Can AI save the Australian Public Service?
With the Federal budget approaching, pressure on the public sector to improve efficiency has never been greater. Under the APS AI Plan 2025, government agencies are tasked with using artificial intelligence (AI) to deliver ‘better services’ and to ‘operate more efficiently'.
Simultaneously, large law firms are rapidly adopting AI tools like Harvey, Legora, Clio, Eudia and Vincent to automate research, do due diligence and provide other legal support to clients. Whether these efficiencies will translate to lower costs for clients remains unclear. Four new Australian ‘AI-Native’ legal firms have also emerged offering cheap legal services. Website ‘front doors’ dish-out templates and quick advice as fast as any disclaimer can say ‘buyer beware’.
The private sector’s pace is accelerating even further with the rise of specialised engines such as Haast, which recently secured $17.2 million in Series A funding to automate compliance reviews. Providers are racing to capture market share, and capabilities are evolving daily as tech companies are positioning the fire power of their AI solution and racing to raise capital to accelerate further development.
It is easy to look at this momentum and feel pressure to ‘jump in’. But for the public sector, the priority is not speed, its sovereignty, security and compliance. The question is not whether to use AI, but when and under what conditions.
Right now, the public sector is not positioned to realise the same productivity gains as the private sector. The government has not positioned the APS to deliver better services and operate more efficiently, and it is highly unlikely anything in Budget 2027 will help with that specifically.
Mandatory Compliance Obligations
For in-house government lawyers, the path to AI enabled efficiency is still in development. Beyond limited use of Microsoft Copilot, any third-party AI tool or use case must be assessed against an evolving legislative and policy framework.
The DTA ‘s Policy for the Responsible Use of AI in Government (effective as of 15 December 2025) applies to all non-corporate Commonwealth entities. To comply, agencies must:
Establish a strategic position: within six months, agencies must publish a clear AI adoption strategy.
Appoint accountable officers: every AI application must have a designated governance owner.
Train all staff: mandatory responsible AI training must be completed by December 2026.
Conduct AI Impact Assessments: required for any use case that could materially influence administrative decisions or involve sensitive data.
These are not optional. They are preconditions to adoption.
Any external AI solution must also satisfy significant administrative and governance requirements. For example, Haast, automates impact assessments and marketing reviews against internal policies. Within the Commonwealth, its output could materially influence administrative decisions’, meaning the tool itself must be vetted under the DTA Policy.
Agencies must also:
Establish processes for adopting the AI use cases.
Assess new use cases during the design phase to determine if they are in-scope.
Apply risk treatments before deployment.
monitor the use cases and re-validate impact assessments when scope changes.
Report ‘high-risk’ use cases to the agency's accountable official and the DTA.
The administrative oversight adds resource and effort.
Five domains of risk must be addressed before AI can scale
In addition, Agencies must address the following:
Privacy: Perform Privacy Threshold Assessments (PTA) and full Privacy Impact Assessments (PIA) to ensure compliance with the Australian Privacy Principles. Additionally, privacy policies should outline automated decision-making (ADM) processes before the December 2026 deadline as required under the Privacy and Other Legislation Amendment Act 2024.
Ethics: Stress-test applications against Australia’s 8 AI Ethics Principles, focusing on fairness, accountability, and contestability.
Cyber Security: Ensure the system has Authority to Operate within the agency environment and aligns with the Information Security Manual (ISM) and ASD data security guidance.
Administrative Law: Verify the tool provides traceable audit trails and can record and explain the factors behind each AI-driven decision.
Supply Chain Integrity: Audit physical storage locations and data transit routes to prevent dependency on high-risk foreign technologies, particularly critical as Australia becomes a top global destination for data centers, with over $100 billion in planned projects.
This is a heavy lift and must be done before AI can be deployed safely.
Sovereignty and Security checks
Whilst tech companies like Haast and Legora are Australian startups, they are being invested into by foreign entities and are growing beyond Australian borders. Data is open and shared. Some providers even go as far as offering human verified AI responses for legal advice from international jurisdictions. Useful, but again, open channels of information cannot meet the necessary security requirements of the public sector. Lawyers, whether in the private or public sector, wanting to embed and use these tools need to be wary of where sensitive client information will be stored, and how it could potentially be re-used to improve the AI tool for others.
One thing the tech providers are starting to do is develop workflows to capture regulatory compliance for organisations. They are acquiring or partnering with providers who can help map workflows and provide automation tools which embed AI. Perhaps tech providers are realising a systems solution with AI is better solution overall than a generative AI platform alone?
Fixing the foundations first, from a systems perspective
The Department of Finance is leading the charge in developing a secure, sovereign generative AI platform for APS staff. This is supported by the new AI Delivery and Enablement (AIDE) function to help agencies overcome barriers and accelerate responsible AI adoption. With all hope Budget 2027 will continue to provide funding for this. However, even with a sovereign platform, agencies will still need workflow discipline and case management foundations in place for AI to produce the necessary efficiencies.
Government workflows are complex, muti-channel and rarely captured consistently. Without a structured workflow system, AI will only amplify existing inconsistencies. AI will not save the APS.
By establishing the workflow control first, agencies will have the structure needed to embed risk appetite, ensure compliance, and maintain human accountability. AI can then be layered on safely as a supporting tool to help achieve efficiency and productivity.
Technology should not replace the human dimension; it should protect it. Workflow control with AI applications as accelerators will enable people to collaborate, get good information to make good decisions. Humans can then be left to creative thinking, problem framing and solving. This is where efficiencies are gained, and productivity is improved.