Writing an AI Usage Policy for Your Australian Business
Your staff are already using AI. The only real question is whether they are doing it under rules you wrote or rules they invented. Australia has no standalone AI Act, but the Privacy Act, the Australian Consumer Law and your own client contracts already govern what happens the moment an employee pastes a customer record into a public chatbot. This guide covers what a workable AI usage policy contains, section by section, and how to enforce it without relying on trust alone.
Why Every Australian Business Needs an AI Policy Now
Most Australian organisations discover they need an AI policy the hard way: someone notices a paralegal drafting client correspondence in a free chatbot, or a bookkeeper pasting a payroll export into a browser tab to "summarise the anomalies". By then the data has already left the building. A policy written before that moment is governance. A policy written after it is incident response.
Shadow AI Is Already Happening
Nobody applies for permission to open a browser tab. Staff adopt AI the way they adopted Dropbox and WhatsApp: quietly, individually, and because it makes their day easier. Your organisation is already exposed through tools you never procured, under terms of service you never read, hosted in jurisdictions you never assessed. Banning AI outright does not stop this, it moves it onto personal phones where you have no visibility at all. A policy that names sanctioned tools is the only version of this conversation that produces honest answers.
The Law Already Applies to You
Businesses often wait for AI-specific legislation before writing a policy. That wait is a mistake, because the existing law already reaches AI use. The Privacy Act 1988 governs personal information regardless of which tool processes it. The Australian Consumer Law prohibits misleading conduct whether a human or a model drafted the claim. Confidentiality clauses in your client agreements do not carve out chatbots. Your obligations are live today, and "an employee used ChatGPT without telling us" has never been a defence to any of them.
A Policy Unblocks Adoption, It Does Not Just Restrict It
The most underrated function of an AI policy is permission. In organisations without one, careful staff avoid AI entirely because nobody has told them what is allowed, while less cautious colleagues use it for everything. That is the worst of both outcomes: no productivity gain and full exposure. A clear policy inverts it. When people know which tools are approved and which data is off limits, adoption rises among exactly the sensible employees you want using it, and the guesswork disappears.
Section by Section: What Your AI Policy Should Contain
A workable staff AI policy fits on a few pages and answers six questions: which tools, which data, which uses, who checks the output, who gets told, and what happens when something goes wrong. Use the sections below as a drafting checklist.
1. Approved Tools Register
Name the tools. A policy that says "use AI responsibly" without listing what is sanctioned forces every employee into a procurement decision of their own, which is the failure you are trying to prevent.
- An explicit list of approved tools, with the approved tier or licence for each
- A named owner who can add tools, and a short request path for new ones
- A clear statement that unlisted tools are not approved, including free consumer tiers
- Note where each tool processes and stores data, and under whose jurisdiction
2. Data Classification and Prohibited Inputs
The highest-value section. Staff cannot apply a rule they cannot operationalise at the keyboard, so classify data in terms they already recognise from your own systems, not in abstract security tiers.
- Public and internal-general content: permitted in approved tools
- Personal information as defined by the Privacy Act: restricted to sanctioned private tooling
- Client-confidential, privileged, health, and credential data: never in a public model
- Worked examples from your real systems, such as a LEAP matter note or an Xero payroll export
3. Output Review and Human Accountability
AI does not dilute responsibility: the employee who sends the advice owns the advice. State this plainly, because the alternative is a slow drift toward unreviewed model output reaching clients under your letterhead.
- A named human is accountable for every AI-assisted output that leaves the organisation
- Mandatory verification of any figure, citation, legislative reference or date
- Higher review thresholds for advice, pricing, safety and regulatory content
- No AI-generated claim goes into marketing without a factual accuracy check
4. Disclosure and Transparency
Decide in advance when AI involvement is disclosed, to whom, and in what words. Getting caught not disclosing is reputationally worse than the AI use itself was ever going to be.
- When clients are told that AI assisted in preparing their work product
- How your privacy policy describes AI processing of personal information
- Disclosure expectations where a client, tender or funder requires them
- Record-keeping so you can answer "was AI used on this matter?" months later
5. Client and Contractual Constraints
Your policy is not the only rulebook. Government panels, enterprise customers and insurers increasingly write AI restrictions into agreements, and those terms override your internal defaults.
