Skip to main content

New Zealand Algorithm Charter: Transparency in Government AI Decisions

New Zealand's Algorithm Charter for Aotearoa New Zealand matters because it focuses government agencies on a question many AI deployments avoid: can the agency explain what the system is doing, what data it is using, who is accountable for it, and where human judgment still sits? The charter is voluntary rather than a binding statute, but it operates inside a public-sector environment that already includes the Privacy Act 2020, the Official Information Act 1982, public-service accountability duties, and anti-discrimination expectations that make opaque automation hard to defend.

For agencies using AI in triage, drafting, case summarization, service support, or policy assistance, the implementation challenge is not abstract transparency. It is route behavior. A system cannot be meaningfully transparent if staff cannot tell whether personal data was minimized, whether the output was grounded in approved material, or whether a human review step was mandatory before the output shaped an administrative outcome. Keeptrusts helps on that operational boundary. It cannot publish an algorithm inventory for you, meet consultation duties, or answer Official Information Act requests. It can make the route easier to explain and govern.

Use this page when

  • You work on government or public-sector AI in New Zealand and need a transparency-focused operating model.
  • You want to align route behavior with the Algorithm Charter and related public-sector accountability duties.
  • You need concrete controls for AI-assisted triage, case support, or citizen-service workflows.

Primary audience

  • Primary: Compliance officers, public-sector digital leaders, service owners
  • Secondary: privacy officers, delivery managers, security architects

The problem

Government AI systems are often introduced as productivity tools. A caseworker assistant summarizes long files. A service desk tool drafts replies. A triage model helps prioritize incoming requests. A policy-search assistant helps staff locate internal guidance. These uses look modest compared with automated benefit decisions or predictive scoring, but they can still shape outcomes in meaningful ways. The staff member who reads a summary first may never go back to the full file. The triage output may change how quickly a person receives attention. A drafted reply can frame the government's position before a human makes edits.

That is why transparency in public-sector AI is not just about publishing principles. It is about preserving the ability to explain the route itself. Which information was sent to the model? Was personal data removed or minimized first? Was the output required to cite approved source material? Could the route respond directly, or did it escalate for review? If the agency cannot answer those questions, it will struggle to defend the workflow under the Charter's transparency and human-oversight expectations, and it will make Privacy Act compliance harder as well.

The risk becomes larger when one assistant platform is reused for several public-sector functions. Internal drafting, citizen-service support, and case triage often end up sharing a single technical path. That might be efficient, but it erases the difference between a low-risk writing aid and a workflow that can influence public administration. Once that difference disappears, the agency has no clean way to prove that higher-impact routes had stronger controls.

The solution

The strongest pattern is to treat transparency as an architectural property.

Keeptrusts supports that by making the route's control path explicit. pii-detector helps agencies minimize personal data before external processing. citation-verifier is valuable for public-sector use because many assistants should answer only from approved policy, service, or knowledge sources. human-oversight creates the hard stop for routes where the output should be reviewed before it affects a citizen or case outcome. audit-logger then preserves the evidence that the route really followed the expected path.

This is especially useful for agencies trying to avoid overclaiming. The Charter encourages openness, accountability, and human oversight. Keeptrusts can support those goals at runtime, but it does not replace policy publication, consultation, records management, or formal explanations to the public. That division of responsibility is healthy. It lets agencies use gateway controls for what they are good at while keeping legal and democratic accountability where it belongs.

The design principle is simple: routes that can influence government decisions or service outcomes should be easier to explain than ordinary productivity tools, not harder. That means stricter redaction, stronger source grounding, and an explicit review path when the workflow demands it.

Implementation

For a New Zealand public-sector case-support route that helps staff summarize files but should never deliver a direct outward-facing outcome without review, use a conservative configuration.

pack:
  name: nz-public-sector-case-support
  version: "1.0.0"
  enabled: true

providers:
  targets:
    - id: approved-government-provider
      provider: openai
      model: gpt-5.4-mini-mini
      secret_key_ref:
        env: OPENAI_API_KEY
      data_policy:
        zero_data_retention: true
        training_opt_out: true
        retention_days: 0
        allow_internet_egress: false

policies:
  chain:
    - pii-detector
    - data-routing-policy
    - citation-verifier
    - human-oversight
    - audit-logger

policy:
  pii-detector:
    action: redact
    redaction:
      marker_format: label
      include_metadata: true

  data-routing-policy:
    require_zero_data_retention: true
    require_no_training: true
    max_retention_days: 0
    allow_internet_egress: false
    on_no_compliant_provider: block
    log_provider_selection: true

  citation-verifier:
    require_sources: true
    require_source_match: true
    output_action:
      unverified_action: block

  human-oversight:
    action: escalate

  audit-logger: {}

This route does not make an agency transparent by itself. What it does is support several transparency-critical behaviors. Personal data is reduced before the provider sees it. The route cannot silently use a provider that falls outside the declared data policy. Unsupported output can be blocked instead of becoming part of a case summary. And the route does not act as straight-through automation where a reviewer is required.

This pattern also helps agencies separate routine productivity assistance from case-affecting workflows. A staff writing assistant can use a lighter route. A case triage or citizen-service assistant can use the stricter one. That distinction is central if the agency wants to explain where human judgment enters the process.

The most relevant companion pages are Configuration & Policy Overview, PII Detector, Data Routing Policy, Compliance Officer Guide, and Zero-Trust AI.

Results and impact

Agencies that adopt this pattern get a cleaner accountability story. When asked how a route supports public-sector transparency, they can point to minimization, provider constraints, grounding, review stops, and audit events instead of vague statements about responsible use. That does not end scrutiny, but it makes scrutiny more answerable.

The route model also improves internal governance. Service owners, privacy teams, and public-sector leaders can decide together which workflows belong in the strict lane and which can remain lighter. That is better than retrofitting transparency after a general assistant is already embedded in case handling.

Most importantly, it respects the Charter's real promise. Transparency is not only a reporting exercise. It is a property of how the system is built and controlled.

Key takeaways

  • The Algorithm Charter is voluntary, but it sets serious expectations for explainability, accountability, and human oversight in New Zealand government AI use.
  • Public-sector AI routes should be designed for explanation, not only efficiency.
  • Use pii-detector and data-routing-policy to support Privacy Act discipline and reviewed provider handling.
  • Use citation-verifier and human-oversight for routes that influence case handling or citizen outcomes.
  • Official Information Act responses, publication duties, and broader public accountability remain outside the gateway.

Next steps