Australia's First AI Workplace Safety Law Has Arrived
NSW has passed the Work Health and Safety Amendment (Digital Work Systems) Bill 2026, amending the Work Health and Safety Act 2011 (NSW) to require employers to manage worker safety risks from AI and other digital work systems. This is not a future concern. It is current law, passed by NSW Parliament, and it changes what your WHS obligations look like from this point forward.
On this page
If your organisation holds ISO 45001 certification, uses AI tools for workforce management, or operates in a sector like manufacturing or professional services where digital monitoring is common, you need to understand what this legislation requires and what it means for your management system. This article breaks it all down in plain terms.
What the NSW Digital Work Systems Bill Actually Requires
The legislation amends the existing WHS Act to bring AI and digital work systems into the core duty of care framework. This is significant because it does not create a separate AI law sitting beside WHS. It integrates AI risk directly into the same obligations employers already have for physical hazards like machinery, chemicals, and manual handling.
Under the amended Act, employers must now identify, assess, and control WHS risks that arise from AI and other digital work systems. The categories of risk specifically called out include:
- Excessive workloads generated or driven by algorithmic systems
- Unreasonable monitoring of workers through digital tools
- Discriminatory decision-making by AI systems affecting employment outcomes
- Performance tracking practices that create psychological or physical harm
Importantly, the legislation also grants union officials new powers to inspect AI systems used in the workplace. That means your AI tools, the data they generate, and the decisions they influence are now potentially subject to formal scrutiny by external parties. Once the provisions commence, non-compliance could result in prohibition notices or prosecution under the existing WHS Act enforcement framework.
Why This Matters Specifically for ISO 45001 Certified Organisations
ISO 45001 is built around the concept of identifying hazards and managing risks to worker health and safety. That is its core purpose. The NSW legislation does not conflict with ISO 45001. What it does is expand the scope of what counts as a hazard in a way that many certified organisations have not yet addressed in their management systems.
Most ISO 45001 implementations I have reviewed over the years focus heavily on physical hazards. That makes sense for manufacturing, construction, and logistics. But the risk register rarely includes things like an AI scheduling tool that consistently assigns one demographic group to less desirable shifts, or a performance monitoring system that flags workers as underperforming based on flawed algorithmic outputs.
These are now legally recognised WHS hazards in NSW. If your ISO 45001 scope covers NSW operations and you use digital systems that touch any of the risk categories listed above, your current hazard identification process almost certainly has a gap.
What a Gap Looks Like in Practice
Consider a mid-sized logistics company in Western Sydney with ISO 45001 certification. They use an AI-powered route optimisation and performance tracking system that measures driver delivery times and generates daily performance scores. The system is used to flag underperforming drivers for review.
Under the old WHS framework, this system would not typically appear in a hazard register. Under the amended Act, the psychological impact of constant algorithmic monitoring, the risk of discriminatory scoring, and the workload pressures created by unrealistic AI-generated targets are all now hazards that must be identified, assessed, and controlled.
If this company's ISO 45001 system does not capture these risks, it has a conformance gap. And if a union official requests access to inspect the AI system and the employer cannot demonstrate how risks have been assessed and managed, the exposure is significant.
The ISO 45003 Connection You Cannot Ignore
If you are not already familiar with ISO 45003, now is the time to get across it. ISO 45003 is the guidance standard for managing psychosocial risks within an occupational health and safety management system. It sits alongside ISO 45001 and covers exactly the kinds of harms the NSW legislation is targeting.
Excessive monitoring, algorithmic pressure, fear of automated performance decisions, and the anxiety that comes from opaque AI-driven management are all psychosocial hazards. ISO 45003 provides the framework for identifying and controlling them. The NSW legislation essentially makes many of these ISO 45003 concerns into hard legal obligations rather than best practice guidance.
If your organisation has ISO 45001 but has not implemented ISO 45003 guidance, this legislation is a strong signal to close that gap. You do not need separate certification in ISO 45003, it is a guidance document, but integrating its principles into your existing management system is now practically necessary for NSW compliance.
ISO 42001 and the Broader AI Governance Picture
The NSW legislation does not exist in isolation. It is part of a broader regulatory and standards movement toward formalising AI governance. ISO/IEC 42001, the international standard for AI management systems, provides a structured framework for governing AI use within an organisation. It covers risk assessment, transparency, accountability, and the human impact of AI decisions.
For organisations that use AI tools in ways that affect workers, ISO 42001 certification or at minimum alignment with its requirements is becoming a credible way to demonstrate that AI governance is taken seriously. The NSW legislation creates a direct bridge between AI governance and WHS compliance. Organisations that can show structured AI risk management, documented controls, and regular review processes will be in a far stronger position if they face regulatory scrutiny or union inspection.
This is not about getting another certificate for the sake of it. It is about being able to demonstrate, with evidence, that your AI systems have been assessed for worker safety impacts and that controls are in place. That is what auditors and regulators will be looking for.
