The GCDO’s PSAIF and RAIG are not currently a unified guidance framework
The Public Service AI Framework (PSAIF) is a strategy, not an implementation framework. It offers an achievable vision, grounds it in the OECD AI Principles and our unique legal context, and identifies a work programme to realise the PSAIF’s desired outcome. Viewed as a strategy, the PSAIF is fit for purpose as it provides strategic direction and defines what good looks like. While it helps agencies devise their own AI strategies, it does not specify how agencies should execute this strategy. For example, the PSAIF correctly identifies the OIA as a relevant law that applies to AI. However, the PSAIF does not explain how the OIA places significant constraints on AI usage, as in Box 1.1.1.
Instead, the Responsible AI Guidance (RAIG) – a suite of guidance with the first in the series focusing on Public Service GenAI (RAIG-PSG) – outlines the ‘how’. It shows potential as a comprehensive, unified guidance framework. Its GenAI guidance provides useful, novel advice for that technology and references existing guidance such as the NZISM and GWS. However, RAIG-PSG does not sufficiently incorporate best practice from the earlier Algorithm Charter or the later RAIG for businesses. Furthermore, the RAIG-PSG mentions but does not organise its guidance around the principles of the PSAIF.
Section 2.4 outlined how a redeveloped GCDS policy should interact with the GCDO framework. GCDS policy should uplift organisational data culture, and GCDO guidance should acknowledge how AI developers should employ existing mechanisms recommended by GCDS policy. This section outlines how to harmonise the frameworks that the GCDO is responsible for.
3.1 Action: Align guidance for businesses and the public service
Some of the best guidance for responsible AI delivery comes from an agency that has no system leadership over AI in the public service – the Ministry for Business, Innovation and Employment (MBIE). As the leader of microeconomic policy, MBIE has been tasked by Cabinet with helping businesses use AI responsibly. This work culminated in the National AI Strategy and the Responsible AI Guidance for Businesses (RAIG-B), released in July 2025. This separation of roles has not resulted in markedly different guidance despite the contrasting risk profiles and incentives in the public and private sectors. On the contrary, RAIG-B offers useful technical guidance applicable to the public sector and could be adopted more broadly in a comprehensive NZAIM. Some points emphasised in RAIG-B are not as clear in the current RAIG-PSG, including:
-
An emphasis on ensuring high-quality, fit-for-purpose training data, and framing bias and unfairness as originating from poor quality data – which leads to poorly performing AI. RAIG-PSG considers this an independent concept that is only mitigated through process controls. RAIG-B correctly highlights that technical controls are equally effective, providing useful examples such as “a facial recognition model to be used in New Zealand would likely be more accurate and effective if trained on images representative of the New Zealand population”.
-
Encouraging consideration of the legality and ethics of certain data collection and use. While RAIG-PSG recognises agencies’ Privacy Act obligations, it does not acknowledge other sorts of legally and ethically contentious data collection identified in RAIG-B, such as using copyrighted work without permission and being cautious with web scraping. RAIG-B emphasises that options are available for obtaining ethically trained AI systems. Its advice on Māori data is more comprehensive and affirming of Māori sovereignty than Crown guidance, despite only the Crown having formal commitments to iwi Māori.
Responsible AI guidance for businesses also provides useful technical advice for government agencies. This advice should be integrated into the NZAIM.
3.2 Action: Reorganise all guidance around the PSAIF to provide clarity on how agencies meet the expectations of the strategy
While the PSAIF and RAIG-PSG are fit for purpose as independent artefacts, reading them in conjunction can be difficult, as they are not structured similarly. The two were released simultaneously from the same agency, so it is unclear why the RAIG-PSG has opted to use the OECD AI Principles, rather than the principles of the PSAIF, which have been “inform[ed]” by the OECD principles but ostensibly modified for the New Zealand context.
The PSAIF prompts the consideration of legal and regulatory instruments, but the RAIG-PSG does not acknowledge important laws that enforce its guidance, such as the transparency obligations arising from the OIA, the anti-discrimination obligations from the Human Rights Act, and only references the Privacy Act once. The RAIG-PSG does not mention the Treaty of Waitangi or relevant Waitangi Tribunal findings, which the PSAIF identifies as significant constitutional context. The RAIG-PSG does not mention “social licence” which the PSAIF identifies as one of its six pillars.
As discussed before, the AIA toolkit can be reorganised around the PSAIF principles. This approach aligns with the PIA toolkit, organised around the information privacy principles.
As the suite of responsible AI guidance expands, greater structural consistency across guidance artefacts can improve usability and coherence of the GCDO’s overall strategy and guidance ecosystem. Clearly aligning subordinate guidance with the PSAIF can enhance this framework’s operational effectiveness by translating its strategic intent and vision into clear actions for agencies. Structural alignment may also further enable agencies to responsibly innovate with novel forms of AI (such as the emerging techniques discussed in Section 4.3), by establishing precedents through which the PSAIF can be given practical effect, rather than agencies relying on prescriptive guidance, each with its own unique structure.
The PSAIF provides a flexible framework to organise AI guidance. The RAIGs and the AIA toolkit should be organised around the principles of the PSAIF.