JavaScript is required

Administrative Guideline for the safe and responsible use of Generative Artificial Intelligence in the Victorian Public Sector

On this page

Introduction

The Victorian Government is committed to digital transformation, innovation and community safety. Generative artificial intelligence (Generative AI) tools offer opportunities to enhance public sector productivity and the way the Victorian Public Sector (VPS) delivers policies and services.

This guideline advises the VPS on the safe and responsible use of Generative AI tools and technologies for official work purposes.

Given the pace at which Generative AI is evolving and the breadth of the technology’s potential use cases, this guideline takes a principles-based approach to the use of these tools in the VPS.

Generative AI

Generative AI refers to any form of AI that generates new content and information including text, images, code and audio in response to user prompts. It is a subset of AI, which is a technology characterised by its ability to perform complex tasks that historically only a human could do, such as reasoning, learning, problem-solving, and decision-making.

Generative AI works by learning patterns and relationships in content it is trained on, then uses that knowledge to create plausible content and information in response to user prompts. The accuracy and usability of generated materials relies on the quality of prompts and the tool’s algorithms and training material. You should not use Generative AI tools to make decisions, undertake assessments or use them for other administrative actions.

Well-known Generative AI tools include:

  • ChatGPT (OpenAI)
  • Google Gemini
  • Midjourney
  • Copilot (including Microsoft 365, Edge and GitHub)
  • DALL.E
  • Synthesia
  • Perplexity
  • QuillBot

The safe and responsible use of Generative AI, as outlined in this guideline, is important to retaining public trust.

Scope

This guideline sets out minimum requirements for the use of Generative AI in the VPS.

It applies to all public service bodies and public entities as defined in the Public Administration Act 2004(opens in a new window) (in-scope organisations).

The guideline also applies to all employees, contractors, consultants and volunteers engaged directly or indirectly by in-scope organisations with access to public sector information (Personnel).

Recognising this guideline sets out minimum requirements for the use of Generative AI in the VPS, it should be read in conjunction with:

  • in-scope organisation or sector-specific policies, noting such policies may set higher thresholds or provide further detail for using Generative AI. For example, schools should apply the school-specific Generative AI guideline developed by the Department of Education.
  • relevant guidance released by relevant Victorian regulators (refer Further information).

Special bodies as defined in the Public Administration Act 2004(opens in a new window) are encouraged to adopt this guideline where appropriate and where no organisation or sector specific policy is available.

Statement

In-scope organisations and their Personnel can use Generative AI tools and technologies for official work purposes in line with this guideline, subject to the following safeguards to manage and mitigate risks of use.

  1. Agency-approved Generative AI tools are to be used ahead of publicly-available Generative AI tools.
  1. Only publicly available information can be shared with, input or uploaded into Generative AI tools that have not been approved for use by the in-scope organisation.
    • Information shared with, input or uploaded into an agency approved Generative AI tool must not exceed the protective marking determined by the in-scope organisation as appropriate for that tool.
  1. In-scope organisations are responsible for ensuring that their Personnel are aware of their responsibilities and the risks associated with the use of both agency-approved and publicly available Generative AI tools.
  1. In-scope organisations are responsible for monitoring the use of agency-approved and publicly available Generative AI tools to support their safe and responsible use by their Personnel.
  1. In-scope organisations’ Personnel remain responsible and accountable for the accuracy and quality of their work, including advice, decisions and content created.
  1. In-scope organisations’ Personnel are to continue to meet all their legislative, regulatory and administrative obligations when using Generative AI tools, including obligations under the:
    1. Privacy and Data Protection Act 2014(opens in a new window), the Victorian Protective Data Security Standards(opens in a new window), the Health Records Act 2001(opens in a new window), and the Freedom of Information Act 1982, which protect personal, health and public sector information.
    2. Victorian Charter of Human Rights and Responsibilities Act 2006(opens in a new window), which promotes and protects the values of freedom, respect, equality and dignity.
    3. Public Records Act 1973(opens in a new window) which regulates the creation, maintenance and security of public records.
    4. Codes of Conduct for Victorian Public Sector Employees(opens in a new window) and for Directors of Public Entities which set out the standards of behaviour expected and promote adherence to the public sector values in the Public Administration Act 2004.
    5. Commercial and intellectual property law.
    6. Other relevant legislation and instruments that apply to Victorian public sector bodies and public entities.

Applying Australia’s AI Ethics Principles

The Victorian Government agreed to Australia’s national framework for the assurance of artificial intelligence in government(opens in a new window) at the meeting of Data and Digital Ministers on 21 June 2024.

The framework is underpinned by Australia’s AI Ethics Principles:

  • Human, societal and environmental wellbeing: AI systems should benefit individuals, society and the environment.
  • Human-centred values: AI systems should respect human rights, diversity, and the autonomy of individuals.
  • Fairness: AI systems should be inclusive and accessible, and should not involve or result in unfair discrimination against individuals, communities or groups.
  • Privacy protection and security: AI systems should respect and uphold privacy rights and data protection, and ensure the security of data.
  • Reliability and safety: AI systems should reliably operate in accordance with their intended purpose.
  • Transparency and explainability: There should be transparency and responsible disclosure so people can understand when they are being significantly impacted by AI, and can find out when an AI system is engaging with them.
  • Contestability: When an AI system significantly impacts a person, community, group or environment, there should be a timely process to allow people to challenge the use or outcomes of the AI system.
  • Accountability: People responsible for the different phases of the AI system lifecycle should be identifiable and accountable for the outcomes of the AI systems, and human oversight of AI systems should be enabled.

