This week brings a cluster of significant Australian AI governance developments that practitioners will need to work through before the end of the year. The release of the National AI Plan, the APS AI Plan 2025, and the announcement of a $30 million Australian AI Safety Institute represent the most substantive shift in the domestic policy landscape in some time, though the Government's own AI Expert Group has raised concerns about strategic clarity and regulatory adequacy that are worth understanding before advising on implementation. The DTA's new whole-of-government Cloud Policy, effective July 2026, adds a further structural consideration for AI deployment planning given its embedded governance and security requirements for non-corporate Commonwealth entities. Rounding out the week, NIST's evaluation of a PRC-origin open-weight model offers a useful methodological reference for agencies assessing AI supply chain risk, while OECD findings on AI impact assessment practice—noting that only a quarter of member countries conduct thorough assessments—provide comparative context for Australia's own measurement approaches.
AU(undated)Good Ancestors – AI Policy & Governance Newsletter
Australia's December 2025 AI policy environment shifted significantly with the release of the National AI Plan, the APS AI Plan 2025, and the announcement of an Australian AI Safety Institute with $30 million in initial funding. The AISI fulfils a Seoul AI Summit commitment and will begin operating in early 2026 as a cross-government AI safety hub. The National AI Plan takes an opportunity-first, voluntary approach that has drawn industry support but criticism from the Government's own AI Expert Group over strategic clarity and regulatory adequacy. Separately, an ANU survey found AI-related threats rank as Australians' top national security concern, while industry surveys identify security risks, trust deficits, and regulatory uncertainty as barriers to AI adoption.
Implications
ImplementAPS Agencies could review the APS AI Plan 2025 and align their internal AI strategies and governance arrangements with its stated priorities and the GovAI platform.
ConsiderPolicy and governance teams could assess how the National AI Plan's guidance-over-guardrails stance affects their existing AI risk frameworks and whether identified regulatory gaps require internal policy responses.
MonitorAgencies with AI safety, security, or public trust remits may want to monitor AISI's establishment and early work program, given its mandate to advise on legislation and coordinate government-wide action.
Implications are AI-generated. Starting points, not advice.
The Digital Transformation Agency has released a new whole-of-government Cloud Policy, effective 1 July 2026, establishing five core requirements for cloud adoption across non-corporate Commonwealth entities. The policy mandates integration with Digital Investment Plans, embeds security and governance requirements, and explicitly supports responsible use of emerging technologies including AI. It aims to accelerate transition away from legacy ICT systems toward scalable, interoperable platforms. Annual reviews are planned to track progress and respond to emerging needs.
Implications
ImplementNon-corporate Commonwealth entities could assess their Digital Investment Plans and cloud roadmaps against the new policy requirements ahead of the 1 July 2026 effective date.
ConsiderAI governance and strategy teams could consider how the policy's interoperability, portability, and workforce capability requirements interact with agency-level AI deployment plans.
MonitorAgencies may want to monitor DTA's annual review process and supporting guidance on digital.gov.au as implementation detail is published.
Implications are AI-generated. Starting points, not advice.
In November 2025, NIST's Center for AI Standards and Innovation (CAISI) evaluated Kimi K2 Thinking, an open-weight model from PRC-based Moonshot AI. The evaluation found it to be the most capable PRC model at release, though still trailing leading US models across cyber, software engineering, science, and mathematics benchmarks. A notable finding is that the model applies heavy censorship in Chinese aligned with CCP talking points, while remaining relatively uncensored in English and other languages. CAISI's systematic approach to evaluating PRC-origin models - including censorship scoring - offers a methodological reference point for any Australian agency considering open-weight model adoption or advising on AI supply chain risk.
Implications
MonitorAgencies with AI procurement or supply chain security responsibilities may want to monitor CAISI's ongoing PRC model evaluation series as an authoritative capability and censorship benchmark reference.
ConsiderAPS AI governance and security teams could consider whether CAISI's censorship evaluation methodology - particularly its language-specific CCP alignment scoring - is applicable to Australian risk assessment frameworks for open-weight model adoption.
Implications are AI-generated. Starting points, not advice.
The DTA hosted the OECD E-Leaders and Expert Group on Open Government Data in early November 2025, covering human-centred design, digital identity governance, AI impact measurement, and digital investment strategy. A notable finding is that only a quarter of OECD countries conduct thorough AI impact assessments, with fewer evaluating broader outcomes. Australia's Investment Oversight Framework and benefits-led investment strategy were highlighted as country examples. The meeting also examined digital identity interoperability challenges, with approaches from Denmark, New Zealand, Chile, and others compared.
Implications
MonitorAI governance and policy teams may want to monitor the DTA's forthcoming Day 4 insights, which may contain additional detail on AI measurement frameworks discussed at the meeting.
ConsiderAgencies developing AI evaluation approaches could consider how Australia's Investment Oversight Framework compares to OECD peer frameworks, particularly around KPI selection and impact assessment coverage.
Implications are AI-generated. Starting points, not advice.
This edition of Import AI covers three distinct topics. First, Facebook researchers publish a position paper arguing for 'co-improving AI' - where humans and machines jointly conduct AI research - as a safer path to superintelligence than autonomous self-improvement. Second, the newsletter discusses how EU product labelling experience illustrates that even simple AI labelling policies can generate substantial compliance burdens, a useful caution for AI transparency policy design. Third, researchers release SimWorld, an Unreal Engine 5-based reinforcement learning simulator for training and testing AI agents in rich, procedural environments.
Implications
ConsiderAPS policy teams working on AI transparency or mandatory disclosure frameworks may want to consider the compliance cost dimension when designing or evaluating labelling requirements, using EU product labelling experience as a reference point.
MonitorAgencies tracking frontier AI safety research may want to monitor whether the 'co-improving AI' framing gains traction as a governance concept in international AI safety discourse.
Implications are AI-generated. Starting points, not advice.