Artificial intelligence (AI) has rapidly moved from the imagination into Australian workplaces. The rapidly growing technology stack now sits inside heavy-vehicle telematics and fatigue-detection systems, mine and port control platforms, vision and quality systems on production lines, predictive maintenance on heavy plant, and sorting and inspection robotics in recycling. It sits equally inside clinical decision support and scheduling tools in healthcare, site monitoring and safety vision systems on construction projects, workforce scheduling and performance dashboards in retail and warehousing, and the productivity and scheduling tools embedded in everyday office applications. In many instances, our evidence shows, AI applications are already managing and supplementing work across a range of Australian and international workplaces.
For persons conducting a business or undertaking (PCBUs) in Australia, the practitioner question is not whether to engage with this. It is whether the existing work health and safety duties, which are essentially “AI technology-neutral” and apply with full force whether a hazard arises from a human supervisor or an algorithm, are adequate to the task. This article argues that they likely are, but only if PCBUs and their safety professionals are willing to do the operational work the duties require.
This article summarises the current state of peer-reviewed research and regulatory activity on AI in the workplace. It draws on primary sources including the OECD’s 2025 employer survey, peer-reviewed meta-analyses of workplace electronic monitoring, the National Institute for Occupational Safety and Health (NIOSH) science bulletins of 2024 and 2026, and Australian regulatory developments through 2024 to 2026. It also references the International Labour Organization (ILO) Working Paper 170 of April 2026 as a policy contribution to the debate. It then sets out practical strategies that PCBUs and their safety advisers can adopt now under existing duties, without waiting for AI-specific legislation that may not arrive.
A note on scope. This article focuses on the work health and safety dimensions of AI deployment in Australian workplaces, particularly psychosocial risk under the Model WHS Act framework and the Commonwealth Code of Practice. It does not address workforce displacement, retraining, industrial relations, anti-discrimination, intellectual property, or consumer law dimensions, each of which warrants separate treatment. The literature search is not systematic; sources have been selected for their relevance to the practitioner audience and for the quality of their evidentiary basis. The article reflects the regulatory position as at May 2026 and will require revision as the Australian, EU, and clinical research positions develop.
Both sides of the ledger
Any serious treatment of AI in the workplace must acknowledge that the technology brings documented benefits as well as documented risks. The peer-reviewed evidence base on both sides is still developing, and any honest summary of the position should reflect that.
On the benefits side, Fiegler-Rudol et al. (2025), in a narrative review of 52 peer-reviewed studies published in the International Journal of Environmental Research and Public Health, found that AI applications enhance hazard detection, enable real-time monitoring of physical and ergonomic risks, and improve training through immersive simulation. Reported applications include wearable physiological sensors, predictive analytics for incident precursors, computer vision for personal protective equipment compliance, and robotic substitution for hazardous tasks. These are concrete, measurable contributions to worker safety.
On the limits side, Jetha et al. (2025), in a PRISMA-compliant systematic review published in Systematic Reviews, examined 1,255 articles on AI in OSH and found that only two met eligibility criteria for measurable impact on worker injury or illness outcomes. The reviewers concluded that the market for AI safety tools is advancing significantly faster than the proof base. Investment decisions made on the strength of vendor marketing should be tempered by this finding.
On the risk side, peer-reviewed meta-analytic evidence indicates that electronic monitoring of workers is associated with small but consistent negative effects on stress and job satisfaction. Siegel, König and Lazar (2022), pooling 70 independent samples and 233 effect sizes in a meta-analysis published in Computers in Human Behavior Reports, found that electronic monitoring slightly increases stress (r = 0.11), slightly decreases job satisfaction (r = -0.10), and has no measurable positive effect on performance (r = -0.01). A subsequent meta-analysis by Ravid et al. (2023) found a similar association with stress (r = 0.15). König’s (2025) Annual Review synthesis describes the effect sizes as small but consistent, with the effects being magnified where monitoring is tied to performance targets and disciplinary outcomes.
The finding that monitoring does not necessarily improve performance is the single most consequential result for employers. The standard business justification for workplace surveillance is productivity. The meta-analytic evidence does not support that justification, while the same evidence base does support the conclusion that monitoring imposes a measurable psychosocial cost.
