GovAI Is Building Infrastructure. But Who Is Building Capability?
The Missing Layer in Australia's AI Ambition
Australia is investing heavily in artificial intelligence. Through GovAI, agencies now have access to secure infrastructure, approved AI models, common guardrails, hosting environments, and pathways to safely explore and deploy AI capabilities across government.
This is an important step forward, yet the more I read about GovAI, agency accountability requirements, AI governance frameworks, and emerging compliance obligations, the more I find myself returning to a different question.
Who is building capability? Not infrastructure, not platforms, not hosting environments, but capability.
Because while we appear to be investing significantly in AI infrastructure, much of the capability required to successfully adopt AI remains the responsibility of individual agencies, and I am not convinced we are talking enough about that reality.
The Infrastructure Layer
GovAI solves an important problem, rather than agencies individually procuring tools, negotiating security controls, and establishing AI environments from scratch, government has invested in shared capability.
Infrastructure
Hosting.
Security.
Model access.
Common standards.
Common guardrails.
This reduces duplication and lowers barriers to adoption, it is a sensible approach. However, infrastructure alone does not create organisational capability. Providing access to AI does not automatically create:
Data leadership
Data literacy
Governance capability
Data stewardship capability
Data management capability
AI literacy
Organisational readiness
These capabilities cannot be provisioned through a platform, they must be developed within organisations.
The Accountability Layer
Alongside infrastructure, agencies are increasingly being asked to establish accountability structures.
Accountable officials.
Governance forums.
Impact assessments.
Transparency obligations.
Risk ownership.
Again, these are all sensible and necessary requirements, but accountability is not capability. Assigning accountability does not automatically create the knowledge, skills, or operational maturity required to fulfil that accountability effectively. An accountable official still requires:
Governance capability
Data management capability
Stewardship capability
AI literacy
Organisational support
Without these foundations, accountability risks becoming a compliance exercise rather than an operational capability.
The Capability Gap
This is where I believe the conversation becomes more interesting. The public sector appears to be building two distinct layers.
The first layer is being built centrally.
Infrastructure.
Security.
Platforms.
Policies.
Standards.
The second layer is expected to be built by agencies.
Leadership.
Governance.
Management.
Stewardship.
Trusted data.
AI readiness.
The challenge is that successful AI adoption depends on both. An agency may have access to secure infrastructure and approved AI models while still struggling with:
Unclear ownership
Inconsistent governance
Poor data quality
Immature stewardship practices
Limited metadata capability
Low organisational literacy
In these circumstances, AI does not solve the underlying problem, it simply exposes it faster.
The Missing Layer
Recently, I came across a post discussing the EU AI Act that included a statement which immediately caught my attention:
"The difference between 'we have someone responsible for AI' and 'we have the operating infrastructure to demonstrate AI compliance' is the difference between a policy and an audit."
The more I reflected on that statement, the more I realised it applies far beyond the EU AI Act. It applies equally to many of the conversations emerging around AI governance, accountability, and adoption. Because assigning accountability and demonstrating capability are not the same thing.
Whether the driver is the EU AI Act, GovAI, or another AI initiative entirely, the challenge remains remarkably consistent.
You cannot demonstrate AI compliance on top of immature data capability.
You cannot establish trustworthy AI on top of untrusted data.
You cannot govern AI effectively without governance, stewardship, and management capabilities already in place.
The evidentiary trail has to exist somewhere, and that trail ultimately depends upon organisational capability.
Building the Capability Layer
For me, this is where the conversation needs to move next, not away from AI, not away from GovAI, not away from innovation, but towards capability.
Data leadership.
Data literacy.
Governance capability.
Data management capability.
Data stewardship capability.
AI literacy.
Organisational readiness.
Technology can be provided centrally, capability must be developed locally.
Perhaps the next phase of Australia's AI ambition is not about providing more infrastructure. Perhaps it is about ensuring agencies possess the organisational capabilities required to realise the value of the infrastructure already being provided. Because responsible AI adoption is not simply a technology challenge, it is a capability challenge, and capability may prove to be the most important layer of all.