21 January 2026
Helen ClarkePhillip MagnessViva SwordsLydia Cowan-DillonGrace CrowleyLeonie HigginsGeorgia Brown
The Productivity Commission’s final report on Harnessing Data and Digital Technology (the Report) delivers a suite of recommendations to the Australian Government aimed at enhancing the consumer and productivity benefits of data and digital technologies, while mitigating associated risks. A key theme of the Report, released on 19 December 2025, is to exercise care in relation to any AI-specific regulation, and to only implement measures proven necessary by way of a gap analysis. Importantly, it recommends against the immediate introduction of a text and data mining exception in copyright legislation, adopting a three-year “wait and see” approach instead. The Report also recommends replacing the Privacy Act 1988 (Cth) (Privacy Act) framework with a simple “fair and reasonable” test.
The Productivity Commission is an independent body funded by the Australian Government and its views do not necessarily reflect those of the Government. The Government has made its position clear on some issues and not others.
This article provides a brief overview of the Commission’s key recommendations and outlines some potential consequences if they are adopted by Government and become law.
AI-specific regulation to be avoided unless proven necessary
The Commission recommended that AI should continue to be regulated through existing regulatory frameworks. The Report noted that many of the risks associated with AI are not fundamentally new and can be addressed within current laws. The Report recommended that where possible, any laws enacted to address potential harms arising from AI should be technology neutral, proportionate, risk-based and outcomes-based. It concluded that AI‑specific legislation should be considered only as a last resort.
The basis for this recommendation was a concern on the part of the Commission to avoid unnecessary AI-specific laws which could have a negative impact on growth.
The Report recommends that the Government undertake systematic gap analyses to assess whether existing laws adequately address AI‑related risks. It proposes that regulatory changes only be pursued where genuine gaps are identified, and that new, AI‑specific laws should only be considered as a last resort for any use cases of AI where risks cannot be managed through updates to existing frameworks or through technology‑neutral regulation.
Copyright and AI
The Report recommends a “wait and see” approach in relation to copyright and AI.
Consistently with a recent pre-publication US Copyright Office Report[1], the Commission stated that “material, which is often protected by copyright, must be copied (at least temporarily) to undertake the training process. Under Australian copyright law, making reproductions of copyright-protected material is the exclusive right of the copyright holder.”
The Report appears to accept that Australia’s relatively narrow fair dealing defences are not generally available in relation to AI training (though they may be available in limited specific circumstances), stating that a licence will generally be required for AI training under Australian Law.
The Commission also notes that most AI training occurs outside Australia, meaning that foreign laws would apply. The Commission does not consider the potential application of the importation provisions in the Copyright Act 1968 (Cth), which apply in relation to the importation of infringing articles (including software). An article is considered an infringing article if its manufacture in Australia would have breached Australian copyright law unless an exception applies. An article (including software) will not be an infringing article if it was made in a Berne Convention country (of which there are 182) and its making did not constitute an infringement of any copyright in a work under a law of that country.[2]
The report found that licensing markets which are developing should be allowed to develop without interference. It noted that licensing agreements have been entered, particularly in relation to high-value works.
It expressed concern, however, as to the feasibility of hundreds of millions of websites utilised by AI for whom licence fees could be less than transaction costs. It found that it is unclear whether a market for licensing of such material will develop over time.
The Commission considered that it is not possible to formulate an effective policy response at this time due to uncertainty in relation to the following matters:
- how overseas copyright exceptions for text and data mining will operate in practice, including whether and to what extent they will permit the use of copyrighted material for AI training;
- how AI training might affect incentives for Australian creators to produce new content, particularly where AI‑generated outputs could lower demand for human‑created works; and
- whether licensing markets for using online material in AI training will develop without Government intervention.
Accordingly, the Commission has recommended that the Government monitor these uncertainties over a three‑year period. If the issues remain unresolved after this time, the Government should initiate an independent review of Australia’s copyright settings and the impact of AI. The overarching objective is to strike an appropriate balance, ensuring creators continue to be incentivised to produce new works, while enabling access to those works in ways that support innovation and broader public benefit.
For businesses, the Commission’s recommendation to monitor these copyright uncertainties over a three‑year period means regulatory stability in the short term, with no immediate changes to copyright settings affecting AI training. Until case law in this area develops, significant uncertainty will remain in relation to aspects of current provisions.
Importantly, the Government has separately indicated that it does not intend to introduce a text and data mining exception and is instead consulting with the Copyright and Artificial Intelligence Reference Group on options to encourage fair, legal avenues for using copyright material in AI. This was acknowledged in the Report.
Data access
The Commission recommended that the Government undertake reforms to make the Consumer Data Right (CDR) more flexible and better able to support businesses across a wider range of industries. In the short term, this includes optimising the regime for businesses in the banking and energy sectors, where the CDR already operates, by improving the way data is shared with third parties and simplifying the onboarding process for participants. Over the longer term, the Commission proposes reducing the burden of the accreditation process and the technical standards, so the framework is less onerous and can support a broader range of use cases.
The CDR operates in the banking and energy sectors. It enables consumers to transfer their data between providers accredited by the Australian Competition and Consumer Commission (ACCC). It operates on an opt-in basis, and CDR providers are subject to a number of specific privacy constraints and obligations which are similar to, but not the same as, the Australian Privacy Principles (APPs) in the Privacy Act.
The Commission proposes over the longer term reducing the burden of the accreditation process and the technical standards, so the framework is less onerous and can support a broader range of use cases.
The Report recommends that the Privacy Act should operate as the primary piece of legislation to protect individuals’ privacy in the CDR context, and that the CDR-specific privacy regime be removed. This position was supported by the submissions of various private sector organisations, as well as the Office of the Australian Information Commissioner and the ACCC, which pointed out the inefficiency of the current duplicative approach.
Privacy regulation
The Commission has recommended that the Government amend the Privacy Act to adopt a more outcomes‑based regulatory framework. Under this approach, regulated entities would be required to meet privacy obligations by achieving specified outcomes, rather than complying with prescriptive, controls‑based rules. Central to this proposed reform is the introduction of an overarching obligation requiring entities to handle personal information in a manner that is “fair and reasonable in the circumstances”.
To support this obligation, the Commission proposes that the Privacy Act be amended to include a non‑exhaustive list of factors to guide assessments of what is fair and reasonable, including considerations of proportionality, necessity and transparency. As part of the shift to an outcomes‑focused model, the Commission also recommends phasing out the existing APPs.
Implementation of the new duty would be supported by non‑legislative measures such as regulatory guidance, sector‑specific codes and practical templates and guidelines.
Last year, the Government indicated an intention to make changes to the existing Privacy Act framework contained in the second tranche of proposed reforms, which it consulted on in 2024, potentially alongside targeted measures addressing AI (see this AFR article). The proposed changes include a requirement for collections, uses and disclosures to be fair and reasonable in the circumstances which would apply in addition to the existing APPs (and other new obligations). There has not been any suggestion to date that the Government will change its approach to conform with the Productivity Commission’s recommendation.
If implemented, the recommendation would also potentially widen the gap between Australian and European Union privacy laws, which could also have implications in relation to Australia obtaining an EU adequacy decision in the future. It is likely that any such change in direction by the Government would be the subject of extensive consultation in view of these potential implications.
Digital financial reporting
The Commission recommends mandating digital annual and half‑yearly financial reporting for all disclosing entities as defined under the Corporations Act 2001 (Cth). Consistent with this shift, the existing requirement for these entities to lodge financial reports in hard‑copy or PDF would be removed. The Commission proposes that digital reporting be implemented in phases, with the Treasury to determine appropriate timelines following consultation.
This reform is expected to have an overall positive impact, as digital, machine‑readable financial reports can be processed far more efficiently and accurately than traditional hard‑copy or PDF. Digital reporting will improve productivity by reducing the time workers spend extracting, reviewing and reconciling information, while also improving the quality and reliability of their outputs. It will lower information‑processing costs for report users and make it easier for auditors to extract and transform data from digital financial reports.
Overall impact
The Commission’s recommendations aim to streamline compliance obligations and create a more flexible, innovation‑friendly environment for businesses. Different stakeholders will have different views on whether or not the right balance has been achieved. Ultimately, it will be for the Government to decide which of the Commission’s recommendations proceed. It is highly likely that further consultation will occur before any of them become law.
[1] Copyright and Artificial Intelligence, Part 3: Generative AI Training, A Report of the Register of Copyrights, May 2025.
[2] See our discussion of these provisions in our earlier article, ‘Australia’s AI copyright questions still unanswered after Getty v Stability AI’.