GovAI Is Building Infrastructure. But Who Is Building Capability?

The Missing Layer in Australia's AI Ambition

Australia is investing heavily in artificial intelligence. Through GovAI, agencies now have access to secure infrastructure, approved AI models, common guardrails, hosting environments, and pathways to safely explore and deploy AI capabilities across government.

This is an important step forward, yet the more I read about GovAI, agency accountability requirements, AI governance frameworks, and emerging compliance obligations, the more I find myself returning to a different question.

Who is building capability? Not infrastructure, not platforms, not hosting environments, but capability.

Because while we appear to be investing significantly in AI infrastructure, much of the capability required to successfully adopt AI remains the responsibility of individual agencies, and I am not convinced we are talking enough about that reality.

The Infrastructure Layer

GovAI solves an important problem, rather than agencies individually procuring tools, negotiating security controls, and establishing AI environments from scratch, government has invested in shared capability.

  • Infrastructure

  • Hosting.

  • Security.

  • Model access.

  • Common standards.

  • Common guardrails.

This reduces duplication and lowers barriers to adoption, it is a sensible approach. However, infrastructure alone does not create organisational capability. Providing access to AI does not automatically create:

  • Data leadership

  • Data literacy

  • Governance capability

  • Data stewardship capability

  • Data management capability

  • AI literacy

  • Organisational readiness

These capabilities cannot be provisioned through a platform, they must be developed within organisations.

The Accountability Layer

Alongside infrastructure, agencies are increasingly being asked to establish accountability structures.

  • Accountable officials.

  • Governance forums.

  • Impact assessments.

  • Transparency obligations.

  • Risk ownership.

Again, these are all sensible and necessary requirements, but accountability is not capability. Assigning accountability does not automatically create the knowledge, skills, or operational maturity required to fulfil that accountability effectively. An accountable official still requires:

  • Governance capability

  • Data management capability

  • Stewardship capability

  • AI literacy

  • Organisational support

Without these foundations, accountability risks becoming a compliance exercise rather than an operational capability.

The Capability Gap

This is where I believe the conversation becomes more interesting. The public sector appears to be building two distinct layers.

The first layer is being built centrally.

  • Infrastructure.

  • Security.

  • Platforms.

  • Policies.

  • Standards.

The second layer is expected to be built by agencies.

  • Leadership.

  • Governance.

  • Management.

  • Stewardship.

  • Trusted data.

  • AI readiness.

The challenge is that successful AI adoption depends on both. An agency may have access to secure infrastructure and approved AI models while still struggling with:

  • Unclear ownership

  • Inconsistent governance

  • Poor data quality

  • Immature stewardship practices

  • Limited metadata capability

  • Low organisational literacy

In these circumstances, AI does not solve the underlying problem, it simply exposes it faster.

The Missing Layer

Recently, I came across a post discussing the EU AI Act that included a statement which immediately caught my attention:

"The difference between 'we have someone responsible for AI' and 'we have the operating infrastructure to demonstrate AI compliance' is the difference between a policy and an audit."

The more I reflected on that statement, the more I realised it applies far beyond the EU AI Act. It applies equally to many of the conversations emerging around AI governance, accountability, and adoption. Because assigning accountability and demonstrating capability are not the same thing.

Whether the driver is the EU AI Act, GovAI, or another AI initiative entirely, the challenge remains remarkably consistent.

  • You cannot demonstrate AI compliance on top of immature data capability.

  • You cannot establish trustworthy AI on top of untrusted data.

  • You cannot govern AI effectively without governance, stewardship, and management capabilities already in place.

The evidentiary trail has to exist somewhere, and that trail ultimately depends upon organisational capability.

Building the Capability Layer

For me, this is where the conversation needs to move next, not away from AI, not away from GovAI, not away from innovation, but towards capability.

  • Data leadership.

  • Data literacy.

  • Governance capability.

  • Data management capability.

  • Data stewardship capability.

  • AI literacy.

  • Organisational readiness.

Technology can be provided centrally, capability must be developed locally.

Perhaps the next phase of Australia's AI ambition is not about providing more infrastructure. Perhaps it is about ensuring agencies possess the organisational capabilities required to realise the value of the infrastructure already being provided. Because responsible AI adoption is not simply a technology challenge, it is a capability challenge, and capability may prove to be the most important layer of all.

Next
Next

Beyond Data Literacy: Building a Data-Minded Organisation