How widespread is algorithmic management
The most rigorous current data on workplace algorithmic management comes from the OECD’s December 2025 employer survey, published as OECD Artificial Intelligence Papers No. 31. Milanez, Lemmens and Ruggiu (2025) report on a survey covering over 6,000 firms across France, Germany, Italy, Japan, Spain, and the United States.
The headline findings are these. Algorithmic management, defined as the use of software (including but not limited to AI) to automate or support managerial tasks, is now widespread in most of the countries surveyed. In the United States, 90 per cent of firms have adopted at least one tool to instruct, monitor or evaluate workers. The European average is 79 per cent. Instruction tools are most common in Europe (69 per cent average), followed by monitoring tools (67 per cent), with evaluation tools less prevalent (35 per cent).
The OECD makes a point that is important for any policy or compliance discussion. Algorithmic management tools range in their level of technological sophistication and are not all AI-powered. AI-specific regulation, including the EU AI Act, pertains to a subset of algorithmic management tools but not all. For Australian PCBUs, this means the relevant duty triggers are not confined to systems that meet a technical AI definition. They engage with any software-mediated managerial process that may affect worker health or safety.
The OECD found that managers themselves report concerns about algorithmic management. They cite unclear accountability for algorithmic decisions, an inability to follow the tools’ logic, and inadequate protection of workers’ health. This is a manager-side observation rather than an advocacy claim, and it is consistent with the meta-analytic evidence on monitoring.
The conceptual breakthrough: algorithmic hygiene
The most operationally useful concept to emerge from the recent literature is Sadowski’s (2025) proposal for a science of algorithmic hygiene, articulated in The Synergist (the journal of the American Industrial Hygiene Association) in June 2025 and summarised by NIOSH in its January 2026 science bulletin.
The proposition is straightforward. Industrial hygiene is the established discipline that identifies, evaluates, and controls workplace exposures to physical, chemical, biological, and ergonomic stressors. Algorithmic hygiene applies the same disciplined methodology to algorithmic exposures. The framework makes a clarifying ontological point: algorithms are software with no physical substance, so they cannot themselves create new tangible hazards. They can, however, alter the risk profile of physical platforms or substances they control or interact with, and they can directly cause psychosocial hazards by changing work organisation, work pace, and decision authority.
The framework distinguishes two control pathways:
- Work-design controls are carried out within the deploying organisation. They include how the AI system is integrated into work processes, who uses it, what discretion workers retain, how output is reviewed, and how exceptions are escalated to human decision-makers.
- Software-design controls must be applied by the software developers. They include how the algorithm is trained, what data it uses, how its outputs are explained, and how its decisions can be audited.
The practical significance is that deploying organisations have direct control over the first category and only indirect influence over the second. PCBUs cannot rewrite a vendor’s algorithm. They can, however, design the work around it. A WHS duty of care does not stop at the vendor’s licence agreement.
Howard and Schulte’s (2024) earlier September commentary in the American Journal of Industrial Medicine sets out a complementary framework of five risk management options for AI in the workplace: reskilling of safety practitioners, collaborative provider-deployer evaluation, independent audit, system certification, and the use of safety case approaches. Taken together with the algorithmic hygiene framework, these two NIOSH-aligned contributions form the most actionable practitioner-facing guidance currently available.
The ILO policy contribution
In April 2026 the ILO published Working Paper 170, AI Systems at Work: A Changing Psychosocial Work Environment, authored by Karimova (2026). The paper is a policy contribution rather than a peer-reviewed evidentiary synthesis, and it should be read on that basis. The ILO’s institutional mandate is to advance workers’ rights, and the paper’s framing reflects that. Employers reading it should expect a perspective that favours regulatory intervention.
With that caveat, the paper makes two contributions that are useful regardless of one’s view on its policy recommendations. First, it provides a taxonomy mapping AI-induced risks to the established categories of workplace psychosocial factors (job content, workload, job control, environment, organisational culture, interpersonal relationships, role clarity, career development, and the work-home interface). This taxonomy is consistent with the WHO/ILO joint definition of psychosocial factors and provides a structured way of thinking about AI’s effects on existing hazard categories.
Second, the paper identifies three categories of risk that do not fit cleanly within established psychosocial factors and which it characterises as new or augmented: intensive or intrusive monitoring and surveillance, loss of job autonomy in digitalised workplaces, and excessive data collection with associated transparency gaps. These categories overlap substantially with what the Australian Code of Practice on psychosocial hazards (discussed below) already addresses, but the ILO framing is more expansive.
