OnBoard Logo
FREE TRIAL

Australia & New Zealand Artificial Intelligence Laws: Board of Directors’ Guide

Australia & New Zealand AI Laws:
Board of Directors’ Guide

Make decisions with confidence and speed.

OnBoard AI

Editor’s Note: The information here reflects AI laws and regulations as of October 2025. Because this is an evolving legal landscape, readers should consult official government sources or legal counsel for the most up-to-date requirements.

Change is coming. Artificial intelligence is rapidly moving from experimental pilots and isolated tools to core business infrastructure across Australia and New Zealand. AI systems now shape how organisations manage risk, engage customers, make financial decisions, protect intellectual property, and process vast volumes of personal information. For many organisations, AI is no longer optional—it is embedded in strategy, operations, and competitive positioning.

At the same time, governments across Australia and New Zealand are tightening expectations around AI safety, transparency, accountability, and ethical use. While neither country has yet enacted a single, comprehensive AI Act, regulators are increasingly clear that boards will be expected to govern AI risk with the same rigour applied to cybersecurity, financial reporting, and workplace safety.

For directors, this creates a dual mandate: unlock AI-driven value while ensuring compliance with emerging AI regulations. This guide is designed to help boards understand the current legal landscape in Australia and New Zealand, anticipate what is coming next, and implement practical governance structures. It also highlights how purpose-built board management technology, including OnBoard’s secure platform and OnBoard AI, can support more effective oversight and decision-making.

What Is Artificial Intelligence Oversight?

Artificial intelligence oversight refers to the board-level responsibility for governing how AI systems are selected, designed, deployed, monitored, and retired across the organisation. It is not about managing algorithms day-to-day; rather, it focuses on accountability, risk tolerance, compliance, and strategic alignment.

Effective AI oversight ensures that management:

  • Understands where AI systems are being used
  • Assesses legal, ethical, and operational risks
  • Implements appropriate controls and documentation
  • Can explain and defend AI-driven decisions if challenged

Why AI Oversight Belongs on Every Board Agenda

AI systems increasingly influence high-impact decisions—from credit approvals and insurance pricing to healthcare diagnostics, workforce management, and fraud detection. Errors or bias can scale instantly, affecting thousands of individuals at once. Regulators are therefore shifting expectations upward, placing responsibility squarely on organisational leadership.

For boards, AI oversight belongs alongside cybersecurity, enterprise risk management, and compliance because:

  • AI failures can create regulatory breaches overnight
  • Reputational damage from unfair or opaque AI decisions is severe
  • Investors and stakeholders expect clear AI governance
  • Upcoming regulations will require demonstrable board involvement

What Is at Stake If Boards Do Nothing

Boards that fail to engage proactively with AI oversight risk:

  • Non-compliance with privacy and consumer protection laws
  • Inability to respond to explainability or audit requests
  • Exposure to discrimination or bias claims
  • Loss of trust with customers, regulators, and employees
  • Strategic misalignment between AI investment and risk appetite

In short, AI oversight is no longer a future concern—it is a present governance obligation.

AI Regulation in Australia

Australia does not yet have a standalone AI Act, but a combination of existing legislation, voluntary frameworks, and policy roadmaps already shape how organisations must deploy and govern AI systems.

Privacy Act 1988 (and Proposed 2025 Reforms)

The Privacy Act 1988 is the cornerstone of AI regulation in Australia today. Any AI system that collects, trains on, or outputs insights derived from personal information must comply with obligations around lawful collection, consent, data minimisation, security, and use limitation.

AI amplifies privacy risk because it often relies on large, aggregated datasets and can infer sensitive attributes that were not explicitly provided. Boards should ensure that management conducts privacy impact assessments for AI initiatives early in the design phase.

Proposed reforms expected in 2026 are likely to:

  • Strengthen individual rights and consent requirements
  • Expand transparency obligations around automated decision-making
  • Increase penalties for non-compliance

From a governance perspective, boards should treat privacy compliance as a baseline requirement for AI deployment, not a box-ticking exercise.

AI Ethics Principles

Australia’s AI Ethics Principles remain voluntary but are widely referenced by government agencies, large enterprises, and procurement frameworks. They emphasise fairness, privacy protection, transparency, reliability, and contestability.

For boards, these principles function as a practical governance baseline until binding legislation arrives. They also provide a common language for discussing AI risk with management and external stakeholders.

AI Plan for the Australian Public Service

Released in 2025, the AI Plan for the Australian Public Service outlines the government’s roadmap for introducing targeted mandatory safeguards for high-risk AI. These include model testing, watermarking of AI-generated content, and incident reporting requirements.

Boards should monitor this plan closely. While initially focused on public-sector use, it signals the direction of travel for broader regulation and sets expectations that will likely flow into private-sector compliance regimes.

Sector-Specific Rules (Finance, Health, Critical Infrastructure)

In regulated industries, AI governance expectations are already more stringent. APRA-regulated entities, healthcare providers, and critical-infrastructure operators face additional scrutiny around:

  • Model validation and reliability
  • Operational resilience
  • Cybersecurity and system integrity

AI used in credit decisions, diagnostics, or operational control systems is especially scrutinised. Boards in these sectors should assume that AI systems will be reviewed through the same lens as other safety- or stability-critical technologies.

AI Regulation in New Zealand

New Zealand has adopted a pragmatic, principles-based approach to AI governance, anchored in privacy law and public-sector leadership.

Privacy Act 2020

New Zealand’s Privacy Act 2020 already includes explicit obligations related to automated decision-making. When AI systems influence decisions that significantly affect individuals, organisations must be prepared to explain how those decisions were made and what rights individuals have to challenge them.

