These risks and legal considerations are underpinned by a patchwork of regulation, spread across different existing laws, such as the Fair Work Act 2009 (Cth), anti-discrimination, privacy, WHS, and consumer law – rather than dedicated AI legislation. 

Recent recommendations from the Senate’s Final Report on Adopting Artificial Intelligence call for mandatory legislation for high-risk AI, including explicit coverage of workplace AI, extending WHS laws to AI risks, and requiring consultation with workers and unions when introducing AI systems that impact job roles or surveillance.^[5] However, until such reform occurs, employers must ensure compliance by navigating all relevant legal frameworks.

Legal risks and other considerations

• Bias and Discrimination

  Biases in data can result in algorithmic discrimination, for example, AI systems trained on historical data can perpetuate or even amplify past discriminatory patterns in recruitment and employment decisions. The OAIC has indicated that when planning and designing an AI model or system, bias and discrimination is an important privacy consideration.[6] AI systems learn from underlying datasets, and where those datasets contain embedded biases, the systems may replicate and reinforce those biases in their outputs – such as by drawing inferences linked to characteristics like gender, race or age – potentially resulting in discriminatory outcomes.

  The Fair Work Act and anti-discrimination laws prohibit discrimination and victimisation based on protected attributes, such as age, sex, gender, sexual orientation, disability, race, marital status, or parental status. While current laws do not specifically address AI, employers are still required to comply with these obligations. 

• Ensure safe use of AI services by end‑users

  If an organisation uses AI in the provision of its services, the provider must take reasonable steps to ensure the safety of the end users. 

  The Online Safety (Basic Online Safety Expectations) Determination 2022 (Cth) was made by the Minister for Communications under section 45 of the Online Safety Act 2021 (Cth) as part of Australia’s broader online safety regulatory framework. 

  As part of amendments made to the Determination in 2024, the Minister introduced section 8A, which requires that where a service uses or enables generative AI capabilities, the provider must take reasonable steps to prioritise end‑user safety by embedding appropriate safeguards throughout the design, implementation and ongoing operation of those capabilities, and by proactively minimising the risk that they are used to generate or facilitate unlawful or harmful content or activity. This includes, for example, conducting and responding to safety risk assessments across the AI lifecycle, providing users with clear information about the capabilities and associated risks, ensuring (as far as practicable) that training data does not include harmful or unlawful material, and implementing measures to detect and prevent prompts that would produce such material.

• WHS Laws and safety risks

  Employers are required to eliminate or (where not reasonably practicable) minimise WHS risks, ensure safe systems of work, conduct risk assessments, provide employees with information and training on their WHS obligations and maintain clear records. Employers will also owe obligations to non-employees in relation to risks arising from the use of AI, such as automated decisions that may impact on psychological safety. Although WHS legislation and codes of practice are yet to prescribe AI specific risk control measures, employers must turn their mind to how they assess and manage AI related risks in order to comply with their general WHS duty of care and risk assessment obligations. These risks include those relating to psychosocial and physical hazards as well as risks arising from overreliance on AI and technical failures. For example, AI-tools used to allocate work, manage workflows, or monitor performance, may lead to excessive workloads, unsafe shortcuts or unreasonable demands on workers if not appropriately monitored.

  In NSW, Parliament recently passed the Work Health and Safety Amendment (Digital Work Systems) Bill 2025 to amend the NSW WHS Act to include a specific duty to ensure, so far as is reasonably practicable, that the health and safety of workers is not put at risk from the use of a 'digital work system' (which is defined to include artificial intelligence), or from work allocated using such a system. Further, amendments relating to WHS entry permit holders (i.e. union officials) give them the power to access and inspect any 'digital work system' relevant to a suspected contravention of the WHS Act. 

  States and Territories across Australia have also introduced regulations, guidelines and standards for identifying and managing psychosocial hazards, with Victoria following suit with the introduction of the Occupational Health and Safety (Psychological Health) Regulations 2025 from 1 December 2025. AI can increase psychosocial risks such as role uncertainty and stress, so employers must ensure staff understand new AI systems and their implications. Regulators are shifting from education to enforcement, making risk assessment, prevention and compliance even more critical. Tools like the NSW Government’s AI WHS Scorecard help employers assess and manage AI-related risks via an AI implementation risk assessment process that aligns with national AI ethics and WHS guidance, supporting ethical and safe AI implementation.