The paper’s policy conclusion, that an integrated regulatory approach combining OSH, privacy, employment, and anti-discrimination frameworks is required, is a defensible argument but a contested one. The Australian Government has explicitly chosen a different path of technology-neutral regulation, and the article returns to that point below.
An emerging concern: AI-associated psychosis
A separate clinical phenomenon has begun to attract serious attention in the psychiatric literature. It is being described, colloquially, as AI psychosis. The term requires careful handling.
AI psychosis is not a formal clinical diagnosis. MacCabe (2025), Professor of Epidemiology and Therapeutics at the Institute of Psychiatry, Psychology and Neuroscience at King’s College London, has gone further, describing the term as a misnomer and suggesting that AI delusional disorder would be more accurate, since most reported cases involve delusions rather than the full range of psychotic symptoms. Senior psychiatrists at Columbia University and Harvard Medical School have made similar observations. What is being described is a pattern of clinical observation: prolonged interaction with generative AI chatbots appearing to trigger, amplify, or sustain delusional thinking in some users.
Two peer-reviewed contributions in late 2025 mark the early formal psychiatric literature on this phenomenon. Pierre, Gaeta, Raghavan and Sarma (2025) of the University of California San Francisco published what is described as likely the first clinically described case in a peer-reviewed journal in Innovations in Clinical Neuroscience (December 2025). Hudon and Stip (2025) published a separate viewpoint paper in JMIR Mental Health (December 2025) that provides a theoretical framework drawing on the stress-vulnerability model and digital therapeutic alliance literature. The Hudon and Stip paper is explicit that AI psychosis is a framework for understanding observations, not a new diagnostic entity.
The mechanism, where one is being proposed, is sycophancy. Large language models are trained to engage users and generate plausible continuations of conversation. They are not trained to challenge users’ beliefs. In a user whose beliefs are drifting toward the delusional, Girgis (2025), a Columbia University psychiatrist, has described this design feature as capable of acting as the wind of the psychotic fire. OpenAI publicly withdrew a GPT-4o update in 2025 after finding it had become overly sycophantic. The company subsequently disclosed in late October 2025 that approximately 0.07 per cent of its weekly active users show possible signs of mental health emergencies related to psychosis or mania. Against a stated weekly user base of 800 million, this translates to approximately 560,000 individuals per week. OpenAI itself emphasised the difficulty of measuring the issue, and the figure should be read as an internal estimate rather than a clinical determination.
The workplace nexus matters because Australian PCBUs are increasingly directing or encouraging workers to use generative AI tools in their work. Where an employer mandates or encourages AI tool use, and that use causes or contributes to a worker’s psychological harm, the employer’s primary duty of care under the Model WHS Act 2011 engages directly. This is not a hypothetical. In late 2025, Toronto employment lawyer Randy Ai, who is representing a worker in an unrelated employment matter following an AI-associated psychotic episode, publicly proposed in interviews that AI psychosis should be recognised as a disability under the Ontario Human Rights Code, creating an employer duty of accommodation. No claim of that kind has yet been filed or tested, but the legal theory has been articulated. The Australian regulatory frameworks would engage these issues through somewhat different mechanisms, primarily through the psychosocial hazard provisions of the Work Health and Safety Regulations and the Code of Practice.
For Australian PCBUs, the practical implications are these. First, where workers are directed or strongly encouraged to use generative AI tools, the workplace mental health duty engages. Second, workers with pre-existing vulnerability to psychosis or other serious mental health conditions may be at elevated risk. Third, the absence of a formal clinical diagnosis does not extinguish the duty; WHS duties are framed around foreseeable harm, not around diagnostic categories. Fourth, this is a fast-moving area, and PCBUs that maintain alert and proportionate governance now will be better positioned as the evidentiary and regulatory position develops.
The Australian regulatory position
Australia has chosen a deliberate path of regulatory restraint. The National AI Plan, released by the Department of Industry, Science and Resources on 2 December 2025, confirmed that the Commonwealth Government will not introduce a standalone AI Act and will instead rely on existing technology-neutral laws supported by voluntary guidance. The Australian AI Safety Institute (AISI) is being rolled out through 2026 to provide independent technical advice and to coordinate across existing regulators.
