Australia's Attorney-General's Department has officially approved Microsoft Copilot Chat and Google NotebookLM for staff use on information classified up to the "protected" level. The decision, confirmed by assistant secretary Antony Spence, marks a significant expansion of the government's generative AI toolkit while reinforcing strict governance controls.
The Green Light: What’s Now Allowed
The department’s endorsement means public servants can now feed documents, emails, and other work materials labeled as "protected" into both AI services. In Australia's security classification system, "protected" covers information that, if compromised, could cause limited damage to national security, the economy, or diplomatic relations. It sits one level above "official" and below "secret".
Crucially, the approval is not a blanket go-ahead. Staff must adhere to existing department security policies—no copying and pasting classified data into personal accounts, no sharing confidential materials externally without authorization. The tools are to be used through official, government-managed accounts with enterprise data protection enabled. For Copilot Chat, that means the commercial data protection features that prevent prompts and responses from being saved, used for training, or reviewed by humans. NotebookLM, Google’s AI research assistant, similarly operates within a governed environment when deployed through a Google Workspace tenant with appropriate settings.
Spence emphasized that the approval reflects a "pragmatic" approach to balancing innovation and security, as reported by iTnews. The department ran its own assessments, likely examining data handling, access controls, and compliance with the Protective Security Policy Framework (PSPF). No major incidents were cited, but the move comes after months of internal testing and consultation with the Digital Transformation Agency and the Australian Signals Directorate.
What It Means for You
If you’re an Australian federal government employee, this changes your daily workflow. You can now use Copilot Chat to summarize a "protected" briefing, draft a response to a ministerial, or analyze trends in a sensitive dataset. NotebookLM becomes a legitimate tool for synthesizing research across protected documents, generating timelines, or creating briefings from multiple sources.
But the approval does not extend to every team. Individual agencies may still impose additional restrictions, especially if they deal with law enforcement, intelligence, or personally identifiable information. Check with your IT security officer before uploading anything. The Attorney-General’s Department has prepared internal guidance, but no public-facing rulebook exists yet.
For Windows users more broadly, this signals that Microsoft’s AI stack is maturing for government workloads. Copilot Chat, the free chat interface accessible from copilot.microsoft.com or the Windows taskbar, now carries trust marks that could accelerate similar approvals in other regulated sectors like finance, healthcare, and critical infrastructure. If your organization is holding back on AI because of data residency or classification concerns, Australia’s move offers a reference case.
Admins and IT professionals managing Microsoft 365 tenants should review the compliance documentation. Copilot Chat’s commercial data protection relies on users being signed into a work or school account with the right Entra ID policies. Ensure that your tenant has data loss prevention (DLP) rules, sensitivity labels, and audit logging configured before greenlighting protected-data usage. For NotebookLM, the equivalent settings live in Google Workspace Admin console under "Apps" → "Additional Google services.
Developers building on Azure OpenAI or Vertex AI can take cues, too. The government’s acceptance of these consumer-grade interfaces with data protection layered on top suggests that properly configured API-based solutions can meet even strict PSPF requirements. If you’re architecting a government chatbot, consider the same controls: no storage of prompts, regional data processing, and admin oversight.
How We Got Here: A Timeline of Cautious Openness
Australia’s journey with AI in the public sector has been deliberate. In 2022, the Digital Transformation Agency published an AI assurance framework, but adoption remained slow. The rapid rise of ChatGPT prompted alarm; in early 2023, several departments banned it outright over fears of data leakage. The Home Affairs Department’s March 2023 directive to block ChatGPT from its networks made headlines.
By mid-2023, the tide began to turn. The government released its interim guidance on responsible AI use, urging agencies to explore generative AI but only with appropriate safeguards. Microsoft launched Copilot for Microsoft 365 with government-specific commitments in late 2023, but pricing and compliance hurdles limited uptake. Meanwhile, Google pitched NotebookLM as a private-by-design research tool, encrypting user data and processing it regionally.
The Attorney-General’s Department started its pilot in early 2024, testing both tools against "protected" workloads. Over six months, it evaluated data handling, user behavior, and output quality. The successful pilot led to Spence’s green light, announced internally in late 2024 and now being socialised across agencies.
What to Do Now
For immediate steps, Australian public servants should:
- Get the official guidelines. Your agency’s IT security team will have a policy document. Read it before opening Copilot Chat or NotebookLM with protected data.
- Verify your account setup. Copilot Chat must be accessed via your government email address, with enterprise data protection shown in the interface—look for the green "protected" badge. For NotebookLM, ensure you’re using your work Google Workspace account, not a personal Gmail ID.
- Start with low-risk tasks. Summarize a non-sensitive public report in Copilot Chat first, then move to protected documents once comfortable.
- Apply information management rules. Anything you generate may become a record. Save outputs to your department’s record-keeping system, not just your chat history.
- Report any issues. If you see unexpected behavior or suspect a data mishandling, flag it to your security team immediately. The whole approval rests on transparency and quick feedback loops.
For IT admins outside government, consider running a similar pilot. The Attorney-General’s Department didn’t invent a new wheel; it simply enforced existing security controls. Confirm your AI tools have commercial data protection, audit trails, and region-locked data processing. Then run a trial with a small group handling non-production data before scaling.
The Outlook: What to Watch Next
The Attorney-General’s decision is likely to ripple through other Australian government entities. State governments like Victoria and New South Wales have been observing federal pilots; they may follow suit quickly. More significantly, this sets a precedent for the "protected" tier—if Copilot Chat and NotebookLM can handle it, what about Azure OpenAI Service or Google Vertex offering more customizable models? Expect a wave of approvals for cloud-hosted AI APIs with similar guardrails.
On the regulatory side, Australia’s new Cyber Security Act and proposed AI Act will add layers. Agencies will need to comply with mandatory security standards and algorithm transparency requirements. The current approval is a snapshot in time; as laws evolve, so will the list of approved tools.
For Windows users globally, the message is clear: enterprise-grade generative AI is no longer a toy for drafting party invitations. With the right settings, it’s a trusted backbone for sensitive government work. Keep an eye on your taskbar; that Copilot icon may soon be your gateway to a workspace cleared for protected data.