulatory Overview

1.1 The Australian Approach to AI Regulation

Australia does not have a comprehensive, standalone AI law. As of June 2026, the country regulates artificial intelligence through a combination of voluntary ethical principles, reforms to existing legislation (particularly the Privacy Act 1988), sector-specific regulatory guidance, and consumer protection law. This approach emerged after the Australian Government explicitly abandoned its proposal for mandatory AI guardrails in December 2025, pivoting from an EU-style regulatory model to a technology-neutral stance under the National AI Plan.

The result is a regulatory environment in which AI developers and deployers must navigate multiple existing legal frameworks. Compliance obligations arise primarily from privacy law, consumer law, anti-discrimination law, work health and safety requirements, and sector-specific regulations, rather than from any single AI-focused statute.

1.2 Key Regulatory Bodies

Department of Industry, Science and Resources (DISR): The lead policy department for AI governance. Responsible for the National AI Plan, the AI Ethics Principles, and coordination of the government's overall approach to AI. Conducted the voluntary AI Ethics Principles consultation and the mandatory guardrails consultation before the December 2025 policy reversal.

Office of the Australian Information Commissioner (OAIC): The primary regulator for personal data, enforcing the Privacy Act 1988 and the Australian Privacy Principles (APPs). Has jurisdiction over AI systems that collect, use, disclose, or store personal information. The OAIC will oversee the new automated decision-making disclosure obligations under the Privacy Act amendments effective December 10, 2026.

Australian Competition and Consumer Commission (ACCC): Enforces the Competition and Consumer Act 2010 (incorporating the Australian Consumer Law). Has actively pursued enforcement actions against misleading AI claims and deceptive conduct involving AI-powered products and services. The ACCC Digital Platform Services Inquiry examines AI-related competition issues.

eSafety Commissioner: The world's first government agency dedicated to online safety. Regulates AI-generated harmful content under the Online Safety Act 2021, including deepfakes, synthetic child sexual abuse material, and AI-enabled cyber abuse. Has the power to issue removal notices and impose civil penalties.

Australian AI Safety Institute (AISI): Established under the National AI Plan and operational from early 2026. Tasked with evaluating frontier AI models, conducting safety assessments, and building technical capacity for AI risk evaluation. The AISI is modelled in part on the UK AI Safety Institute but operates within Australia's voluntary governance framework.

Australian Prudential Regulation Authority (APRA): Regulates AI use in banking, insurance, and superannuation. CPS 234 (Information Security) applies to AI systems processing financial data. Has issued guidance on operational risk management that encompasses AI-driven decision-making.

Australian Securities and Investments Commission (ASIC): Regulates AI in financial services, including robo-advice platforms, algorithmic trading, and AI-driven financial product distribution. Responsible for consumer protection in financial AI.

Therapeutic Goods Administration (TGA): Regulates AI-based medical devices under the Therapeutic Goods Act 1989, including Software as a Medical Device (SaMD).

1.3 Timeline of Key Developments

Date Development
2019 AI Ethics Framework published by Department of Industry
March 2024 Voluntary AI Ethics Principles refreshed (8 principles)
June 2024 Mandatory guardrails consultation paper released — proposed 10 mandatory guardrails
September 2024 Public consultation on mandatory guardrails closes (over 500 submissions)
December 2025 Government abandons mandatory AI guardrails in favour of technology-neutral approach
2025 National AI Plan released — emphasises innovation, adoption, and voluntary governance
October 2025 AI6 Guidance for Australian Government Agencies issued (6 mandatory guardrails for Commonwealth agencies)
Early 2026 Australian AI Safety Institute (AISI) becomes operational
September 2025 Privacy and Other Legislation Amendment Act receives Royal Assent (APP 1.7-1.9 amendments)
December 10, 2026 Privacy Act amendments effective — automated decision-making disclosure obligations commence

1.4 Key Legislation Affecting AI

Law AI Relevance
Privacy Act 1988 (Cth) Personal data processing, Australian Privacy Principles, automated decision-making disclosure (from Dec 2026)
Competition and Consumer Act 2010 (Cth) Misleading AI claims, unfair practices, consumer guarantees for AI products
Online Safety Act 2021 (Cth) Deepfakes, synthetic CSAM, AI-enabled online harms
Work Health and Safety Act 2011 (Cth + state equivalents) AI in workplace safety, autonomous systems, psychosocial hazards
Racial Discrimination Act 1975 (Cth) AI-driven racial discrimination
Sex Discrimination Act 1984 (Cth) AI-driven gender discrimination
Disability Discrimination Act 1992 (Cth) AI accessibility and disability discrimination
Age Discrimination Act 2004 (Cth) AI-driven age-based discrimination
Australian Human Rights Commission Act 1986 (Cth) Complaints mechanism for AI-related human rights violations
Therapeutic Goods Act 1989 (Cth) AI as medical device (SaMD) regulation
Security of Critical Infrastructure Act 2018 (Cth) AI in critical infrastructure sectors
Telecommunications Act 1997 (Cth) AI in telecommunications services
My Health Records Act 2012 (Cth) AI processing health records
Administrative Decisions (Judicial Review) Act 1977 (Cth) Judicial review of government AI-assisted decisions

1.5 The Mandatory Guardrails That Were Abandoned

In June 2024, the Australian Government released a consultation paper proposing 10 mandatory guardrails for AI in high-risk settings. These guardrails would have required organisations deploying AI in high-risk contexts to implement specific governance measures, including transparency, testing, human oversight, and accountability mechanisms. The proposal attracted over 500 submissions.

In December 2025, the government decided not to proceed with mandatory guardrails, citing concerns about regulatory burden, the pace of AI development, and the risk of inhibiting innovation. Instead, the National AI Plan adopted a technology-neutral approach that relies on existing laws and voluntary principles.

This decision has significant practical implications: unlike the EU (which enacted the AI Act) or Canada (which pursued the Artificial Intelligence and Data Act), Australia has no planned AI-specific legislation imposing binding obligations on AI developers or deployers. Compliance obligations arise from existing legal frameworks.


Want to monitor your AI compliance automatically? Try AIOS — your AI compliance OS. https://mmoww.net/ai/app/

Quick Decision Matrix

Use this matrix to determine your AI compliance obligations.

Your Situation Risk Level Priority Action Go To
Deploying AI that affects employment decisions High Impact assessment required Chapter 3
Using AI for customer-facing services Medium-High Transparency obligations apply Chapter 4
Internal AI tools (analytics, automation) Medium Document and monitor Chapter 5
AI in regulated sector (finance, health) High Sector-specific rules apply Chapter 3
Procuring AI from third-party vendor Medium Vendor due diligence needed Chapter 5
Just exploring AI for the first time Low Start with governance framework Chapter 2

5-second answer: If your AI system makes decisions that affect people, you have compliance obligations. Start with Chapter 2 for the regulatory framework, then Chapter 3 for your specific obligations.

Continue Reading

Get the complete guide with all chapters, checklists, and regulatory updates.

Browse on Amazon Trust Library Edition — $77.7 Try Free Compliance Tool