The substantive governance instrument for Australian organisations is now the Guidance for AI Adoption (the AI6), released by the National AI Centre on 21 October 2025. The AI6 articulates six essential practices for responsible AI governance: deciding who is accountable; understanding impacts and planning accordingly; measuring and managing risks; sharing information; testing and monitoring; and maintaining human control. It is non-binding but represents the working national standard.
For privacy, a critical change comes into effect on 10 December 2026. The Privacy and Other Legislation Amendment Act 2024introduces new Australian Privacy Principles (APP 1.7 to 1.9) that require APP entities to disclose in their privacy policies the types of personal information used in substantially automated decisions and the nature of decisions made solely or significantly by computer programs, where those decisions could reasonably be expected to significantly affect individual rights or interests.
For psychosocial risk, the regulatory position is materially further advanced. The Work Health and Safety (Managing Psychosocial Hazards at Work) Code of Practice 2024 (F2024L01380), approved by the Minister for Employment and Workplace Relations under section 274 of the Work Health and Safety Act 2011 (Cth) and registered on the Federal Register of Legislation on 1 November 2024, applies to PCBUs operating in the Comcare jurisdiction (Commonwealth agencies, national corporations, and self-insured licensees). For PCBUs outside that jurisdiction, the Commonwealth Code is not a binding instrument but, as a Code approved by a Commonwealth regulator and informed by the same model architecture, it is a defensible benchmark of reasonable practicability. The Code identifies 17 psychosocial hazards, including intrusive surveillance, low job control, and job insecurity.
The Code defines intrusive surveillance as excessive surveillance methods or tools to monitor and collect information about workers at work. Its examples include unreasonable supervision, keyboard activity trackers, monitoring emails and files, tracking calls and movements, GPS monitoring of vehicle movement for performance purposes, and technology that permits remote access and screenshot capture of a worker’s computer without permission.
Two features of the Commonwealth Code warrant explicit attention because they distinguish it from the Safe Work Australia model Code on which most state instruments are based. First, the Commonwealth Code introduces three psychosocial hazards as common examples that do not appear in the model Code: fatigue, intrusive surveillance, and job insecurity. Second, the Commonwealth Code requires the hierarchy of controls to be applied to psychosocial hazards, which regulation 55C of the model WHS Regulations expressly excludes. In the Commonwealth jurisdiction, the same elimination-before-substitution-before-engineering-before-administrative-before-PPE methodology that applies to physical hazards applies to psychosocial hazards including intrusive surveillance.
The Code applied to algorithmic management, and the SFARP qualification
Most public commentary on the Code’s intrusive surveillance category focuses on direct monitoring tools. The application of the category to algorithmic management is less developed and is where Australian PCBUs deploying AI need to think carefully. The Code’s examples are illustrative, not exhaustive. The Code itself defines the hazard by reference to surveillance that is excessive in relation to a legitimate purpose, and an algorithmic management system that consumes the same data streams as the Code’s enumerated examples falls within the category whether or not it is described as surveillance by the vendor.
Algorithmic management typically involves the continuous collection of worker behavioural data (keystrokes, application use, location, communications patterns, task completion times, and physiological signals from wearables) for purposes that may include task allocation, scheduling, performance evaluation, or disciplinary action. Each of these data sources maps onto one or more of the Code’s enumerated examples of intrusive surveillance. The distinction the Code draws is not between surveillance and algorithmic management but between surveillance for a legitimate purpose (such as a genuine safety case) and surveillance that is excessive in relation to that purpose. An algorithmic management system that monitors continuously and uses the data for performance management is precisely the case the Code contemplates.
This does not mean every deployment of algorithmic management constitutes intrusive surveillance under the Code. The duty to eliminate or minimise risk is qualified by the section 18 reasonably practicable test (often abbreviated SFARP, so far as is reasonably practicable). Section 18 of the WHS Act 2011 requires the duty holder to take into account and weigh up five factors, in the following order:
- The likelihood of the hazard or risk occurring
- The degree of harm that might result
- What the person knows, or ought reasonably to know, about the hazard or risk and ways of eliminating or minimising it
- The availability and suitability of ways to eliminate or minimise the risk
- Only after the above have been assessed, the cost of eliminating or minimising the risk, including whether the cost is grossly disproportionate to the risk
Applied to algorithmic management, the SFARP test changes the question from whether the surveillance is intrusive to whether, given the likelihood and degree of psychological harm and the availability of less intrusive alternatives, the deployment is reasonably practicable. Four practical implications follow.
First, on likelihood and harm. The meta-analytic evidence summarised earlier in this article (Siegel et al., 2022; Ravid et al., 2023; König, 2025) establishes that electronic monitoring is associated with small but consistent increases in worker stress and small decreases in job satisfaction. Effect sizes are small in magnitude but the evidence base is robust. This is the level of knowledge a duty holder ought reasonably to have. Likelihood is not speculative.
Second, on knowledge. The third SFARP factor (what the person ought reasonably to know) includes what the regulator has published. The Commonwealth Code, the Safe Work Australia model Code, the Comcare guidance on intrusive surveillance, and the meta-analytic literature are all now within the reasonable knowledge ambit of any Australian PCBU deploying algorithmic management. A defence of ignorance is not available to the PCBU that has not engaged with this material.
Third, on availability and suitability of controls. This is where the hierarchy of controls applies. Under the Commonwealth Code, the PCBU must consider elimination first. Elimination, for algorithmic management, may mean not deploying the system at all, or limiting its scope to non-psychosocially-hazardous functions. Substitution may mean replacing continuous monitoring with periodic sampling, or replacing performance monitoring with safety monitoring (the Code explicitly distinguishes GPS monitoring for safety from GPS monitoring for performance). Engineering controls may mean technical limits on data collection or anonymisation at the point of collection. Administrative controls (policies, training, consultation) sit lower in the hierarchy and cannot be the sole control where higher-order controls are reasonably practicable.
Fourth, on cost. Cost is the last factor, not the first, and the test is whether the cost is grossly disproportionate to the risk. The cost of foregoing an algorithmic management feature, or of selecting a less intrusive alternative, is rarely grossly disproportionate to a documented psychosocial risk. The argument that cost or productivity considerations alone justify continued deployment of a configuration that exceeds what the SFARP test would require is weak under the WHS Act framework.
Within the Comcare jurisdiction, the Commonwealth Code is the regulatory anchor for Australian practitioners considering AI-driven workplace monitoring. Outside that jurisdiction, the Code does not bind directly, but it does carry persuasive weight on what reasonable practicability requires. In Australian workplaces across mining, ports, manufacturing, and recycling, the algorithmic management features embedded in modern operational software (telematics, productivity dashboards, communications platforms, ERP modules) are typically procured as productivity tools without an explicit psychosocial risk assessment. The Commonwealth Code now requires that assessment within the Comcare jurisdiction, and the SFARP qualification provides the methodology. For PCBUs outside the Comcare jurisdiction, the analysis the duty requires is the same risk-and-control analysis practitioners apply to physical hazards every day, even where the regulatory architecture does not name intrusive surveillance as a stand-alone psychosocial hazard.
The cross-jurisdictional position is also strengthened by the recent NSW Code of Practice: Managing the risk of fatigue at work(February 2026), approved under section 274 of the NSW WHS Act 2011 and published in the NSW Government Gazette on 20 February 2026. The NSW Fatigue Code addresses AI-enabled monitoring at two points relevant to algorithmic management. At page 21, it states that where workers agree to be monitored, recorded, or tracked to identify and prevent fatigue, the information must not be used for other purposes such as performance monitoring, and that misuse can create psychosocial hazards including poor organisational justice and low job control. At page 22, it lists examples of fatigue-monitoring technology (in-vehicle eye-monitoring systems, wrist-worn sleep/wake devices, and performance monitoring software that detects changes in reaction times or accuracy) and states that any risks to health and safety from workplace monitoring must also be managed and workers must be consulted, citing the example of managing risks from intrusive surveillance. The NSW Code does not name intrusive surveillance as a psychosocial hazard in the same stand-alone way as the Commonwealth Code, but it expressly recognises the hazard in the specific context of AI-enabled fatigue monitoring, and it identifies purpose creep (data collected for fatigue management later used for performance management) as the mechanism by which legitimate monitoring becomes a psychosocial hazard. For NSW PCBUs in transport, mining, ports, and construction deploying fatigue-monitoring AI, this is now express regulatory recognition that the same data streams support both legitimate fatigue management and a documented psychosocial risk, and the distinction between the two is one of purpose limitation, not technology.
