AI Governance for RTOs: Building Responsible AI Policies Under the Standards for RTOs 2025

Practical compliance frameworks for RTOs adopting AI in assessment, learner support, and administration

 

Introduction: AI Governance Is No Longer a Side Experiment

When Ann-Mary Rajanayagam, Chief Technology Officer and founder of Alderon, shared on LinkedIn that a recruiter had called asking for an “AI Governance Engineer” for a major bank, she made a point that resonates well beyond financial services. Five years ago, that title did not exist. Today, AI capability, governance literacy, ethical decision-making, and stakeholder communication are converging into a single professional discipline. For Australia’s vocational education and training sector, the same convergence is happening, and it is happening under regulatory conditions that make governance not optional but essential.

The Standards for RTOs 2025, in force since 1 July 2025, have shifted ASQA’s regulatory framework decisively toward outcome-based quality, robust governance, and continuous self-assurance. The Standards do not prescribe specific AI rules, but their expectations for governance frameworks, technology integration, assessment integrity, learner support, and data protection create a clean regulatory environment in which AI use without structured governance represents a material compliance risk. ASQA has reinforced this direction through its own Artificial Intelligence Transparency Statement, which commits the regulator to responsible AI use with human-in-the-loop decision-making, protection of personal and sensitive data, clear ethical standards, and annual public reporting on AI use. The message to RTOs is unmistakable: if the regulator governs its own AI use with this level of structure and transparency, providers should be doing the same.

Broader Australian Government policy further solidifies this expectation. The APS AI Plan and the Standard for AI Transparency Statements emphasise transparent disclosure of AI use, risk assessment through the procurement lifecycle, oversight committees, and mechanisms to monitor impacts and decommission tools if harms emerge. The Australian Framework for Generative AI in Schools, endorsed in June 2025, establishes six principles, including transparency, fairness, accountability, and privacy and security, with schools expected to convert these into concrete rules on disclosure, vendor contracts, data handling, and permitted classroom uses. RTOs sit at the intersection of these frameworks. They are educational institutions subject to ASQA regulation, employers subject to workplace and privacy legislation, and in many cases, government-funded entities subject to broader public accountability expectations.

Drawing on extensive experience working with registered training organisations across Australia, I have observed that the RTOs most exposed to compliance risk in 2026 are not necessarily those using AI, but those using AI without governance. AI tools are already embedded in many RTOs, from chatbots handling learner enquiries to generative AI assisting with resource development to analytics platforms flagging at-risk students. The question is no longer whether RTOs are using AI. It is whether they are governing that use with the transparency, accountability, and rigour that the Standards for RTOs 2025 demand.

This article provides a comprehensive, practical framework for AI governance in RTOs, structured around the regulatory context, core principles, governance architecture, risk-tiered assessment, and domain-specific application across assessment, learner support, and administration.

 

1. The Regulatory and Policy Context: Why AI Governance Is Now a Compliance Imperative

1.1 The Standards for RTOs 2025 and AI

The Standards for RTOs 2025 are outcome-based and supported by practice guides that set expectations across governance, training and assessment, learner support, and the use of technology. They require RTOs to maintain robust governance frameworks, integrate technology to enhance training outcomes, and operate continuous self-assurance systems. The practice guides, grouped by focus areas such as governance and administration, training and assessment, and learner support, outline key concepts, example activities, risks to avoid, and self-assurance questions that RTOs can use to build and test their policies.

While the Standards do not contain a standalone clause titled “AI governance,” the governance expectations they establish are technology-neutral by design. An RTO that deploys an AI chatbot for learner support, uses generative AI tools in resource development, applies AI-powered analytics to monitor student progression, or permits learners to use AI in assessment tasks is, in every case, making operational decisions that fall squarely within the governance, risk management, and quality assurance obligations set out in the Standards. The absence of an explicit AI clause does not create an exemption. It creates an expectation that RTOs will exercise judgement and build governance systems that are fit for purpose, including for the technologies they deploy.

1.2 ASQA’s AI Transparency Statement

ASQA’s Artificial Intelligence Transparency Statement, published and updated as part of the agency’s accountability framework, provides a direct model for what responsible AI governance looks like in a VET regulatory context. The Statement confirms that ASQA does not currently employ AI capability in regulatory decision-making, and that any final decisions or actions are made by a human to maintain accountability and accuracy. ASQA uses AI for workplace productivity purposes such as automating routine tasks and supporting data analysis, but does so with safeguards including data protection, ethical standards, and human oversight.

The significance of this Statement for RTOs is twofold. First, it establishes a benchmark. If Australia’s national VET regulator applies human-in-the-loop controls, transparency commitments, and annual reporting obligations to its own AI use, it is reasonable to expect that RTOs will be held to comparable standards when ASQA assesses their governance and operations. Second, the Statement is explicitly modelled on the Australian Government’s Policy for the Responsible Use of AI in Government, which means RTOs can draw on a well-established set of principles and practices rather than inventing their own framework from scratch.

1.3 Broader Government AI Frameworks

The APS AI Plan and the Standard for AI Transparency Statements provide additional structure that RTOs can adapt. These frameworks emphasise transparent disclosure of how AI is used within an organisation, clear expectations of external service providers, including vendors of AI tools, risk assessment throughout the procurement and implementation lifecycle, the establishment of oversight committees or governance forums responsible for AI, and mechanisms to monitor the impacts of AI systems and decommission tools if harms or unintended consequences emerge.

The Australian Framework for Generative AI in Schools, endorsed by Education Ministers in June 2025, is particularly relevant for RTOs because it translates high-level AI ethics principles into concrete operational expectations for educational institutions. The Framework establishes six principles: Teaching and Learning, Human and Social Wellbeing, Transparency, Fairness, Accountability, and Privacy and Security. Schools are expected to develop public AI policies, require vendor explainability, prohibit training models on student data without consent, enforce strict rules against uploading identifiable student records into consumer-grade AI tools, and define clear de-implementation criteria for AI tools that do not meet governance standards. Every one of these expectations is directly transferable to the VET context, and RTOs that adopt them proactively will be well-positioned for whatever specific AI guidance ASQA may issue in the future.

 

2. Core Principles for RTO AI Governance

Drawing from the government frameworks, ASQA’s own commitments, and the educational AI frameworks now in force, RTOs should anchor their AI governance around four foundational principles. These principles are not aspirational statements. They should be embedded in policy, evidenced in practice, and testable through self-assurance processes.

2.1 Transparency

Learners, staff, and stakeholders must know which AI tools the RTO uses, for what purposes, with what limitations, and how they can seek review of any AI-assisted decision or output. Transparency is not merely a policy statement on a website. It requires active communication at enrolment, in training and assessment strategies, in learner handbooks, and in staff induction and professional development. If a learner’s formative feedback is generated or assisted by AI, the learner should know. If an analytics platform is flagging students as at-risk based on engagement data, the students should be informed that their data is being analysed and by what means. Transparency builds trust, supports informed consent, and creates a defensible position in the event of complaints, audits, or regulatory review.

2.2 Accountability and Human-in-the-Loop

Humans must remain responsible for all decisions that affect learner outcomes. AI may support, inform, and enhance the work of trainers, assessors, administrators, and support staff, but it must not replace the exercise of human professional judgement in any decision that carries consequences for a learner’s competency determination, progression, credit, recognition of prior learning, complaint resolution, or any other outcome with regulatory significance. This principle mirrors ASQA’s own stance that AI does not make regulatory decisions, and that a human decision-maker maintains accountability and accuracy at all times. For RTOs, the practical implication is that every AI-assisted process that touches assessment or learner outcomes must have a defined human review point, and that the human reviewer must be qualified, informed, and empowered to override the AI output.

2.3 Privacy, Security, and Data Protection

Student and staff data must be protected at every point of interaction with AI systems. This means that vendor contracts must include clear provisions on data residency, data retention, deletion policies, and explicit prohibitions on using RTO data to train vendor models without informed consent. Consumer-grade AI tools, such as free versions of generative AI platforms, must not be used for any purpose that involves identifiable student records, assessment evidence, health information, or sensitive personal data. RTOs must treat any AI-related data leakage or misuse as a notifiable security event under their existing data breach and cyber incident response processes. The Schools AI Framework’s prohibition on uploading identifiable student records into AI tools without risk assessment and authority is directly applicable to the VET context and should be reflected in every RTO’s AI policy.

2.4 Fairness and Wellbeing

AI use must not disadvantage specific learner cohorts, entrench bias, or undermine accessibility. RTOs serve diverse student populations, including learners with disabilities, learners from culturally and linguistically diverse backgrounds, learners with low digital literacy, and learners in remote or regional locations. AI tools that assume a baseline level of digital capability, that produce outputs biased toward certain cultural or linguistic norms, or that create barriers for learners who cannot interact with technology in standardised ways may produce inequitable outcomes that conflict with both the spirit and the letter of the Standards for RTOs 2025. AI governance must include explicit consideration of how each AI tool affects different learner cohorts, and must provide alternative pathways for learners who cannot engage with AI-mediated processes.

 

3. Governance Architecture: Structures, Roles, and Risk Assessment

3.1 The AI Use and Transparency Policy

The centrepiece of an RTO’s AI governance framework should be a public AI Use and Transparency Policy, modelled on the government AI transparency statements that ASQA, TEQSA, and the Aged Care Quality and Safety Commission have already published. This policy should describe all key AI systems in use, their purposes across assessment, learner support, and administration, the data sources they draw on, the decision stakes involved, the risk level assigned to each system, the oversight arrangements in place, and the mechanisms through which staff or learners can seek review of any AI-assisted output or decision.

The policy must be explicitly linked to the Standards for RTOs 2025, the RTO’s academic integrity policy, its privacy policy, and its cybersecurity arrangements, demonstrating integrated governance rather than a standalone technology document that sits in isolation from the RTO’s broader compliance framework. The RTO should commit to at least annual review and, where practicable, publication of an updated AI transparency statement, mirroring ASQA’s own obligation to release annual reporting on its AI systems. This annual review cycle also provides a natural trigger for assessing whether existing AI tools remain fit for purpose, whether new risks have emerged, and whether any tools should be decommissioned.

3.2 Governance Structures and Role Responsibilities

Effective AI governance requires a clear allocation of responsibilities across the organisation. For larger RTOs, this may involve establishing a dedicated AI Governance Committee or integrating AI oversight into an existing governance forum such as an Academic Board or Quality Committee. For smaller RTOs, the governance function may sit with the CEO, compliance manager, or a designated senior staff member, but the responsibilities must still be defined, documented, and operationalised. The following table maps key governance roles and their AI-specific responsibilities.

 

The allocation of these responsibilities should be documented in the RTO’s governance framework and referenced in the AI Use and Transparency Policy. For audit and self-assurance purposes, the RTO should be able to demonstrate that each role understands its AI governance responsibilities and that these responsibilities are being actively discharged, not merely documented.

3.3 Risk-Tiered AI Assessment and Approval

Not all AI use carries the same risk. An AI tool used to draft internal meeting summaries carries fundamentally different governance implications than an AI system that influences summative assessment decisions or generates learner support advice on course outcomes and visa pathways. RTOs should adopt a risk-tiered approach to AI governance that proportionately matches the level of oversight, documentation, and approval authority to the potential impact of the AI use on learner outcomes, regulatory compliance, data security, and organisational reputation.

The following risk matrix, adapted from government AI guidance and the Australian Framework for Generative AI in Schools, provides a practical starting point for RTOs.

 

For each AI tool or use case being considered, the RTO should complete a documented AI risk assessment before deployment. The assessment should record the tool’s purpose, data inputs and outputs, the vendor and hosting location, data retention and training data reuse policies, explainability assurances, integration with other RTO systems, and the human oversight arrangements in place. This documentation serves both as an internal governance record and as audit-ready evidence of the RTO’s self-assurance processes under the Standards for RTOs 2025.

 

4. AI Governance in Practice: Assessment, Learner Support, and Administration

4.1 AI in Assessment: Integrity, Conditions, and Documentation

Assessment is the domain where AI governance carries the highest stakes and the most immediate regulatory significance. ASQA’s practice guidance and its Corporate Plan 2025-26 both emphasise cracking down on fraudulent practices, including non-genuine assessment evidence and non-authentic student work. In an environment where generative AI can produce plausible assessment responses across a wide range of vocational subjects, the integrity of assessment evidence is a front-line governance concern.

The RTO’s AI governance framework must address assessment integrity at multiple levels. First, the RTO must have a clear “Use of AI in Student Assessments” policy that defines, for each qualification or unit cluster, whether AI use by learners is prohibited, permitted under conditions, or required as part of the assessment task. Where AI is permitted under conditions, those conditions must be specific and enforceable. For example, a policy might permit learners to use AI for initial research and drafting in a written assessment, provided they document the prompts used, verify all factual claims independently, and submit a reflective statement explaining how they used AI and what changes they made to the AI output. Where AI is prohibited, such as in practical demonstrations of clinical skill, safety-critical operations, or observed workplace performance, the conditions of assessment must explicitly state this, and the assessment environment must be designed to preclude undisclosed AI assistance.

Second, assessment tools themselves must be updated to include AI-specific conditions of assessment. This means adding explicit statements to assessment cover sheets, task instructions, and assessor guides about whether AI is permitted, what disclosure is required, and how assessors should evaluate evidence where AI assistance has been declared. Assessors should document how they considered AI use when judging the authenticity, sufficiency, validity, and currency of competency evidence. The RTO should retain exemplar assessments and moderation records that illustrate how AI-assisted work is handled in practice, providing both internal quality assurance evidence and audit-ready documentation.

Third, validation processes under Clauses 1.3 to 1.5 and 4.4 of the Standards for RTOs 2025 must incorporate AI-related considerations. Validation panels should be asking whether assessment tools adequately address the risk of AI-generated responses, whether the similarity of AI-generated work could undermine the validity of assessment judgements, and whether benchmark samples need to be updated to reflect the capabilities of current AI tools. These questions should be formally integrated into validation checklists, moderation meeting agendas, and internal audit protocols.

4.2 AI in Learner Support: Accuracy, Compliance, and Accessibility

AI-powered learner support tools, including chatbots, virtual assistants, and automated FAQ systems, offer genuine potential to improve responsiveness and consistency of service, particularly for RTOs managing large or geographically dispersed student cohorts. However, these tools also create governance risks that must be actively managed.

The most significant risk is the accuracy and compliance of information. An AI chatbot that provides incorrect advice about course outcomes, visa pathways, fee structures, or credit arrangements could expose the RTO to complaints, regulatory action, and liability under consumer protection legislation. AI governance must ensure that any automated learner support system is regularly tested against current, accurate information, that its responses are reviewed for compliance with marketing and consumer law obligations, and that complex or high-stakes queries are automatically escalated to human staff rather than answered by the AI system alone.

AI-driven analytics platforms that flag at-risk students based on engagement data, attendance patterns, or academic performance present a different governance challenge. Learners should be informed, through the RTO’s privacy policy and at enrolment, that their engagement data may be analysed for support purposes. The governance framework should require that human staff review all high-risk flags generated by analytics systems before any intervention is initiated. The risk of false positives, where an AI system incorrectly identifies a learner as at-risk and triggers an intervention that the learner experiences as intrusive or stigmatising, must be considered and mitigated through human review and learner engagement processes.

Accessibility is a further governance requirement. The Standards for RTOs 2025 expect learner support to be responsive to the needs of diverse cohorts. If an RTO deploys AI-based support tools as a primary interface, it must ensure that alternative, human-mediated pathways remain available for learners with low digital capability, disability, or limited English proficiency. AI tools must enhance, not replace, the RTO’s capacity to provide equitable support to all learners.

4.3 AI in Administration and Regulatory Reporting

Administrative and back-office uses of AI, including timetabling optimisation, survey analysis, routine email drafting, document management, and data analysis, generally carry lower governance risk than assessment or learner support applications. However, they are not risk-free. ASQA’s own AI Transparency Statement emphasises that even workplace productivity uses of AI require safeguards, including data protection and quality assurance.

The governance concern escalates significantly when AI touches compliance or regulatory reporting. An AI system that performs automated AVETMISS data checks, generates risk dashboards, or assists with quality indicator analysis is producing outputs that may inform regulatory submissions, audit responses, or strategic decisions. Governance must ensure that the final versions of any regulatory submissions, compliance reports, or data returns are reviewed by staff who understand both the underlying data and the regulatory requirements. AI outputs in this domain should be treated as draft inputs to human decision-making, never as final compliance artefacts.

For all administrative AI use, privacy and data quality remain fundamental. Staff should be trained on which data can and cannot be entered into AI tools, and the RTO’s AI policy should explicitly address the use of generative AI tools for internal communications, resource development, and administrative processes. The distinction between enterprise-grade AI platforms with contractual data protections and consumer-grade tools with broad data reuse permissions must be clearly understood and enforced across the organisation.

 

5. Digital Capability and Learner AI Readiness

AI governance does not operate in isolation from learner capability. The Standards for RTOs 2025 expect RTOs to assess language, literacy, numeracy, and digital literacy before enrolment and provide targeted support to ensure learners can succeed in their chosen program. Guidance on preparing for the 2025 Standards notes that RTOs will need to assess learners’ digital capability in a similar way to LLN, using frameworks like the Australian Digital Capability Framework to identify support needs and inform induction and scaffolding decisions.

This digital capability expectation underpins AI governance in a practical and direct way. RTOs should not deploy AI tools in learning or assessment environments without first establishing that learners have the digital and AI literacy needed to use those tools safely and effectively. Where learners lack the required capability, the RTO must provide scaffolding, which might include an AI literacy orientation module at induction, explicit instruction on how to use approved AI tools within the course, and ongoing support for learners who struggle with technology-mediated learning. The governance framework should document how the RTO assesses AI readiness, what support is provided, and how learners who cannot engage with AI-mediated processes are offered equitable alternative pathways.

This is not an abstract requirement. In practice, it means that an RTO deploying an AI-powered simulation in a healthcare qualification, or permitting learners to use generative AI for research and drafting in a business qualification, must have evidence that learners were assessed for their ability to engage with these tools, that those who needed support received it, and that no learner was disadvantaged by the integration of AI into the learning and assessment experience.

 

6. Monitoring, Training, and Continuous Improvement

6.1 Monitoring and Review Cycles

The Standards for RTOs 2025 encourage self-assessment and continuous improvement, including the use of digital tools to analyse feedback and outcomes. AI governance must therefore include ongoing monitoring for each AI system the RTO deploys. This means defining and tracking key performance indicators that are relevant to the AI system’s purpose and risk level. For an AI-powered learner support chatbot, relevant KPIs might include accuracy rates, escalation rates to human staff, learner satisfaction scores, and complaint patterns. For an AI analytics platform flagging at-risk students, KPIs might include false positive rates, intervention timeliness, and correlation between AI flags and actual student outcomes.

Public-sector guidance recommends a “start small and governed” approach: run tightly scoped pilots, audit data flows, map each AI tool to the relevant governance principles, and define de-implementation triggers before deployment so that the organisation knows in advance what conditions would require an AI tool to be withdrawn. This approach translates directly to the RTO context. Before deploying an AI tool at scale, RTOs should conduct a pilot phase with defined success criteria, documented data flows, and a formal review point at which the governance committee or designated authority decides whether to proceed, modify, or decommission the tool.

6.2 Staff AI Awareness and Professional Development

AI governance is only as effective as the people who implement it. Under the Standards for RTOs 2025, trainers and assessors must have vocational competency and current skills in training, assessment, and relevant industry practices. Where AI tools are integrated into delivery, assessment, or administration, staff must have the knowledge and skills to use those tools responsibly and to apply the RTO’s AI policies in their daily work.

Regulators in adjacent sectors have already set explicit expectations for staff AI training. TEQSA and the Aged Care Quality and Safety Commission both require staff to complete AI fundamentals training as part of their transparency and governance commitments. RTOs should mirror this approach by incorporating AI awareness into their professional development programs for trainers, assessors, and administrative staff. This training should cover the RTO’s AI policy and what it requires of staff, the principles of responsible AI use including transparency, human-in-the-loop, privacy, and fairness, practical skills for using approved AI tools within the RTO’s governance framework, how to identify and report AI-related risks or incidents, and the specific rules governing AI use in assessment, including how to evaluate AI-assisted learner work and how to document AI-related assessment decisions.

Professional development records should capture AI-related training as evidence of both regulatory compliance and the RTO’s commitment to building a workforce that is capable of operating responsibly in an AI-integrated environment. These records also serve as audit-ready evidence of the RTO’s self-assurance processes.

6.3 Continuous Improvement and Embedding AI in Self-Assurance

AI governance should not exist as a separate compliance silo. It should be integrated into the RTO’s broader self-assurance and continuous improvement systems. This means adding AI-related items to validation checklists, moderation meeting agendas, internal audit tools, risk register review cycles, and quality indicator analysis. When the RTO reviews its learner completion rates, satisfaction surveys, complaints data, or employer feedback, it should be asking whether any patterns are linked to AI-mediated learning, assessment, or support. When the RTO conducts assessment validation, it should be asking whether assessment tools adequately address the capabilities and risks of current AI systems.

ASQA’s Corporate Plan 2025-26 makes clear that providers with strong, evidenced self-assurance and quality outcomes may see reduced regulatory burden, while those with poor practices will face more intensive scrutiny. RTOs that can demonstrate structured, documented, and continuously improving AI governance will be in a materially stronger position than those that cannot, both in the event of audit and in their day-to-day capacity to manage the risks and realise the benefits of AI in vocational education and training.

 

7. Conclusion: Governing AI as Mainstream Practice, Not a Side Project

Ann-Mary Rajanayagam’s observation that AI capability, governance literacy, technical engineering, and ethical decision-making are converging into a single professional discipline captures precisely where the VET sector now stands. The RTOs that will navigate 2026 and beyond successfully are those that treat AI governance as a core element of their compliance, quality, and operational frameworks, not as a technology experiment managed by IT alone or a policy document produced for audit purposes and forgotten.

The regulatory foundations are already in place. The Standards for RTOs 2025 establish the governance, risk management, and self-assurance expectations. ASQA’s AI Transparency Statement provides a direct model. The APS AI Plan and the Australian Framework for Generative AI in Schools offer adaptable principles and practical templates. The expectation is clear, and the direction of travel is unmistakable: structured, transparent, risk-proportionate AI governance is becoming a baseline requirement for credible operation in Australia’s vocational education and training sector.

For RTOs, the path forward is practical and achievable. Develop an AI Use and Transparency Policy. Assign governance responsibilities. Conduct risk assessments for every AI tool. Update assessment strategies and conditions. Train staff. Inform learners. Monitor outcomes. Review and improve. These are not revolutionary steps. They are the application of good governance practice, which every RTO should already have, to a category of operational risk that is new in form but entirely familiar in principle. The RTOs that act now will be governing AI rather than being governed by it.

References and Further Reading

ASQA (2025). Standards for RTOs 2025. https://www.asqa.gov.au/rtos/2025-standards-rtos

ASQA (2025). Practice Guides for the Standards for RTOs 2025. https://www.asqa.gov.au/rtos/2025-standards-rtos/practice-guides

ASQA (2025). Artificial Intelligence (AI) Transparency Statement. https://www.asqa.gov.au/about-us/reporting-and-accountability/artificial-intelligence-ai-transparency-statement

ASQA (2025). ASQA IQ March 2025 and October 2025. https://www.asqa.gov.au/news-events/news/asqa-iq-march-2025

Aged Care Quality and Safety Commission (2025). AI Transparency Statement. https://www.agedcarequality.gov.au/resource-library/ai-transparency-statement

Australian Government Digital Transformation Agency (2025). AI Plan for the Australian Public Service. https://www.digital.gov.au/ai-plan-australian-public-service-2025-appendix-plan-deliverables

Australian Government Digital Transformation Agency (2024). Standard for AI Transparency Statements v1.1. https://www.digital.gov.au

Australian Framework for Generative AI in Schools (2025). Endorsed by Education Ministers, June 2025.

AI Course Creator / eSkilled (2025). What Is ASQA Doing About AI in Vocational Education? https://aicoursecreator.eskilled.io

TEQSA (2025). AI Transparency Statement. https://www.teqsa.gov.au/about-us/reporting-and-accountability/ai-transparency-statement

TLRG (2025). Digital Capability: Preparing for New RTO Standards 2025. https://tlrg.com.au

VET Advisory Group (2025). Navigating the Standards for RTOs 2025: A Comprehensive Guide for RTO Compliance. https://www.vetadvisorygroup.com.au