
On Wednesday in Sydney, Prime Minister Anthony Albanese announced that Australia will build an Office of AI inside the Department of the Prime Minister and Cabinet. Its brief is to design the standards that govern how the Commonwealth builds, buys and uses artificial intelligence, and to make sure every ministry works from the same rulebook rather than each writing its own. For a policy area that has spent 2026 split across a dozen regulators and agencies, this is the first real attempt at a single coordinating hand.
That should matter to you even if you have never held a contract with the Commonwealth. Once a national government builds the machinery to define AI standards centrally, the pressure on everyone downstream to align with those standards tends to arrive faster than most organisations expect.
Australia's AI governance landscape has been fragmented by design, if not by intention. The Digital Transformation Agency runs a mandatory use case register for 94 Commonwealth entities. APRA and ASIC police AI risk in financial services through CPS 230, with its final compliance deadline having landed on 1 July 2026. The ACCC has AI enabled consumer manipulation sitting inside its 2026-27 enforcement priorities, backed by penalties that doubled to $100 million per contravention in March. The Australian AI Safety Institute, established under the National AI Plan with a budget of $29.4 million over four years, tests frontier models and advises government on their risks. Each of these bodies has built its own view of what AI governance should look like, largely without reference to the others.
The Office of AI is an acknowledgement that this patchwork has a coordination problem. Based on the framing of Wednesday's announcement, it will not replace the DTA, APRA or the AI Safety Institute. It appears designed to sit above them, setting a common standard that the operational and enforcement work of each of those bodies is expected to align with over time.
What the Office of AI Is Actually Set Up to Do
The detail that matters most is where the Office sits. Housing it inside the Department of the Prime Minister and Cabinet, rather than inside a delivery agency such as the DTA or a technical body such as the AI Safety Institute, is a deliberate choice. PM&C carries cross ministry authority that a line agency does not. A standards function based there is built to be heard by every portfolio, not just the ones that already run an AI policy team.
What is interesting is that the announcement frames the Office's role as coordination and standard setting rather than direct enforcement. That is consistent with how the AI Safety Institute already operates: it tests and advises, and it does not currently issue penalties. The Office of AI looks set to occupy a similar position one level higher, defining what good looks like across government while leaving enforcement to the regulators that already have statutory teeth, among them the ACCC, APRA, OAIC and the DTA.
Why a Coordinating Function Was Missing Until Now
The absence of that function has been a real cost, not an abstract one. Picture a mid-sized professional services firm that holds Commonwealth advisory contracts, serves clients regulated by APRA and runs a customer-facing chatbot on its own website. Under the current setup, that single firm answers to three different sets of AI governance expectations that were never designed to talk to each other: DTA procurement clauses on supplier disclosure and accountability, CPS 230 obligations wherever its AI touches a regulated client relationship, and ACCC scrutiny of anything resembling a dark pattern in that chatbot. Each obligation is reasonable on its own terms. Together, without any coordinating reference point, they are three separate compliance projects built on three separate assumptions about what AI governance actually requires.
This is where most organisations struggle in practice, not with any single regulator's requirements, but with reconciling requirements that were drafted in isolation from each other. A central standards function will not remove that burden entirely, but it gives everyone a single reference point to reconcile against, rather than three or four moving targets.
What Other Jurisdictions Suggest Happens Next
Australia is not the first government to centralise AI standards after building sector specific rules first. The European Union's AI Office already coordinates oversight of general purpose AI models, and its enforcement powers have been expanding through 2026 even as the EU AI Act's own high-risk obligations move through a staged rollout. The pattern across most jurisdictions that have tried this is fairly consistent: a central standards or safety function starts out advisory, and once the institutional machinery exists, the standards it produces tend to migrate into binding requirements within a few years rather than a few decades.
In practice, a central standards office rarely stays purely advisory for long. Once a government has built the capability to define AI standards with authority across every ministry, turning those standards into enforceable obligations becomes a matter of political timing rather than institutional capacity. Organisations that treat the Office of AI as a coordination curiosity, rather than as the likely source of Australia's next binding AI obligations, are probably reading this the wrong way around.
What This Actually Requires From Your Organisation Right Now
The honest answer is that nobody outside PM&C yet knows the exact content of the standards the Office of AI will produce. What can be said with reasonable confidence is what those standards will not contradict. Every AI governance framework Australian organisations are already contending with in 2026, the DTA policy, CPS 230, ISO 42001 and the EU AI Act for anyone with European exposure, converges on the same small set of elements: an inventory of AI use cases, a named accountable owner for each one, a risk or impact assessment completed before deployment, and a process for recording and reporting incidents after the fact.
Building AI governance coordination in Australia around those four elements now is not a bet on guessing the Office of AI's eventual standard correctly. It is building the floor that almost any plausible version of that standard will sit on top of. Organisations that wait for the exact wording before acting tend to be the ones scrambling twelve months later.
What This Means for Your Organisation
We have watched Australia's AI governance landscape develop one regulator at a time over the past eighteen months, and the Office of AI is the first structural signal that government itself has recognised the coordination gap. What we see across the organisations we work with is that the ones already ahead are not the ones that guessed correctly about future regulation. They are the ones that built a use case register, named accountable owners and a repeatable assessment process before any single regulator forced them to. That infrastructure does not become obsolete when a new coordinating body arrives. It becomes the evidence base an organisation can point to when someone eventually asks how it is complying.
Key Takeaways
- Australia's new Office of AI, housed inside the Department of the Prime Minister and Cabinet, is designed to set whole of government AI standards rather than to enforce them directly, leaving that role with existing regulators such as the DTA, APRA and the ACCC.
- The Office responds to a real coordination gap: organisations that intersect with multiple regulators currently manage AI governance as several unrelated compliance projects rather than one coherent programme.
- Comparable moves in other jurisdictions, including the EU AI Office, suggest that centralised AI standards functions tend to migrate from advisory guidance to binding obligations within a few years of being established.
- The safest response is not to wait for the Office's specific standards, but to build now around the elements every existing Australian and international framework already agrees on: a use case register, accountable ownership, pre deployment assessment and incident reporting.
- Organisations that have this infrastructure in place will be better positioned regardless of what the Office of AI eventually publishes.
How Trusenta Can Help
AI Governance delivers the use case register, accountable owner assignment and risk classification that any plausible version of the Office of AI's future standard is likely to require.
Compliance Management tracks obligations across DTA policy, CPS 230, ISO 42001 and the EU AI Act in a single view, so a new coordinating standard is one more mapped framework rather than another siloed project.
AI Governance Foundations builds the governance structure, accountable ownership model and use case intake process organisations need to have in place before, not after, the Office of AI publishes its first standard.
Conclusion
The Office of AI does not yet have a rulebook. What it has is a mandate and a position inside government that all but guarantees its eventual standards will carry weight across every portfolio and, in time, across the organisations that supply to or are regulated alongside them. Australia has spent the best part of two years building AI governance one regulator at a time. This is the moment that patchwork starts to be stitched together, and the organisations that get ahead of it now will not be starting from scratch when it is.
