This issue highlights the newest and best in AI governance — the ideas shaping oversight, risk, and policy today. Future editions will explore new lenses: practical tools, policy guides, and training resources. Each one will bring a fresh perspective — and your voice is welcome.
“Set up the required accountability processes to guide your organisation’s safe and responsible use of AI…” (Guardrail 1), alongside a practical, board-facing framing of risk, compliance, and culture change.
Frontier AI companies already use their best models to help build better ones. This workshop report maps competing “automation trajectories,” proposes indicators to track, and sketches policy options—especially transparency—to reduce strategic surprise.
The standard consists of 10 voluntary guardrails that apply to all organisations throughout the AI supply chain… helping organisations to benefit from AI while mitigating and managing the risks.
A practical, policy-oriented guide explaining why AS ISO/IEC 42001:2023 matters, how AI management system standards work, and how certification can support trustworthy, responsible AI adoption across Australian organisations.
This white paper proposes a probabilistic, evidence-based approach to defining AI cyber risk thresholds, arguing that current capability-based thresholds are insufficient and introducing Bayesian networks as a tool for operationalizing uncertainty in AI-enabled cyber threats.
“Organizations with established AI governance are accelerating adoption with confidence, while the rest are moving quickly but without the structures needed to manage emerging risk.”
A mandatory, lifecycle-based self-assessment framework guiding NSW Government agencies in the safe, ethical, and responsible design, deployment, and use of AI systems, with a strong focus on elevated-risk and generative AI use cases.
This issue brief analyzes over 200 real-world AI incidents to identify six recurring mechanisms through which AI systems cause harm, showing that failures often emerge from governance, context, and human–AI interaction rather than model capability alone.
“An ability of individuals, organisations, and systems to perform AI regulatory functions effectively, efficiently, and sustainably across the lifecycle, to achieve defined strategic and policy objectives for AI regulation.”
A vendor-neutral AI security and governance framework translating AI risk principles into actionable controls across the GenAI lifecycle, aligned with ISO/IEC 42001, NIST AI RMF, and the EU AI Act.
“The year 2025 marked the definitive end of the ‘AI ethics debate era’ and the beginning of the ‘AI governance execution era.’ Abstract principles collided with concrete legislation, litigation, and boardroom accountability.”
“Say you are unconstrained by money, and can get all the talent in the world – what are the top interventions that will have a substantial impact over the next two years?”
“Financial supervision therefore serves as the practical enforcement mechanism of financial regulation, ensuring that policies translate into effective oversight and resilient financial markets.”
“AI is already reshaping our polity, our economy, our security and even our society. AI is writing the code for humanity in this century.”
“Traditional Third-Party Risk Management programs face an unprecedented challenge: AI-powered systems introduce entirely new categories of risk that extend far beyond conventional cybersecurity concerns.”
AI governance must balance risk mitigation with enablement. This playbook provides boards and governance professionals with practical tools to develop tailored, enforceable AI policies that evolve with technology and regulation.
The report examines how Responsible AI has moved from principles to practice in 2025, highlighting urgent risks, emerging assurance mechanisms, and the growing push for Public Interest AI infrastructure shaped by civil society.
This paper argues that data minimization should be interpreted flexibly in the AI context, focusing on necessity and proportionality rather than strict data reduction, to enable socially beneficial and effective AI systems while safeguarding privacy.
“Agentic AI systems plan, decide, and act across multiple steps and systems. Without strong controls, unnecessary autonomy quietly expands the attack surface and turns minor issues into system-wide failures.”
Agentic AI systems can plan, act, and interact with other systems to achieve goals on behalf of humans. These capabilities introduce new risks that require adapted governance, accountability, and technical controls across the full AI lifecycle.
Based on red teaming over 100 GenAI products, Microsoft’s AI Red Team shares an internal threat model ontology, eight practical lessons, and real-world case studies showing why AI safety and security require system-level, human-in-the-loop approaches.
A practical roadmap for implementing ISO/IEC 42001, offering step-by-step guidance on building an AI Management System that integrates ethics, risk management, and governance across the full AI lifecycle.
A practical, step-by-step checklist outlining 18 actions required to design, implement, operate, and continuously improve an Artificial Intelligence Management System (AIMS) in line with ISO/IEC 42001, from management commitment to continual improvement.
Curated Library of AI Governance Resources