Data Sharing Act Implementation in the APS: The Quiet Progress
The Data Availability and Transparency Act has been in force long enough that the implementation patterns are becoming visible. The progress is uneven across agencies, the rhetoric does not always match the reality, and the agencies that are getting it right are quieter than the agencies that are not.
What the Act actually requires
The DATA scheme creates a framework for sharing data between Commonwealth agencies for specified purposes, with safeguards around purpose, data minimisation, and accountability. The framework is opt-in for the data custodian agency, which means the dynamic is one of negotiation rather than mandate.
The compliance overhead for entering into a data sharing arrangement under the scheme is non-trivial. Data sharing agreements, accreditation of accredited users, technical and operational controls, transparency reporting. The agencies that have entered into arrangements have invested substantial time in the setup.
Where the use is concentrated
Most of the data sharing arrangements active in 2026 cluster around a small number of use cases. Population health research with the major university research institutes. Programme evaluation work with academic and accredited research entities. Some cross-agency administrative data integration for service delivery optimisation.
The volume of sharing is modest relative to the data assets the APS holds. The framework is being used cautiously, which is consistent with the design intent.
What is not happening
The expansive vision of cross-agency data integration that some advocates hoped the Act would enable is not materialising. The opt-in nature of the framework, combined with the genuine accountability burden on data custodians, has produced a pattern of careful, limited sharing rather than wholesale integration.
Most agencies are sharing for specific projects rather than building generalised data sharing infrastructure. The technical foundations for broader sharing exist in some agencies but the policy posture is cautious.
What the implementation gap looks like
The agencies with mature data governance, well-documented data assets, and experienced privacy and data ethics teams have been able to participate in the scheme without overwhelming overhead. The agencies without these foundations have either not participated or have done so with disproportionate effort.
The investment in foundational data governance capability has paid off for the agencies that made it. The agencies that have not made the investment are paying for it now in slower implementation.
What is next
The next phase is the integration of the DATA scheme with the broader Commonwealth AI deployment agenda. AI systems that rely on cross-agency data are increasingly part of the policy conversation. The DATA scheme provides one of the legal mechanisms for the data flows these systems need. The interaction between the scheme and the AI policy framework is being worked through.
For agencies thinking about AI deployment that touches multiple data sources, AI governance consultants familiar with both the DATA scheme and the AI policy framework are useful for the architecture conversation. The two frameworks need to be considered together at the design stage, not retrofitted to each other.
A note for academic and research partners
The accredited user framework is genuinely open to research entities that have the data handling capability to meet the accreditation requirements. The process is bureaucratic but workable. Research entities that anticipate needing access to Commonwealth data over the next several years should consider engaging with the accreditation process now rather than waiting for the first project that needs it.