AI Governance Library

The NSW AI Assessment Framework (2024)

A mandatory, lifecycle-based self-assessment framework guiding NSW Government agencies in the safe, ethical, and responsible design, deployment, and use of AI systems, with a strong focus on elevated-risk and generative AI use cases.
Jakub Szarmach
2 min read
The NSW AI Assessment Framework (2024)
The NSW AI Assessment Framework
The NSW AI Assessment Framework.pdf
1 MB
download-circle

⚡ Quick Summary

The NSW AI Assessment Framework is one of the most mature, operational AI governance tools currently used in the public sector. Mandated for NSW Government agencies, it provides a structured self-assessment process aligned with five ethics principles: community benefit, fairness, privacy and security, transparency, and accountability. The framework is explicitly lifecycle-oriented, requiring reassessment at key stages such as design, pilot, deployment, and operation. A defining feature is its strong stance on “elevated risk,” with generative AI automatically falling into this category, triggering stricter controls, documentation, and potential review by the NSW AI Review Committee. Rather than abstract principles, the framework translates ethics into concrete decision gates, pause conditions, and mitigation actions, making it a practical governance instrument rather than a purely aspirational policy document.

🧩 What’s Covered

The framework starts by defining scope and applicability, helping agencies determine whether a system constitutes AI and whether its use is potentially elevated risk. Clear triggers are provided, including autonomous operation, use of sensitive data, legal or similarly significant effects, and lack of explainability. From there, it walks users through readiness checks, including identifying responsible officers across business, technical, and data governance roles, with explicit separation of duties.

The core of the document is a detailed self-assessment structured around the five mandatory ethics principles. Each principle includes risk factor matrices, graded risk levels, and targeted questions that can force projects to pause, seek legal advice, conduct impact assessments, or redesign systems. Community benefit sections require justification of AI use over non-AI alternatives and explicit consideration of potential harms, reversibility, and cumulative effects. Fairness is addressed through data quality, representativeness, bias detection, performance metrics, and ongoing calibration. Privacy and security sections integrate privacy-by-design, PIAs, consent requirements, sensitive data handling, and alignment with NSW cyber security policy. Transparency focuses on documentation, explainability, auditability, public communication, and appeal mechanisms. Accountability clarifies human oversight, operator training, decision reversibility, and responsibility for outcomes.

The framework concludes with mitigation planning, residual risk classification, procurement-specific controls, and clear next steps, including when engagement with the NSW AI Review Committee is mandatory.

💡 Why it matters?

This framework demonstrates how AI governance can be embedded into real organisational decision-making without relying on vague ethical commitments. It operationalises ethics into enforceable controls, pause points, and accountability structures, offering a blueprint for governments and large organisations seeking to manage AI risk at scale. Its explicit treatment of generative AI, elevated risk, and human rights considerations places it ahead of many contemporaneous frameworks.

❓ What’s Missing

The framework is intentionally comprehensive, but that also makes it heavy to apply for smaller teams or low-complexity systems. While it references international standards such as ISO/IEC 42001, tighter mapping to global AI risk management frameworks could improve interoperability beyond NSW. It also focuses primarily on public-sector contexts, leaving adaptation guidance for private-sector or cross-border deployments relatively implicit.

👥 Best For

Public sector agencies, regulators, AI assurance teams, and governance professionals seeking a concrete, auditable approach to AI risk management. It is particularly valuable for organisations deploying generative AI or AI systems with legal, social, or rights-affecting impacts.

📄 Source Details

Digital NSW, The NSW AI Assessment Framework, 2024. 

📝 Thanks to

Digital NSW and the NSW Department of Customer Service for developing and maintaining one of the most practically actionable AI governance frameworks currently in use.

Framework
About the author
Jakub Szarmach

Jakub Szarmach

Read next

The AI Regulatory Capability Framework and Self-Assessment Tool

Strengthening AI Governance Through Techno-Legal Framework

Securing AI in the Supply Chain: A Comprehensive Guide to Third-Party AI Risk Assessment

Model AI Governance Framework for Agentic AI (Version 1.0)

Claude’s Constitution

AI Governance Library

Curated Library of AI Governance Resources

AI Governance Library

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to AI Governance Library.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.