Skip to content
Close
SEARCH
Contact Us
Contact Us

AI Governance and Compliance

AI Governance

AI Maturity Model

AI Management System

AI Governance Tooling and Technologies

Regulatory Compliance

AI Trust for Goverments

AI Embeded in Products and Software

AI Trust Mark

AI Embedded in Products

Digital Trust

Other Services

Trainings and Workshops

AI Trust Hub

ai_academy_1

AI Academy

Learn More

Regulations

EU AI Act (Europe)

NIST RMF 1.0 (USA)

United Kingdom

United Arab Emirates

Medical Devices Regulation (EU)

Ethics Guidelines for Trustworthy AI

All Regulations


 

Standards

ISO/IEC 42001

ISO/IEC 42005

ISO/IEC TR 24027

ISO/IEC TR 24028

ISO/IEC TR 24029-1

ISO/IEC 22989

EU Harmonized Standards

COBIT Framework

All Standards

Webinars

Our Webinars

Upcoming Webinars


Other Resources

AI Trust Hub

eu_ai_act_1

Webinars

Learn More
ai_trust_hub_1

AI Trust Hub

Learn More

Explore Our Insights

Digital Trust

AI Trust

Data Privacy

AI Maturity

AI Safety and Robustness

EU AI Act

ISO/IEC 42001

Cybersecurity

Nemko Digital News

AI - Artificial Intelligence

AI Trust

EU AI Act

GPAI Code of Practice

Korean AI Trust Mark

Webinar Announcements

About us

About
Nemko Digital Learn about us here

careers-2

Careers
Contribute towards responsible AI

1-Jun-06-2025-10-27-04-1864-AM

New Zealand AI Regulation

New Zealand AI Regulation in 2025: Building Trust Through Agile Governance

This article offers a concise guide to governance, ethics, and compliance for organisations deploying AI in New Zealand. New Zealand’s approach does not hinge on a single, comprehensive AI law. Instead, it relies on practical guidance, established legislation—especially the Privacy Act 2020—and sectoral oversight. Together, these elements create a principles-led, privacy-anchored framework that supports innovation while safeguarding people’s rights.

New Zealand’s regulatory posture toward AI is agile and proportionate. Rather than introducing a standalone AI Act, the government integrates AI expectations into the legal and regulatory settings that already exist. Two pieces of guidance shape day-to-day practice: the Public Service AI Framework, which sets expectations for government agencies, and the Responsible AI Guidance for Businesses, which supports responsible deployment in the private and mixed sectors. The Privacy Act 2020remains the key legal safeguard, ensuring that transparency, accountability, and data-protection obligations apply to AI just as they do to other digital technologies. For organisations operating in New Zealand, the practical task is to understand this guidance stack, follow the National AI Strategy, and set up governance processes that demonstrate compliance and good stewardship.

 

AI in New Zealand: Shaping Modern Governance

AI is increasingly embedded in public services, research, private enterprise and startups in New Zealand, from decision-support in health and government, to generative-AI in business, and innovation in agritech/fintech. At the same time, the government is clear that protecting rights like privacy, fairness and building public trust remain core.

​Against that backdrop, two documents shape day-to-day practice. In the public sector, agencies look to the Public Service AI Framework for how to design, deploy and oversee AI systems. In the private and mixed sectors, organisations use the Responsible AI Guidance for Businesses to translate high-level expectations into practical steps. The next two sections explain what each document asks you to do and how to use them.

 

A) The Public Service AI Framework

The Public Service AI Framework, developed by the Department of Internal Affairs, provides non-binding but authoritative direction for government agencies. It asks teams to design with people in mind, including Māori and Pacific perspectives; to make AI-supported decisions explainable and auditable; to uphold Privacy Act 2020 obligations; to address fairness and equity throughout the lifecycle; to engineer for safety and security; and to monitor and adapt systems as contexts change. In practice, agencies are expected to document purpose and provenance, conduct privacy and ethical reviews, test for bias and robustness before go-live, and maintain ongoing oversight—particularly for generative AI used in public-facing services.

 

Fig 1.0: The Public Service AI Framework places emphasis on a set of guiding principles that define how AI should be developed and used across New Zealand’s public sector, those being: 1) Continuous Improvement (of AI systems) 2) Human-Centred Design, 3) Transparency & Accountability, 4) Fairness & Equity, 5) Privacy protection, and 6) Safety & Security.