What ISO 37301 Adds to the Picture
ISO 37301 is the compliance management system standard. For organisations operating across multiple jurisdictions, or in sectors with significant regulatory exposure, ISO 37301 provides the framework for systematically tracking and responding to legal obligations.
The NSW Digital Work Systems Bill is exactly the kind of legislative development that an ISO 37301 compliance program should capture. If you have an ISO 37301 compliance management system, your legal register and compliance obligations register should already be flagging this legislation. If they are not, that is a gap in your compliance monitoring process.
For organisations without ISO 37301, the lesson is the same. You need a process for tracking regulatory changes that affect your operations. The pace of AI regulation in Australia is accelerating. NSW has moved first, but the Australian Council of Trade Unions has been pushing for similar protections nationally, and other states are likely to follow. A reactive approach to compliance monitoring will leave you behind.
Practical Steps for ISO 45001 Certified Organisations Right Now
Here is what I would recommend doing if you are a quality or safety manager at an organisation that holds ISO 45001 and operates in NSW.
Step 1: Audit Your AI and Digital Tools
Start by listing every digital system that influences how work is assigned, monitored, measured, or evaluated. This includes workforce scheduling software, performance dashboards, productivity monitoring tools, AI-driven recruitment or HR systems, and any algorithmic decision-making that affects individual workers. You cannot assess risks you have not identified.
Step 2: Review Your Hazard Identification Process
Your ISO 45001 hazard identification procedure needs to explicitly include digital and AI-related hazards. Review Clause 6.1 of your management system. If your hazard identification methodology does not prompt consideration of psychological risks from monitoring, algorithmic workload generation, or discriminatory automated decisions, update it now. This is a conformance issue, not just a best practice improvement.
Step 3: Conduct a Risk Assessment for Each Relevant System
For each AI or digital tool identified, conduct a structured risk assessment. Consider the likelihood and severity of harm from each of the risk categories in the legislation. Excessive workloads, unreasonable monitoring, discriminatory outputs, and performance tracking harms all need to be assessed. Document your methodology and your findings. This documentation is what you would present to a regulator or union official if asked.
Step 4: Implement and Document Controls
Based on your risk assessment, implement controls. These might include setting limits on monitoring frequency, establishing human review requirements before any AI-generated performance decision affects a worker, conducting algorithmic bias audits, or providing workers with transparency about how AI systems assess their performance. Document all controls in your management system.
Step 5: Update Training and Consultation Processes
ISO 45001 requires worker consultation on health and safety matters. AI systems that affect workers fall squarely within this obligation. Update your worker consultation process to include discussion of AI tools and their impacts. Train managers on the new legal obligations and on how to identify and escalate concerns about digital work system risks.
Step 6: Prepare for Union Inspection
The legislation grants union officials inspection powers over AI systems. This does not mean you hand over proprietary algorithms, but it does mean you need to be able to demonstrate how risks have been assessed and managed. Prepare a summary document for each AI system that covers its purpose, the risks identified, the controls implemented, and the review schedule. Think of it like a safety data sheet, but for your AI tools.
What This Means if You Are Not Yet ISO 45001 Certified
If your organisation is not yet certified to ISO 45001 but operates in NSW and uses AI or digital monitoring tools, this legislation creates a compelling reason to formalise your WHS management system. The obligations under the amended Act apply regardless of certification status. ISO 45001 certification simply gives you a structured, audited framework for meeting them.
Getting certified now, with the NSW legislation factored into your scope from the start, is significantly easier than retrofitting a legacy WHS system that was built before AI tools were part of the picture. If you are considering certification, make sure any consultant or certification body you engage is across the new legislative requirements and can help you build a system that addresses them properly.
The National Picture: Do Not Wait for Your State to Act
NSW has moved first, but this is not a NSW-only issue. The ACTU has been actively pushing for national WHS protections around AI, and the Safe Work Australia framework is likely to see pressure for similar amendments at the federal level. Organisations operating across multiple states should not assume they have time to wait.
Building AI risk management into your management system now, whether under ISO 45001, ISO 42001, ISO 37301, or a combination of all three, positions you ahead of the regulatory curve rather than scrambling to catch up. The organisations that treat this legislation as a prompt to genuinely improve their systems, rather than a box-ticking exercise, will be the ones that avoid enforcement action and maintain worker trust.
As Safe Work Australia recognises, psychosocial hazards are a growing area of WHS focus across the country. The NSW Digital Work Systems Bill formalises AI as a source of those hazards. The direction of travel nationally is clear.
How CertBetter Can Help
If you need to update your ISO 45001 management system to address the new NSW requirements, or if you are considering certification for the first time with AI risk controls built in from the ground up, finding the right consultant matters. Not every ISO consultant has the depth of experience to bridge WHS compliance, AI governance, and management systems in the way this legislation demands.
CertBetter connects Australian businesses with verified ISO consultants and accredited certification bodies who have demonstrated experience in exactly these areas. You submit one form, receive up to three competing quotes from vetted providers, and can compare them properly before committing. The service is completely free for businesses. If you are facing a gap analysis, system update, or first-time certification project driven by the NSW Digital Work Systems Bill, it is a practical starting point.
