Rules and best practice in NZ for algorithm and AI system delivery are currently fragmented across different laws and guidance

Deployers of AI systems in government face a complex maze of laws, principles, standards, and guidance to deploy AI safely and effectively. This approach can be advantageous, as broad rules address long-lasting risks or support enduring objectives – rules relevant regardless of context or technology. Specific rules are created by specialised entities with the expertise to manage certain risks or achieve certain objectives. Figure 1 depicts this guidance ecosystem as a layered pyramid, with higher-level instruments becoming more technically specific, while guidance in instruments below it remains applicable. Following guidance at all levels is essential to maximising the benefits.

This fragmentation becomes problematic when each specialist entity develops its own framework, toolkit, or checklist for AI, often with overlapping elements. This issue worsens for implementing agencies, which must interpret the various rules and tools and incorporate these frameworks into their policies. While this integration can help tailor governance to each agency’s operational environment, a lack of a common scope and framework leads to inconsistent recordkeeping across agencies. This inconsistency makes it harder for the public –including academia and the media – or even a government system leader, to understand AI use across the government.

Figure 1: Current hierarchy of laws, standards, principles, and guidance that inform the use of information, information technology, algorithms, and AI systems, coloured by the type of instrument, and outlined if the instrument is maintained by a system leader. Following guidance in all layers is essential to fully realise its benefits.

1.1 Generic legislation mandates broad obligations on the use of AI, like transparency, privacy and information provenance

As previously discussed, generic legislation establishes lasting rules that persist regardless of context or technology. Three such acts serve as technology-neutral mechanisms that address specific risks through principles or rights-based regulation. The Official Information Act 1982 mitigates government opacity and promotes good decision-making and behaviour through freedom of information mechanisms (Box 1.1.1). The Privacy Act 2020 mitigates unauthorised and harmful collection, use, and disclosure of personal information, which infringes on individuals’ rights to privacy (Box 1.1.2). The Public Records Act 2005 mitigates the erosion of accountability caused by poor and incomplete record-keeping (Box 1.1.3). Together, this ecosystem provides a stable regulatory baseline for democratic accountability. This baseline endures regardless of the technology in use and therefore applies to AI systems.

1.2 Automating statutory decisions and actions must be legislated

Establishing legislation, the laws that set up an entity and determine its mandate, may include provisions that enable Automated Electronic Systems (AES) to perform actions specified in legislation that only specified authorised people (typically the chief executive) can do, as if such an authorised person performed the action themselves. While the term is not defined in law, it can reasonably be understood to include any algorithm or AI (as defined in Section 4) that makes decisions without human intervention. AES provisions typically follow this pattern:

• Arranging the use of an AES

  • Outlining which statutory roles and actions the system can substitute

  • System must be able to perform the actions “with reasonable reliability”

  • A human alternative must always be available to perform the action instead

  • Allowing systems with components outside New Zealand to be used

  • Mandating consultation with the Privacy Commissioner

• Describing the effect of the use of the system

  • Treating its action as done properly, as if it were done by the specified person

  • If its actions are clearly wrong, they may be done by people

• Describing offences against an AES if applicable

  • Failure to comply with requirements or directions from an AES

  • Obstructing, hindering, damaging or impairing an AES

  • Deceiving or withholding information from an AES

  • Covering legislation-specific offences, e.g. manipulating offending goods seized by an AES without its permission.

This pattern is not in legislation where powers are conferred on entities rather than specified individuals. For example, the Accident Compensation Corporation (ACC) – a Crown agent with well-publicised automated decision-making – is not empowered to use AES. Most of its administrative decisions are conferred on “the Corporation”, not on a chief executive or a qualified person. ACC may need specific AES provisions if it wishes to automate complicated decisions that must be made by qualified assessors, such as rehabilitation support needs.

Explicit legislation is required to say the system’s action counts as a specified person’s action, if the legislation requires a specified person to perform an action to be automated.

