Harnessing AI and data through a new regulatory blueprint? Productivity Commission diverts the conversation

What it means for AI, privacy and productivity 13 min read

On 5 August 2025, the Productivity Commission released its Interim Report into 'Harnessing data and digital technologies' (Interim Report), with a series of robust recommendations and proposals that are already spurring public debate on key aspects of technology and data regulation and innovation.

In it, the Productivity Commission outlines a very different vision of the regulatory role in the tech and data economy, which is less interventionist, particularly in areas such as AI, privacy and data access. It also identifies onerous regulation as posing a material risk to economic dividends from tech and data productivity gains. But have the risks with this approach been adequately explored or is it overly optimistic?

In this Insight, we unpack the Productivity Commission’s Interim Report, explore its most contentious recommendations and highlight what they could mean for your organisation’s approach to AI, data access and privacy compliance.

Key takeaways 

• The Interim Report's recommendations include:
  • pausing economy-wide AI regulation and considering introducing a text and data mining exemption from copyright infringement.
  • developing entirely new data sharing and access regimes for other parts of the economy beyond the scope of the existing Consumer Data Right regime.
  • developing new parallel outcomes-based compliance frameworks for privacy law and reconsidering some of the proposed reform agenda, including expressly removing the right to erasure from this reform program.
  • mandating digital financial reporting for reporting entities under the Corporations Act.
• These recommendations would have a broad impact if implemented and represent a significant shift in policy.
• Interested entities should make a submission by the deadline of 5pm Monday 15 September.

Who in your organisation needs to know about this?

• AI Governance Committees
• Chief Risk Officers
• Chief Data Officers.

A call for a major rethink—but one with risks

The Interim Report sits as a critical part of the current Federal Government's broader conversation about productivity in the Australian economy. The Productivity Commission has been tasked with developing actionable recommendations to support meaningful and measurable reforms that boost productivity across five different areas of enquiry, of which 'Harnessing data and digital technology' is one. In keeping with its purpose, the Productivity Commission aims to prompt discussion and provide a counterpoint to the Government's natural approach to regulatory controls expansion.  

The Interim Report splits its findings, conclusions and recommendations across four areas of productivity opportunity, which broadly cover:

• Exploring and leveraging AI's productivity potential
• Creating newer (and simpler) pathways to expand data access regimes
• The impact of privacy regulation and proposed reform on access and use
• Encouraging digital financial reporting.

Of these, the first three contain recommendations that are the most controversial or divergent. We explore the implications from some of these key recommendations below.

Stop sign for economy-wide AI reform

On the issue of AI regulation, the Productivity Commission recommends that:

• AI-specific regulation should be the last resort, and only where existing frameworks cannot be adapted, or tech-neutral regulation is not possible; and
• all work on economy-wide 'Mandatory Guardrails for high risk AI' should be paused.

The Interim Report argues that the priority should be to conduct gap analyses in current regulation. Until more work is done to identify where specific approaches are truly needed, there is a real risk that economy-wide regulation will create duplicative, inefficient regulation that is not appropriately targeted, will create further uncertainty and will create a drag on productivity. In particular, the Productivity Commission notes that the proposed mandatory guardrails did not distinguish where high risk uses cases are already adequately dealt with under existing regulatory frameworks or tech neutral frameworks.

The experience of the EU AI Act, with its whole of economy approach, is identified as a regulatory approach which is currently an outlier, and where global efforts for similar approaches in other jurisdictions appear to be stalling.

In many ways, these recommendations are a welcome intervention. While the recommendation of the Productivity Commission is aligned with one of the models for AI regulation canvassed in the Proposals Paper for the Mandatory Guardrails, the Government has yet to provide an indication of direction (despite consultation closing in October 2024) (see our previous Insight for discussion on the topic). Having the Government provide the recommended certainty would likely be of benefit. However, the proposition that the risks of AI are best managed through continued consultation and review of existing laws, as opposed to implementing guardrails which largely emphasise risk management and transparency measures, is already being contested.

AI and copyright law: text and data-mining exception to copyright infringement.

In particular, the Productivity Commission has cited copyright law as a case study in support of its recommendation that issues posed by AI be resolved through adapting existing legal frameworks rather than AI-specific regulation.

Interestingly, this is contrary to the industry responses provided via the Copyright and AI Reference Group (CAIRG) in October 2024, in answer to a discussion paper circulated by the Attorney-General's Department on Copyright and AI Transparency Issues. The responses, which were provided across the creative, broadcasting and technology sectors, generally preferred the implementation of AI transparency requirements through whole-of-economy regulation, rather than the Copyright Act.

Further, in considering the question of whether current Australian copyright law is a barrier to building and training AI models, the Productivity Commission has proposed—as one policy option—the introduction of a fair dealing exception to copyright infringement for text and data mining, which is not limited to non-commercial use.

