Regulation

Council of Europe Framework Convention on AI

The Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law—known as the AI Convention—was opened for signature in September 2024 and entered into force in 2025. It is the first legally binding international treaty on artificial intelligence, covering the entire AI system lifecycle and applying to both public authorities and private sector actors in signatory states.

The Convention establishes a risk-based framework grounded in human rights, democratic principles and the rule of law. It requires signatory states to ensure that AI systems used within their jurisdictions respect human dignity, do not undermine democratic processes and provide effective remedies where rights are violated. Core obligations include transparency, accountability, oversight, risk assessment and management, and protections for individuals from harmful AI-driven decisions.

Initial signatories include members of the Council of Europe as well as non-member observer states including the United States, United Kingdom, Japan, Israel and Canada—extending the treaty's reach well beyond Europe. As countries ratify and implement the Convention, its obligations will flow through national legislation and into contractual and compliance requirements across their economies.

Our take on this

The Council of Europe AI Convention matters because it's legally binding—and that changes everything. Most AI governance instruments discussed in this library are voluntary guidelines, principles or standards. The AI Convention is a treaty. Where countries ratify it, obligations flow through national law and into the regulatory environments organisations must operate in. The fact that the United States, UK and Japan have signed—not just European nations—means this is shaping the regulatory environment in Australia's major trading partner economies.

The Convention's framing around human rights, democracy and the rule of law gives it a distinctive character compared to risk-management-focused frameworks like NIST RMF. It asks not just 'is this AI system safe and reliable?' but 'does this AI system respect fundamental rights and democratic principles?' That's a higher bar and a different kind of question that many organisations haven't had to answer formally before.

Why this matters for Australian organisations

Australia hasn't signed the Convention, but that doesn't make it irrelevant. The Convention's obligations will flow through the supply chains of companies operating in the economies that have signed. If your European, American or UK clients are implementing new AI obligations to meet the Convention's requirements, those obligations will reach you through procurement, contracts and partnership terms. 'Supply chain due diligence' is already a phrase being used in AI governance discussions globally, and the Convention accelerates that.

For Australian organisations with international operations or customer bases, understanding the Convention's requirements now—rather than scrambling when clients start asking—is the sensible approach. The core obligations around transparency, accountability and human oversight are consistent with what Australia's own Voluntary AI Safety Standard already asks for. If you're implementing good AI governance domestically, you'll find significant overlap with the Convention's requirements.

Australia is actively engaged in international AI governance discussions, and domestic AI regulation is expected to evolve. The Convention represents the international consensus on what legally enforceable AI governance should look like, and that consensus will influence Australia's regulatory direction.

Practical steps for adoption

  • Review your AI governance documentation for coverage of the Convention's core requirements: human rights impact assessment, transparency obligations, human oversight and effective remedy mechanisms.
  • If you have EU, UK or US clients or partners, anticipate they'll include Convention-aligned requirements in contracts and procurement—start aligning your governance documentation now.
  • For AI systems used in high-stakes decisions (employment, credit, healthcare), conduct a human rights impact assessment—the Convention requires this and it's good practice regardless.
  • Monitor Australia's engagement with the Convention—if Australia moves toward signature, domestic legal obligations will follow.

Ready to transform your AI strategy?

Partner with Australia's AI strategy and governance specialists. From adoption roadmaps to ISO 42001 audit readiness.