 

 

B) Responsible AI Guidance for Businesses

​The Responsible AI Guidance for Businesses sets out voluntary expectations for companies deploying AI in New Zealand. It complements existing legal duties by describing what trustworthy practice looks like in everyday operations. Businesses are encouraged to be explicit about the purpose of each AI system, the data it relies on, and the limits of its outputs; to implement privacy-by-design consistent with the Privacy Act 2020; to evaluate models for accuracy, bias and unintended impacts before and after deployment; to provide appropriate human review where automated outcomes may affect people; and to keep concise assurance artefacts—such as system or model cards—that record capabilities, constraints and evaluation results. While the guidance is not prescriptive, it gives procurers, partners and customers a common language for assessing whether an AI-enabled product is responsibly built and operated.

 

Strategic Government Initiatives in New Zealand

There are other governement initiatives that aim to strengthen public trust, encourage innovation, and ensure that AI development aligns with national values and international best practices. These efforts include the launch of a national AI strategy, updated public-sector generative AI guidance, and targeted support for businesses and research institutions driving responsible AI adoption. Check out the following initiatives:

 

1) National AI Strategy

The government published its national AI strategy, titled New Zealand’s Strategy for Artificial Intelligence: Investing with Confidence. It emphasises AI adoption, economic growth, building public trust and global alignment. Key actions include support for business uptake, skills and talent development, and international collaboration.

 

2) Public Sector Generative AI Guidance

In February 2025, the New Zealand government released Responsible AI Guidance for the Public Service: GenAI, providing updated direction on the responsible use of generative AI across government agencies. The guidance addresses key considerations such as ethics, bias and fairness, accessibility and inclusion of Māori and Pacific peoples, transparency, privacy protection, and rigorous testing to ensure safe and equitable deployment of AI tools in public services.

 

3) Sector-and risk-specific oversight

Certain sectors have flagged AI as both an enabler and a source of new vulnerabilities. In financial services, the Reserve Bank of New Zealand (RBNZ) highlighted benefits such as improved modelling and productivity, alongside concerns including model error, privacy issues, cyber-exposure, market distortions, and especially concentration risk from dependence on a small number of third-party AI providers. Its message to regulated entities is straightforward: manage AI within your existing governance, risk, and compliance arrangements while the Bank continues to monitor system-wide impacts.

 

4) Research & innovation investment

In July 2025 the government announced the New Zealand Institute for Advanced Technology—a $231m, Auckland-based initiative (2025–2029) incubated in MBIE and slated to become independent in July 2026—to turn advanced tech like AI and quantum into commercial outcomes, guided by the PM’s science advisory council

 

Privacy - A Legal Bedrock

The initiatives mentioned until now sit on top of a legal bedrock: The Privacy Act 2020. This act remains a key legal safeguard, ensuring that data protection, transparency, and accountability principles underpin all AI systems.

Safeguarding privacy and ensuring ethical integrity are central pillars of New Zealand’s AI governance approach. The government places strong emphasis on protecting personal data, maintaining transparency, and promoting fairness in all AI applications. AI systems operate responsibly and maintain public trust through Privacy Commissioner oversight, compliance with the Privacy Act 2020, and ethical standards. The Office of the Privacy Commissioner continues to play a central role in ensuring AI systems comply with the Privacy Act 2020 (data collection, usage, retention, consent, automated decision-making). Organisations deploying AI systems in New Zealand are expected to uphold strong privacy and data-protection standards in line with the Privacy Act 2020 and the country’s ethical governance principles. Examples of such standards include:

 

Fig 2.0 Key Privacy Protection Measures for Responsible AI Deployment in New Zealand

 

International Alignment & Global Positioning

New Zealand explicitly aligns with the OECD AI Principles, and engages in international fora on AI governance. The strategy emphasises being a “world-leveraging” rather than “world-leading” adopter: learning from global frameworks, adapting them to local context and avoiding over-burdening business with heavy regulation.

