Did you know the Australian Government has formal guidance on using public generative AI tools?

Last year (2025), the Australian Government released practical guidance on how agencies should use public generative AI tools, and it’s worth paying attention to, even if you’re not in government.

In practice, this guidance is now widely referenced, particularly in health and other regulated sectors, because it strikes a sensible balance between innovation and risk.

Here’s what stands out, and why it applies to almost any organisation.

📌 1. It doesn’t say “don’t use AI”

One of the most useful aspects of the guidance is what it doesn’t do.

It doesn’t ban tools like ChatGPT or Claude. Instead, it encourages a risk-based approach that acknowledges people are already using generative AI as part of modern work.

That’s a much more realistic starting point for most organisations.

🔐 2. Clear boundaries around data

The guidance is very explicit about what should not go into public generative AI tools:

• No sensitive or classified information
• No personal or confidential data
• No content that would breach existing security or privacy obligations

This aligns closely with what many organisations are now formalising in AI usage policies and DLP controls.

🧠 3. Human accountability stays front and centre

A key theme throughout the guidance is that:

AI can assist — but people remain accountable.

Users are expected to:

• Apply professional judgement
• Validate outputs
• Be aware of bias, hallucinations, and errors
• Take responsibility for decisions informed by AI

This is particularly relevant in health, policy, and advisory roles, but the principle holds everywhere.

📚 4. Upskilling beats blanket restrictions

Rather than relying on access blocks alone, the guidance emphasises education and awareness.

The assumption is simple:

• If people don’t understand the risks, they’ll use AI poorly
• If people do understand the risks, they’re far more likely to use it responsibly

That’s a mindset many private organisations are now adopting too.

⚙️ 5. AI governance should plug into what you already have

Another practical takeaway: AI governance shouldn’t sit in its own silo.

The guidance encourages agencies to integrate generative AI into:

• Existing security frameworks
• Privacy and risk management processes
• Incident response and assurance models

This makes it far more usable for organisations that already have governance structures in place.

Why this matters beyond government

Even though this guidance was written for Australian Government agencies, it works well as a reference model for:

• Organisations defining “acceptable use” of generative AI
• Leaders trying to balance innovation with compliance
• Health and regulated industries under scrutiny
• Teams rolling out Copilot or other AI tools at scale

It’s not theoretical. It’s practical, grounded, and realistic about how people actually work.

You can find more information here:

• ​​DTA releases new guidance: Australian Government use of public generative AI tools​ | Digital Transformation Agency
• Agency guidance on public generative AI | digital.gov.au
• Protective Security Policy Advisories under the PSPF | Protective Security Policy Framework
• How to use generative AI tools responsibly

Kim Brian

Modern Applications and Power Platform Solutions Architect, and Regional Practice lead at Velrada.

Technical Consultant helping organizations unlock the full potential of AI and their Microsoft efficiency tools.

Feel free to share your thoughts or connect with me to discuss AI or Microsoft efficiencies.