Reference

The AI Governance Glossary

Plain-language, sourced definitions of the AI governance, compliance and responsible-AI terms that matter for Australian businesses, from the EU AI Act to Australia's own guardrails. Written and kept current by Responsible AI Australia.

25 terms•Last reviewed June 2026•Every entry links to an authoritative source

Core concepts

The ideas that underpin responsible AI, wherever you operate.

Responsible AI

The practice of designing, developing and deploying AI in ways that are safe, fair, transparent and accountable, with people kept meaningfully in control and harms anticipated rather than cleaned up afterwards.

It is an umbrella discipline rather than a single rule. The pillars that recur across global frameworks are fairness, transparency, accountability, privacy, human oversight and safety.

In Australia

Australia has no binding legal definition of responsible AI. In practice it is shaped by the voluntary AI Ethics Principles and the Voluntary AI Safety Standard, which means its meaning is being settled by the choices businesses make now.

Source: OECD, AI Principles

AI governance

The system of policies, roles, processes and controls an organisation uses to direct and oversee how AI is built and used, so it stays lawful, safe and accountable across the AI lifecycle.

Good governance assigns clear ownership, manages risk, documents decisions and keeps humans answerable for outcomes. International standards such as ISO/IEC 42001 and the NIST AI Risk Management Framework give it concrete structure.

In Australia

The Voluntary AI Safety Standard's first guardrail asks organisations to establish accountability and governance, including an AI strategy and a designated owner of AI use.

Source: ISO/IEC 42001:2023

Governance debt

The accumulated, unseen liability created when AI systems are deployed without oversight, documentation or accountability. Like financial or technical debt, it does not disappear, and it comes due at the least convenient moment.

It typically surfaces when a business tries to scale internationally, win enterprise customers or raise investment, and finds it cannot demonstrate how its AI is governed.

In Australia

Australia's fast, lightly regulated AI adoption makes governance debt unusually easy to accumulate quietly. It is a term we use to describe a risk we see building across Australian businesses.

Source: Responsible AI Australia analysis Read: The EU AI Act and governance debt

AI impact assessment

A structured evaluation, carried out before and during deployment, of an AI system's potential effects and risks on people, including impacts on rights, fairness, safety and privacy, together with the measures that will mitigate them.

It is the AI analogue of a privacy or environmental impact assessment, and a core expectation of most governance frameworks. The point is to surface harm while it can still be designed out.

In Australia

Assessing the impact and risks of AI use, and re-assessing them over time, is built into the Voluntary AI Safety Standard's guardrails.

Source: Voluntary AI Safety Standard

Human-in-the-loop(human oversight)

A design and governance approach in which a person can meaningfully review, intervene in or override an AI system's decisions, rather than letting it act fully autonomously.

Human oversight is one of the most common safeguards in AI regulation and standards. It exists to catch errors and to keep accountability sitting with people.

In Australia

Human oversight is one of the ten guardrails in the Voluntary AI Safety Standard and is reflected in Australia's AI Ethics Principles.

Source: Voluntary AI Safety Standard

Model drift

The gradual decline in an AI model's accuracy or reliability over time, as the real-world data it encounters drifts away from the data it was trained on.

Because drift is silent, it is a key reason AI needs ongoing monitoring rather than one-off sign-off. Left unwatched, it can turn a once-reliable system into a source of unfair or unsafe outcomes. ISO/IEC 42001 names it among the AI-specific risks an organisation must manage.

Source: ISO/IEC 42001:2023

Transparency and explainability

Transparency means being open about when and how AI is used. Explainability means being able to give an understandable account of how an AI system reached a particular output or decision.

Together they let affected people, customers and regulators understand and, where needed, challenge AI outcomes. They are a precondition for genuine accountability.

In Australia

Transparency and explainability is one of Australia's eight AI Ethics Principles.

Source: Australia's AI Ethics Principles

AI washing

Making misleading or exaggerated claims about the use or capabilities of AI in a product or service. It is the AI counterpart of greenwashing.

Because it is misleading conduct, AI washing can breach existing consumer and corporations law, not just ethics norms. Regulators overseas have already taken enforcement action against firms for false claims about their use of AI.

In Australia

In its 2024 submission on the uptake of AI, ASIC named AI washing as a harm it is watching, noting that Australia's existing misleading-conduct laws already apply. A credible, independently governed certification is the practical counter: a claim that can be substantiated rather than merely asserted.

Source: ASIC, submission on the uptake of AI in Australia (2024)

Accountability

The principle that identifiable people and organisations remain responsible for AI systems and their outcomes, and can be held to account for them, throughout the AI lifecycle.

Accountability is what turns good intentions into governance. It requires clear ownership, record-keeping, and the ability to explain and remedy decisions after the fact.

In Australia

Accountability is one of the eight AI Ethics Principles and the first guardrail of the Voluntary AI Safety Standard.

Source: OECD, AI Principles

The Australian framework

How AI is governed in Australia today, and where it is heading.

Australia's AI Ethics Principles

Eight voluntary principles published by the Australian Government in 2019 to guide the responsible design, development and use of AI.

The eight are: human, societal and environmental wellbeing; human-centred values; fairness; privacy protection and security; reliability and safety; transparency and explainability; contestability; and accountability. Principles-based and voluntary, they were developed with CSIRO's Data61 and remain the ethical foundation later Australian AI guidance builds on.

Source: Department of Industry, Science and Resources

Voluntary AI Safety Standard(VAISS)

An Australian Government standard, published in September 2024, that sets out ten voluntary guardrails to help organisations across the AI supply chain develop and deploy AI safely and responsibly.

The guardrails cover accountability and governance, risk management, data governance, testing, human oversight, user transparency, contestability, supply-chain transparency, record-keeping and stakeholder engagement. They give businesses something concrete to adopt now, ahead of any mandatory rules.

Source: Department of Industry, Science and Resources

Mandatory guardrails for high-risk AI(proposed)

A 2024 Australian Government proposal to make a set of guardrails legally binding for AI used in high-risk settings, mirroring the voluntary standard but with the force of law.

The proposals paper of September 2024 set out ten mandatory guardrails and three options for implementing them, ranging from amending existing laws to a dedicated AI Act.

In Australia

The National AI Plan of December 2025 paused this path, choosing for now to rely on existing laws and voluntary guidance rather than new AI-specific obligations. The direction of travel still points to mandatory guardrails returning, so preparing now is prudent.

Source: Department of Industry, Science and Resources consultation

National AI Plan

Australia's whole-of-government AI strategy, released on 2 December 2025, organised around three goals: capturing AI's economic opportunities, spreading its benefits to all Australians, and keeping Australians safe.

On regulation, the Plan favours building on existing, technology-neutral laws and voluntary guidance over new AI-specific mandates. It also establishes an Australian AI Safety Institute to monitor and test AI risks.

Source: Department of Industry, Science and Resources

Australian AI Safety Institute(AISI)

A government body announced under the National AI Plan, backed by $29.9 million, to monitor, test and share information on AI capabilities, risks and harms, with rollout beginning in early 2026.

It is the practical arm of the Plan's 'keep Australians safe' goal, and it connects Australia to a growing international network of national AI safety institutes.

Related: National AI Plan

Source: Minister for Industry and Science, media release

Technology-neutral regulation

The principle that laws are written to apply regardless of the technology involved, so they already cover AI without naming it. ASIC describes the corporations and financial services laws it administers as technology neutral, applying equally to AI and non-AI systems.

It is the foundation of Australia's current approach: rather than rushing AI-specific statutes, regulators expect businesses to apply existing obligations, on misleading conduct, directors' duties, consumer protection and licensing, to their use of AI. In practice it means that 'we used AI' is not a defence.

In Australia

The National AI Plan leans on this principle, choosing to build on existing technology-neutral laws over new mandatory guardrails for now.

Source: ASIC, submission on the uptake of AI in Australia (2024)

Certification trade mark

A registered mark that signals a product or service meets a defined, published standard. Unlike an ordinary logo, its rules are independently scrutinised: in Australia it is registered through IP Australia under the Trade Marks Act 1995, and its rules must be approved by the ACCC.

Australian Made is the best-known example. The model gives a symbol real accountability: a published standard, an authority, and rules the public can rely on. It is the legal machinery behind Responsible AI Australia's certification.

Source: ACCC, Certification trade marks Read: the founder story behind the model

The EU AI Act

The world's first comprehensive AI law, and why it reaches Australia.

EU AI Act

The European Union's comprehensive, risk-based law for artificial intelligence, the first of its kind. It sorts AI by level of risk and imposes graduated obligations, with the heaviest falling on high-risk systems.

It applies extraterritorially, so it can reach Australian businesses whose AI is used in, or placed on, the EU market. Its obligations are phasing in between 2025 and 2028.

In Australia

An Australian business serving EU users can be within scope regardless of where it is based, which is the part most local firms miss.

Source: European Commission, Regulatory framework on AI Read: the EU AI Act and Australian business

High-risk AI system

Under the EU AI Act, an AI system that poses significant potential harm to health, safety or fundamental rights, for example in recruitment, credit, education, essential services or critical infrastructure. These systems carry the law's most demanding obligations.

Requirements include risk management, data governance, documentation, human oversight, transparency and conformity assessment. Under a provisional agreement of May 2026, the high-risk obligations apply from 2 December 2027 for stand-alone systems and 2 August 2028 for AI embedded in regulated products.

In Australia

Australia's own (now paused) mandatory-guardrails proposal used a similar high-risk framing, so the concept is likely to shape future local rules.

Source: EU AI Act implementation timeline

Provider vs deployer

The two central roles in the EU AI Act. A provider develops an AI system and places it on the market under its own name; a deployer uses an AI system under its own authority in a professional capacity. The Act also defines importers, distributors, product manufacturers and authorised representatives.

Your obligations depend on which role, or roles, you hold, so identifying where you sit in the chain is the essential first step. Many organisations are deployers and wrongly assume the vendor carries all the responsibility.

Source: EU AI Act, Article 3 (Definitions)

AI literacy obligation(Article 4)

An EU AI Act duty, in force since 2 February 2025, requiring providers and deployers to ensure their staff and anyone operating AI on their behalf have a sufficient level of AI literacy.

It applies to AI of every risk level, not just high-risk systems, which makes it the Act's broadest obligation. It reflects the reality that everyday engineering and deployment choices now carry legal and reputational weight.

Source: EU AI Act, Article 4 (AI literacy)

General-purpose AI(GPAI)

An AI model that can perform a wide range of tasks and be built into many different systems, such as the large language models behind general-purpose chatbots.

The EU AI Act sets specific obligations for GPAI model providers, which took effect on 2 August 2025. Because GPAI sits upstream of countless downstream products, its rules ripple across the whole AI supply chain.

Source: European Commission, GPAI guidelines

Extraterritorial reach

The principle, shared by the EU AI Act and the GDPR before it, that a law can apply to organisations outside its borders. The AI Act applies where an AI system is placed on the EU market or its output is used in the EU, regardless of where the provider or deployer is based.

This is why an Australian business with EU users or customers can fall within scope. Headquarters location does not determine exposure.

In Australia

A Brisbane software company with European users is, in principle, as exposed as a firm in Frankfurt.

Source: EU AI Act, Article 2 (Scope)

International standards

The global reference points national rules are built on.

OECD AI Principles

The first intergovernmental standard on AI, adopted in 2019 and updated in 2024. It sets out five values-based principles, inclusive growth, human-centred values and fairness, transparency and explainability, robustness and safety, and accountability, plus five recommendations for policymakers.

Adhered to by dozens of governments including Australia, the Principles are the common reference point that many national AI policies, including the EU's and Australia's, build on.

Source: OECD, AI Principles

NIST AI Risk Management Framework(AI RMF)

A voluntary framework published by the US National Institute of Standards and Technology in January 2023 to help organisations manage AI risks. It is organised around four functions: Govern, Map, Measure and Manage.

Widely used beyond the United States, it gives practical structure to building trustworthy AI, and it pairs naturally with Australia's AI Ethics Principles and with ISO/IEC 42001.

Source: NIST, AI Risk Management Framework

ISO/IEC 42001

The world's first certifiable management-system standard for artificial intelligence, published in 2023. It specifies the requirements for an AI management system, the policies, processes and controls for governing AI responsibly across its lifecycle.

Like ISO 27001 for information security, it lets an organisation be independently audited and certified. It is fast becoming the benchmark companies use to prove, not merely assert, that their AI is well governed.

Source: ISO/IEC 42001:2023

From definitions to demonstrable governance

Knowing the terms is the start. Responsible AI Australia helps you put the governance behind them in place, and certify that you have, across three tiers.

See certification tiers Book a discovery call