Logo
FrontierNews.ai

How Australia's Government Is Using NotebookLM and Copilot to Finally Make AI Useful for Real Work

Australia's Attorney-General's Department has cracked a problem that frustrated government agencies worldwide: how to use AI tools on sensitive, real-world data without compromising security. By deploying Google's NotebookLM and Microsoft's Copilot Chat in controlled cloud environments certified for protected-level data, the department has moved past the early hype cycle where AI could only process publicly available information.

Why Did Government AI Adoption Stall Before?

When federal agencies first experimented with AI tools, they hit a hard wall. Staff could only use these systems on data already in the public domain, which meant the tools were largely useless for actual government work. "People got excited about it, then they started using it, they could only use public data, and it kind of just went out of favour," explained Antony Spence, assistant secretary in charge of IT support, engagement and innovation at the Attorney-General's Department.

The result was predictable: employees abandoned the tools. "Most people went, 'That's great. I've got actual work to do, and I can't use my data, so come back to me when you've got something else'," Spence noted. This wasn't a failure of the AI itself; it was a failure of implementation. The tools couldn't access the contextually relevant data that would make them genuinely useful.

How Is the Attorney-General's Department Using These Tools Differently?

The department's new approach centers on security and human oversight. Both NotebookLM and Copilot Chat are now running in the department's own controlled cloud tenancies and are certified at the protected level, meaning they can process sensitive government data safely. This certification was the missing piece that made AI adoption viable.

But technology alone wasn't enough. The department also established what Spence calls "policy guardrails" rather than rigid rules. "There's absolutely no point giving people strict rules with AI. AI moves too quickly, and use cases evolve too quickly," Spence explained. Instead of traditional "thou shalt" and "thou shalt not" policies, the department drew on privacy law principles to create flexible guidance that lets staff use their judgment.

What Safeguards Keep Human Control in the Loop?

The department has implemented several key practices to ensure AI supplements work rather than replacing human decision-making:

  • Output Verification: Staff must verify all AI-generated outputs for accuracy before using them, keeping humans responsible for final results.
  • No Automated Decisions: The department explicitly prohibits using AI to create final versions of documents or make automated decisions; humans own the start, middle, and end of every process.
  • Usage Tracking: The department maintains records of where and how AI is being used, though not every single query. For example, using AI to draft a speech gets logged, but routine searches don't.
  • Anomaly Reporting: Staff are encouraged to report unexpected outcomes, such as gaining access to more data than intended or tools behaving unexpectedly, which helps the department build institutional knowledge about what works and what doesn't.

"We don't create any final versions using AI. It supplements our work, it augments our work, but humans own the start and finish and throughout the process. So we can't say, 'Sorry, AI created that. I don't know how it came about'," said Antony Spence.

Antony Spence, Assistant Secretary in charge of IT Support, Engagement and Innovation, Attorney-General's Department

Spence emphasized that public accountability demands this human-centered approach. "The public doesn't accept that; our senators at senate estimates won't accept that. It's really important for us that we own whatever comes out of there," he stated.

Spence

What Does This Mean for Other Organizations?

The Attorney-General's Department's approach offers a blueprint for enterprises struggling with AI adoption. The key insight is that AI tools fail not because they lack capability, but because they're deployed without proper security infrastructure, clear governance, and human oversight mechanisms. By addressing these three elements, the department transformed AI from a novelty into a practical productivity tool.

The department's strategy also reflects a broader shift in how organizations are thinking about AI integration. Rather than seeking full automation, forward-thinking enterprises are using AI to augment human expertise. NotebookLM, for instance, can help staff quickly synthesize complex documents and create study guides, but a human expert still reviews and owns the final output. This hybrid approach reduces the risk of errors while still capturing AI's efficiency gains.

The use of policy guardrails instead of rigid rules is particularly noteworthy. As AI capabilities evolve rapidly, prescriptive policies become outdated almost immediately. Guardrails give staff principles to follow while allowing flexibility for new use cases. This approach may become a model for other government agencies and large enterprises navigating similar challenges.

For knowledge workers and organizations considering AI adoption, the lesson is clear: security certification, human oversight, and flexible governance matter as much as the AI tools themselves. When those elements are in place, tools like NotebookLM and Copilot Chat can finally deliver on their promise to make work more efficient without sacrificing accountability or control.