State equivalents are progressing at different rates. Victoria operates under the Occupational Health and Safety Act 2004, where the reasonably practicable test sits under section 20 rather than section 18 of the Model WHS Act. The Victorian formulation is substantively similar but not identical, and Victorian PCBUs should anchor their analysis in the Victorian Act and the WorkSafe Victoria Compliance Code rather than the Commonwealth instruments. WorkSafe Victoria has linked the intrusive surveillance category to low job control and poor organisational justice within its psychological health regulations.
Suggested strategies for Australian PCBUs
The following strategies are framed for PCBUs and their safety advisers under existing duties. Nothing here substitutes for jurisdiction-specific legal advice on duty interpretation.
Strategy 1: Conduct an AI inventory before anything else
The starting point is an inventory of where AI and algorithmic management are already in use across the organisation. This includes obvious deployments such as recruitment screening tools, performance management dashboards, and fleet telematics. It also includes less obvious deployments such as productivity tools embedded in Microsoft 365 or Google Workspace, customer service chatbots, document automation tools, and any generative AI workers are being directed or encouraged to use.
For each system identified, the inventory should record:
- What the system does and what decisions it informs or makes
- Who the provider is and what their documented obligations are
- What data the system collects from or about workers
- Whether the system’s outputs affect worker performance evaluation, scheduling, remuneration, discipline, or termination
- Whether worker use of the system is mandated, encouraged, or voluntary
- Who within the organisation owns the system
This inventory is the precondition for everything that follows. The OECD’s 2025 survey suggests that most Australian organisations will be surprised by what their inventory reveals.
Strategy 2: Classify each system against the algorithmic hygiene framework
Each system in the inventory should be classified using the two-pathway framework. For each system, identify the work-design controls available to the organisation and the software-design controls that depend on the vendor. Work-design controls typically include how human oversight is structured, what decisions the system is permitted to make autonomously, how workers can challenge or escalate AI-mediated decisions, and how the system is communicated to workers. Software-design controls typically include the transparency and explainability of the algorithm, the provenance of training data, vendor-side audit and certification arrangements, and vendor obligations on data residency and access. For software-design controls outside the organisation’s direct authority, the practical strategy is to convert them into contractual obligations through procurement and licence terms.
Strategy 3 | Assess psychosocial risk explicitly under the Code of Practice
For PCBUs in the Comcare jurisdiction, the Work Health and Safety (Managing Psychosocial Hazards at Work) Code of Practice 2024 establishes a binding methodology. For PCBUs in other jurisdictions, the Commonwealth Code is a defensible benchmark of reasonable practicability rather than a binding instrument, and should be applied alongside the relevant state or territory code of practice.
The risk assessment should address, as a minimum, the 17 psychosocial hazards identified in the Commonwealth Code, with explicit attention to three that are most directly implicated by AI deployment:
- Intrusive surveillance, where AI-enabled monitoring exceeds what is reasonably necessary for safety or legitimate business purpose
- Low job control, where AI-mediated scheduling, task allocation, or performance management reduces the worker’s authority over their own work
- Job insecurity, where AI deployment is associated with credible workforce displacement, reorganisation, or skills devaluation
Where the assessment identifies a psychosocial risk, the hierarchy of controls applies. Elimination is preferred to substitution, substitution to engineering controls, engineering controls to administrative controls, and administrative controls to personal protective equipment. The Commonwealth Code is explicit that administrative controls and PPE cannot be relied on as the sole control where higher-order controls are reasonably practicable. In the Comcare jurisdiction this is binding; in jurisdictions operating under the model WHS Regulations, regulation 55C does not require the hierarchy to be applied to psychosocial hazards in the same prescribed sequence, but applying the hierarchy remains defensible practice and consistent with the general duty to eliminate or minimise risk so far as is reasonably practicable.
Strategy 4 | Address worker mental health risks of mandated AI tool use
Where the organisation mandates or strongly encourages worker use of generative AI tools, the emerging clinical literature on AI-associated psychosis warrants a specific control consideration. This is not a recommendation against AI tool use. It is a recommendation that PCBUs treat the potential for psychological harm as a foreseeable risk and apply proportionate controls. Reasonable controls include providing clear guidance on appropriate and inappropriate uses, ensuring workers have access to human support and review, avoiding requirements for prolonged uninterrupted AI tool engagement, and ensuring that any worker raising concerns about adverse psychological effects is taken seriously and not penalised.