This echoed the ask by Scott Farquhar, as the Chair of the Tech Council of Australia, in his recent National Press Club Address, which posited that 'we are in a perverse situation where copyright holders aren't seeing any money, but we also don't see the economic upside of training and hosting models in Australia'.

The proposal for a text and data-mining exception has so far been strongly rejected by Australian copyright owners, including industry bodies representing authors and music artists, who argue it will give tech companies a 'free pass' to use their work at the cost of the creative industries.

The Interim Report accepts that, at present, large AI models are trained overseas (and it is unclear whether the introduction of the proposed exception would change this trend), and they are already being trained on unlicensed copyright materials. Currently, Australian copyright owners do not have a direct infringement claim in Australia against training that takes place overseas. By introducing the exception, copyright owners would also have no claim in Australia against training that takes place in Australia.

The Interim Report suggests that the exception could make a difference as to whether smaller, low compute models can be built and trained in Australia, such as by Australian research institutions, medical technology firms and research service providers. It notes that the exception would not be a 'blank cheque' for all copyright materials, because the use must be considered 'fair' in the circumstances.

However, given that the training of AI models necessarily involves copying of the whole of copyright materials (and at scale), it is difficult to see what practical parameters of 'fairness' could be applied in this scenario. To the extent that research institutions require use of copyright materials for research and study purposes and that use is 'fair', they would already fall within an existing fair-dealing exception.

By comparison, the Productivity Commission's proposal goes further than the corresponding text and data-mining exception in the UK (which is limited to non-commercial use and where an attempt to expand to commercial use was defeated in 2023), and the EU (which allows commercial use but also allows copyright owners to opt out).

Data access regimes: an optimistic vision beyond the CDR

The second aspect of the Interim Report's recommendations centres around enabling new, and importantly lower-cost and more efficient pathways to data access.

Extolling the benefits of greater data sharing and access on productivity gains, it calls for greater access to untapped ability to share data across the economy. Significantly, it recommends doing so through pathways other than the existing Consumer Data Right (CDR) regime, and highlights opportunities in the:

• agricultural sector (eg machinery and equipment data switching and portability)
• rental sector (eg access to rental ledgers)
• loyalty sector (eg through purchase history access).

The challenges for CDR rollout have already been acknowledged by the Government in the August 2024 'reset' of the CDR (Albanese Government to reset Consumer Data Right | Treasury Ministers), which acknowledged the high implementation costs and difficulty in achieving more sustainable uptake. As an alternative, the Interim Report recommends the Government develop lower cost and more flexible regulatory pathways to expand data access. The Interim Report suggests that be achieved through a variety of combinations, leveraging available and existing frameworks for lower complexity and ease of uptake, including:

• industry-led data exports, where sector-specific rules can be agreed for basic data use cases at an industry level, and where the Government plays a role to facilitate the development of codes; and
• standardised data transfer pathways for higher frequency data transfer implementation (eg requiring real-time feeds or interoperability).

The Interim Report suggests a review pathway to identify and assess 'readiness' of sectors, and also encourages the Government to create 'pull' incentives for engagement with data-sharing regimes and their associated costs, including reciprocity and tax incentives. It also acknowledges that legislative mandates may be required where incentives are not aligned, though does not favour them.

This vision of a sunny future with greater data access is appealing, if realised. The critiques of the challenges of the CDR regime and necessity of its prescriptive requirements are also not new. However, it remains a very vague outline, with much work to be done, and one that appears to rest on a somewhat optimistic approach to the ease of implementing such frameworks, and level of uptake for investment in voluntary codes or activities.

Businesses in sectors directly mentioned should consider responding to the Interim Report's information request on these topics.

The future of Privacy Act reform Tranche 2: privacy reform re-shaped?

The Interim Report considers the role privacy law has in unlocking productivity. In its conclusions, it takes a relatively dim view of the state of current privacy regimes, as well as the proposals for further reform.

Relevantly, it:

• highlights submissions and commentary on the burdensome compliance costs of privacy law.
• refers to (seemingly anecdotal) circumstances of unnecessary or 'overcompliance' leading to additional costs for businesses and hurdles for consumers.
• comments on the sustainability of the 'notice and consent' model, and the limits of transparency and individual agency given the complexity of disclosures and data uses.

The Interim Report then proceeds to set out a new pathway for privacy reform, one that diverges substantially from the trajectory of the 'Tranche 2' Privacy Act reforms that have long been in development.

'Outcomes-based' alternative compliance pathway

The first recommendation is for the introduction of an 'alternative' compliance pathway for Privacy Act compliance based on an 'outcomes-based' obligation, rather than a 'controls-based' framework.

