Agentic AI in NSW government gets guardrails, named owners, and hard limits

NSW puts agentic AI on a watch list - and makes someone accountable

The NSW government has released its first plain-language guidance for the use of agentic AI across public service agencies. The message is clear: if an AI agent acts, a named human owns the outcome.

Agentic AI can operate within set parameters to plan, select tools and execute tasks. Think demand surge management, case triage, or assembling a single client view to speed up grants or disaster relief. Useful, yes - but only if responsibility, guardrails and oversight are locked in from the start.

What the minister signalled

NSW Minister for Customer Service and Digital Government Jihad Dib said the guidance is about productivity with accountability. Human oversight stays at the front of any decision-making technology. Agencies get checklists and a practical framework to deploy agents safely and ethically.

Why this matters for government leaders

Agentic AI shifts work from "doing the task" to "managing the agent that does the task." Autonomy changes the risk profile. Multi-agent setups introduce new failure modes, like one agent's error spreading through the system via conformity bias.

The guidance calls for controlled testing, transparency and named owners before any deployment touches real services or citizens.

Assign ownership and guardrails up-front

• Give every agent a named owner. No owner, no deployment.
• Provide observability: monitoring, audit logs, decision trails and cost tracking.
• Use unique identities per agent and define escalation paths that match the risk.
• Appoint a business owner for customer-facing or process automation work.
• Appoint an IT owner for system or infrastructure automations.

Core responsibilities for AI agent owners

• Design for access and inclusion. Respect cultural and language needs and know when to hand off to a human.
• Make accountability explicit. Map responsibility for components, tasks, outputs and communications across the lifecycle, including decommissioning.
• Lock authority limits. Define what the agent can do, what requires approval and what stays human-only - and prevent agents from changing those limits.
• Maintain live transparency. Track activity, tool use, memory changes and costs. Log decisions and provide plain-language explanations.
• Disclose clearly. Tell people when they're interacting with an agent, explain its scope, watermark content where possible and state how data will be used in line with privacy law.
• Continuously check compliance, bias and quality. Use dashboards and audits to detect drift, hallucinations or unwanted bias. Adjust safeguards as models or prompts change.
• Enforce data governance. Apply privacy, security and data rights controls to all data accessed or generated.
• Plan for fail-safe operation. Detect, isolate and reverse unexpected behaviour. Maintain an incident response plan and a manual override.
• Manage upgrades. Track changes to models, prompts, logic and dependencies that could alter behaviour or reliability.
• Benchmark human-AI workflows. Compare human-only, AI-only and combined approaches to validate value and risk.
• Enable safe experimentation. Use safe-to-fail sandboxes for low-risk prototypes that align with policy and community expectations.
• Set reliability standards. Define SLAs for outputs, validation, performance, escalation and ambiguity handling.
• Evaluate outcomes. Review behaviour, user feedback, long-term performance and business impact for fairness and value.
• Upskill the workforce. Train staff to think, collaborate and make decisions with agents - at the pace work now moves.
• Secure agent-to-agent communication. Set protocols, monitor interactions and add safeguards to prevent cascading failures.

Start small, prove control, then scale

Begin with constrained pilots in a safe environment. Set narrow scopes, tight authority limits and strong observability. Prove you can detect issues early, pause safely and roll back quickly.

Only expand to production after you've met service levels, passed audits and confirmed citizen benefit. Avoid multi-agent deployments until single-agent controls are mature and tested.

What "good" looks like in production

• Clear labels for any agent interaction with the public.
• Decision logs that show why a step was taken and by which component.
• Live dashboards for bias, drift, error rates and cost per outcome.
• Regular audits tied to privacy, security and records obligations.
• Documented escalation and human review for edge cases and sensitive decisions.

Policy alignment

Agencies should align deployments with statewide AI guardrails and assurance processes. See NSW's AI policy resources for standards, risk tiers and assessment practices.

NSW artificial intelligence policy resources

A practical next step for agency leaders

• Inventory any existing automations that look like agents; assign interim owners.
• Draft authority limits and escalation rules per use case; review with legal, risk and service owners.
• Stand up monitoring, audit logging and incident playbooks before any public-facing test.
• Run a time-boxed pilot on a single, low-risk process with measurable citizen benefit.

Agentic AI doesn't remove accountability - it focuses it. With named owners, clear limits and real oversight, agencies can lift service quality while keeping public trust intact.

Upskill your team
For curated training on AI operations, prompts and automation by job role, see Complete AI Training - courses by job.