Australian Government Architecture
Search

Interim guidance on government use of public generative AI tools

In July 2023, the Digital Transformation Agency (DTA) and the Department of Industry, Science and Resources (DISR) released initial interim guidance on government use of publicly available generative artificial intelligence (AI) platforms.

Click here to see the current guidance. For previous versions of this guidance, see the change log table below.

Introduction for agencies

Generative AI presents new and innovative opportunities for government and an increasing number of tools and models are now easily available to use.

However, due to their rapid evolution and uptake, there is an urgent need and growing demand for guidance to support the consideration and assessment of the risks involved in their use.

Whole-of-government and agency-specific policies provide guidance on ensuring the appropriate, safe and effective use of technology tools, including AI. However, given the ease of access and use with publicly available generative AI tools like ChatGPT, Microsoft Copilot and Google Bard, this interim guidance is recommended for government agencies to use as the basis for providing advice to their staff. It is also recommended as the basis for advice in relation to the enterprise version of Microsoft Copilot (previously referred to as Bing Chat Enterprise), where agencies have enabled it for staff use.

In addition to the interim guidance for staff, we recommend agencies:

  • consider implementing an enrolment mechanism to register and approve staff user accounts to access public generative AI platforms. This could include appropriate approval processes through relevant senior accountable officers (e.g. Chief Information Security Officer (CISO) or Chief Information Officer (CIO)).
  • implement an internal feedback/reporting mechanism to evaluate any challenges staff are facing in following guidance.
  • seek to move to commercial arrangements for generative AI solutions as soon as it is possible.

In exploring commercial arrangements for generative AI solutions, agencies should consider whether service providers and their AI services have undergone a security assessment by an Infosec Registered Assessor Program (IRAP) assessor to determine their security posture and security risks associated with their use. This assurance may better enable agencies to leverage the benefits of generative AI solutions while meeting their data security and privacy requirements. Otherwise, agencies should apply the guidance under 'privacy protection and security' as the default advice for the level of classification/sensitivity of information that may be entered into generative AI solutions.

Agencies may also consider developing or using in-house AI models that do not rely on sending data to an external AI service provider.

While the default position of this guidance continues to be a recommendation that staff use work email addresses instead of personal email addresses where it is necessary to log in to public generative AI tools, it is up to each agency to consider how it appropriately applies the guidance. Using work email addresses provides staff with a clearer separation between work and personal use of these tools. A range of obligations apply to actions undertaken by Australian Public Service (APS) staff in connection with their employment, including those outlined under the APS Values, Employment Principles and Code of Conduct.

As the Government's understanding of the legislative, administrative and broader risks of this technology evolves, the DTA, in collaboration with DISR, will investigate the development of whole-of-government policies and frameworks relating to the responsible use of AI in government.

In the meantime, we encourage agencies to build on this interim guidance and implement agency-level policies. The interim guidance will be updated as needed to provide the latest advice on how to approach generative AI.

We also invite agencies to provide feedback on the value, applicability or relevance of this guidance by emailing digitalpolicy@dta.gov.au.

Version Date Status Notes
2.0 22/11/2023 Current

This update:

  • updates the introduction for agencies section with additional discussion on commercial and in-house generative AI tools and clarifies the reporting recommendation as relating to an internal agency feedback/reporting mechanism
  • restructures the guidance to align more closely with Australia's AI Ethics Principles including the addition of new sections on human, societal and environmental wellbeing & fairness and human-centred values
  • removes Figure 1 (initial high-risk assessment) due to feedback about clarity and consistency
  • includes additional guidance under the accountability principle, including on the responsible use of AI-generated coding outputs (previously identified as high risk)
  • adds a new point to the tactical guidance on ongoing monitoring of tools or processes incorporating generative AI
  • adds a new use case example on using generative AI tools for basic data analysis on publicly-available data.
1.0 21/07/2023 Superseded

Capabilities

This design is part of the following capability.
CAP55

Artificial Intelligence

Policies

This design can be relevant to meeting the requirements of the following policies.
POL14

Artificial Intelligence policy (Position)

Standards

This design can be useful in achieving the intent of the following standard(s).
Notice Generative AI presents new and innovative opportunities for government and an increasing number of new AI tools and models are now easily available. However, due to their rapid evolution there is a need and growing demand for guidance to support the consideration and assessment of the risks…
Was this information helpful?

Do not include any personal information. We are unable to respond to comments or feedback. If you would like a response, please email, or phone us. Our details are on the AGA contact page www.architecture.digital.gov.au/contact-us.