1.3 Agencies may be given the power to enact secondary legislation on their own

Two examples of secondary legislation have already been mentioned:

• Privacy Act codes of practice, issued by the Privacy Commissioner

• Information and records management standard, issued by Archives New Zealand

Secondary legislation holds the same authority as any other Act of Parliament. However, it is usually drafted by the agency responsible for administering the Act. The Cabinet Manual describes secondary legislation as addressing matters of detail, technical issues, or those likely to require frequent changes. Therefore, this regulatory route is preferred for giving effect to generic principles (like those in the Acts mentioned) by clarifying obligations at a technical level. For the Privacy Act 2020, secondary legislation can also modify the Act’s obligations in specific situations. For instance, the Health Information Privacy Code clarifies when health privacy protections are stronger (e.g. parents have less access once a child is 16 or older) or weaker (e.g. legal representatives of deceased or incapacitated individuals may access information).

AI systems must also follow any secondary legislation that applies to the context it is being used, or data it is using.

1.4 Government-wide standards and guidance provide all-of-Government best practice in particular areas

The Public Service Act 2020 enables the designation of a specific agency as a system leader to “lead and co-ordinate best practice in a particular subject matter area” across all government sectors. This leadership is realised through setting standards or guidance in such areas. Standards are applicable to public service agencies, while guidance applies to any Crown organisation. These standards and guidance were issued before the 2020 act, with varying levels of enforceability. Some are mandated by Cabinet directives or ministerial instructions; others are voluntary best practice. The following section describes relevant system leaders whose guidance influences the use of AI systems as of December 2025.

1.5 Government agencies use international standard risk methodologies, and new standards are emerging to facilitate AI system risk management

The PSR requires agencies to follow ISO 31000 to manage risk, a widely practiced international standard. ISO 31000 does not impose a checklist exercise but actively involves organisations in identifying specific risks, analysing their impact, assessing risk acceptability, and deciding on appropriate actions (accept, transfer, mitigate, avoid).

The PSR also references the ISO 27000 family of standards, which provides specific guidance on information security risk management and is already widely used by government agencies. A new family of ISO standards is emerging for the governance and risk management of AI systems, mirroring the structure of the ISO 27000 family. There are gaps, as shown in Table 1, but all listed AI system standards are officially published with full ISO consensus.

Notably, early-adopter government agencies like ACC have opted to adopt the American federal government’s standard for AI risk management, given their reliance on the same American standards for cybersecurity and privacy.

Table 1: Functional alignment between ISO information system and AI system standards

Mandatory security requirements are largely based on international standards. Agencies can confidently adopt emerging recognised international standards for AI risk management as future requirements are likely to closely align with them.

1.6 Frameworks help affirm Māori sovereignty over their data, and algorithms developed from their data

Iwi Māori retain tino rangatiratanga over all their taonga, as guaranteed in Article 2 of Te Tiriti o Waitangi. This rangatiratanga extends to any data about or from Māori people and culture, as outlined in Wai 2522¹. Te Mana Raraunga, a network of Māori experts in data, has devised principles (which are currently not mandated across government) to promote practices that affirm Māori data sovereignty, as outlined in Table 2.

Table 2: Principles of Māori Data Sovereignty. From Te Mana Raraunga, October 2018. https://www.temanararaunga.maori.nz/principles-of-maori-data-sovereignty

This framework was extended by Brown et al. (2024) to promote the sovereignty of algorithmic systems (not just the algorithm itself, but the inputs, output interpretation, design, and ongoing management), informed by data about or from Māori. In addition to the obligations above regarding data used by algorithms, the framework also offers further algorithm-specific guidance for each principle, as outlined in Table 3.

Table 3: Principles of Māori Algorithmic Sovereignty. From _Paul T. Brown, Daniel Wilson, Kiri West, Kirita-Rose Escott, Kiya Basabas, Ben Ritchie, Danielle Lucas, Ivy Taia, Natalie Kusabs, Te Taka Keegan, April 2024. Māori Algorithmic Sovereignty: Idea, Principles, and Use. https://datascience.codata.org/articles/10.5334/dsj-2024-015

Te Kāhui Raraunga, under the direction of the Data Iwi Leaders Group, have devised Māori Data and AI Governance frameworks for use within the public service. The Māori Data Governance model implements the six principles from Te Mana Raraunga. Five values frame the directives under the eight pou, which categorise actions that give effect to the values, as shown in Table 4.

