90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-077
Government · Australia · 2024 · Automated decision without human review

Revenue NSW took money from fine defaulters' bank accounts by automation for years, and the Ombudsman found the process contrary to law

By Ellie Harris · Filed Automated garnishee orders from January 2016; first Ombudsman report November 2021

Alleged: Revenue NSW (NSW Department of Customer Service) developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

Revenue NSW took money from fine defaulters' bank accounts by automation for years, and the Ombudsman found the process contrary to law

What happened

It was reported that in April 2024 the NSW Ombudsman tabled a special report in Parliament finding that Revenue NSW, the state’s debt and fines agency, had operated its garnishee order process contrary to law. A garnishee order lets the agency take money directly from a fine defaulter’s bank account. From January 2016 the agency automated the issuing of these orders at volume, with no human deciding any individual case; annual orders grew from 6,905 in 2010-11 to more than 1.5 million by 2017-18. The law required an authorised person to reach a state of satisfaction before each order was issued, and the Ombudsman’s earlier report, tabled in 2021, had already presented legal advice that no authorised person engaged in a mental process of reasoning to reach that state of satisfaction. Complaints that prompted the scrutiny came from people who found their accounts emptied, including people whose only income was Centrelink payments and whose balances were taken to zero.

It was reported that the agency’s fixes arrived in layers, each acknowledging part of the problem. In September 2018 it added a machine-learning model intended to exclude vulnerable people from garnishee action, trained on about 250,000 customer files. In March 2019 it added a manual sign-off step. The Ombudsman’s 2024 special report found the process was contrary to law from January 2016 to March 2019 and wrong, in the statutory sense, from March 2019 to March 2022; recovery of certain state debts between March 2018 and March 2019 contravened a second Act, the State Debt Recovery Act. A redesigned process introduced in 2022 was confirmed by the NSW Solicitor General as compliant, and the finance minister accepted all of the report’s recommendations, which centred on giving decision-makers complete recorded grounds for each order, protecting minimum amounts and Centrelink-derived funds in accounts, and publishing information about how garnishee orders work and can be challenged. By the time of the final report, the process had operated in configurations the Ombudsman found unlawful or wrong for more than six years.

What an auditable version would have shown

The legal question at the centre of the case, did an authorised person actually decide this, is a question about records. It was reported that Revenue NSW could not produce evidence of a human reaching the required state of satisfaction for any individual order, because the system was not built to involve one, let alone record one. An auditable version writes a signed record per order: the decision-maker, the material they considered, the vulnerability checks that ran, and the statutory authority relied on. With that record, investigators could have established quickly whether each order had a lawful decision-maker behind it, rather than contesting for years what the process even was, and the agency would know from its own logs, not from complainants, when an order is about to empty an account that holds someone’s entire income.

Where the gap was

An action the law reserved for a considered human decision was, on the Ombudsman’s findings, automated at scale with no human deciding individual cases, in a process that grew to more than 1.5 million orders a year by 2017-18. A ConstraintGate encodes the statutory precondition as a check that runs before the action: no recorded authorised decision, no order. A ConductRecord preserves each order with its authority and its inputs, including what the vulnerability model scored and why, so that when a machine-learning exclusion layer is later introduced, its performance is measurable against the harm it was added to prevent rather than taken on faith.

What governance should have looked like

Automating the paperwork of a legal power is not the same as automating the power itself, and the difference is exactly the human judgment the statute requires. The Ombudsman’s 2021 report sketched what regulation of government machines might one day include: a right to have a machine’s decision reviewed by a person, external validation of algorithms, and regular audits. The 2024 recommendations were more concrete and just as telling: complete recorded grounds for every order, protected amounts that automation cannot touch, and public information about how to challenge one. The scale that automation makes possible, from seven thousand orders a year to 1.5 million, is precisely why the authority behind each order has to be checkable, because at that volume, errors are not incidents; they are policy.

Failure Pattern: a statute reserved an action for a considered human decision, and automation executed it at scale with no recorded, authorised decision-maker.

Governance Principle: automation may prepare a legally reserved human decision but must not execute it without a recorded, authorised decision-maker.

The reference implementation of ConstraintGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Revenue NSW (NSW Department of Customer Service) could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →