Australia has no standalone AI Act in 2026 — here is what actually governs business AI use: the Privacy Act, the Australian Consumer Law, sector regulators and the Voluntary AI Safety Standard.
dgm is an independent osFoundry integration partner — not affiliated with osFoundry’s maker (OS LLC), and dgm has no completed client integrations yet.
If you are wondering whether AI is regulated in Australia, the 2026 answer surprises many people: there is no standalone AI law in force. Here is what actually governs business AI use.
| Item | Detail |
|---|---|
| Standalone AI law | None in force or scheduled |
| Mandatory AI guardrails | Proposed in 2024, effectively shelved by the Dec-2025 National AI Plan |
| Voluntary AI Safety Standard | 10 guardrails (DISR, Sept 2024) — guidance, not law |
| What governs AI | Privacy Act, Australian Consumer Law, sector regulators |
No standalone AI statute
Australia has no standalone AI Act in force or scheduled as of 2026. The government released a proposals paper on mandatory guardrails for high-risk AI in September 2024, but did not proceed — the National AI Plan (2 December 2025) effectively shelved the mandatory guardrails in favour of existing technology-neutral laws, sector regulators, voluntary guidance, and a new AI Safety Institute.
What does govern AI
As of 2026 Australia has no standalone AI Act in force. The Voluntary AI Safety Standard (10 guardrails, published by DISR in September 2024) is guidance, not law, and the proposed mandatory guardrails for high-risk AI were not enacted — the December 2025 National AI Plan relies instead on existing technology-neutral laws and sector regulators. So the binding constraints on business AI are existing laws: the Privacy Act 1988, the Australian Consumer Law and sector rules. Sector regulators (APRA, ASIC, the TGA, the ACCC, ACMA) apply their existing rules to AI in their domains.
What this means for you
Design around existing law — privacy, consumer protection and your sector’s rules — not a non-existent AI statute. The Voluntary AI Safety Standard’s 10 guardrails are a sensible governance framework to adopt even though they are not binding. osFoundry’s managed cloud pins data to the US, EU or Japan — it does not currently offer an Australian managed region. For data that must stay in Australia, the honest path is self-hosting osFoundry (BYO Cloud) inside an Australian cloud region such as AWS (Sydney or Melbourne), Microsoft Azure (Australia East, Australia Southeast or Australia Central in Canberra) or Google Cloud (Sydney or Melbourne), or running models locally on-device.
Where dgm fits
dgm is an independent integration partner that helps Australian businesses adopt osFoundry — scoping a first use case, handling the build, and connecting AI to the systems you already run. dgm is independent of osFoundry’s maker (OS LLC) and has no completed client integrations yet, so everything described here is a service offered, not a past result. If you want to scope a practical first project, dgm can help you map it out.