This requirement elevates explainability from a technical concern to a governance issue. Boards should ensure that management understands which AI systems trigger notification or explanation obligations.

Algorithm Charter for Aotearoa New Zealand

While voluntary, the Algorithm Charter is a strong signal of government expectations. It requires participating agencies to commit to transparency, regular bias assessments, human oversight, and public reporting.

Boards should view the charter as a template for responsible AI governance that can be adapted to the private sector, particularly for high-impact or customer-facing AI systems.

Upcoming Regulatory Developments

New Zealand is actively developing a national AI strategy and exploring mandatory standards for high-risk AI systems. The likely focus areas include fairness, transparency, auditability, and accountability—closely aligned with international frameworks.

For boards, this reinforces the importance of future-proofing AI governance rather than waiting for formal legislation.

Cross-Border and International Influences

AI regulation is increasingly shaped by global norms, even for organisations operating primarily within Australia and New Zealand.

EU AI Act

The EU AI Act introduces binding, risk-based obligations for AI systems, including strict requirements for high-risk use cases. Organisations with EU customers, partners, or data flows may be indirectly subject to these rules.

Boards should recognise that global compliance convergence is likely and that aligning governance practices early can reduce future disruption.

U.S. Executive Order & Global Safety Commitments

U.S. executive actions and international AI safety commitments emphasise testing, transparency, and accountability. Together, these initiatives reinforce a global expectation that AI systems must be governed proactively and responsibly.

Adopt AI Across the Board Without Widening Risk
Speed decisions across the board by trimming prep time and surfacing context in one secure portal, with agendas from a prompt, on‑page briefs, and minutes drafts generated by AI inside your governance record.
Learn More

AI Compliance Reference Table for Boards

To help boards navigate evolving AI regulations, the following checklist highlights key focus areas and governance actions:

  • Governance & Oversight: Assign clear board-level accountability and provide director education on AI fundamentals and risks.
  • AI Inventory & Risk Mapping: Maintain a centralised inventory of AI systems and classify them by risk level.
  • Privacy & Data Governance: Conduct privacy impact assessments and validate vendor data practices.
  • Transparency & Accountability: Implement explainability standards and update customer notifications where required.
  • Bias, Fairness & Ethical Use: Conduct regular bias testing and embed human oversight.
  • Model Risk Management & Testing: Monitor models for drift, errors, and failure.
  • Security & Resilience: Harden AI systems against cybersecurity threats and manipulation.
  • Vendor Management: Update procurement policies for AI-specific due diligence.
  • Regulatory Horizon-Scanning: Track Australian and New Zealand regulatory developments.
  • Reporting, Audit & Documentation: Maintain model documentation, testing logs, and incident records.

Steps Boards Should Take Now

1. Establish AI Oversight at the Board Level

Boards should clearly assign responsibility for AI oversight, either to an existing committee or through a dedicated mandate. Regular reporting from management should be expected.

2. Strengthen AI Risk Management & Controls

AI risks should be integrated into enterprise risk management frameworks, with clear escalation pathways.

3. Map AI Use Cases & Risk Levels

Boards should require management to identify where AI systems interact with personal information, safety-critical processes, or automated decisions.

4. Ensure Transparency & Explainability

Management should be able to explain, in plain language, how significant AI-driven decisions are made and reviewed.

5. Prepare for Mandatory Standards

Early alignment with anticipated standards will reduce compliance costs and operational disruption.

Key Questions Boards Should Be Asking

  • Which business-critical processes rely on AI today?
  • How do we ensure human oversight where required?
  • How do our privacy and data-governance practices support safe AI?
  • Do we have clear vendor due-diligence requirements for AI tools?
  • Are we prepared for audits, explainability requests, or incident reporting?

Add AI to the Boardroom With OnBoard

Effective AI governance depends on clear documentation, secure collaboration, and informed decision-making. Board management software such as OnBoard supports this by centralising materials, improving transparency, and enabling directors to focus on strategic oversight rather than administrative burden.

With OnBoard AI, boards can surface insights, track governance obligations, and improve meeting effectiveness while maintaining strong security controls. For boards navigating increasingly complex AI regulations, purpose-built governance technology can be a decisive advantage.

Directors looking to modernise governance and strengthen AI oversight are encouraged to request a trial to see how OnBoard supports confident, compliant decision-making.

Frequently Asked Questions (FAQ)

1. Are there specific AI laws in Australia or New Zealand right now?

Not yet. Neither country has a standalone, binding AI Act. However, both governments are moving toward mandatory rules for high-risk AI, and existing laws already apply.

2. What existing laws impact how businesses in Australia and New Zealand use AI?

In Australia, the Privacy Act 1988, sectoral rules, cybersecurity requirements, and consumer law. In New Zealand, the Privacy Act 2020, the Algorithm Charter, and sector-specific regulations.

3. What are “high-risk” AI systems, and why should boards care?

High-risk AI systems affect safety, financial outcomes, healthcare, employment, or significant individual rights and will face stricter regulation.

4. Do we need to notify customers about automated decisions driven by AI?

Yes in New Zealand, and increasingly so in Australia as privacy reforms progress.

5. What responsibilities do boards have for AI oversight?

Boards are expected to govern AI risk in the same way they oversee cybersecurity or financial risk, ensuring transparency, controls, and accountability.

OnBoard Logo White
Instagram Linkedin-in Twitter Facebook-square Youtube

Get In Touch

Meeting Lifecycle

System of Record

Director Engagement

Board Continuity

Security & Integrations

OnBoard AI

Industries

Roles

Compare Vendors

Pain Points

Resources

Company

Copyright @ 2026 OnBoard. All Rights Reserved.
Do Not Sell or Share My Personal Information