Weekly Digest
Week of 1 Dec 2025
This week at a glance
This week's digest is dominated by significant Australian government AI governance activity, with the DTA releasing three interconnected deliverables under the APS AI Plan 2025: an updated responsible use policy taking effect 15 December, a new AI Impact Assessment Tool, and procurement guidance spanning the full Digital Sourcing Lifecycle — material that warrants close attention before the policy's commencement date. Complementing this, the National AI Centre has published practical guidance on making AI-generated content identifiable, with direct application for APS agencies using generative AI in communications or service delivery. Rounding out the week, MIT's AI Risk Repository has released a substantially expanded Version 4 covering over 1,700 risk categories drawn from 74 frameworks, offering a useful reference for practitioners engaged in risk assessment or framework development work.
Headlines
Australian Government2 items
AI Policy overhauled with new Impact assessment tool and Procurement guidance
The DTA has published three major AI governance deliverables aligned to the APS AI Plan 2025: an updated Policy for the Responsible Use of AI in Government (effective 15 December 2025), a new AI Impact Assessment Tool with supporting guidance, and new Guidance on AI Procurement in Government with an accompanying checklist. The updated Policy strengthens accountability by requiring each AI use case to have an assigned accountable officer recorded in an internal register, and mandates impact assessments for all use cases. The procurement guidance follows the Digital Sourcing Lifecycle and addresses AI-specific risks across planning, sourcing, and management stages. An AI Review Committee to advise on high-risk use cases across the APS is also in development, with further details expected in Q1 2026.
Key points
- DTA has released an updated AI policy, a new AI Impact Assessment Tool, and new AI procurement guidance, effective 15 December 2025.
- The updated Policy mandates AI impact assessments for all use cases and requires agencies to develop and communicate a strategic position on AI adoption.
- An AI Review Committee for high-risk use cases across the APS is being finalised, with terms of reference expected in Q1 2026.
Implications
- Implement All non-corporate Commonwealth entities must ensure compliance with the updated Policy for the Responsible Use of AI in Government before its 15 December 2025 commencement date, including establishing internal use case registers with assigned accountable officers.
- Implement Agencies with active or planned AI use cases should apply the new AI Impact Assessment Tool as part of their governance processes, treating it as a mandatory complement to existing risk management frameworks.
- Consider Procurement and ICT teams planning AI-related acquisitions could assess whether current procurement processes align with the new Guidance on AI Procurement in Government and the accompanying checklist.
New guidance helps Australians identify AI-generated content
The National AI Centre has published 'Being clear about AI-generated content', practical guidance for businesses on how to disclose when digital content is created or modified using AI. It covers three mechanisms: visible labelling, watermarking, and metadata recording, with the recommended approach scaled to the content's context and potential impact. The guidance draws on industry best practice and developing global standards, with updates planned as standards evolve. While directed at business, the guidance is directly applicable to APS agencies using AI to draft communications, documents, or public-facing content.
Key points
- The National AI Centre released practical guidance on labelling, watermarking, and metadata for AI-generated content.
- Guidance targets businesses but applies equally to APS agencies producing AI-assisted communications and official documents.
- Framed around regulatory risk reduction and trust-building, aligned with responsible AI use principles in government.
Implications
- Consider Agencies using AI to assist in producing public communications or official documents could assess whether their current disclosure practices align with the labelling, watermarking, and metadata approaches outlined in the guidance.
- Monitor Policy and governance teams may want to monitor how this guidance evolves alongside international standards, as updates could affect agency AI transparency obligations.
Risk, Assurance & Ethics2 items
Repository Update: December 2025
MIT's AI Risk Repository has released Version 4, expanding its structured database to over 1,700 coded AI risk categories drawn from 74 frameworks. Nine newly added frameworks include analyses of generative AI incidents, embodied AI risks, frontier AI capabilities from the UK's DSIT, agentic AI risks in scientific contexts, and a six-stage risk management framework from Shanghai AI Lab and Concordia AI. The repository uses a causal taxonomy and domain taxonomy to help researchers, policymakers, and practitioners identify, compare, and address AI risks systematically. It is publicly accessible and accepts community contributions.
Key points
- MIT AI Risk Repository Version 4 now includes over 1,700 coded risks drawn from 74 published frameworks.
- Nine newly added frameworks span government reports, peer-reviewed papers, and industry sources, including a UK DSIT frontier AI paper.
- A structured, living reference for AI risk taxonomy - useful for APS governance and risk assessment work.
Implications
- Consider APS teams developing or reviewing AI risk frameworks could consider cross-referencing the MIT repository's taxonomy against their existing risk registers to identify coverage gaps.
- Monitor Policy and governance teams may want to monitor future repository versions as a signal of emerging risk categories not yet reflected in Australian guidance.
Research explores risks of using AI in the financial sector
The Alan Turing Institute has published research identifying new risks associated with AI use in the financial sector, including how financial institutions might respond to or mitigate those risks. The source text is heavily truncated, limiting assessment of specific findings, methodologies, or recommendations. The research is UK-situated but likely has cross-jurisdictional relevance given shared concerns about AI in financial services, an area of active interest for APRA, the RBA, ASIC, and Treasury in Australia.
Key points
- Alan Turing Institute research identifies new AI risks specific to financial sector institutions.
- Financial sector AI risk findings are relevant to Australian agencies managing financial data or payment systems.
- Extracted text is truncated - full research scope and findings are not assessable from available content.
Implications
- Monitor Australian financial regulators and agencies (APRA, ASIC, Treasury) may want to monitor the full Turing Institute report for findings applicable to domestic AI risk frameworks.
- Consider APS teams working on AI governance in regulated sectors could consider whether sector-specific AI risk typologies from this research inform their own risk assessment approaches.
Technical Developments1 item
New AI model could enable real-time maritime surveillance onboard satellites
Researchers at the Alan Turing Institute have developed an AI model designed to run directly on satellites, enabling real-time detection of maritime vessels without needing to transmit raw imagery to ground stations. The approach could significantly reduce latency in maritime surveillance operations. While the research originates from the UK, the capability is directly relevant to sovereign maritime monitoring interests, including Australia's expansive exclusive economic zone. The item is a research announcement with limited implementation detail available from the extracted text.
Key points
- Alan Turing Institute researchers have developed an AI model enabling real-time maritime surveillance onboard satellites.
- Onboard processing removes the need to downlink raw imagery, reducing latency and bandwidth demands significantly.
- Limited direct relevance to APS governance practice; primarily a technical research item from a UK institution.
Implications
- Monitor Agencies with maritime domain awareness or border protection remits may want to monitor this research as it matures toward operational deployment.
Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.