In addition to the obligations outlined in this guideline, all in-scope organisations and their Personnel are to consider Australia’s AI Ethics Principles before using Generative AI tools for official work purposes.

Consequences of non-compliance

Failure to meet obligations under this guideline may result in a breach of the codes of conduct(opens in a new window) as released by the Victorian Public Sector Commission and/or legislation including, but not limited to, the Public Administration Act 2004(opens in a new window), the Privacy Data and Protection Act 2014(opens in a new window), the Health Records Act 2001(opens in a new window), Public Records Act 1973(opens in a new window), Freedom of Information Act 1982(opens in a new window) and the Victorian Charter of Human Rights and Responsibilities Act 2006(opens in a new window).

For example, as part of demonstrating Accountability under the Code of Conduct for Victorian Public Sector Employees, public sector personnel are required to make transparent accountable decisions. Therefore, the information considered in making those decisions should be accurate, available, explainable and stand up to scrutiny. Relying on Generative AI content to support decision-making without verification of its accuracy could be a breach of the Codes of Conduct for Victorian Public Sector Employees and this guideline.

Under section 36A(3) of the Public Administration Act 2004, if a public service body or a public entity to which the guideline has been issued operates, or intends to operate, in a manner that is inconsistent with this guideline, the relevant public service body Head or public entity Head must provide written reasons for doing so to the Secretary, Department of Premier and Cabinet.

Implementation

In-scope organisations are to educate their Personnel about this guideline and implement it in a way that complies with legislative obligations relating to the handling of personal and health information, and public sector data and systems.

In-scope organisations may monitor their Personnel’s use of Generative AI tools to support education and training and to ensure compliance with this guideline. This monitoring is to be done in accordance with the Office of the Victorian Information Commissioner’s Guiding Principles for Surveillance(opens in a new window).

In-scope organisations should consider implementation approaches that:

  • Caution their Personnel around their responsibilities prior to their use of agency-approved and publicly-available Generative AI tools. This can include, but is not limited to, just-in-time notifications when their Personnel access a Generative AI tool using the organisation’s network.
  • Facilitate reporting on the safe and responsible use of Generative AI tools through monitoring the use of agency-approved and publicly-available Generative AI tools on their network.
  • Provide training for their Personnel on Generative AI tools. This should include information on the benefits and risks of Generative AI and on their responsibilities related to the use of Generative AI tools for official work purposes. The Department of Government Services will develop training modules that can be adapted by in-scope organisations to meet their own business needs.

Guidance to support the practical application of this guideline is available at https://vic.gov.au/guidance-safe-responsible-use-gen-ai-vps(opens in a new window)

Review

This guideline was endorsed by the Victorian Secretaries Board (VSB) on 24 September 2024 and made by the Secretary, Department of Premier and Cabinet, on 27 November 2024.

Given the rapid evolution of Generative AI technology this guideline will be reviewed periodically. Changes to the guideline will be returned to VSB for endorsement.

Feedback on the guideline can be provided via email to vicgov.ciso@dpc.vic.gov.au(opens in a new window) and will be considered in the context of the next review.

Further information

For queries on this guideline, please contact the Cyber Security, Data and Digital Resilience Division, Department of Government Services, at vicgov.ciso@dpc.vic.gov.au(opens in a new window).

For more information, organisations should refer to their sector-specific policies and to guidance released by Victorian regulators.

The following bodies can assist with guidance regarding VPS use of Generative AI:

Definitions

Agency-approved Generative AI tools – Generative AI software, services or features that an in-scope organisation has approved for official work purposes. These tools are to have undergone privacy, cyber security and legal assessments in accordance with that organisation’s existing information technology policies and procedures.

Approval processes are to also consider obligations under this guideline, Australia’s national framework for the assurance of artificial intelligence in government and the Victorian Government’s AI Assurance Framework once released.

Artificial Intelligence (AI) – this definition is taken from the Australia’s national framework for the assurance of artificial intelligence in government and is based on the definition approved by OECD member countries in November 2023.(opens in a new window)

A machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations or decisions that can influence physical or virtual environments. Different AI systems vary in their levels of autonomy and adaptiveness after deployment.’

To avoid definitional complexities the Australian, state and territory governments should consider practical guidance for staff to identify when AI assurance processes apply, such as when:

  • the team identifies that the project, product or service uses AI
  • a vendor describes its product or service as using AI
  • users, the public or other stakeholders believe the project, product or service uses AI.

Generative AI an AI capable of generating text, images, videos, or other data using generative models, in response to user prompts.

Official Work – refers to any work carried out in connection with your VPS employment.

Publicly-available Generative AI tools – Generative AI software, services or features offered by third-party providers that have not been procured by government and assessed for safe and secure use in accordance with Victorian Government requirements. Publicly-available Generative AI tools are often offered for free upon accepting the provider’s terms of service.

Publicly-available information – Public sector information that is already publicly known or approved for public release.

Personnel refers to the employees, contractors, consultants and volunteers who may have access to a public sector information or systems in connection with the official work which they are undertaking on behalf of a public sector body or public entity.

Download

Guideline for safe and responsible use of Generative Artificial Intelligence in the Victorian Public Sector
PDF 120.01 KB
(opens in a new window)

Working in government

Updated

Back to top