“Trust me, I’m from the government”: Australia’s AI governance system does not yet serve national security

Key Facts:

On 22 June, the government set up a new AI Review Committee but its mechanism are non-transparent and ignore stakeholders

Key agencies, like the ATO and NDIS, are failing to meet  AI governance norms

Also on 22 June, the Five Eyes called out the national security implications of more robust governance of AI

On 22 June 2026, the Australian government set up an AI Review Committee to improve national confidence in new systems.  Yet Australia’s expanding framework for artificial intelligence in government is unlikely to convince the public or specialists that the system can actually be trusted.

 

The Australian Public Service now has an AI policy, impact assessment requirements, an AI Plan, and an internal AI use-case library. But most of this machinery remains hidden from public view. That’s great for internal practice but does little to build external confidence.

 

While agencies are expected to maintain internal AI registers, complete impact assessments, and assign accountable officials, the results are generally not available for rigorous public scrutiny. What does reach the public are selective case studies and promotional accounts of low-risk or high-visibility projects, rather than detailed evidence about how higher-stakes systems are consistently governed.

 

“The Commonwealth has built a process regime, not a transparency regime,” according to Professor Greg Austin, a co-founder of the Social Cyber Institute. “The public is being asked to trust that the right questions are being asked somewhere inside the machine, without being allowed to see the answers.”

 

“The new AI Review Committee could improve credibility, but only if it is empowered to expose concrete details about government AI systems rather than simply endorse the overall framework”, in the opinion of Professor Glenn Withers, also a  co-founder of the Social Cyber Institute. “Perhaps we could insist on publication of non-sensitive AI register entries, redacted impact assessments for consequential systems, and genuine independence from the central agencies responsible for the current policy settings.”

 

There is a major gap in the current debate: staffing. Austin noted that “Responsible AI governance requires substantial human resources, especially in very large agencies such as the Australian Taxation Office”.  The ATO already uses AI across service delivery, risk detection and internal operations. “Yet public documents do not clearly show how many staff are dedicated to maintaining AI registers, writing and updating use cases, not to mention the coordination of impact assessments or engaging with external review.”

 

According to Withers, this missing workforce picture undermines official claims of responsible deployment. “Australians do not just need to know that agencies have AI policies,” he said. “They need to know that someone is actually employed, trained and empowered to carry them out.”

 

Dr Gary Waters, a Distinguished Fellow with the Social Cyber Institute, underscored the urgency of these challenges. “Robust governance of AI goes to the very heart of national security and national resilience, with public trust and government transparency being the bedrock of resilience. This week, the Five Eyes cyber alliance issued a serious warning about the increasing dangers from AI.” It said a "whole-of-society response is needed".

 

Until the government makes both its AI systems and its AI staffing arrangements more transparent, public confidence will remain weak. “Without that transparency”, Austin observed, “the emerging model will look less like democratic oversight and more like “governance of the AI, by the AI and for the AI.”

About us:
Contact details:

Greg Austin 0450190323 [email protected]