What happened
It was reported that in August 2025 the Commonwealth Ombudsman found that two federal agencies had unlawfully cancelled the income support of 9,642 job seekers, in a failure with a simple mechanism: Parliament changed the law, and the system that applied it was never updated. From April 2022, an amendment to the Social Security (Administration) Act meant that cancelling a payment under the Targeted Compliance Framework, the system that polices job seekers’ mutual obligations, required a human decision-maker to exercise discretion and consider the person’s individual circumstances. The framework’s predominantly automated system was never updated to reflect that requirement. It kept cancelling payments automatically when mutual-obligation failures were recorded, exactly as it had before the law changed, for more than two years.
The Ombudsman’s report, titled “Automation in the Targeted Compliance Framework: when the law is changed but the system isn’t”, found the cancellations were not lawful, and noted that the failure was doubled: the system cancelled payments without reflecting the need for a discretionary decision, and the human decision-makers did not make that discretionary consideration either. The Ombudsman’s report said the error was first surfaced not by either agency’s own checks but by external legal advisers in September 2023, and that cancellation decisions were not paused until July 2024, almost ten months later; a complaint from the Australian Council of Social Service that December helped prompt the Ombudsman’s investigation. Announcing the report, the Ombudsman said automatic cancellation of vital income support for these job seekers was likely to have significant, if not catastrophic, consequences. Separately from the Ombudsman’s findings, iTnews reported that an unpublished consultant’s review from June 2025 had found the system increasingly unstable, with IT errors identified dating back to 2018. For a country still absorbing the royal commission into Robodebt, the finding landed with a familiar shape: an automated system enforcing the government’s view of a citizen’s obligations, without the legal authority to do what it was doing.
What an auditable version would have shown
The gap between what the law required and what the code did was invisible for seventeen months, and unremedied for almost ten more after lawyers spotted it, because nothing inside the system was positioned to see it. An auditable version binds each consequential action to the authority it claims: a signed record for every cancellation, naming the statutory provision relied on, the decision-maker who exercised the required discretion, and the material they considered. The day the amended law took effect, every record produced by the unchanged system would likely have raised an immediate compliance exception, because there was no decision-maker and no discretion to record. The mismatch would have surfaced as a compliance signal in week one, not as legal advice in year two.
Where the gap was
A rule changed and the system that enforced the old rule kept running. A ConstraintGate treats the current law as a standing rule checked before the action executes: a cancellation that cannot cite a discretionary human decision does not proceed. A MetricRecord aggregates the actions the system is taking, so that 9,642 cancellations of a kind the law no longer permits show up as a number someone is accountable for reading. A ConductRecord preserves each decision with its claimed authority, which is also what makes remediation tractable: the agencies are now reconstructing, case by case, decisions the system never properly recorded.
What governance should have looked like
When Parliament conditions an automated action on human judgment, the automation must be re-verified against the new law before it takes another action, and the verification must be someone’s named job. The Ombudsman’s title says what governance was missing: the law was changed, the system wasn’t. Any organisation that automates consequential decisions owes the people affected a matching promise, that every automated action can point to the rule that authorises it and the human who exercised any judgment that rule requires. Where that pointer is missing, the action, not the citizen’s payment, should be the thing that stops.
Failure Pattern: the law authorising an automated action changed, and the system kept executing under the old rule with no re-verification.
Governance Principle: when a rule that authorises an automated action changes, the action must stop until system behaviour, approval workflow and records are re-verified as compliant.
The reference implementation of ConstraintGate, MetricRecord and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.
Sources
- Automation in the Targeted Compliance Framework: when the law is changed but the system isn’t (Commonwealth Ombudsman report)
- Job seekers had payments cancelled unlawfully by gov IT system (iTnews)
- Damaging compliance system must stop immediately after damning Ombudsman report (ACOSS)
- Fairness in the Targeted Compliance Framework: when decisions are made beyond your control (Commonwealth Ombudsman report, December 2025)