WA Government AI Assurance Framework

WA Government Artificial Intelligence Assurance Framework

Version: 2.0 | April 2025
What is the Artificial Intelligence (AI) Assurance Framework?
The AI Assurance Framework (the Framework) supports the safe, secure and reliable use of AI in alignment with the WA Government Artificial Intelligence Policy (the Policy).

The Framework aims to ensure that AI systems are designed, built and used transparently and safely. It highlights potential risks associated with an AI project and assigns a risk level. As you navigate this Framework, reflect on the risk factors associated with your project and consider further mitigation measures where necessary. This Framework is not intended to duplicate existing Information and Communication Technology governance within your entity. Where possible, use existing project documentation to complete the form.

Self-assessments against the Framework are submitted to the Office of Digital Government (DGov) for inclusion in the WA Government’s AI Register. The AI team at DGov is available to support you with any questions at ai-dgov@dpc.wa.gov.au.

Who should use the Framework?
This Framework applies to entities within the scope of the Policy. The AI ‘use case’ or ‘project’ is what you will be assessing against this Framework.

Completion of a self-assessment within this Framework should be led or reviewed by the team within your entity responsible for AI governance. Your response to this Framework must be approved by an AI Accountable Officer, an executive within your entity responsible for the governance of these technologies. This officer will be required to approve the self-assessment once you have completed it.

When to use the Framework?
A re-assessment of the AI system against this Framework should be undertaken at the completion of key milestones:
- the design and planning of a new use case, which should occur before an investment or public commitment is made;
- at the end of testing, a proof of concept, or pilot (if applicable);
- at the end of the build phase, prior to go-live or deployment;
- following roll-out, once operational; and
- prior to any major change in the system or its use.

The scope of this Framework

This Framework must be applied to non-trivial systems and projects which use AI or automated decision making. This includes the use of large language models, machine learning tools, and generative AI. This Framework should be used whether an AI system is procured, built or otherwise sourced or adapted.

The following are examples of AI use cases that would be in or out of scope for the use of this Framework:

In scope	Out of scope
Development or procurement of a bespoke AI solution AI software trained to detect specific objects in images and videos The procurement of an AI tool to streamline a business process or to support decision-making Procuring or developing a complex machine learning tool	General-purpose hardware and software with trivial smart features such as: Smart phones and laptops QR code readers Satellite Navigation Systems Predictive text in Microsoft Outlook and Word Online workflows Data entry tools and software Data analytics software

Some common AI use cases are not required to be assessed via this Framework. Please refer to guidance on these use cases to ensure their safe procurement and implementation.

Innovation pathway
Entities are encouraged to explore and innovate with AI and are not required to apply this Framework when experimenting with the technology in a contained testing environment. The following conditions must be met for this to occur:
- No personal information or sensitive government information is used;
- The data is held on local servers or tenancy within Australia and is not provided to a third party;
- Outputs do not inform the basis of any government operations, policy advice, service delivery or decision making; and
- No external AI software is procured or used in a free trial.

The AI Advisory Board
Your project will be progressed for review to the WA Government AI Advisory Board (the Board) if it meets one or more of the following threshold criteria:
- Residual risk/s (after mitigations) are mid-range or higher; or
- Funding has been provided through the Digital Capability Fund; or
- Total cost exceeds $5 million.
Projects which meet these threshold criteria will have their self-assessment submitted to the board, as well as a number of existing project artifacts. Further information is provided at the end of this form.

The purpose of the Board is to support your entity’s use of AI and ensure that the WA Government’s use of AI is as robust as possible. The Board brings independent technical and ethical expertise to projects and can recommend further mitigations to balance key risks. You can proceed with your project while it is under Board review. The advice of the Board is non-binding, but we do recommend that you consider it fully to ensure sound risk mitigation.

Invisible section collapse to allow for text underneath

Community benefit and fairness

Government entities should be able to define and document the benefits and possible harms of the AI use case to the community, environment and organisation.
What is the intended benefit of the AI solution?

In describing the direct and indirect benefits, please consider the potential risk or loss of benefits from not doing the project and how the AI solution is preferable to other alternatives.
Benefits for the community:*
Use 50 words or less
Benefits for the environment:*
Use 50 words or less
Benefits for the government (if applicable):*
Use 50 words or less
Are there potential harms posed to the community, environment and organisation?*
Consider secondary harms from unpredicted outputs, unintended bias or discrimination, and harms experienced by communities indirectly. Consider their likelihood and how readily they can be reversed. Monitor your AI system closely for unintended consequences, especially during the pilot stage, to avoid irreversible harm (use 100 words or less).
What stakeholder groups may be impacted by the AI system, and how?*
Identify relevant stakeholder groups and how they may be positively or negatively affected. Consider potential unintended impacts on employees, clients and other individuals, especially those in vulnerable groups (use 100 words or less).

