From Principles to Power Points: What the Government's "AI in Australia's Interests" means for business
On 15 July 2026, the Prime Minister used a major address at the University of Sydney to set out the most consolidated statement of Commonwealth AI policy to date. The speech, "AI in Australia's interests", pairs an ambition to attract frontier AI investment with a clear signal that access to the Australian market will come with conditions.
The announcement does not appear in isolation. It builds on the National AI Plan of December 2025 and the Commonwealth Expectations for data centres and AI infrastructure released in March 2026 and it lands amid intense regulatory activity that we have tracked across the Senate's data centre and AI inquiry, the NSW data centre inquiry and proposed grid connection reforms.
What the Government has announced
The centrepiece of this new initiative is a new Office of AI within the Department of the Prime Minister and Cabinet, effective immediately. Its role is to coordinate a whole-of-government response, working with the Minister for Industry and Innovation and the Assistant Minister for Science, Technology and the Digital Economy. Its stated purpose is to replace an issue-by-issue, sector-by-sector approach with a single national framework.
The Government will develop a set of Australian Standards for AI, described as clear, consistent and mandatory. These standards will bring large AI data centres into one regulatory framework, building directly on the March 2026 Expectations, which were non-binding. The Prime Minister will seek agreement from Premiers and Chief Ministers at a National Cabinet next month, with legislation expected to be presented in Parliament early in 2027.
Several aspects are relevant for industry:
Copyright and creator control. The Government intends to legislate so that Australian writers, musicians, artists and journalists retain ownership and control of their work, including control over its price and value when used to train AI.
New national energy and water framework. The Government will create a new world first national legislated standards for the next generation of large-scale data centres to:
underwrite new power supply, pay their full share of grid connection so costs are not passed to homes or businesses, and act as net generators rather than net users of energy, including by building new renewable generation and firming to strengthen national energy resilience. Data centres will be particularly important for stabilising the grid by absorbing excess energy during the day and lowering their energy draw during peak demand periods; and
minimise water use, maximise energy efficiency and pay for any additional water infrastructure, alongside standards governing where they are built.
A deliberately flexible model. The Government has signalled it will not try to legislate for every eventuality, preferring a framework that can keep pace with change and be applied in real time.
The framework sits alongside continuing work on a digital duty of care, the risks chatbots pose to children, workplace and productivity effects, AI in schools and defence, and national security (where the 2026 National Defence Strategy identifies AI as a leading source of technological disruption).
From voluntary to mandatory: the shift that matters
The most significant change is one of legal character. The March 2026 Expectations set out benchmarks on sustainability, security and community benefit, but they were guidance rather than law. The 15 July announcement signals that these themes will be reinforced by mandatory national standards.
This mirrors a broader regulatory pattern. In financial services, APRA has already moved from framework to targeted, AI-specific expectations of boards and accountable executives. The direction across the economy is the same: voluntary guidance is hardening into enforceable obligations.
Corporate governance and board-level accountability
The framing is investment-friendly, but the practical message for industry participants is that AI oversight is moving from optional to expected. Two points warrant attention.
First, directors and other senior corporate officers need to take into account AI risk. The duty of care and diligence and the duty to act in good faith in the best interests of the corporation and for a proper purpose (Corporations Act sections 180-181) require directors and officers to understand and oversee material risks. As we have explained in detail, responsible AI adoption and strengthened governance are now regulatory expectations rather than best practice. The Federal Court's decision in ASIC v Bekier underlines that AI can assist directors and officers to discharge their section 180 duties, but only where its use is appropriately controlled.
Second, mandatory standards change the compliance posture. Once the Australian Standards for AI are legislated, compliance will not be a matter of voluntary best practice. Boards will need assurance that management can identify where AI is used, assess the associated risks and evidence compliance. That points to a defined allocation of board responsibility, an AI risk appetite and reporting lines that surface issues early. These themes are drawn together in the Governance Institute of Australia's AI Governance White Paper, to which Clayton Utz contributed.
For listed entities, the interaction with continuous disclosure should not be overlooked. Material AI investments, dependencies or exposures, including exposure to the new data centre obligations or to copyright risk, require assessment against disclosure obligations.
Implications for business
The announcement adds several items to the diligence agenda for businesses involving AI developers, data-driven businesses and digital infrastructure. As we noted in M&A-I? Artificial Intelligence in the transaction process, AI is now embedded in the deal cycle itself, which sharpens the need for human oversight and board-level understanding of how AI-assisted diligence was conducted.