According to the Interim Report, this alternative approach, which is intended to be additive to existing compliance options, would address the inefficiencies identified by providing a more effective means of achieving the privacy objectives of the Privacy Act. While leaving the model open, the Interim Report recommends either:

• Option A: an 'outcomes-based' defence for non-compliance (where entities can show they are compliant with the outcomes, even if they are non-compliant with specific aspects) (the preferred suggestion); or
• Option B: providing an additional 'outcomes-based' compliance option. Existing Privacy Act compliance procedures would remain in place as a safe harbour that entities could rely on if need be.

It also considers a complete reframing of the Privacy Act into outcomes-based compliance, but this was not favoured due to greater legislative architecture changes required.

The nature of the outcomes-based obligation was framed around best interests or duty of care obligations. Importantly, this was expressly distinguished from the 'fair and reasonable' test which is proposed to be added through the Tranche 2 Privacy reform, on the basis that this is intended as an alternative compliance pathway, not an additional requirement.

Erase the right to erasure and the impact on other Tranche 2 reforms?

The Interim Report also posits that some of the proposed Tranche 2 reforms risk exacerbating identified issues.

In particular, they recommend that the proposed right to erasure not be introduced, citing a high cost on businesses for limited benefits. The GDPR example was raised to highlight—by comparison—the complexity of the implications, while the Interim Report provided broader comments on the negative impact of the GDPR on overall economic activity in the EU.

However, the commentary refers more broadly to the impact of Tranche 2 reforms, and highlights concerns about inadequacies of the cost benefit analysis of the reforms that occurred in parallel to the Privacy Act Review. While the only explicit recommendation is around the erasure right, the Interim Report effectively calls into question the larger reform agenda—already mostly agreed in principle by the Government.

The future of Tranche 2

This is a radical proposed rethinking of privacy reform—one that potentially takes us in a very different direction from Tranche 2.

Some critiques are valid, eg the:

• challenges of the notice and consent model
• proposition that some privacy compliance activities around notices are 'tick a box' exercises
• high compliance burden that accompanies a right to erasure.

However, we expect the proposed solution will be highly contested. This is because:

• several of the proposed Tranche 2 reforms are targeted at the perceived limitations of the current regime (eg the proposed 'fair and reasonable' limit). By creating a dual-track approach, the existing limitations remain open to exploitation.
• the creation of a parallel set of privacy law compliance tests may increase complexity rather than reduce it. The Productivity Commission does not cite any examples of this approach being applied in the privacy domain globally.
• a 'best-interests' or 'duty of care' framing may not encourage innovation, and in some implementations may discourage it. Such an approach appears to impose a higher standard than both the existing law or the proposed Tranche 2 changes (including through the introduction of a fair and reasonable test).
  • In order to satisfy this, a 'best interests' approach may require those interests to take primacy.
  • This could take the law further than the GDPR, given Australian law does not currently have a balancing 'legitimate interests' processing ground, which is permitted under the GDPR except where those interests are overridden by the interests or rights of the individual.
  • This introduction may be lower risk where it is used as a defence in the context of technical non-compliance, but may still be a high bar to clear, and therefore of limited utility.
  • Close consideration would need to be given to the impact of this proposal.
• Under Option B, it is contemplated that existing privacy compliance could be a 'safe harbour'. In the world where such a protection exists, it is difficult to see organisations not falling back on traditional compliance requirements, rather than relying on a more opaque, outcomes-based approach. The Interim Report even acknowledged that this has occurred in other industries (such as financial advice).
• One aspect of the Tranche 2 reforms that the Government appears to potentially be in favour of is the direct right of action as a solution to the enforcement issues. This would likely materially increase the exposure of organisations to enforcement action, particularly through class actions.

We expect further examination of the issues raised in the Interim Report will inform the next phase of the reform agenda for privacy law (and also push it back even further).

Digital financial reporting

The final piece focuses on encouraging digital financial reporting, and is perhaps the least controversial, though could have a significant impact.

In Australia, no digital financial reporting has ever been submitted for reporting as required under the Corporations Act, despite the capability to do so since 2010 and relevant parts of the Corporations Act being separately amended to introduce electronic forms of communication and the sustainability reporting regime since then. The Interim Report identifies a number of efficiencies that would be driven by this occurring.

The Interim Report recommends that the Corporations Act be amended to mandate digital financial reporting for reporting and disclosing entities, and remove the obligation to submit hard copy and pdf reports. This would impact a wide range of Australian corporate entities, including all listed entities, and no doubt prompt a response from members and shareholder associations with views on how those materials should be accessed.

While acknowledging that there are upfront costs associated with the transition, the Productivity Commission's view is that those costs are not excessive and are lower than non-digital reporting over time.

The Productivity Commission is seeking feedback on how this should be implemented, including the scope of application and reporting requirements, and practical question on format and availability.

Actions you can take now

• Interested organisations have until 5pm on Monday 15 September to make a submission in response to the Interim Report.