90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-076
Government · Australia · 2025 · Automated decision without human review

Australia changed the law so a human had to decide before a job seeker's payment was cancelled, and the automated system kept cancelling anyway

By Ellie Harris · Filed Unlawful cancellations April 2022 to July 2024

Alleged: Department of Employment and Workplace Relations; Services Australia developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

Australia changed the law so a human had to decide before a job seeker's payment was cancelled, and the automated system kept cancelling anyway

What happened

It was reported that in August 2025 the Commonwealth Ombudsman found that two federal agencies had unlawfully cancelled the income support of 9,642 job seekers, in a failure with a simple mechanism: Parliament changed the law, and the system that applied it was never updated. From April 2022, an amendment to the Social Security (Administration) Act meant that cancelling a payment under the Targeted Compliance Framework, the system that polices job seekers’ mutual obligations, required a human decision-maker to exercise discretion and consider the person’s individual circumstances. The framework’s predominantly automated system was never updated to reflect that requirement. It kept cancelling payments automatically when mutual-obligation failures were recorded, exactly as it had before the law changed, for more than two years.

The Ombudsman’s report, titled “Automation in the Targeted Compliance Framework: when the law is changed but the system isn’t”, found the cancellations were not lawful, and noted that the failure was doubled: the system cancelled payments without reflecting the need for a discretionary decision, and the human decision-makers did not make that discretionary consideration either. The Ombudsman’s report said the error was first surfaced not by either agency’s own checks but by external legal advisers in September 2023, and that cancellation decisions were not paused until July 2024, almost ten months later; a complaint from the Australian Council of Social Service that December helped prompt the Ombudsman’s investigation. Announcing the report, the Ombudsman said automatic cancellation of vital income support for these job seekers was likely to have significant, if not catastrophic, consequences. Separately from the Ombudsman’s findings, iTnews reported that an unpublished consultant’s review from June 2025 had found the system increasingly unstable, with IT errors identified dating back to 2018. For a country still absorbing the royal commission into Robodebt, the finding landed with a familiar shape: an automated system enforcing the government’s view of a citizen’s obligations, without the legal authority to do what it was doing.

What an auditable version would have shown

The gap between what the law required and what the code did was invisible for seventeen months, and unremedied for almost ten more after lawyers spotted it, because nothing inside the system was positioned to see it. An auditable version binds each consequential action to the authority it claims: a signed record for every cancellation, naming the statutory provision relied on, the decision-maker who exercised the required discretion, and the material they considered. The day the amended law took effect, every record produced by the unchanged system would likely have raised an immediate compliance exception, because there was no decision-maker and no discretion to record. The mismatch would have surfaced as a compliance signal in week one, not as legal advice in year two.

Where the gap was

A rule changed and the system that enforced the old rule kept running. A ConstraintGate treats the current law as a standing rule checked before the action executes: a cancellation that cannot cite a discretionary human decision does not proceed. A MetricRecord aggregates the actions the system is taking, so that 9,642 cancellations of a kind the law no longer permits show up as a number someone is accountable for reading. A ConductRecord preserves each decision with its claimed authority, which is also what makes remediation tractable: the agencies are now reconstructing, case by case, decisions the system never properly recorded.

What governance should have looked like

When Parliament conditions an automated action on human judgment, the automation must be re-verified against the new law before it takes another action, and the verification must be someone’s named job. The Ombudsman’s title says what governance was missing: the law was changed, the system wasn’t. Any organisation that automates consequential decisions owes the people affected a matching promise, that every automated action can point to the rule that authorises it and the human who exercised any judgment that rule requires. Where that pointer is missing, the action, not the citizen’s payment, should be the thing that stops.

Failure Pattern: the law authorising an automated action changed, and the system kept executing under the old rule with no re-verification.

Governance Principle: when a rule that authorises an automated action changes, the action must stop until system behaviour, approval workflow and records are re-verified as compliant.

The reference implementation of ConstraintGate, MetricRecord and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Department of Employment and Workplace Relations; Services Australia could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →