NSW becomes first Australian state to regulate digital safety risks in the workplace

The Work Health and Safety Amendment (Digital Work Systems) Bill 2025 was endorsed by the Legislative Assembly on 12 February 2026, after it had passed the Legislative Council, with amendments, earlier that same day. It amends the Work Health and Safety Act 2011 (NSW) (the Act), implementing significant amendments to the existing laws regulating the use of digital work systems by expressly regulating the health and safety impacts of digital work systems.

Digital work systems are defined to include any algorithm, artificial intelligence, automation or online platform, reflecting the increasing reliance on digitally assisted work allocation, monitoring and performance management in the workplace.

The amendments include a newly inserted provision which will create an additional primary duty of care for businesses to ensure that the health and safety of workers is not put at risk from the use of digital work systems in a business or undertaking. The amendments include considerations of certain risks that a person conducting a business or undertaking (PCBUs) must consider when utilising a digital work system, including:

• excessive or unreasonable workloads for workers at work in the business or undertaking;
• the use of excessive or unreasonable metrics to assess and track the performance of workers at work in the business or undertaking;
• excessive or unreasonable monitoring or surveillance of workers at work in the business or undertaking; and
• discriminatory practices or decision-making in the conduct of the business or undertaking.

Under existing WHS laws, inspectors, unions and other permit holders may enter workplaces to inquire into suspected contraventions of the Act. The newly revised legislation will expand these powers by allowing permit holders, including union representatives, to require “reasonable assistance” to access and inspect digital work systems suspected of breaching WHS obligations.

In practice, this would mean: “allowing the permit holder to access and inspect the system or providing an explanation of how the system functions so that the permit holder can meaningfully carry out the inspection. This amendment is important because individual workers often do not have visibility of how digital work systems operate or the awareness or opportunity to identify risks embedded within them,” according to the second reading of the speech.

This will include access to system data, explanations of system logic, and demonstrations of how work is allocated or monitored. In essence, it will require clarity about algorithmic management.

Only individuals who hold authorised WHS entry permits can conduct an inspection of a digital work system. While the legislation has not changed how union representatives or other possible holders can access a permit, it does significantly expand what union representatives can lawfully do when on the premises. For businesses who have previously encountered difficulties with unions and managing right of entry laws, this development adds a new layer of legal complexity. The expanded powers could lead to greater scrutiny, more frequent entry requests, and disputes over what systems should be reasonably accessed.

Prior to the passing of the legislation, these expanded powers were fiercely criticised by the opposition, with the NSW shadow treasurer Scott Farlow claiming the it is handing “unprecedented new powers to union officials to access information they have no right to access during an era of increased concern over data privacy”, and that it would provide unions with new rights under the guise of ‘digital safety’. The opposition's criticism includes that the legislation is breathtakingly broad, capturing almost every modern workplace in NSW, and is out of step with the national work health safety regime. In other words, if you use a computer, you are caught in the crosshair.

Key stakeholders such as the Australian Institute for Health and Safety (AIHS) had also previously joined calls for the NSW government to shelve the proposed duty. The AIHS claimed that it fails to recognise that “risks such as fatigue and psychological injury remains constant whether a task is designed by a human or a machine.” As such, the legislation is flawed in that it treats digital systems as posing a unique hazard, according to the AIHS.

Businesses should be aware of union officials utilising these expanded powers as a way to seek access to workplace premises or to partake in a fishing expedition. Frontline managers may find themselves increasingly accommodating complex requests to systems, possibly disrupting operations should they need to be accessed on the fly. A business’s refusal to assist an entry permit holder can result in a maximum A$66,770 (approx. US$46,511) fine for a corporation, or a A$13,310 fine for an individual.

However, the powers of an entry permit holder will be subject to guidelines made by the regulator, Safe Work NSW, which will be required to issue and publish guidelines on their website. Under amendments implemented by the Legislative Council, permit holders will be unable to exercise these new powers until at least a month after SafeWork NSW publishes their guidelines, to be developed following public consultation. Permit holders must provide businesses with 48 hours’ notice before seeking to exercise the new powers.

NSW is now the first state in Australia to address the safety risks posed to workers by digital work systems. 

What do these amendments mean for organisations?

The amendments place a new level of scrutiny on the technologies that organisations use within the workplace. Businesses must continually review and monitor the digital tools they use, particularly those involved in work allocation, rostering, monitoring, or productivity assessment. Examples of systems likely to be captured include:

• automated shift allocation tools;
• workflow allocation engines;
• AI-driven productivity scoring systems; and
• monitoring software that tracks keystrokes, task completion speed, or call handling time.

This wide definition of a digital work system means that even commonplace HR systems, scheduling software and management platforms fall within the scope of the Bill. Accordingly, PCBUs will therefore need to audit the digital systems currently in use, identify where work is being influenced or allocated by algorithms, and consider whether these systems could contribute to psychosocial risks.

A major challenge for businesses will be interpreting what amounts to “excessive or unreasonable workloads” or “excessive monitoring and metrics” or the requirement for businesses to provide “reasonable assistance” to entry permit holders. These concepts are inherently broad and ambiguous, and may vary across industries, roles and workforce demographics. Businesses should expect SafeWork NSW to take a precautionary approach, especially where digital systems lack transparency or where workers have limited ability to challenge or understand automated decisions.

To prepare for the new requirements, businesses should consider implementing the following measures:

• identify the digital work systems that are currently in place, and assess how you can reasonably respond to and provide access to union requests;
• ensure there is human oversight on the usage of digital work systems – while these systems may certainly be useful in terms of efficiency, human oversight is essential in minimising psychosocial safety risks that may occur;
• conduct a risk assessment by reviewing what systems are already in place and whether these are at risk of harming workers;
• consult with workers about levels of burnout, anxiety or fatigue associated with monitoring practices or workload allocation;
• consider implementing training sessions for managers and senior executives as to what these new amendments will require and how to use the benefits of digital work systems responsibly, as well as employees, who may have private information accessed;
• develop clear, practical policies and guidelines for senior staff members to follow for a dealing with a request to access and inspect digital work systems. Make sure you can identify both a valid entry permit, and who within the business is authorised or required to respond;
• document everything: should an entry permit holder come knocking, make sure to document, inter alia, their name, document number, and any reasoning where a request to inspect a digital work system has been declined; and
• keep confidential information separate from permit holder-accessible data to meet privacy obligations. 

Co-written by Nadine Walker of Pinsent Masons.