The Australian Government has moved decisively from AI policy intent to operational AI practice. Developments over the past few months have reinforced a central point: Australia’s AI approach increasingly depends on deep professional expertise, not prescriptive regulation.

From guardrails to responsibility

With the release of the National AI Plan in December 2025, the Australian Government confirmed a risk‑based, principles‑led approach to AI governance rather than introducing a standalone AI Act. The Plan emphasises economic opportunity, adoption and capability uplift, while relying on existing, largely technology‑neutral legal and regulatory frameworks to manage AI risk—particularly in high‑impact contexts.

This approach deliberately shifts responsibility from policy design to execution. Rather than complying with a single AI‑specific statute, agencies are now expected to demonstrate that AI systems are lawful, explainable, ethical and appropriately controlled in practice. In a principles‑based model, trust is not delivered by rules alone; it is delivered through judgement, capability and assurance.

AI governance moves into delivery

At the same time, the AI Plan for the Australian Public Service (APS AI Plan 2025) and the strengthened Policy for the Responsible Use of AI in Government have translated high‑level ethical principles into concrete delivery expectations for agencies.

These include:

  • Lifecycle oversight of AI use cases
  • Clearer executive accountability arrangements
  • Structured AI risk and impact assessments
  • Defined AI incident reporting pathways
  • Mandatory foundational AI capability uplift across the APS

Taken together, these initiatives make one thing clear: AI governance is no longer abstract or optional. It is now embedded in service delivery, procurement, risk management and internal control environments across government.

Assurance becomes the trust anchor

The adoption of the National Framework for the Assurance of Artificial Intelligence in Government, alongside updated assurance guidance, further reinforces the role of independent assurance as a core trust mechanism for public‑sector AI.

The framework focuses on proportional assurance, transparency, explainability and accountability, particularly where AI systems influence rights, entitlements, regulatory decisions or public outcomes. Importantly, it is designed to complement—rather than replace—existing assurance and risk frameworks.

This evolution highlights a reality now confronting many agencies: AI risks cannot be managed by technology teams or vendors alone. Effective assurance requires multidisciplinary expertise spanning audit, risk, security, privacy, ethics and data governance.

Expertise in practice

At Anchoram Consulting, this convergence of AI, governance and assurance is already evident in our client work. Engagements increasingly sit at the intersection of AI adoption, risk management and independent assurance, particularly across government and regulated industries.

David Berkelmans brings over 25 years’ experience in IT audit and technology risk, including leading ICT‑focused internal audits across major Australian Government agencies and applying established frameworks such as the ISM, Essential Eight and enterprise risk management to emerging technologies. He was also among the first professionals globally to and the first in Canberra to obtain ISACA’s Advanced in AI Audit (AAIA) certification.

Moreover, he played a foundational role as a foundation member of the global ISACA AAIA certification working group, helping shape the very framework that now guides AI audit practices worldwide.

That work is complemented by Karen Geappen’s expertise in AI security and AI governance, including her achievement as one of the first professionals globally to obtain ISACA’s Advanced in AI Security Management (AAISM) credential. Karen has been deeply involved in global AI risk discussions, including contributions to the NIST AI Risk Management Framework and participation as a governance and risk expert in industry‑specific autonomy workshops led by NIST.

Together, this combination reflects the broader shift now underway: AI governance demands multidisciplinary, globally informed expertise, not a single technical or policy lens.

The emerging expertise gap

While AI adoption across government continues to accelerate, capability uplift is uneven. Many organisations are deploying generative and decision‑support AI faster than they are developing the internal skills required to assess bias, explainability, model risk, security exposure and downstream impacts.

This creates a growing risk that AI systems are used in ways organisations cannot adequately explain, audit or defend—particularly in a regulatory environment that relies on professional judgement rather than prescriptive rules.

From policy to trust

Australia’s current AI trajectory makes one thing clear: public trust in government AI will not be built through policy statements alone. It will be built through demonstrated capability, independent assurance and the disciplined application of professional expertise to real‑world AI use cases.

As AI moves from experimentation into core government functions, expertise is no longer a “nice to have”. It is the control that connects ethical ambition, governance frameworks and outcomes Australians can trust.

Anchoram Consulting

At Anchoram Consulting, we support government and regulated organisations as they move from AI policy to AI practice. Our focus is on helping agencies operationalise responsible AI through governance design, risk assessment, security‑by‑design and independent assurance, aligned with Australian policy settings and leading international standards.

We recognise that AI is not just a technology challenge, but a governance and trust challenge—one that requires experienced audit, risk and security professionals who can translate ethical principles and policy intent into controls, assurance and defensible decision‑making. As AI becomes embedded in core public‑sector services, this intersection of expertise is where trust is built and sustained.