In addition, the following matters are relevant from a commercial and legal perspective:
Training data provenance and IP risk. The Government's position on creator control makes the origin of a target's training data a first-order issue. Acquirers will want to understand whether models were trained on Australian creative or news content, whether appropriate licences exist and what exposure exists to future claims. The absence of a copyright exemption means this risk cannot be assumed away. Similar contracting and IP concerns arise on procurement, as we set out in Procuring AI: risks organisations must consider.
Data centre economics. For data centre and infrastructure assets, the new energy and water obligations go directly to value and may result in more cautious investment in data centres including delays in making final investment decisions to proceed with data centre developments. The requirement to underwrite new power supply, meet full grid connection costs and operate as a net energy generator will affect capital expenditure, operating costs and timelines. Diligence should test the status of development and other essential approvals, grid connection strategy and the proposed AEMC technical standards, energy sourcing and firming, water and broader social licence commitments. Structuring options such as co-locating battery storage and broader questions of baseload supply for AI infrastructure will increasingly shape valuations. Our earlier guidance on reassessing due diligence protocols for data centre assets remains relevant.
Regulatory approvals and foreign investment. The Government promises faster approvals, but the framework is not yet law and - as our analysis of the Senate inquiry notes - the interplay between State facilitation and Commonwealth regulatory expectations will require careful navigation. Transaction timetables should account for that uncertainty. Foreign investment review remains relevant, particularly where data centres or AI assets engage critical infrastructure and national security considerations.
Transaction documents. Expect AI-specific representations and warranties covering training data, IP ownership and licensing and compliance with emerging standards, supported by targeted indemnities. Conditions precedent may be used to manage regulatory uncertainty and completion mechanics may need to reflect the phased introduction of the standards.
Regulatory and compliance risks
Several risks are already crystallising, even ahead of legislation:
Copyright exposure. This is the clearest near-term risk. Businesses that train or deploy AI on unlicensed Australian creative or news content face potential legal and reputational exposure and Australia's approach diverges from jurisdictions that have contemplated broad text-and-data-mining exceptions.
Novel energy and water standards. The net-generator concept is another compliance burden, with project design, capex and timeline implications, compounded by overlapping Commonwealth, State and local powers over planning, energy and water, as canvassed in our NSW data centre inquiry analysis.
Transitional fragmentation. Until National Cabinet agreement and legislation are in place, businesses must continue to navigate a patchwork of jurisdictional regimes.
Parallel regimes. Privacy, consumer protection, anti-discrimination and sector-specific rules continue to apply. As our Public Law Essentials guidance on AI explains, the new framework supplements rather than replaces existing obligations.
Matters to look out for
Much remains undecided and industry participants should pay attention to the following matters now:
Scope and calibration of the standards. The Government has said it will avoid legislating for every eventuality. How much practical certainty a principles-based model will deliver and how "high-risk" uses will be treated is not yet clear.
The copyright mechanism. How creator control will operate in practice, including licensing and remuneration models, whether the regime is opt-in or opt-out and whether it reaches models already trained, remains to be seen.
Thresholds. The definition of a "large data centre" and the point at which the energy and water standards bite (as well as the nature and extent of those standards) is still to be settled.
Role of the Office of AI. Whether the Office will act as coordinator, standard-setter or enforcer and how penalties and enforcement will work, is undefined.
Interaction with existing law. How the standards will sit alongside privacy reform, consumer law, State and Commonwealth approval regimes and earlier proposals for mandatory guardrails on high-risk AI is not yet known.
How businesses and advisers should prepare
The framework is not yet law, but the direction is set and industry participants should consider implementing the following:
Map AI use across the enterprise. Build an inventory of where AI is developed, procured and deployed, including third-party tools, so exposure can be assessed.
Strengthen board oversight. Allocate clear responsibility for AI at board or committee level, update risk frameworks and appetite statements and invest in director education, consistent with the guidance regarding director duties noted above.
Audit data and IP practices. Review the provenance of training data, secure licences for Australian content where needed and check supplier and customer contracts for adequate warranties and liability allocation.
Model the data centre obligations. For infrastructure participants, build the energy and water requirements into site selection, feasibility, financing and valuation work early and plan for tighter settings on renewable generation, network investment and reporting.
Refresh the M&A playbook. Update diligence checklists, representations, warranties and indemnities to address AI-specific risk.
Engage with consultation. The Government will consult industry and trading partners as it designs the framework, which gives business a genuine opportunity to shape the outcome.
Get in touch