Safe and responsible AI in Australia: proposals paper for introducing mandatory guardrails for AI in high-risk settings
Both the authors of this paper and the Australian government agree that Australia’s current regulatory framework — our laws, and our systems for enforcing them — are not fit for purpose when it comes to the distinct risks and governance challenges posed by AI.
Risks include AI being deployed — rushed to market — without proper testing, creating risks of harm to human rights, democracy, the rule of law; and societies, and the environment that could and should have been mitigated. Most of our laws remedy harms caused by breach of the law after the event, but don’t explicitly or specifically require organisations to take steps in advance to reduce harms.
To address this problem, the Government's Proposals Paper sets out mandatory, whole-of-economy (public and private sector) processes and requirements (“Guardrails”), to apply to developers and deployers (as appropriate) of high-risk AI systems. “Guardrails” are systems and processes: such as risk management, testing, transparency, accountability, and data governance.
This paper argues that the Guardrails are not a complete answer to how, as a society, we will manage AI risks, but they are an important step, and one that can be taken now.
This submission also presents arguments in favour of:
- Foundational, central, legislated Mandatory Guardrails, applied horizontally through the introduction of an AI Act. The Guardrails may not need to be identical across all sectors. In fact there are arguments for applying more stringent standards to public sector uses, which could be immediately applied without any kind of staged or delayed implementation, consistent with government’s commitment to be an exemplar for safe and responsible AI use. Some heavily regulated sectors might be carved out, as is true in Europe.
- Updateable detail of every aspect of the framework: the content of what counts as a high risk system; the content of the Mandatory Guardrails; the determination of which GPAI systems are high risk: must be able to be updated, not through legislation but through more flexible (but binding) means — such as via disallowable instruments. More detailed guidance — for example, on what risks are likely, and how best to mitigate them — can also be provided, including from domain-specific agencies and regulators.
- A Central AI Body — a Regulator, or Commission, with expertise (and access to wider networks of expertise and research); mandate to impose the Guardrails across public sector uses; and a chief role of keeping the whole system up to date and responsive. Such a body may not be permanent.