Privacy, security, transparency, explainability and contestability

AI solutions must be well understood, documented, explainable and contestable. This is crucial to making AI use transparent and fair. Please provide information that is currently available to you, or indicate what is planned.
What data does the AI solution use to function, test, train, and validate? Indicate whether the data reflects the population or environment that will be impacted by your project or service?*
Identify the type of data used (government, synthetic, open, or commercial) and whether personal information is included. Classify the data per the WA Government Information Classification Policy and follow best practices and legal standards under the Privacy and Responsible Information Sharing Act 2024 (WA). Ensure AI is trained appropriately on data that represents all demographic groups, which is not always directly proportionate to the real-world population of Western Australia (use 150 words or less).
You may wish to refer to these requirements before filling out the question above:
- WA Government Information Classification Policy
- Privacy and Responsible Information Sharing Act 2024 (WA)
How is the data for your project handled?*
It is important to understand if data will be sent to a third-party vendor, and if so, how it will be retained and potentially re-used. Review contracts and terms of use with third party vendors to ensure that the way data is stored is in line with WA's data offshoring position and guidance (use 100 words or less).
You may wish to refer to these requirements before filling out the question above:
- WA's data offshoring position and guidance
What are the intended AI data outputs?*
Examples: generative text from a large language model, medical notes, summary and letters of doctor-patient appointment transcription (use 50 words or less).
How does the AI system generate these data outputs?*
When an AI system is involved in administrative decision making, decisions must be explainable, and there must be humans accountable. Provide an explanation of how your AI system reaches an outcome, including information on inputs/variables, and how these influence the reliability of the system, how results are tested, and how human oversight is implemented. If explainability is limited document the reasons and apply heightened levels of oversight and control (use 100 words or less).
How will AI outputs be monitored and reviewed over the lifecycle of the project?*
Describe how the AI will be monitored and reviewed to ensure its operation is safe, reliable, and aligned to the WA Government AI Policy. Consider data quality and algorithmic design, reliability and accuracy of outputs, equitable access and treatment for people and communities who may be impacted by the AI solution, and the use of a transparent review mechanism about the use of AI-informed outcomes. Describe how AI outputs will be monitored for changes to the AI model’s primary purpose(s) (use 150 words or less).
The WA Government AI Policy requires the community to have access to an efficient review mechanism about AI-informed outcomes that impact or engage with them. Has the use of AI been (or will it be) disclosed to all users or significantly impacted parties?*

N/AYesNo
Provide rationale:*
If no, consider how you might design and deploy your service to ensure that users and impacted stakeholders are aware of the use of AI which may impact them. Consider options for ensuring users can opt out of AI services and impacts (use 50 words or less).

Requirements
Your AI use must comply with all of the following:
- The WA Government AI Policy, and any further policy requirements expected by your entity.
- The WA Government data offshoring position and guidance.
- Privacy requirements under the Privacy and Responsible Information Sharing Act 2024 (WA).
- Cyber security requirements under the WA Government Cyber Security Policy.
- Australian anti-discrimination laws.
- Record keeping requirements under the State Records Act 2000 (WA) and Artificial Intelligence and Record Keeping guidance.
- Other relevant laws and policies.
Declaration*

Yes, I confirm that this project / AI use case complies with the above legal and policy requirements.
Note that legal advice should be sought where there are necessary compliance concerns, including when sensitive data is used by the AI system.

Assessment outcome
If all residual risks are low, any sensitive or personal data is hosted in Australia and your use case is not in a high risk category:
Manage risks within your entity and consider appropriate controls. Seek the advice of the DGov AI team at ai-dgov@dpc.wa.gov.au should you have further questions.

If there is a medium or high residual risk, you have sensitive or personal data hosted or processed offshore, or your use case is in a high risk category: 
Your project will be referred to the AI Advisory Board. This will require you to provide further existing project documentation, and a detailed risk-assessment for any elevated risks identified in this assessment. The DGov AI policy team will be in contact with you to provide further information. The Board may recommend further appropriate controls for your project.
Outcome: Review not required
Your AI use does not require review by the WA Government AI Advisory Board.
Outcome: Review required
Your AI use requires review by the WA Government AI Advisory Board.The DGov AI policy team will be in contact with you shortly to discuss next steps, including further documentation and information to be submitted.

	Threshold met?
Residual risk/s (after mitigations) are mid-range or higher
- Application(s) of AI use is/are considered to be high risk in nature
- AI use case uses OFFICIAL Sensitive government information that is hosted or processed offshore
Funding has been provided through the Digital Capability Fund
Total cost exceeds $5 million

Accountable Officer

It is crucial that someone is always responsible for the implementation and use of AI in functions and decisions of government.
Please provide the name of the AI Accountable Officer for this use case within your entity. This should be an executive leader within your entity responsible for the governance of these technologies.
Name*

First NameLast Name
Position*
Entity*
Email address*
A copy of this submission will be sent to your entity's AI Accountable Officer for approval of the AI use case.
If you have additional documents you would like the AI Accountable Officer to review, please upload them below.

Cancelof

Review and submit

Please review your responses before submitting.
Your AI use case requires review by the WA Government AI Advisory Board.
The DGov AI policy team will be in contact with you shortly to discuss next steps, after you submit this self-assessment.
Should be Empty:

	N/A	Low	Medium	High
Potential discrimination, bias or disproportionate impact on a specific community.
Potential harms to an individual, community or the environment. This includes physical safety, as well as breaches to an individual's rights, privileges and entitlements.

	N/A	Low	Medium	High
Overreliance on AI outputs in government decision-making, service delivery or business processes.
Government decision-making, service delivery or business processes being influenced by inaccurate or poor-quality data inputs and outputs of the AI model.

	N/A	Low	Medium	High
Personal or sensitive government information being misused or inappropriately collected (consider the involvement of third parties).
The AI system or use case posing reputational risks or undermining public confidence in government.
The AI system or use case raising security concerns due to the sensitivity or classification of the data used, and where the data is stored (i.e. inside Australia versus offshored as indicated in step 2).

WA Government Artificial Intelligence Assurance Framework

What is the Artificial Intelligence (AI) Assurance Framework?

AI Assurance Framework

Project information

Primary contact

Community benefit and fairness

What is the intended benefit of the AI solution?

Privacy, security, transparency, explainability and contestability

Controls

Requirements

Risk assessment

Assess the following residual risks:

Assessment outcome

Accountable Officer

Review and submit