Last Updated: May 2026 · By Ehtisham Saeed, RTO Marketing Specialist
ASQA is not out to ban AI. ASQA is out to protect authentic evidence of competence. Those are very different things, and the difference is where your compliance risk lives.
The question on every RTO manager’s mind in 2026 is some version of “are we going to get pinged for using AI?” The honest answer is more useful than either the alarmist version (“ASQA is cracking down, stop using AI”) or the dismissive version (“everyone uses it, do not worry”). Both miss the actual mechanism. ASQA does not penalise the tool. It penalises what bad use of the tool does to assessment integrity, learner protection, and data privacy.
This guide sets out what ASQA has actually said, what genuinely gets an RTO penalised, what is perfectly fine, and how to move from exposed to defensible. It sits inside the AI for RTO operations cluster, alongside the 90-day AI adoption plan and the RTO AI use policy guide.
The Honest Answer: ASQA Penalises Outcomes, Not AI Itself
The single most important distinction in this whole topic is the one most discussion gets wrong.
For a beginner: ASQA is the national regulator for vocational training. It does not have a rule that says “you may not use AI.” What it has is a set of Standards about quality, assessment, learner protection, and data. AI becomes a problem only when it causes a breach of one of those existing Standards.
For an intermediate operator: think of AI the way you think of any other tool or process. A spreadsheet is not a compliance risk; an inaccurate spreadsheet that produces wrong AVETMISS data is. AI is the same. The tool is neutral. The output, and the lack of governance around it, is what ASQA assesses. The Standards for RTOs 2025 do not prescribe specific AI rules, but their expectations for governance, assessment integrity, and data protection create an environment where ungoverned AI use is a material risk.
For a compliance manager: this reframes the entire question. The risk is not “we used AI.” The risk is “we used AI in a way that produced inauthentic assessment evidence, or breached a student’s privacy, and we had no process to prevent or detect it.” ASQA’s enforcement attaches to those outcomes, which are breaches of existing Standards, not to the existence of AI in your operation.
What ASQA Has Actually Said About AI
Cutting through the commentary, here is what the regulator itself has signalled in 2026.
On 3 March 2026, ASQA announced its 2026 sector workshops would examine whether an RTO’s use of artificial intelligence is compliant with the 2025 Standards. The workshops were set to unpack responsible AI use in VET delivery, share ASQA’s draft AI Principles, explain how providers can keep AI adoption compliant, and give a forward look at the regulator’s focus for the next twelve months. Those workshops ran across the capital cities through March and April 2026, and several sold out.
ASQA has also published its own AI Transparency Statement, setting out how the regulator itself uses AI responsibly, with humans kept at the centre of decision-making. And according to notes from ASQA’s March 2026 update, revised Practice Guides (version 2) are expected around the middle of 2026, and these will address non-compliant use of AI against the requirements.
The tone of all of this is consistent: AI is treated as presenting both risks and opportunities, the regulator is engaging rather than banning, and the expectation is responsible, governed, transparent use. This is the same posture set out in the Australian Government’s Policy for the Responsible Use of AI in Government.
The Three Things ASQA Has Indicated AI Cannot Do
While AI use is broadly permitted, the regulator has drawn some firm lines. Based on ASQA’s 2026 communications and sector reporting, three uses are clearly out of bounds.
- AI cannot make assessment decisions. The judgement of whether a student is competent must be made by a qualified assessor, not by an AI tool. AI may assist with administrative aspects of assessment, but the competency decision is a human one.
- AI cannot complete validation where qualified people are required. Assessment validation is a process the Standards require qualified people to perform. AI cannot substitute for that qualified human involvement.
- AI cannot produce or stand in for authentic student evidence. Evidence of competence must be the student’s own genuine work. AI-generated responses passed off as student work, or assessment systems that cannot detect them, go to the heart of assessment integrity, which ASQA has flagged as a Regulatory Risk Priority.
These three lines share a theme: AI cannot replace human professional judgement in the parts of the system where the Standards require it, and it cannot be allowed to corrupt the authenticity of evidence.
What Actually Gets an RTO Penalised (Versus What Is Fine)
The practical distinction every RTO needs is between AI use that creates exposure and AI use that does not.
What creates exposure:
- Accepting AI-generated work as authentic student evidence, or having no process to detect it
- Using AI to make or influence assessment competency decisions
- Entering student personal information into a consumer AI tool that trains on its input (a Privacy Act breach)
- Having no policy, no risk assessment, and no record of how AI is used
- Generating marketing claims with AI and publishing them without compliance review
What is fine, when governed:
- Using AI to draft marketing copy that is then human-reviewed against the prohibited phrases and the Practice Guide
- Summarising public documents, internal notes, and operational text
- Generating first-draft activity ideas for trainers to review and adapt
- Administrative support that does not touch assessment judgement or student data in unprotected tools
- Using AI inside an approved, enterprise-grade tool under a documented policy
The line between the two columns is governance. The same tool used for the same task can sit on either side depending on whether there is a policy, a human check, and an audit trail behind it.
Why “Everyone Is Doing It” Is Not a Defence
The 2025 Standards introduced a self-assurance logic that changes how AI non-compliance plays out in an audit.
