The comprehensive, community-maintained index of Australian AI Security standards, policies, frameworks, and guidance.
Australia's National AI Plan was released on 2 December 2025. AI Security didn't make the cut.
This repository exists to fill that gap, consolidating every federal and state/territory AI security document into a single, navigable resource. Because if the government won't map AI Security, the community will.
Australia has 68 AI-related security documents spread across 11 jurisdictions, multiple departments, and various regulatory bodies. There is no single source of truth. Practitioners must navigate:
- Federal: ACSC, DHA, PSPF, CISC, DTA, DISR, APRA, ASIC, OAIC, eSafety
- States/Territories: NSW, VIC, QLD, SA, WA, TAS, NT, ACT
- Mandatory vs Voluntary: ISM controls, PSPF directions, sector regulations, voluntary guidance
- Overlapping frameworks: Multiple risk assessment approaches, inconsistent terminology, no clear hierarchy
This index provides:
- Complete inventory of all Australian AI Security documents
- Relationship mapping showing how frameworks connect
- Gap analysis comparing Australia to international standards
- Practical navigation for compliance and implementation
- Regular updates as new documents are released
| Section | Description |
|---|---|
| Complete Inventory | All 68 documents in one place |
| Federal Frameworks | ACSC, PSPF, ISM, SOCI, DTA, regulators |
| State & Territory | NSW, VIC, QLD, SA, WA, TAS, NT, ACT |
| International Comparison | Australia vs EU, UK, US, Singapore |
| Gap Analysis | What's missing from Australia's approach |
| Knowledge Graph | Visual map of framework relationships |
| Diagrams | SVG visualisations of framework hierarchy, gaps, and comparisons |
| Changelog | Update history |
- ISM AI Controls (ISM-1923, ISM-1924, ISM-2072): Mandatory for government, references OWASP Top 10 for LLM
- ACSC Five Eyes Guidance: World-class technical guidance on secure AI deployment, supply chain, data security
- ACSC Frontier Model Guidance: First national guidance on defensive use of frontier AI for vulnerability discovery (April 2026)
- PSPF AI Provisions: First AI-specific protective security requirements (2025)
- State Leaders: NSW and WA have comprehensive mandatory frameworks
- No cross-sector mandatory AI security for private sector (unlike EU AI Act) (government decided not to proceed with mandatory guardrails following public consultation, Dec 2025)
- No systematic risk classification (EU has prohibited/high/limited/minimal)
- No AI incident reporting regime (despite SOCI cyber incident rules)
- No foundation model governance (EU has GPAI obligations)
- No adversarial testing mandates (EU requires for systemic risk models)
- No consolidated AI Security body (UK renamed theirs to AI Security Institute)
Australia's AI Safety Institute (AISI), operational since early 2026, focuses on alignment and frontier risks. The following areas are primarily handled by ACSC rather than AISI:
- Adversarial machine learning
- Model poisoning and data integrity
- AI supply chain security
- Red-teaming requirements
- Secure development lifecycle
The UK recognised this distinction and renamed their AI Safety Institute to the AI Security Institute in February 2025.
Start with the Complete Inventory to identify which frameworks apply to your organisation based on:
- Jurisdiction (federal/state)
- Sector (financial services, health, critical infrastructure, general)
- Obligation type (mandatory/voluntary)
The Federal Frameworks section details ACSC guidance with practical implementation notes.
The Gap Analysis and International Comparison provide the evidence base for advocacy and submissions.
The Knowledge Graph visualises relationships between frameworks, with an entity-relationship model and sample Neo4j queries for graph database construction.
The Information Security Manual contains three AI-specific controls (as of April 2026):
| Control | Requirement | Applicability |
|---|---|---|
| ISM-1923 | Mitigate risks identified in OWASP Top 10 for Large Language Model Applications | All LLM implementations |
| ISM-1924 | Detect and mitigate adversarial inputs including prompt injection attempts | All AI systems accepting user input |
| ISM-2072 | Store AI models in formats that do not allow arbitrary code execution (e.g., safetensors over pickle) | All AI model storage |
This is a community resource. Contributions welcome:
- Document updates: New policies, version changes, corrections
- Relationship mapping: Identify connections between frameworks
- International comparisons: Additional jurisdictions
- Tooling: Compliance checklists, automation, visualisations
See CONTRIBUTING.md for guidelines.
Ben Kereopa-Yorke
Senior AI Security Specialist | OWASP ML Security Top 10 Co-Lead
This work is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
You are free to share and adapt this material with appropriate attribution.
This index builds on work by:
- Australian Cyber Security Centre (ACSC)
- Digital Transformation Agency (DTA)
- Department of Industry, Science and Resources (DISR)
- State and territory digital/cyber security agencies
- The Australian cybersecurity community
This resource is provided for informational purposes. It does not constitute legal advice. Always verify current versions of documents directly with issuing authorities. Framework applicability depends on your specific circumstances.
AI Security in Australia needs to get louder.