- A check for AI clauses at contract review, not after the work has started
- A register of clients or matters with AI restrictions, visible to the delivery team
- Escalation path when a contract term conflicts with an approved workflow
- Sector overlays where relevant, such as APRA CPS 234 obligations for regulated entities
6. Roles, Training and Breach Response
A policy nobody can name is a document, not a control. Assign ownership and define what happens in the first hour after someone pastes the wrong thing into the wrong tool.
- A named policy owner and a named escalation contact, by role not just by name
- Induction and annual refresher training, with a recorded acknowledgment
- A no-blame reporting path, because punished mistakes are hidden mistakes
- A defined trigger for assessing a potential eligible data breach under the NDB scheme
How to Roll the Policy Out So It Actually Sticks
Policies fail at rollout far more often than at drafting. The sequence below is what separates a document in a shared drive from a control your staff can actually follow.
Find Out What Staff Are Already Doing
Before drafting a line, ask. An anonymous survey and a look at outbound traffic to consumer AI domains will tell you which tools are in use and for what. A policy written against imagined behaviour produces rules everyone quietly ignores.
Draft, Pressure-Test, and Approve
Draft the six sections, then test them against real scenarios from your own operations rather than generic examples. Have legal or privacy review it, then approve it at board or executive level so it carries genuine authority.
Train and Collect Acknowledgment
Run short, scenario-based training on the actual prompts people are tempted to write, and record an acknowledgment from every employee. Acknowledgment matters for enforcement; the training is what makes the rules survive contact with a deadline.
Enforce Technically, Then Review on a Cadence
Back the policy with controls rather than trust: sanctioned tooling, access management, and logging. Then set a formal review date, because both the regulatory position and the tools your staff can reach will change inside a year.
What the Law Actually Requires, and Where the Standard Fits
This page is practical guidance for drafting an internal policy. It is not legal advice, and it does not account for your specific circumstances, sector obligations or contracts. Use it to prepare an informed conversation with your own legal or privacy adviser rather than as a substitute for one.
The Obligations That Already Bind You
Australia regulates AI through existing, technology-neutral law rather than a single AI Act. These are the instruments most likely to reach staff AI use.
- Privacy Act 1988 and the 13 Australian Privacy Principles: collection, use, disclosure and offshore transfer of personal information
- Notifiable Data Breaches scheme: assess a suspected eligible breach, and notify the OAIC and affected individuals where required
- Australian Consumer Law: an AI-drafted marketing claim is still your misleading conduct if it is wrong
- Sector rules such as APRA CPS 234, plus professional conduct and confidentiality duties in law, accounting and health
- Employment obligations, including consultation and workplace surveillance rules
The Voluntary AI Safety Standard and Shadow AI
The Voluntary AI Safety Standard, published by the Department of Industry, Science and Resources, sets out ten voluntary guardrails for organisations deploying AI. It is not law, but it is the clearest available signal of what Australian regulators consider reasonable practice, and it maps cleanly onto a workplace policy.
- Accountability: a named owner for AI governance, which becomes your policy owner section
- Risk management and data governance: your data classification section
- Human oversight and testing: your output review section
- Transparency and record-keeping: your disclosure section
- Shadow AI defeats all ten guardrails at once, because none can apply to a tool you do not know is in use
Related AI Solutions
Private AI vs ChatGPT
The comparison that sits underneath every AI policy decision: what changes, practically, when the sanctioned tool is private rather than public.
Compare private and public AI →LLM Security and Data Privacy
The technical controls that turn policy statements about data handling into enforcement your staff cannot accidentally bypass.
Review the security model →Sovereign AI Australia
Why data residency and jurisdiction are the first questions to answer when your policy has to name an approved tool.
Understand sovereign AI →APRA CPS 234 AI Compliance
For APRA-regulated entities, the information security obligations your AI policy has to sit inside rather than alongside.
See CPS 234 requirements →Microsoft Copilot Alternative Australia
If Copilot is the tool your staff are reaching for, the questions to ask before you write it into the approved tools register.
Compare Copilot alternatives →How to Choose an LLM Provider in Australia
The evaluation criteria behind naming a sanctioned tool: jurisdiction, data handling, retention terms and exit rights.
Read the selection guide →Frequently Asked Questions
No Australian law names an "AI usage policy" as a mandatory document, and there is no standalone AI Act. But that framing misses the point. The Privacy Act 1988, the Australian Consumer Law and sector rules such as APRA CPS 234 impose obligations that staff AI use can breach, and several require you to take reasonable steps to protect information. A written policy, training and acknowledgment are the ordinary evidence that you took those steps. Without one, you are relying on individual judgement to meet obligations that sit with the organisation. Some organisations face a harder requirement: government panels, insurers and enterprise customers increasingly make an AI policy a contractual or tender precondition, which makes it mandatory in practice long before it is mandatory in legislation.
Draw the line at data, not at task. Prohibiting "using ChatGPT for client work" fails because staff cannot tell where the boundary sits, so they guess. Prohibiting "entering personal information, client-confidential material, credentials or unreleased financials into any tool not on the approved register" is a rule someone can apply mid-sentence. Under that framing, generally allowable uses include drafting internal content from non-sensitive material, rewriting text the employee already wrote, brainstorming, and explaining a public standard. Generally prohibited uses include anything involving client records, health information, employee data, credentials, or material covered by a confidentiality clause. The uncomfortable truth is that the prohibited list is exactly what staff most want AI for, which is why a sanctioned private alternative does more for compliance than a longer prohibition list ever will.
Entering personal information into a third-party AI tool is a use and, in most configurations, a disclosure of that information, which brings it within the Australian Privacy Principles. Several become immediately relevant. APP 6 limits use and disclosure to the primary purpose it was collected for, and "we fed it to a chatbot to summarise" is rarely that purpose. APP 8 governs cross-border disclosure and generally leaves you accountable for what an overseas recipient does with the data. APP 11 requires reasonable steps to protect personal information from misuse and unauthorised disclosure. APP 1 requires your privacy policy to accurately describe how you handle information, so an undisclosed AI workflow can make your published policy wrong. The OAIC has published guidance on using commercially available AI products, and its consistent theme is that AI creates no exception to any of this.
Review formally every twelve months at minimum, and additionally on defined triggers rather than only on the calendar. The calendar review is the floor. The triggers matter more, because this area moves faster than an annual cycle: a material change in Australian privacy or AI regulation, the introduction of a new AI capability into software your organisation already licences, a new client contract with AI terms, a near-miss or actual incident, or a request to add a tool to the approved register. The trigger that catches most organisations out is the second one. Vendors ship AI features into existing products, so a tool your policy approved last year on the basis of how it then behaved can quietly acquire a generative feature that changes where your data goes, without you making any procurement decision at all.
Treat the contract as the controlling rule for that engagement, and make the restriction visible to the people doing the work, because a clause that lives only in a signed PDF in the legal folder will not change what a delivery team does on a Thursday afternoon. Practically, this means three things. Check for AI clauses at contract review rather than discovering them at delivery, since terms range from full prohibition to consent, disclosure or approved-tool requirements. Maintain a register of clients and matters with AI restrictions, and flag those matters in whatever system the team actually works in. Define an escalation path for conflicts: a blanket client prohibition may rest on assumptions about public chatbots that a sovereign, non-training deployment does not share, and that is a conversation to have rather than a rule to quietly work around.
It changes the policy from a trust exercise into a control. When the only AI available is a public chatbot, every rule about data handling depends on an employee remembering it under deadline pressure, and enforcement is limited to detection after the fact. When you provide a private LLM on infrastructure you control, the sensitive-data question largely resolves at the architecture layer: prompts stay inside your environment, are not used to train an external provider's model, and can be logged for the audit trail your obligations may require. The policy gets shorter and more permissive, because the long list of prohibited inputs mostly collapses into "use the sanctioned tool". Shadow AI then drops for the honest reason rather than the compliance one: staff use unsanctioned tools when the sanctioned option is worse, and stop when it is better.
Make the Sanctioned Option the One Your Staff Actually Want to Use
The hardest section of any AI policy to enforce is the list of things staff cannot put into a public chatbot. Talk to us about a private LLM deployed on Australian infrastructure, where that list largely stops being a rule you police and starts being a property of the system. Call +61 3 9999 7398 or send us the shape of your organisation and we will talk through what governance would look like.