Verification status
The submission is structured in three layers. Each layer carries a different kind of attestation. The counts below show what is in the document; the CLAIM verdicts below show the engine result for the verified layer.
CLAIMs are facts tested by the AustraliaOS verification engine against primary sources. ANALYSIS blocks are labelled AUTHOR REASONED: each is the director's reasoning over CLAIMs and names the step at which a reasonable reader could disagree. RECOMMENDATIONs are labelled AUTHOR PROPOSED: each is a recommended action motivated by named ANALYSIS blocks, not engine-verified.
CLAIM verdicts
SUPPORTED indicates the CLAIM is confirmed by at least one primary source. PARTIALLY SUPPORTED would indicate the source confirms the substance but a specific element diverges or could not be fully verified against the available source text. NOT SUPPORTED would indicate the source contradicts the CLAIM. UNVERIFIED would indicate the source was inaccessible to verification at time of publication. The 9 SUPPORTED state confirms every CLAIM in the submission against primary sources.
The 4 ANALYSIS blocks carry the submission's reasoning over those CLAIMs: that existing regulatory frameworks were designed for purposes that do not include jurisdictional exposure assessment, that the government's own published documents acknowledge the regulatory gap, that the Telstra assessment demonstrates an operational assessment methodology against Expectation 1, and that closing the gap requires defining sovereignty, requiring assessment, and providing accountable person provisions. Each names the step at which a reasonable reader could disagree.
The 6 RECOMMENDATIONs are the submission's proposed actions: a definition of data sovereignty in the Expectations document; a mandatory jurisdictional exposure assessment for Commonwealth AI procurement; an extension of the SOCI Act critical asset definitions to include AI infrastructure; a written attestation by the approving official; a public register of data centre proposal assessments; and a methodology standard modelled on the existing IRAP and PSPF assurance pathways. Each cites the ANALYSIS blocks that motivate it.
Primary sources
Verification draws on four categories of primary source. Each category is named below with the documents and statutes it attests.
- National AI Plan (Australian Government, 2 December 2025)
- Australian Government response to the Senate Select Committee on Adopting Artificial Intelligence report (1 April 2026)
- Expectations of data centres and AI infrastructure developers (23 March 2026)
- Senate Standing Committees on Environment and Communications inquiry into artificial intelligence and data centres (terms of reference)
- Security of Critical Infrastructure Act 2018 (Cth)
- Cyber and Infrastructure Security Centre, SOCI Act 2018 sector coverage page
- Privacy Act 1988 (Cth), current compilation
- OAIC Australian Privacy Principles Guidelines, Chapter 8, cross-border disclosure, version 1.3
- Commonwealth Procurement Rules (Department of Finance)
- Commonwealth Procurement Rules 2025 (full document, Department of Finance, November 2025)
- Public Governance, Performance and Accountability Act 2013 (Cth)
- Department of Finance Resource Management Guide 200, Duties of Accountable Authorities
- 18 U.S.C. §2713 (CLOUD Act disclosure obligation regardless of data location)
- 18 U.S.C. §2523 (Executive agreements under the CLOUD Act)
- 18 U.S.C. §2709 (National Security Letter compulsion authority)
- Department of Home Affairs, Australia–United States CLOUD Act Agreement page
- Cross Border Data Forum CLOUD Act FAQ (Daskal and Salgado, July 2025)
- Cleary Gottlieb CLOUD Act memo (April 2018)
How to trust this record
The integrity of this verification record rests on public-source reviewability. Every factual claim in the submission is tied to a named primary source, listed above, that is publicly accessible. Any reader, committee member, or independent reviewer can fetch the same source, locate the same passage, and confirm or contest the verdict for themselves. The verification does not ask the reader to trust an internal record; it asks the reader to check the public source directly.
AustraliaOS operates under a publicly disclosed interim audit-chain state pending migration to Australian-hosted infrastructure. The audit log entries written by the verification engine for this submission are unsigned, via the JSONL fallback path, and are not yet cryptographically chained under a HMAC key. This is the same interim state disclosed for production on the AustraliaOS landing page. It is named explicitly here rather than left implicit, in keeping with the doctrine of disclosed accuracy the submission itself argues for. The integrity guarantee on which this record stands is reviewability of public sources by the reader, not the internal audit chain; the chain is documentary, the public sources are evidentiary.
What this page is not
This verification record confirms that the factual claims in the submission match what the named primary sources state at the time of publication. It is not a guarantee of fact about the third parties or statutes named in the submission, beyond what those sources themselves say. It does not represent the submission as the decision of any Commonwealth body. Final decisions on the matters raised by the submission rest with the Senate committee, the responsible ministers, and the Parliament. The submission is decision support, not statutory authority, and the verification page confirms only that the support rests on the primary sources it cites.
For accountability, signing, and correction process, see the Accountability Statement.
Submission PDF
The full submission, authored and signed by the director, is available below. The verification status set out on this page is reflected in the document footer.