Table 4: Māori Data Governance Model (with Māori AI Governance Model overlaid in bold). From Tahu Kukutai, Kyla Campbell-Kamariera, Aroha Mead, Kirikowhai Mikaere, Caleb Moses, Jesse Whitehead and Donna Cormack, 2023. Māori data governance model, Te Kāhui Raraunga, https://www.kahuiraraunga.io/maoridatagovernance and Te Kāhui Raraunga, 2025. Māori Artificial Intelligence Governance Framework. Contextualised advice for AI use, extending the Māori data governance model, https://www.kahuiraraunga.io/maoriaigovernance

Much like the NZISM outlines how to comply with the PSR’s principles, the Māori Data and AI Governance Models outline requirements that affirm the principles of Māori data sovereignty that arise from Te Tiriti o Waitangi.

1.7 Agencies set their own departmental policies and procedures to clearly establish accountability for following laws, standards and guidance

These laws, standards, and guidance ultimately have operational effect when embedded in an agency’s policies and enforced by the chief executive through managerial consequences. Departmental policies define legal obligations, set expectations, and tailor standards to their operating environments, serving as the most effective means of implementing and holding agencies accountable for complying with laws, standards, and guidance.

Most agencies with AI policies focus mainly on GenAI tools: authorising only approved tools, forbidding the use of sensitive information, raising awareness of risks, mandating training, and defining roles and responsibilities. Agencies that have published departmental policies for AI use include:

• Ministry of Social Development: predates generative AI but exemplifies mature policies and – more importantly – procedures for algorithm and AI development. Their ADM Standard² outlines baseline requirements for any algorithm that makes decisions, supplemented with technical guidance for more complex systems within their Model Development Lifecycle³.

• Courts of New Zealand⁴: provides specific guidance for specific roles, with the same principles throughout, and plain English explanations of the limitations of GenAI and why the risks exist. Notably, the use of GenAI need not be disclosed unless requested by the courts.

• Land Information New Zealand⁵: anonymise names when discussing personal scenarios with AI, disclosing AI use for externally released work, work with Treaty partners if Māori data is involved, or Māori interests may be affected in the use of AI.

• Accident Compensation Corporation⁶: mandating human oversight throughout use, actively protecting taonga Māori in accordance with Treaty commitments, prescribing unacceptable use of GenAI (e.g. for client care, for resourcing decisions, with personal, health or confidential information).

• New Zealand Police⁷: mandating labelling to disclose where GenAI is being used, external vendor disclosure of GenAI use, requiring Tier 2 approval for urgent unapproved uses, prohibiting fully automated (no human in the loop) GenAI, prohibiting use of AI in court, requiring audit logs for complete recordkeeping.

Departmental policies are ultimately how standards and guidance are given effect: as expectations on staff relying on internal accountability. They are also an opportunity to tailor policy around what agencies do and how they operate.

1.8 Action: Establish a New Zealand Artificial Intelligence Manual (NZAIM) to unify technical guidance in implementing trustworthy government AI systems

The right laws and principles for promoting trustworthy AI system delivery are already in place. The OIA’s transparency requirements effectively bind agencies to thoroughly consider best practice – offered but not mandated by other guidance instruments – when designing transparent AI systems trusted to make decisions independently. Other best practice around fairness and non-discrimination are promoted through recognising the ex-post risk of an investigation finding AI decisions to be unlawful, mistaken or discriminatory.

However, the current guidance ecosystem is missing a keystone instrument that provides a single, authoritative source of technical guidance on controlling risks and promoting the norms identified by other relevant instruments.⁸ To reduce existing fragmentation, this unified guidance should organise all the objectives of each guidance instrument and mandate or recommend technical controls, along with their rationale. This approach is already employed by the NZISM, which provides agencies with flexibility around specific controls it recommends but does not mandate, requiring agencies to document and accept the residual risk of non-use. These controls are supported by a structured certification and accreditation process standardising system assurance. This approach has streamlined cybersecurity practice in government and transparently models best practice for non-government entities.

An NZAIM can not only promote these outcomes for government AI but also for private AI by providing a consumer signal that accredits, rather than outright regulation that compels, best practice. The GCDO has committed to an AI assurance model and toolkit by 2027, as well as a separate deliverable on safety certifications. Like the NZISM, an NZAIM would encompass both.

The NZAIM would catalogue gold standard technical controls for AI risk management in government, helping technical practitioners give effect to all the different guidance instruments, and model best practice for the private sector.

References