Under the new approach, when ASQA finds a gap, it does not just ask what went wrong. It asks why the RTO’s own self-assurance process did not catch it. Sector reporting from 2025 audits describes assessors being asked exactly this: if these gaps existed, why were they not picked up through your own systems?
Applied to AI, this means the absence of any process to manage AI use is itself the problem. An RTO that says “we did not realise staff were using AI on student data” is admitting its self-assurance process has a hole in it. “Everyone is doing it” is not a defence, because the Standards expect the RTO to have identified and managed the risk, not to have drifted into it. This is precisely why the written AI use policy and the audit trail matter so much: they are the evidence that the risk was managed rather than ignored.
Assessment Integrity: Where the Stakes Are Highest
Of all the places AI touches an RTO, assessment is where the regulatory stakes are highest, because it goes to the core purpose of the qualification.
The Standards require assessment evidence to be valid, sufficient, authentic, and current, often summarised as VSAC. Generative AI puts direct pressure on the “authentic” limb: if a student submits AI-generated work as their own, the evidence is no longer authentic, and the competency decision built on it is unsound. ASQA’s Regulatory Risk Priorities have flagged academic cheating, and AI-generated student responses are the newest form of an old problem that already included plagiarism and contract cheating.
The defensible response is not to ban student access to AI, which is neither possible nor desirable, but to strengthen authentication: assessment methods that make authorship verifiable, such as observation, oral questioning, time-stamped digital work, and validation processes that actively check for AI-generated and plagiarised work. An RTO that has documented how it detects and manages AI in student work is demonstrating the integrity process the Standards expect. An RTO that has no such process has a gap that an audit will find.
How to Move From Exposed to Defensible
The path from “we use AI and hope it is fine” to “we use AI and can prove it is governed” is the same path the rest of this cluster lays out.
- Write the policy. A short, controlled AI use policy with data classification, approved tools, prohibited uses, and an audit trail. This is the single most important document.
- Keep humans in the assessment decision. Make it explicit, in policy and in practice, that competency decisions and validation stay with qualified people.
- Strengthen authentication. Add or reinforce assessment methods that verify authorship, and document how you check for AI-generated work.
- Protect student data. Keep student personal information out of unprotected AI tools, in line with the Privacy Act 1988 and your data classification rule.
- Build the evidence trail. Record which tools are used, for what, and what human review applied, so self-assurance is demonstrable.
- Follow the plan. The 90-day AI adoption plan sequences all of this into a manageable rollout.
An RTO that does these things is not just avoiding penalty; it is in the position ASQA’s Corporate Plan describes, where strong, evidenced self-assurance can mean reduced regulatory burden, while poor practice attracts more scrutiny.
Frequently Asked Questions
Will ASQA penalise my RTO just for using AI?
No. ASQA does not penalise AI use itself. It penalises the consequences of ungoverned use: inauthentic assessment evidence, privacy breaches, and the absence of any process to manage AI. AI used within a documented policy, with humans making assessment decisions and student data protected, is not a penalty risk in itself.
Can AI be used to mark or assess student work?
AI can assist with administrative aspects of assessment, but it cannot make the competency decision. ASQA has indicated that AI cannot be used to make assessment decisions, and cannot complete validation where qualified people are required. The judgement must remain with a qualified assessor.
Does ASQA require RTOs to detect AI-generated student work?
The 2025 Standards require assessment evidence to be authentic, and ASQA has flagged academic cheating as a risk priority. An RTO with no process to detect or manage AI-generated and plagiarised work has a self-assurance gap that an audit is likely to identify. Strengthening authentication and documenting the process is the expected response.
What did ASQA actually announce about AI in 2026?
On 3 March 2026, ASQA announced sector workshops examining whether RTOs’ AI use complies with the 2025 Standards, including sharing draft AI Principles. Revised Practice Guides addressing non-compliant AI use are expected around mid-2026. ASQA has also published its own AI Transparency Statement covering its internal AI use.
Is using AI for marketing a compliance risk?
Only if the output is published without compliance review. AI can generate marketing claims that breach the Information and Transparency Practice Guide as easily as a human can. AI-drafted marketing that is human-reviewed against the prohibited phrases and the Practice Guide before publishing is fine; AI-drafted marketing published unchecked is a risk. The full workflow is in our AI for RTO marketing guide.
What is the fastest way to reduce our AI compliance risk?
Write a short AI use policy with a clear data classification rule, make it explicit that assessment decisions stay with qualified people, and start keeping a basic audit trail of AI use. Those three steps move an RTO from undocumented exposure to demonstrable governance, which is what ASQA’s self-assurance approach looks for.
What Happens Next
The anxiety around ASQA and AI mostly dissolves once the distinction is clear: govern the use, keep humans in the assessment decision, protect the data, and document it. The RTO AI use policy is the foundation document, the 90-day AI adoption plan sequences the rollout, the Claude vs ChatGPT vs Gemini for RTOs comparison helps choose the tools the policy will approve, and the AI for RTO marketing guide covers the most common use case safely.
Worried that AI-generated content has already introduced compliance risk into your public-facing marketing? RTO Scanner reviews your website copy against the phrases ASQA flags and validates your RTO code against training.gov.au in real time, free, in under five minutes.
