Australian Voluntary AI Safety Standard 2024
|
|
| Regulator |
Department of Industry, Science and Resources |
| Jurisdiction |
AU |
| Status |
live |
| Applicability |
Platform |
The Australian Voluntary AI Safety Standard (DISR, 2024) provides a framework for responsible
AI development and deployment. It is voluntary — adoption is not legally required — but
represents the Australian Government's expectations for entities choosing to self-certify
responsible AI practices. For regulated financial services entities, voluntary adoption is
consistent with meeting existing obligations under the Corporations Act and ASIC's supervisory
expectations (see ASIC AI Guidance).
The Standard defines ten guardrails:
- Accountability — governance structures and responsible ownership of AI systems
- Transparency — disclosure of AI use and its effects
- Fairness — non-discriminatory outputs and equitable treatment
- Human oversight — meaningful human control over high-stakes AI decisions
- Explainability — outputs are interpretable by relevant persons
- Privacy — personal information handled in accordance with privacy law
- Reliability — AI systems perform consistently and as intended
- Security — systems are protected against adversarial interference
- Inclusiveness — AI benefits are accessible; accessibility risks are considered
- Contestability — individuals can seek review of AI-influenced decisions
Compliance register
This register maps each guardrail to the platform controls and institutional processes through
which the bank meets it.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Guardrail 1 — Accountability
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| Designated responsible person for each AI system; governance documentation linking each model to an accountable owner and use case |
📊 Evidenced |
DT-009 |
MOD-150 (LOG) — model inventory auto-maintained from CI/CD deployment events; records model owner, use case, validation status, and champion/challenger history; model validation gate enforced before production promotion |
🔨 |
| AI governance committee with oversight of all model deployments, periodic performance review, and sign-off on new use cases |
🏛 Institutional |
DT-009 |
AI governance committee is an institutional structure. MOD-150 provides the model inventory and performance monitoring data that feeds committee reviews |
🔨 |
Guardrail 2 — Transparency
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| Customers must be informed when AI is used in decisions that materially affect them |
🏛 Institutional |
DT-009 |
Disclosure content design is institutional. MOD-050 (GATE) — disclosure enforcement gate ensures the correct disclosure version is acknowledged; content accuracy is institutional |
🔨 |
Guardrail 3 — Fairness
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI models must be tested for bias against protected characteristics before deployment and periodically thereafter |
📊 Evidenced |
DT-009 |
MOD-150 (GATE) — model validation gate requires a bias and fairness testing section in the validation report; model cannot be promoted without a completed validation case with approved results |
🔨 |
| Fairness monitoring must continue post-deployment; distribution shift or demographic drift must trigger re-validation |
📊 Evidenced |
DT-009 |
MOD-150 (LOG) — scheduled PSI and accuracy monitoring runs nightly; performance degradation auto-triggers a validation review case |
🔨 |
Guardrail 4 — Human oversight
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| Meaningful human review pathway for AI-driven decisions that materially affect individuals |
🏛 Institutional |
DT-009 |
Human review of adverse AI credit decisions, fraud holds, and conduct flags is an institutional process. MOD-064 (AUTO) — work queue routing ensures decisions above the risk threshold are placed into the human review queue for the appropriate role; no bypass path |
🔨 |
Guardrail 5 — Explainability
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI models must produce explainable outputs; the basis for a material decision must be reconstructable for regulatory review and customer explanation |
📊 Evidenced |
DT-009 |
MOD-048 (LOG) — AI/ML decisions are explainable: inputs and model version logged against every automated decision |
🔨 |
Guardrail 6 — Privacy
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| Personal information used in AI training and inference must comply with privacy law; purpose limitation must be enforced |
🤖 Automated |
DT-009 |
MOD-148 (AUTO) — DSAR workflow enforces purpose limitation for AI-processed personal data; retrieved data is deleted after the consuming workflow completes |
🔨 |
Guardrail 7 — Reliability
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI systems must perform consistently and as intended across the full range of inputs; performance degradation must be detected and remediated |
📊 Evidenced |
DT-009 |
MOD-150 (LOG) — scheduled PSI and accuracy monitoring runs nightly; performance metrics tracked against validation baseline; degradation auto-creates a validation review case |
🔨 |
Guardrail 8 — Security
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI systems must be protected against adversarial attack; model poisoning and evasion risks must be assessed |
🏛 Institutional |
DT-009 |
Security assessment of AI systems is an institutional process managed by the CISO. MOD-150 (LOG) — security assessment is a required section of the model validation report |
🔨 |
Guardrail 9 — Inclusiveness
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| AI benefits must be accessible; accessibility risks for customers with different needs must be considered in model design |
🏛 Institutional |
DT-009 |
Inclusiveness review is an institutional design process. Platform UX and model design for accessibility is part of the product development lifecycle |
— |
Guardrail 10 — Contestability
| Obligation |
Scope |
Policy |
Platform controls |
Build |
| Customers must have a pathway to seek review of AI-influenced decisions that affect them |
🤖 Automated |
DT-009 |
MOD-148 (AUTO) — DSAR workflow provides the contestability pathway for customers to access and challenge AI-influenced decisions about them; data assembly automated across all platform systems |
🔨 |
| Obligation |
Owner |
Platform evidence input |
| AI governance committee — oversight, model owner designation, use case sign-off |
CRO / CTO |
MOD-150 model inventory and validation records |
| Human review process for adverse AI decisions |
Head of Credit / CCO |
MOD-064 work queue; MOD-048 decision logs |
| Disclosure content design for AI-influenced decisions |
Chief Compliance Officer |
MOD-050 disclosure enforcement; MOD-048 logs |
| Adversarial robustness and security testing |
CISO |
MOD-150 validation report records |
| Inclusiveness review in product and model design |
Head of Product |
Institutional design process |
Coverage summary
| Guardrail |
Scope |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
| 1 — Accountability |
Mixed |
0 |
1 |
1 |
| 2 — Transparency |
🏛 |
0 |
0 |
1 |
| 3 — Fairness |
📊 |
0 |
2 |
0 |
| 4 — Human oversight |
🏛 |
0 |
0 |
1 |
| 5 — Explainability |
📊 |
0 |
1 |
0 |
| 6 — Privacy |
🤖 |
1 |
0 |
0 |
| 7 — Reliability |
📊 |
0 |
1 |
0 |
| 8 — Security |
🏛 |
0 |
0 |
1 |
| 9 — Inclusiveness |
🏛 |
0 |
0 |
1 |
| 10 — Contestability |
🤖 |
1 |
0 |
0 |
| Total |
|
2 (18%) |
5 (45%) |
5 (45%) |
All attributed modules are currently build_status: Not started.
| Policy |
Title |
| DT-009 |
AI & algorithm policy |
| DT-011 |
AI development guardrails |
Official documentation
Policies referencing this standard
- DT-009 — AI & algorithm policy
- DT-011 — AI development guardrails
Compiled 2026-05-22 from source/entities/regulations/au-voluntary-ai-standard.yaml