The map Reviewed 17 Jul 2026

AI regulation in Australia.

Most of the obligations that reach Australian businesses are not AI law. They come from rules that already exist: privacy, consumer law, employment, contract. The AI-specific material is still mostly voluntary, or made overseas.

In force

In forceAustralia (Commonwealth)

Privacy Act 1988 / Australian Privacy Principles

OAIC

Personal information handled by or through an AI tool falls under the same collection, use, disclosure and security rules as any other personal information.

Applies to: APP entities: most businesses with annual turnover over $3m, plus some others regardless of size

Details →Reviewed 17 Jul 2026
In forceAustralia (Commonwealth)

OAIC guidance: commercially available AI products

OAIC

The regulator's guidance on what the Privacy Act expects when a business adopts an off-the-shelf AI product, including due diligence and what can go into public tools.

Applies to: APP entities using off-the-shelf AI tools

Details →Reviewed 17 Jul 2026
In forceAustralia (Commonwealth)

OAIC guidance: developing and training generative AI models

OAIC

The regulator's guidance on how the Privacy Act applies when personal information is used to build or train generative AI models.

Applies to: Entities developing or fine-tuning generative AI models

Details →Reviewed 17 Jul 2026
In forceAustralia (Commonwealth)

Australian Consumer Law (misleading conduct via AI output)

ACCC

The prohibition on misleading or deceptive conduct applies to what your business publishes or tells customers, whether a person or an AI system produced it.

Applies to: All businesses

Details →Reviewed 17 Jul 2026
In forceAustralia (Commonwealth)

ASIC Report 798: governance arrangements and AI

ASIC

The corporate regulator's review of how licensees govern AI, and its statement that existing licensee obligations already cover AI use.

Applies to: AFS licensees and credit licensees

Details →Reviewed 17 Jul 2026
In forceAustralia (Commonwealth)

APRA letter to industry on artificial intelligence

APRA

The prudential regulator's observations on AI adoption, and its expectation that governance, risk and assurance practices keep pace with it.

Applies to: APRA-regulated entities: banks, insurers, superannuation trustees

Details →Reviewed 17 Jul 2026
In forceEuropean Union

EU AI Act

EU

The EU's risk-based AI law, in force and phasing in. It reaches Australian businesses through contracts and EU market access, not Australian enforcement.

Applies to: Australian businesses selling into the EU, or via contract with EU partners

Details →Reviewed 17 Jul 2026

Voluntary

VoluntaryAustralia (Commonwealth)

Voluntary AI Safety Standard

DISR

Ten voluntary guardrails the government recommends for organisations deploying AI, covering accountability, testing, transparency and human oversight.

Applies to: All organisations using or developing AI

Details →Reviewed 17 Jul 2026
VoluntaryAustralia (Commonwealth)

Australia’s AI Ethics Principles

DISR

Eight voluntary principles for responsible AI design and use, from human wellbeing to contestability and accountability.

Applies to: All organisations, by choice

Details →Reviewed 17 Jul 2026
VoluntaryInternational

ISO/IEC 42001: AI management systems

Standards Australia

An international standard for AI management systems. A standard, not a law. Increasingly requested in contracts and tenders.

Applies to: Organisations seeking certification, or asked for it in procurement

Details →Reviewed 17 Jul 2026
VoluntaryNew South Wales

NSW AI Assessment Framework

NSW DCS

The assessment framework NSW government projects use for AI systems. Binding in practice for suppliers to NSW government, voluntary for everyone else.

Applies to: NSW government agencies and their suppliers

Details →Reviewed 17 Jul 2026

Proposed

ProposedAustralia (Commonwealth)

National AI Plan

DISR

The government's December 2025 roadmap for AI adoption, capability and safety. It signals where regulation is heading rather than imposing requirements.

Applies to: Policy direction, not an obligation

Details →Reviewed 17 Jul 2026
ProposedAustralia (Commonwealth)

Mandatory guardrails for high-risk AI (proposals paper)

DISR

A government proposals paper on mandatory requirements for high-risk AI settings. Consultation stage. Nothing in it binds anyone yet.

Applies to: Would reach developers and deployers of high-risk AI if legislated

Details →Reviewed 17 Jul 2026
ProposedAustralia (Commonwealth)

Privacy Act reform: automated decision-making transparency

AGD

From December 2026, privacy policies must explain automated decisions that significantly affect people, under the Privacy and Other Legislation Amendment Act 2024.

Applies to: APP entities using automated decision-making with personal information

Details →Reviewed 17 Jul 2026

Open for consultation

Open for consultationAustralia (Commonwealth)

Children’s Online Privacy Code

OAIC

A draft code setting how online services must handle children's personal information. In consultation, with registration due by December 2026.

Applies to: Online services likely to be accessed by children

Details →Reviewed 17 Jul 2026

Regulatory updates: the changelog →