Australia’s National AI Plan – Less than we expected?

On 2 December 2025, Australia released its long-awaited National Artificial Intelligence (AI) Plan. 

While promising a “whole-of-nation roadmap”, for many stakeholders, it lands well short of the long-trailed ambition for strong, economy-wide AI regulation. Instead of a standalone AI Act and hard “guardrails”, the government has opted for an evolutionary, light-touch approach that leans heavily on existing laws and non-binding guidance.

This post will explore the background to the Plan, provide an overview of its key elements, examine responses from industry, civil society, and unions, and consider the next steps for organisations navigating AI governance and compliance.

A quick transparency note: AI was used in the drafting of this piece, but it has been reviewed by our humans for accuracy. 

Background to Australia’s National AI Plan

The Australian Government has been debating AI regulation since 2022, considering whether to adopt an EU-style AI Act or a more flexible, US-inspired approach.  Former Industry Minister Ed Husic had previously championed a stricter regulatory model, and had strongly flagged that as a direction.  However, the final Plan takes a risk-based, innovation-friendly framework – rather than a law mandating protections against harmful uses of AI – to the surprise of many long term watchers of this space.

Overview of Australia’s National AI Plan

The new National AI Plan sets out a whole-of-government framework.  It positions AI as critical national capability, tying policy together with new funding for an AI Safety Institute, national data-centre principles and public-sector AI governance through the APS AI Plan.  The aim is to position Australia as a competitive AI-enabled economy (perhaps at the cost of the protection of individuals from harm). 

 The Plan is structured around three core goals: 

• “capture the opportunity” (infrastructure, sovereign compute and investment), 
• “spread the benefits” (skills, SME and regional uptake, public-sector AI) and 
• “keep Australians safe” (law, oversight and ethics). 

Key Features

Key features of the National AI Plan include:

• Support for SMEs and non-profits: Funding through the “AI Adopt Program” to help smaller organisations integrate AI safely and effectively.
• Workforce training: Initiatives to upskill workers and ensure meaningful consultation in the design of AI systems.
• Legal and ethical safeguards: Commitments to protect rights and build trust through regulatory and ethical frameworks.
• Infrastructure investment: Expansion of data centres and digital infrastructure, supported by $1 billion from the National Reconstruction Fund.
• Flexible regulation: Rather than a standalone AI Act, the Plan adopts a risk-based approach that allows innovation while enabling government intervention to reduce harm.

An AI Safety Institute will be established and tasked with monitoring and testing advanced AI, coordinating regulators and informing future “targeted” AI-specific reforms, but without an overarching obligation framework equivalent to a comprehensive AI statute.  The AI Safety Institute will not act as a regulator.

However, the government will not be proceeding with a permanent AI advisory board. Answers to Senate estimates questions to the Department of Industry, Science and Resources (DISR)  show that it will not establish the AI advisory body announced and funded in the 2024-25 federal budget. The body was intended to provide independent advice from civil society, industry, and academia on the opportunities and risks of AI, building  on the work of the temporary AI Expert Group, which was established in early 2024 to advise on options for mandatory guardrails in high-risk AI settings. 

In place of the board, the department will rely on “existing mechanisms and targeted consultations”, as well as the newly announced Australian AI Safety Institute (AISI).

What happened to an AI law?

As part of the “keep Australians safe” goal, the government emphasises that AI is already regulated through technology-neutral laws spanning consumer protection, privacy, discrimination, online safety, and sector-specific regimes. There may be incremental reforms to these existing laws, together with updated regulator guidance, and voluntary governance frameworks to help manage AI risk. But no AI specific law at this time …

Earlier consultations canvassed a set of mandatory guardrails for high-risk AI, including requirements for risk management plans, pre- and post-deployment testing, complaint mechanisms, incident reporting and independent audits, likely to sit within a dedicated AI Act. Those proposals aligned more closely with the EU’s risk-based AI Act model and would have created a recognisable, AI-specific regulatory perimeter for developers and deployers.

However, in the final Plan, those mandatory guardrails have been dropped in favour of uplifting existing law and issuing more guidance rather than imposing new hard-edged duties. 

Economic considerations

A key undercurrent is economic: the Plan is clearly shaped by advice that premature, heavy regulation could blunt a projected AI-driven productivity and GDP uplift. The Productivity Commission recommended pausing major new AI rules while gaps in the existing legal framework are audited, stressing the risk of constraining what it estimated could be a $100-billion-plus boost to the economy.

The government responded by deferring a standalone AI Act and formal guardrails. This positions Australia as deliberately more permissive than jurisdictions like the EU, betting that a flexible, pro-innovation stance will attract investment and data-centre infrastructure without exposing the country to unacceptable risk

Responses to the National AI Plan

Reactions to the new National Plan have been mixed.

Business groups have generally welcomed the decision to avoid new, economy-wide obligations for now, arguing that leveraging familiar legal frameworks and regulator guidance reduces compliance uncertainty and regulatory lag. For large technology and infrastructure investors, the focus on sovereign compute, data-centre investment and streamlined AI adoption signals a favourable environment for scaling AI services from Australia:

However, civil society groups like Electronic Frontiers Australia criticised the Plan as a “light touch” approach, warning it prioritises economic opportunity over citizen safety and digital rights.  It has been noted that more than three-quarters of Australians support explicit AI regulation and that the Plan offers limited specificity on enforcement, redress and accountability for high-risk systems. 

Critics argue that relying on general consumer and privacy law leaves systemic harms – such as opaque automated decision-making, algorithmic discrimination and foundation-model risks – under-addressed, particularly where responsibilities in complex AI supply chains remain unclear.

Next Steps

For organisations, the release of the National AI Plan signals both opportunity and responsibility.

For boards and risk committees, the absence of an AI Act does not mean an absence of AI regulation: existing privacy, consumer, discrimination, safety and sectoral rules already apply to AI use, and regulators are expected to interpret them assertively in an AI context. Organisations that treat the Plan as a green light for “business as usual” will likely find themselves exposed as guidance hardens into expectations and targeted reforms begin to codify elements of today’s guardrails into tomorrow’s black-letter law.

In practice, prudent organisations should assume that EU-style concepts—risk-based governance, model testing, data governance, documentation, transparency and human-in-the-loop oversight—will increasingly be treated as baseline expectations in Australia, even without a comprehensive Act. Using the current period to build internal AI inventories, strengthen governance frameworks, align with emerging international norms and prepare for eventual, more prescriptive interventions will place organisations ahead of both the regulatory curve and stakeholder expectations

Ultimately, while the Plan provides a starting point, it leaves many questions unanswered. For privacy and legal professionals, this is a moment to guide organisations through uncertainty—ensuring compliance, ethical adoption, and resilience in the face of rapid technological change.

References

• Australia’s National AI Plan
• National Artificial Intelligence Plan December 2025
• Australia now has a National AI Plan. Now What?
• Government plan raises fears AI will exacerbate national security challenges
• Australia unveils National AI Plan – Manufacturers’ Monthly
• ABC News: Government reveals national AI plan
• National AI Plan – Department of Industry, Science and Resources (PDF)
• Counsel House: National Artificial Intelligence Plan December 2025 (PDF)
• Government plan raises fears AI will exacerbate national security challenges, create ‘unknown threats’
• Australia unveils National AI Plan
• VIDEO: Government reveals national AI plan to ‘serve’ Australians