Strategy 5| Assign designated human oversight with defined competencies
Both the algorithmic hygiene framework and the EU AI Act converge on the same control: a designated person, with defined competencies and authority, responsible for human oversight of each AI system. This is also one of the six essential practices in the Australian AI6.
The designated person should have the technical understanding to interpret the system’s outputs and limitations, the authority to override, suspend, or reject the system’s outputs, a documented escalation path for systemic concerns, and an obligation to maintain logs of significant interventions for a defined retention period. The EU AI Act establishes six months as the minimum log retention period for high-risk AI systems under Article 26(6). There is no equivalent Australian requirement, but six months is a defensible baseline.
Strategy 6| Build worker consultation into the deployment lifecycle
Consultation with workers is a statutory duty under section 47 of the Model Work Health and Safety Act 2011 and its state equivalents. Section 49 sets out when consultation is required, including when proposing changes that may affect the health or safety of workers. The introduction of an AI system that affects work organisation, supervision, or performance evaluation engages both duties.
Effective consultation is not a one-time event. It should be triggered before procurement (to identify worker concerns that should be addressed in the specification), before deployment (to consult on work design and oversight arrangements), after deployment (to identify emergent issues), and on a periodic basis (to review whether the system continues to operate within agreed parameters). For organisations with health and safety representatives (HSRs), consultation is owed to the HSR and through the HSR to the workgroup.
Strategy 7 | Address transparency before December 2026
From 10 December 2026, APP entities will be required to disclose in their privacy policies the use of substantially automated decisions affecting individual rights or interests. PCBUs should not wait for the deadline. The work required to comply with APP 1.7 to 1.9 is the same work required to manage the psychosocial hazard of low transparency, and the same work required to provide the human oversight contemplated by the AI6.
The practical step is to develop, for each AI system in the inventory, a plain-English statement that workers can read and understand. The statement should cover what the system does, what data it uses, what decisions it informs, how workers can challenge those decisions, and who within the organisation is accountable.
Strategy 8| Integrate AI governance into existing management systems
The temptation, when confronted with a novel risk category, is to build a parallel management system. The evidence from the broader OSH literature is that parallel systems fail. They duplicate effort, generate conflicting obligations, and become difficult to audit.
The better path is to integrate AI governance into the management systems that are already in place. For an ISO 9001/45001/14001 accredited organisation, this means including AI risks within the existing risk management methodology, AI incidents within the existing incident management framework, AI vendor controls within the existing supplier management process, and AI competency requirements within the existing training and induction framework.
Concluding observation
PCBUs cannot wait for AI-specific WHS legislation to develop. The duty exists now, the relevant hazards are documented in the Commonwealth Code and recognised in the NSW Fatigue Code, and the available control measures sit within the hierarchy the WHS Act has always required. The most important step is the first one: an honest inventory of where AI and algorithmic management are already in use across the organisation. In Australian workplaces, that step is rarely the starting point, and it is often the point at which an organisation discovers it has been governing the productivity case without governing the psychosocial one.