• Privacy and confidentiality

  Any personal information processed by AI – whether in recruitment, payroll, or performance management – remains subject to privacy laws. Organisations must be transparent about how employee data is used, ensure robust data security, and update privacy policies to reflect any automated decision-making. You can read more on the most recent privacy legislation here: 'One small step for privacy reform – what the Government’s new Privacy Bill does (and doesn’t) cover'

• Cybersecurity and data breaches

  Sensitive HR data is a prime target for cyber threats. Employers must ensure that AI systems are secure, access is controlled, and regular reviews are conducted to prevent breaches.

  The OAIC have identified that the large amounts of data collected by generative AI may increase the risks related to a data breach. For example, individuals who disclose sensitive data in their conversations with AI chatbots and are not aware that the information is being retained and incorporated into a training dataset.  

  Likewise, staff who are not properly trained or supported by technical controls (such as blocking unapproved AI tools from access) are at risk of causing a data breach by uploading confidential or personal information into AI tools which are not approved. 

• Consultation

  For award covered employees, the implementation of new AI tools and systems may be considered to be, or may be part of “a major change in production, program, organisation, structure and technology” triggering award or enterprise agreement consultation obligations. Introducing new AI tools may also trigger WHS consultation obligations due to the WHS risk outlined above. 

  Even in circumstances where there may not be any legal obligation to consult, consultation with the workforce and relevant stakeholders can be a useful tool to assist employers in more accurately identifying any risks that may arise with the implementation of new AI tools and systems.

  Meaningful consultation will likely involve sharing any relevant information about the potential uses and risks of any new AI tools and systems with relevant parties and creating opportunities for those parties to express their views and to raise any concerns they may have which may contribute to the employer’s decision as to whether the new AI tool or system should be implemented.

• Other considerations

  AI decisions can be difficult to explain, especially with “black box” systems. HR must be able to justify decisions – such as hiring or disciplinary actions – if challenged by employees or regulators.

Practical Steps for HR and Safety Leaders and In-House Employment Lawyers

	1. Develop Robust AI Governance Establish clear policies for the procurement, deployment, and use of AI in HR. Assign roles and responsibilities for oversight and accountability. Consider the safety impact on third parties of AI as part of WHS governance.
	2. Conduct Privacy Impact Assessments (PIAs) and update Privacy Policy Assess whether AI systems handle personal information and identify risks early. Update privacy notices and ensure employees are informed about AI use. Prior to 10 December 2026, update organisation’s privacy policy to ensure it adheres to the new APPs 1.7 to 1.9, outlining what AI computer programs are used by the organisation, what kinds of personal information are used by the program, and what kinds of decisions are being made by the program.
	3. Ensure Transparency and Consultation The OAIC have acknowledged that using AI makes it difficult for organisations to manage the collection and use of personal information in a transparent way. For example, it is difficult for an organisation to explain how the AI system uses personal information.  Inform employees when AI is used in decision-making. Consult with staff and stakeholders before implementing new AI tools, especially where changes may affect roles or working conditions.
	4. Provide Training and Consultation Train HR and safety teams and employees on the capabilities and limitations of AI tools. Ensure privacy and cyber security is updated to explain the risks around uploading information into AI Tools which are not approved.  Require completion of training before granting access to AI systems.
	5. Monitor, Review and Update  Regularly review AI systems for compliance, fairness and effectiveness. Update policies and procedures in line with legal developments and technological advances. Ensure organisational risk assessments address risks arising from AI.
	6. Prepare for Escalation and Human Oversight  Establish clear pathways for employees to challenge or seek review of AI-driven decisions. Maintain a “human in the loop” for critical HR decisions.

AI is reshaping the HR and safety landscape, but its adoption must be underpinned by strong governance, legal compliance, and a commitment to fairness and transparency. HR and employment law professionals who proactively address these challenges will be best placed to harness AI’s benefits – while protecting their organisations and people from risk.

^{[1] Online Safety (Basic Online Safety Expectations) Determination 2022 (Cth) section 8A. 
[2] Australian Government eSafety Commissioner, eSafety requires providers of AI companion chatbots to explain how they are keeping Aussie kids safe, 23 October 2025. 
[3] Privacy and Other Legislation Amendment Act 2024 (Cth) section 88.
[4] Australian Government OAIC, Automated Decision-Making Transparency Obligation (APP 1) Issues Paper, 18 May 2026. 
[5] Parliament of Australia, Select Committee on Adopting Artificial Intelligence, Final Report, November 2024. 
[6]  OAIC, Guidance on privacy and developing and training generative AI models, last updated 23 October 2024}