AI Policy and Governance Newsletter — May 2026
Multiple concurrent Australian AI governance developments — a mandatory DTA policy, biosecurity gaps, frontier cyber risk, and procurement rule changes — make this a high-density signal for APS practitioners.
Key points
- Good Ancestors' May 2026 newsletter covers biosecurity-AI risk, Australia's AI strategy, Mythos cyberattack capability, CAISI testing agreements, and DTA policy.
- DTA's Policy for the Responsible Use of AI in Government v2.0 is now mandatory; AI use-case registers due across non-corporate Commonwealth entities by mid-2026.
- Australia is excluded from Anthropic's Project Glasswing defensive coalition; frontier AI cyber risk to critical infrastructure has no current Australian mitigation mechanism.
Implications for Australian agencies
- Implement Non-corporate Commonwealth entities should confirm progress toward DTA's Policy for the Responsible Use of AI in Government v2.0 requirements — accountable officials, transparency statements, training, and AI use-case registers — ahead of the mid-2026 deadline.
- Consider Agencies responsible for critical infrastructure or essential government services may want to assess their exposure to Mythos-class cyber threats and whether current bilateral MoU arrangements provide adequate access to AI safety information or defensive tooling.
- Monitor Policy and strategy teams could monitor the biosecurity open letter's outcome, Finance's Commonwealth Procurement Rule updates on AI vendor declarations, and any executive action in the US mandating pre-release AI testing — all with potential implications for Australian frameworks.
Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.
View original source
Copied.
Appeared in:
Weekly digest, 11 May 2026
"AI Policy and Governance Newsletter — May 2026"
Source: Good Ancestors – AI Policy & Governance Newsletter
Published: 11 May 2026
URL: https://www.goodancestors.org.au/newsletter/2026-05
Good Ancestors' May 2026 newsletter covers several distinct developments relevant to Australian AI governance. The lead items are: an expert open letter urging Australia to use existing biosecurity powers to screen synthetic nucleic acid imports; questions about whether Australia's AI strategy adequately addresses frontier model training; Australia's exclusion from Anthropic's Project Glasswing defensive coalition as Mythos-class cyber capabilities proliferate; and CAISI's pre-release testing agreements with Google, Microsoft, and xAI. Featured Australian publications include DTA's Policy for the Responsible Use of AI in Government v2.0 (now mandatory), new Federal Court generative AI rules, Finance Department AI procurement rule tightening, and APRA and ASIC cyber-risk letters citing frontier AI as an immediate threat to regulated entities. The EU AI Act is also reported to be softening under industry pressure.
Implications for Australian agencies:
- [Implement] Non-corporate Commonwealth entities should confirm progress toward DTA's Policy for the Responsible Use of AI in Government v2.0 requirements — accountable officials, transparency statements, training, and AI use-case registers — ahead of the mid-2026 deadline.
- [Consider] Agencies responsible for critical infrastructure or essential government services may want to assess their exposure to Mythos-class cyber threats and whether current bilateral MoU arrangements provide adequate access to AI safety information or defensive tooling.
- [Monitor] Policy and strategy teams could monitor the biosecurity open letter's outcome, Finance's Commonwealth Procurement Rule updates on AI vendor declarations, and any executive action in the US mandating pre-release AI testing — all with potential implications for Australian frameworks.
Retrieved from SIMS, 18 July 2026.