Artificial intelligence is no longer something on the horizon. It is here, it is being used across Australian workplaces, and it is evolving fast.
For employers and HR professionals, the challenge is no longer about deciding whether to adopt AI. The real question is whether your organisation has the right frameworks in place to manage how it is being used, and to stay ahead of the legal, operational and financial risks that come with it.
This article sets out the key areas every employer should be thinking about right now.
The Four Key Risk Areas
1. Data and Confidentiality
This is the most immediate concern for the majority of businesses. When employees use AI tools, particularly publicly accessible ones, there is a real risk that sensitive information is being entered into systems where confidentiality cannot be guaranteed.
That could include client data, internal business information, financial records or employee details. In many cases, the data entered into public AI tools may be retained and used to train the underlying model, meaning it could influence outputs seen by competitors or the broader public.
Employers need visibility over what information is going where and clear rules about what can and cannot be entered into AI systems.
2. Accuracy and AI Hallucinations
AI-generated content is not always reliable. Generative AI tools can produce outputs that appear authoritative but are factually incorrect, fabricated or misleading. This is commonly referred to as "hallucination."
In a workplace context, the consequences of relying on unchecked AI output can be significant, from flawed financial reporting to incorrect legal references or misleading client communications.
Every organisation using AI should have a clear expectation that AI-generated content is reviewed and verified by a human before it is relied upon or shared externally
3. Third-Party Platform Risks
Not all AI tools are created equal. There is a critical distinction between:
- Public AI tools (e.g. free or consumer-grade platforms) where data protection is limited and inputs may be used to train the model
- Private or enterprise AI environments where data remains within the organisation's own systems.
Your governance framework should clearly distinguish between approved and restricted tools, with different rules applying to each.
4. Cost and Usage Management
This is an emerging risk that many organisations have not yet grappled with. Enterprise AI operates on usage-based pricing models, typically measured in tokens or processing capacity. Without controls, costs can escalate quickly.
Unmanaged usage, including employees using enterprise AI for personal tasks or low-value activities, can result in significant and unexpected expenditure. Some organisations globally have already experienced substantial cost blowouts from unmonitored AI usage.
Employers will increasingly need to consider whether AI usage is delivering genuine return on investment and set boundaries accordingly.
Building an AI Policy: What It Should Cover
A well-drafted AI policy is no longer optional. It is the foundation of responsible AI governance.
Unlike many workplace policies that exist primarily for disciplinary purposes, an AI policy serves a dual function: it educates employees about appropriate use, and it establishes enforceable expectations when things go wrong.
At a minimum, an effective AI policy should address:
- Permitted and prohibited uses: What AI can be used for, and what is off-limits
- Approved tools and platforms: Which systems are authorised, and which are restricted
- Data protection rules: Clear guidance on what information can and cannot be entered
- Human review requirements: Which outputs require verification and sign-off before use
- Personal device use: Whether and how the policy extends to AI use on employees' own devices in relation to work related activities.
- Accountability: Who within the organisation is responsible for AI governance
- Consequences: What happens when the policy is not followed
Critically, this policy should be treated as a living document. The AI landscape is shifting rapidly, and governance frameworks need to be reviewed and updated regularly to remain fit for purpose.
AI and Workforce Restructuring
Where AI is being used to drive efficiencies that lead to changes in roles or team structures, the same rules that apply to any workplace restructure are still relevant.
Key principles to follow:
- Seek early input from across the business. Decisions made solely at executive level, without frontline input, are more likely to fail or require costly correction later
- Maintain a human decision-maker. Redundancy and termination decisions must be made by an identifiable person who can articulate the reasons for the decision. This is essential for defending unfair dismissal and general protections claims.
- Fulfil consultation obligations. Formal consultation requirements under awards and enterprise agreements must be followed once a definite decision has been made.
Manage the pace of change. Rushing through restructures without adequate communication and support can give rise to psychosocial harm and regulatory intervention
AI Is Changing the Dispute Landscape
One of the most significant developments for employers is the impact AI is having on workplace disputes. The Fair Work Commission is experiencing notable increases in application volumes, particularly in general protections claims and among self-represented applicants. A key driver is the ability of AI tools to help individuals identify potential legal claims and generate detailed application materials quickly and at no cost.
For employers, this means:
- More claims to respond to, including from employees who may not have previously pursued legal action
- Higher volumes of material being filed, increasing the time and cost of defending proceedings
- Faster response expectations, as AI enables applicants to generate detailed correspondence almost instantly.
How Courts and Tribunals Are Responding to AI
The Fair Work Commission has released draft guidance requiring parties to:
- Disclose when AI has been used to prepare documents
- Verify that all facts, case references and sources are accurate
- Refrain from entering personal or confidential information into public AI systems
The New South Wales Industrial Relations Commission has taken a stricter approach.:
- AI must not be used to generate witness statements, affidavits or character references
- Documents must reflect the witness's own knowledge and voice
- A declaration must be included confirming AI was not used in preparing witness evidence
- AI can be used for written submissions, provided all references are verified.
These differing approaches highlight that the regulatory landscape is still forming. Employers involved in legal proceedings, or who may face claims, should be across these requirements and ensure their teams are aware.
What Employers Should Do Now
Employers should focus on these immediate priorities:
- Audit current AI usage: Understand who is using AI, what tools they are accessing and what data is being entered
- Implement a tailored AI policy: Set clear expectations, boundaries and accountability
- Deliver training: Ensure employees understand both the opportunities and the risks
- Distinguish between public and private AI tools: Apply different rules to different risk profiles
- Maintain human accountability: Ensure all decisions have an identifiable decision-maker behind them
- Review and refresh regularly: What works today may not be fit for purpose in 12 months.
Need Help Getting Started?
ABLA has developed practical AI governance policy frameworks that can be tailored to your organisation. Whether you need help drafting a policy or managing AI-related workplace risks, our team is here to support you. Email us at info@ablawyers.com.au to learn more, or watch our recent webinar with Luis Izzo and Kate Thomson for further insights.