 

What this means for businesses

The regulatory environment encourages innovation. Businesses can adopt AI using voluntary guidance, which the government is signalling support for. The business-guidance released in 2025 reinforces this. New Zealand’s balanced approach to AI regulation creates a supportive environment for innovation while maintaining public confidence. The availability of clear, voluntary guidance helps organisations navigate compliance with greater certainty, reducing ambiguity around acceptable AI practices. Proportionate, risk-based requirements ensure that oversight remains manageable, particularly for lower-risk applications and smaller enterprises. By maintaining alignment with international standards, New Zealand enables businesses to expand globally and ensure interoperability across markets. Most importantly, the government’s focus on transparency and ethical governance strengthens public trust, encouraging wider acceptance and adoption of AI-enabled products and services.

 

Challenges and considerations

There are, however, practical hurdles. Many teams are still building capability in privacy engineering, evaluation, MLOps, and governance. Documentation can feel burdensome unless it is right-sized and integrated into existing delivery processes. Expectations will also continue to evolve, especially for high-impact deployments in areas such as finance, employment, health, and public-facing services. None of this argues for delay; it argues for a measured approach in which pilots are tightly scoped, evidence is gathered early, and feedback loops are kept short.

 

Immediate action checklist (do this now)

While New Zealand’s approach encourages innovation, organisations must remain proactive in managing emerging risks and adapting to a dynamic regulatory landscape:

  • Catalogue AI use cases and describe intended purpose, affected stakeholders, sensitivity of data, and potential impacts.
  • Establish an AI governance framework (roles, decision gates, approval records, model inventory).
  • Embed Privacy Act 2020 assessments (PIA/DPIA equivalents) and automate record-keeping/audit trails.
  • Define assurance controls: data lineage, evaluation protocols, bias testing, red-teaming, monitoring, and incident response.
  • Specify human-review points and escalation for impactful decisions.
  • Maintain model and system cards documenting capabilities, limits, and evaluations.
  • Train staff on privacy, GenAI usage, and secure handling of inputs/outputs.
  • Track updates from government guidance and your sector regulator.

 

Frequently Asked Questions (FAQ)

 

How does NZ’s approach compare globally?

It aligns with OECD principles and international fora, favouring adaptable guidance over prescriptive laws, with strong privacy obligations.

 

What is New Zealand’s view of AI?

A transformative enabler for productivity and public services—adopted with safeguards to protect rights, fairness, and public confidence.

 

What does this mean for my company?

Follow the voluntary guidance, comply with the Privacy Act 2020, document governance and assurance, and be prepared for closer attention where impacts are significant.

 

Future Directions for AI Governance in New Zealand

The framework anticipates emerging AI fields, large language models, generative-AI, autonomous systems, advanced decision-support tools and acknowledges the need for adaptive oversight. While no standalone AI Act currently exists, the government has signalled that regulatory intervention may be considered where needed. For now, existing legislation remains primary; but the landscape may shift. Annual/periodic reviews, stakeholder consultation and international developments will feed into future policy updates. New Zealand sees AI as a tool for enhanced public service delivery, improved policy outcomes, and more efficient government operations. The vision includes citizen-centric AI services, data-driven policy-making, cross-agency AI reuse and maintenance of public trust.

 

Strategic Priorities for Organizations

Following are the key priorities organizations should strategize in this regulatory environment:

  1. Build internal capability – Establish strong multidisciplinary teams in law, ethics, data governance, and technical AI oversight.
  2. Engage proactively – Treat regulation as an enabler of trust and innovation, not a constraint.
  3. Benchmark globally – Align with OECD, ISO, and other international AI standards to stay globally competitive.
  4. Plan for higher-risk AI – Anticipate stricter oversight for automated decision-making and generative AI systems.
  5. Leverage trust as an asset – Use responsible AI deployment to strengthen brand reputation and market position.

 

Fig 3.0 Strategic Priorities defined by Nemko Digital for Responsible AI readiness

 


Summary

New Zealand’s AI regulatory environment in 2025 offers a forward-looking, structured yet flexible framework. The combination of national strategy, public-sector framework, private-sector guidance and international alignment provides a coherent basis for responsible AI deployment. Organisations that embed governance, ethics, data-privacy and ongoing evaluation into their AI initiatives will be well-positioned to navigate the evolving landscape.

Dive further in the AI regulatory landscape

Nemko Digital helps you navigate the regulatory landscape with ease. Contact us to learn how.

Contact Us

Get Started on your AI Governance Journey

Contact Us