You might Like to read
References
Comcare (2024). Work Health and Safety (Managing Psychosocial Hazards at Work) Code of Practice 2024 (F2024L01380). Federal Register of Legislation, Commonwealth of Australia. https://www.legislation.gov.au/F2024L01380/latest/text
Department of Industry, Science and Resources (2025). National AI Plan. Commonwealth of Australia. https://www.industry.gov.au/publications/national-ai-plan
European Union (2024). Regulation (EU) 2024/1689 (Artificial Intelligence Act). Official Journal of the European Union. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Fiegler-Rudol, J., Lau, K., Mroczek, A. and Kasperczyk, J. (2025). Exploring Human-AI Dynamics in Enhancing Workplace Health and Safety: A Narrative Review. International Journal of Environmental Research and Public Health, 22(2), 199. https://pmc.ncbi.nlm.nih.gov/articles/PMC11855051/
Girgis, R. (2025). Quoted in Harrison Dupré, M. (2025). People Are Becoming Obsessed with ChatGPT and Spiraling Into Severe Delusions. Futurism, 10 June 2025. https://futurism.com/chatgpt-mental-health-crises
Howard, J. and Schulte, P. (2024). Managing workplace AI risks and the future of work. American Journal of Industrial Medicine, 67(11), 980–993. https://onlinelibrary.wiley.com/doi/10.1002/ajim.23653
Hudon, A. and Stip, E. (2025). Delusional Experiences Emerging From AI Chatbot Interactions or AI Psychosis. JMIR Mental Health, 12, e85799. https://mental.jmir.org/2025/1/e85799
Jetha, A., Bakhtari, H., Irvin, E., Biswas, A., Smith, M. J., Mustard, C., Arrandale, V. H., Dennerlein, J. T. and Smith, P. M. (2025). Do occupational health and safety tools that utilize artificial intelligence have a measurable impact on worker injury or illness? Findings from a systematic review. Systematic Reviews, 14, 146. https://systematicreviewsjournal.biomedcentral.com/articles/10.1186/s13643-025-02869-1
Karimova, T. (2026). AI Systems at Work: A Changing Psychosocial Work Environment. ILO Working Paper 170. Geneva: International Labour Office. https://www.ilo.org/publications/ai-systems-work-changing-psychosocial-work-environment
König, C. J. (2025). Electronic Monitoring at Work. Annual Review of Organizational Psychology and Organizational Behavior, 12, 321–342. https://www.annualreviews.org/content/journals/10.1146/annurev-orgpsych-110622-060758
MacCabe, J. (2025). Quoted in Hart, R. (2025). AI Psychosis Is Rarely Psychosis at All. Wired, 18 September 2025. https://www.wired.com/story/ai-psychosis-is-rarely-psychosis-at-all/
Milanez, A., Lemmens, A. and Ruggiu, C. (2025). Algorithmic Management in the Workplace: New Evidence from an OECD Employer Survey. OECD Artificial Intelligence Papers No. 31. Paris: OECD Publishing. https://www.oecd.org/en/publications/algorithmic-management-in-the-workplace_287c13c4-en.html
National Artificial Intelligence Centre (2025). Guidance for AI Adoption. Commonwealth of Australia. https://www.industry.gov.au/publications/guidance-for-ai-adoption
National Institute for Occupational Safety and Health (2024). Exploring Approaches to Keep an AI-Enabled Workplace Safe for Workers. NIOSH Science Bulletin. https://www.cdc.gov/niosh/bulletin/2024/ai-risk-management.html
National Institute for Occupational Safety and Health (2026). Practical Strategies to Manage AI Hazards in the Workplace. NIOSH Science Blog. https://www.cdc.gov/niosh/blogs/2026/practical-strategies-to-manage-ai-hazards-in-the-workplace.html
Office of the Australian Information Commissioner (2024). APP 1: Open and Transparent Management of Personal Information (guidance on APP 1.7–1.9, commencing 10 December 2026). https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-1-app-1-open-and-transparent-management-of-personal-information
Pierre, J. M., Gaeta, B., Raghavan, G. and Sarma, K. V. (2025). You’re Not Crazy: A Case of New-onset AI-associated Psychosis. Innovations in Clinical Neuroscience, 22(10–12), 11–13. https://pubmed.ncbi.nlm.nih.gov/41635747/
Privacy and Other Legislation Amendment Act 2024 (Cth). https://www.legislation.gov.au/C2024A00125/latest/text
Ravid, D. M., White, J. C., Tomczak, D. L., Miles, A. F. and Behrend, T. S. (2023). A meta-analysis of the effects of electronic performance monitoring on work outcomes. Personnel Psychology, 76, 5–40. https://doi.org/10.1111/peps.12514
Sadowski, J. P. (2025). You vs. the Robot Factory: Some Principles for Understanding AI Hazards in the Workplace. The Synergist, June/July 2025: 23–28. https://synergist.aiha.org/202506/understanding-ai-hazards
SafeWork NSW (2026). Managing the risk of fatigue at work. Code of practice approved under section 274 of the Work Health and Safety Act 2011 (NSW), February 2026. https://www.safework.nsw.gov.au/__data/assets/pdf_file/0015/1400028/Managing-fatigue-at-work-COP.pdf
Siegel, R., König, C. J. and Lazar, V. (2022). The impact of electronic monitoring on employees’ job satisfaction, stress, performance, and counterproductive work behavior: A meta-analysis. Computers in Human Behavior Reports, 8, 100227. https://doi.org/10.1016/j.chbr.2022.100227