On 31 July 2025, the Australian Government’s Digital Transformation Agency (DTA) published a 102-page AI Technical Standard (AI Standard) to promote responsible AI use by public sector entities and their staff (Entities). In a media release, DTA’s General Manager Lucy Poole explained that the AI Standard is “designed to integrate with what agencies already do” and seeks to implement “responsible AI practices into existing governance, risk and delivery frameworks“. On the same day, the Federal Government also released it’s Gov AI service intended to help public sector staff “learn about AI, experiment safely, and apply AI tools to improve public service delivery“.
Overview of the AI Standard
The AI Standard provides technical requirements for AI systems across their entire lifecycle, from “design” to “decommissioning”. The AI Standard is a non-legislative codification of the AI Ethics Principles and Voluntary AI Safety Standard, and supports the Policy for responsible use of AI in government.
Scope of the AI Standards
The AI Standard’s stated scope includes:
- AI services and products for administrative decision-making in government;
- AI systems that may produce discriminatory, unfair, or harmful outcomes;
- platform, data, and software for AI services and products;
- a product or service with at least one AI model, hosted internally or externally;
- reuse of AI assets, including applying to new or changed use cases;
- systems with embedded AI services and products; and
- publicly available AI tools, such as ChatGPT.
While the below list is out of scope, Entities can adapt and apply the AI Standard at their own discretion:
- automated decision-making;
- robotic process automation;
- human-repeatable scripts or processes;
- artificial general intelligence; and
- incidental use of AI.
The AI Standard does not regulate, but works in conjunction with existing frameworks on the following:
- procurement processes and guidance;
- project management methodologies;
- risk identification and impact assessment; and
- incident, problem, and change management.
Operation of the AI Standards
The practices outlined in the AI Standards take the form of standard statements, criteria, and explanatory notes.
The standard statements describe what specifically needs to be done. Each of the forty-two (42) statements has at least one criterion to satisfy the statement, with one hundred and forty-eight (148) criteria in total, each considered either “required” or “recommended” Required criterion are based on Australian legislation, regulation and policies, and Entities must satisfy these criteria to meet the standard. Entities are encouraged to implement any criterion marked as recommended as these are best practise.
Explanatory notes are also provided for each criterion, and these are intended to offer non-mandatory guidance rather than serve as a comprehensive checklist.
Practical “Use Case” guidance for each statement details different scenarios where the AI Standards are applicable and explains what varying degrees of compliance could look like.

Figure 1: AI system lifecycle stages (digital.gov.au)
The information contained in the AI Standards are structured according to the relevant lifecycle stages and are intended to be implemented iteratively.
Application of the AI Standards
The applicability of the AI Standards varies based on who built each part of the AI system:
- Fully built and managed in-house: Involves building bespoke AI systems from scratch.
- Partially built and fully managed in-house: This includes using pre-trained or Commercial Off-The Shelf (COTS) models, such as Retrieval-Augmented Generation systems and prompt engineering. Where COTS models are customised or fine-tuned, the responsibility of applying the AI Standards transfers from the supplier to the Entity.
- Largely built and managed externally: Sourcing or procuring an AI system product that is managed by a third party or an external provider, such as Microsoft Co-pilot.
- Incidental usage of AI: Using off-the-shelf software with AI as incidental feature. Examples include AI features built into desktop software such as grammar checks and internet search with AI functionality.
Depending on who built each part of the AI system, the applicability of the AI Standards is categorised as:
- Applicable: The statements fully apply.
- Conditional: The statements are applicable, but their implementation may require agreement with third-party providers or rigorous testing and monitoring. For example, when using AI without fine-tuning or grounding, parts of the AI Standard will be implemented by the provider.
- N/A (not applicable): The statements cannot apply where the scope of the AI Standards is too narrow.
Implications for software developers
The AI Standards contemplate the shared obligations for Entities and suppliers of Information and Communications Technology (ICT) services.
Development teams, including software developers, are identified by the AI Standards as part of the intended audience of the new framework and are expected to integrate the recommendations in the first “discover” stage of the AI system life cycle.
Where Entities procure AI systems from external suppliers, they must ensure contractual arrangements reflect the requirements of the AI Standard, such as where they relate to transparency, audit and risk management. Developers should expect ICT procurement contracts with Entities to require more stringent testing and detailed explanations of how the ICT supplied will meet the new AI Standards.
Links
Australian Government, Digital Transformation Agency, AI Technical Standard
Australian Government, Department of Industry, Science and Resources, AI Ethics Principles
Australian Government, Department of Industry, Science and Resources, Voluntary AI Safety Standard
Australian Government, Policy for responsible use of AI in government
Further information about artificial intelligence
If you need advice on complying with the AI Standards because you are a supplier of ICT Services to the Commonwealth Government, contact us for a confidential and obligation-free discussion:

Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au

Disclaimer
This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstance




