AI Regulation Reference

Does Privacy Act 1988 — Automated Decision-Making Reforms require Risk Assessment?

Australia • enacted

Yes — 1 provision

Requirements at a glance

This regulation imposes 3 specific requirements for Risk Assessment across 1 provision:

Privacy Impact Assessments for AI #

Obligation:
Risk Assessment
 enacted
Effective:
Dec 10, 2026
Risk tier:
all
Scope:
providers, deployers
 sleeper

Requirements

RequirementDetails
Privacy Impact AssessmentMust conduct PIA before deploying AI systems handling personal information
Proactive disclosureMust proactively disclose AI use at the point of data collection
Third-party assessmentRemain responsible for data shared with external AI platforms

Penalties

ViolationFine
Serious breachSignificant civil penalties per Privacy Act enforcement provisions
View full regulation View obligation Obligation matrix