This week's digest is dominated by significant Australian government AI governance activity, with the DTA releasing three interconnected deliverables under the APS AI Plan 2025: an updated responsible use policy taking effect 15 December, a new AI Impact Assessment Tool, and procurement guidance spanning the full Digital Sourcing Lifecycle — material that warrants close attention before the policy's commencement date. Complementing this, the National AI Centre has published practical guidance on making AI-generated content identifiable, with direct application for APS agencies using generative AI in communications or service delivery. Rounding out the week, MIT's AI Risk Repository has released a substantially expanded Version 4 covering over 1,700 risk categories drawn from 74 frameworks, offering a useful reference for practitioners engaged in risk assessment or framework development work.
The DTA has released three major AI governance deliverables under the APS AI Plan 2025: an updated Policy for the responsible use of AI in government (effective 15 December 2025), a new AI Impact Assessment Tool, and procurement guidance covering the full Digital Sourcing Lifecycle. The updated policy strengthens accountability by requiring a designated accountable officer and internal register for each AI use case, and mandates impact assessments against Australia's AI Ethics Principles. The procurement guidance provides step-by-step advice across planning, sourcing, and management stages, complemented by a procurement checklist. An AI Review Committee to advise on high-risk use cases is also in development.
Implications
ImplementAgencies could comply with the updated Policy for the responsible use of AI in government from 15 December 2025, including assigning accountable officers, maintaining internal registers, and conducting impact assessments for AI use cases.
ImplementAgencies could adopt the new AI Impact Assessment Tool and procurement guidance for any current or planned AI use cases and procurements to meet updated policy requirements.
MonitorAI governance and strategy teams may want to monitor DTA communications in Q1 2026 for the AI Review Committee terms of reference, which will affect handling of high-risk AI use cases.
Implications are AI-generated. Starting points, not advice.
The National AI Centre has published 'Being clear about AI-generated content', practical guidance for businesses and AI developers on making AI-generated or AI-modified content identifiable. It outlines three mechanisms - labelling, watermarking, and metadata recording - and advises organisations to calibrate the level of transparency to the content's context and potential impact. The guidance draws on industry best practice and developing global standards, with updates promised as standards evolve. Although directed at business, the principles apply directly to APS agencies using generative AI in communications, publications, or service delivery.
Implications
ConsiderCommunications, digital, and AI governance teams may want to assess whether their agency's current practices for labelling AI-assisted content align with the NAIC guidance.
MonitorAgencies involved in AI policy or standards work could watch for updates as the guidance evolves alongside international AI content provenance standards such as C2PA.
Implications are AI-generated. Starting points, not advice.
MIT's AI Risk Repository has released Version 4, expanding to over 1,700 coded AI risk categories extracted from 74 published frameworks. Nine new frameworks have been added, including UK government analysis of frontier AI capabilities, MITRE's chatbot incident taxonomy with linked mitigations, and academic work on agentic AI, embodied AI, and catastrophic risk pathways. The repository is structured around a Causal Taxonomy and Domain Taxonomy covering seven overarching domains. It is openly accessible and intended to support researchers, policymakers, and practitioners in identifying and comparing AI risk frameworks.
Implications
ConsiderAgencies developing or reviewing AI risk frameworks could assess whether the MIT repository's taxonomy structure and newly added frameworks surface gaps in their own risk classification approaches.
MonitorPolicy and governance teams may want to monitor future repository updates, as ongoing additions could capture Australian-specific AI risk frameworks or incidents relevant to APS practice.
Implications are AI-generated. Starting points, not advice.
The Alan Turing Institute has published research identifying new risks associated with AI use in financial institutions. While the extracted text is heavily truncated and the full findings cannot be assessed, the topic is relevant to APS practitioners working on AI governance in regulated sectors. Australian agencies such as APRA, ASIC, and Treasury counterparts are likely tracking similar risk profiles as AI adoption accelerates in financial services. The UK context provides a useful comparator given regulatory alignment between the two jurisdictions.
Implications
MonitorAPS teams working on AI governance in financial or regulated sectors may want to retrieve the full report and assess whether identified risks align with Australian regulatory frameworks.
ConsiderAgencies advising on AI risk frameworks could consider whether Turing Institute findings surface gaps not currently addressed in Australian guidance for AI in regulated industries.
Implications are AI-generated. Starting points, not advice.
Researchers at the Alan Turing Institute have developed an AI model designed to process maritime surveillance data directly onboard satellites, enabling real-time vessel detection without needing to relay data to ground stations first. This on-orbit inference approach could reduce latency significantly in maritime domain awareness applications. The research has potential relevance to border security, fisheries enforcement, and defence contexts. The extracted text is incomplete, limiting detailed technical assessment.
Implications
MonitorAgencies with maritime domain awareness or border security remits may want to monitor this research as it matures toward operational readiness.
Implications are AI-generated. Starting points, not advice.