AxioRankZero-Trust for AI Agents
Open the console

Australia · AI6

Aligned with Australia's Guidance for AI Adoption.

Australia's National AI Centre asks every organisation to adopt six essential practices for safe and responsible AI, building on the ten Voluntary AI Safety Standard guardrails. AxioRank gives you a live control for each one, plus evidence an auditor can verify offline.

Open the consoleSee the practice mapping

Voluntary guidance, not law. We help you meet it; we do not certify conformity.

Australia AI6 | six essential practices
  1. 1. Decide who is accountable
  2. 2. Understand impacts and plan accordingly
  3. 3. Measure and manage risks
  4. 4. Share essential information
  5. 5. Test and monitor
  6. 6. Maintain human control
built on the ten Voluntary AI Safety Standard guardrails
AI6
Six essential practices mapped
10
Underlying VAISS guardrails
Oct 2025
Current National AI Centre guidance
Voluntary
Guidance, not law

The mapping

Every practice, tied to a control that is actually running.

The ten guardrails fold into the six essential practices per the National AI Centre crosswalk. Below, each guardrail is paired with the AxioRank control that addresses it, and we are honest about where we only help in part. This table is generated from the same catalog that computes your live posture and your evidence pack.

Practice 1

Decide who is accountable

Name who owns AI risk and put an enforced, recorded process behind it.

  • G1Accountability and governancePartially addressed

    What the standard asks: An accountability process is established, implemented, and published, with clear ownership for AI risk.

    How AxioRank addresses it: Declarative allow, deny, and approve policies are enforced on every agent tool call, with a tamper-evident record of who set each rule and when.

Practice 2

Understand impacts and plan accordingly

Know where AI runs in your stack, what it can reach, and who it affects.

  • G10Understand impacts and engage stakeholdersPartially addressed

    What the standard asks: The organisation understands where AI is used and its impacts, and engages stakeholders to evaluate their needs.

    How AxioRank addresses it: The agent, MCP-server, and tool inventory plus the governance-coverage rollup show exactly which AI surface is and is not under policy. Stakeholder consultation itself stays yours to run.

Practice 3

Measure and manage risks

Measure risk on every action and treat it with policy and response.

  • G2Risk management processPartially addressed

    What the standard asks: A risk management process identifies, measures, and treats AI risks on an ongoing basis.

    How AxioRank addresses it: Content and ML risk scoring runs on every call, policy thresholds act on it, and the response engine can quarantine, revoke, or alert automatically. The documented risk process is yours to own.

  • G3Protect AI systems and govern dataPartially addressed

    What the standard asks: AI systems are protected and data governance measures, including controls on data flow, are in place.

    How AxioRank addresses it: Information-flow control blocks untrusted-to-sink exfiltration, egress allowlists stop off-list flows, and secrets and PII are redacted before they reach the log.

Practice 4

Share essential information

Make what an agent did inspectable, upstream, downstream, and to the people affected.

  • G8Transparency across the AI supply chainPartially addressed

    What the standard asks: Relevant information is shared with other organisations across the AI supply chain.

    How AxioRank addresses it: The public tool transparency log and per-decision provenance receipts make what an agent did inspectable, and the audit log streams downstream over SIEM and OTLP.

  • G6Inform people of AI-enabled decisionsPartially addressed

    What the standard asks: End users are informed when AI is used and when AI-enabled decisions affect them.

    How AxioRank addresses it: Every governed decision is recorded with its risk signals and outcome, giving you the substrate to disclose AI-enabled actions. The end-user notice itself is part of your product.

Practice 5

Test and monitor

Test against real attacks and keep a durable record of what happened.

  • G4Test AI models and systemsPartially addressed

    What the standard asks: AI models and systems are tested, including adversarial testing, before and during use.

    How AxioRank addresses it: The red-team harness runs a versioned corpus of agent attacks against your live posture and returns a one-click fix for every miss.

  • G9Keep and maintain recordsFully addressed

    What the standard asks: Records relevant to the AI system are kept and maintained to support monitoring and accountability.

    How AxioRank addresses it: Every governed call is written to a retained, tamper-evident audit log with hourly signed tree heads and offline-verifiable receipts.

Practice 6

Maintain human control

Keep a person able to pause, intervene, and answer a challenge.

  • G5Enable human control or interventionFully addressed

    What the standard asks: Meaningful human oversight is enabled, with the ability to control or intervene in the AI system.

    How AxioRank addresses it: require_approval holds pause high-risk actions for a person, with escalation and an optional two-person rule; deny and quarantine intervene outright. Each decision is signed.

  • G7Establish a path to challenge outcomesPartially addressed

    What the standard asks: Processes exist for people to challenge the use or outcomes of the AI system.

    How AxioRank addresses it: Held calls route to a reviewer who can approve or reject, and the signed decision plus the full action record give an auditable basis to contest an outcome.

Voluntary guidance, not law

The AI6 practices and the Voluntary AI Safety Standard are voluntary. Australia’s National AI Plan set aside the proposed mandatory guardrails and, for now, relies on existing law plus this guidance rather than a standalone AI Act. AxioRank helps you align with the practices and produces evidence supporting your obligations. It is not a conformity assessment or a certification, which only your organisation and its assessors can make.

Provable, not just stated

Compute your live AI6 posture and download the evidence.

Inside the console, the Compliance view projects your live AxioRank configuration onto the AI6 practices and scores your coverage. Export a point-in-time evidence pack with the control mapping, your governance config, decision counts, and the signed, tamper-evident log, so a reviewer can verify it without trusting our word.

# the AI6 evidence pack, generated from your live controls
/api/compliance/evidence-bundle?profile=au-ai6
✓ MAPPING.md · posture.json · governance-config.json · signed tree head · JWKS

Evidence, not assertions

The pack does not declare you compliant. It gives an auditor the live control mapping and the signed record to check your posture for themselves.

Sources

Straight from the Australian government.

The framework, its current status, and the guardrails it builds on, in the publishers' own words.

Keep exploring

Continue across the control plane.

Provable security

Information-flow control plus an offline-verifiable receipt for every governed action.

Open

Audit integrity

A sealed Merkle log with hourly signed tree heads you can verify offline, even against us.

Open

Compliance evidence

The one-click, offline-verifiable evidence bundle the AI6 pack is built on.

Open

Audit integrity

The Merkle log and signed tree heads behind the record-keeping guardrail.

Open

Meet Australia's AI6 with controls you can prove.

Map your live AxioRank configuration onto the six essential practices, then hand your reviewer an evidence pack they can verify offline.

Open the consoleCompare plans