Free download · Voluntary AI Safety Standard aligned

AI Policy Template for Australian organisations.

A complete AI policy template, mapped explicitly to the Voluntary AI Safety Standard's 10 guardrails, with the AU regulatory references (Privacy Act, APRA, OAIC, AHPRA where relevant) folded in. Word + Notion versions. Plus a customisation guide that tells you exactly which sections need adapting for your industry.

What's in the template

12 sections covering every guardrail.

  1. 01

    Purpose, scope and definitions

    What the policy covers, who it applies to, which AI systems are in-scope.

  2. 02

    AI accountability

    Named roles, responsibilities, decision authority — Guardrail 1.

  3. 03

    AI risk management

    Risk identification, assessment methodology, register — Guardrail 2.

  4. 04

    AI security and data governance

    Access controls, data classification, prompt-injection defences — Guardrail 3.

  5. 05

    AI testing and monitoring

    Pre-deployment evaluations, production observability, drift detection — Guardrail 4.

  6. 06

    Human control and intervention

    Human-in-the-loop design, override paths, confidence thresholds — Guardrail 5.

  7. 07

    Transparency to end users

    Disclosure obligations, AI-generated content labelling — Guardrail 6.

  8. 08

    Contestability processes

    How affected people request human review or appeal — Guardrail 7.

  9. 09

    AI supplier and supply chain governance

    Supplier assessment, contractual provisions, exit planning — Guardrail 8.

  10. 10

    Recordkeeping and audit

    Documentation standards, retention periods — Guardrail 9.

  11. 11

    Stakeholder engagement

    Pre-deployment consultation, diversity and inclusion review — Guardrail 10.

  12. 12

    Policy review and version control

    How the policy is reviewed, when, and who approves changes.

Why we made this

Every Australian organisation needs an AI policy now. The Voluntary AI Safety Standard expects it; APRA-regulated entities are being asked for it; boards are starting to require it as a precondition for AI investment. Most organisations don't have one.

The reasons are usually procedural rather than philosophical. A generic AI policy template from a US source doesn't fit AU regulatory context. The Big 4 consulting houses will draft you one for a six-figure fee. In-house legal counsel can do it in two weeks of focused work but rarely have the focused weeks available. The result is that policy drafting gets deferred — usually to the moment when something goes wrong and the absence of a policy becomes a problem.

We made this template because most of the work that goes into a defensible AI policy is structurally the same across organisations. The specifics differ — the regulators that apply to you, the risk register's particular items, the supplier list — but the structure is consistent. Open-sourcing the structure makes the drafting work an evening rather than a quarter.

The customisation guide that ships with the template is the part that's actually consulting work — knowing which sections need to be adapted for which industry, where the regulator-specific language sits, what the common review questions are. Putting that in writing is the part of this give-away that most other consultancies wouldn't do. We do because the half-day of saved time is worth more to us in trust than it is in billable hours.