Bibliography
52 catalogued entries across 8 intellectual lanes — the academic and regulatory substrate underpinning NETEVO's Law-to-Code Methodology and AU AI governance work.
Citations link out — NETEVO does not redistribute source documents.
Showing 52 of 52 resources
Mowbray, Chung, Greenleaf (2023) · CLSR 48
Six desirable features of explainability for RaC — transparency, traceability, availability, sustainability, links to legal sources, and accountability — assessed against AustLII's...
ReadMowbray, Chung, Greenleaf (2023) · CLSR 48
Methodology for representing legislative rules propositionally, with a pre-processor that scales the RaC conversion to large bodies of legislation; demonstrates viability across...
ReadBertl, Price, Draheim (2026) · IJCCE 7
Prolog + NLP + XAI pipeline for extracting executable rules from legal text, validated on the Austrian Study Funding Act at the Austrian Ministry of Finance; outlines a path to...
ReadISO (2026) · ISO PUB100435
ISO's published, peer-reviewed integration guide. Articulates how multiple management-system standards combine into a single engineered system organised around the Harmonized...
ReadRaji et al. (2020) · FAT* '20
Introduces the SMACTR framework (Scoping → Mapping → Artifact Collection → Testing → Reflection) for internal algorithmic auditing — an end-to-end audit process applied...
ReadMökander, Schuett, Kirk, Floridi (2024) · AI & Ethics 4
Proposes a three-layered audit blueprint for large language models — governance audits (of providers' organisational accountability structures and quality management systems),...
ReadStandards Australia (2023) · AS ISO/IEC 42001
The Australian-adopted normative standard for AI Management Systems — the AU mirror of the international ISO/IEC 42001:2023. Specifies requirements for an organisation to...
ReadAICD / HTI (2024) · AICD / HTI
Joint AICD–HTI board-level framework for AI governance, structured as the "eight elements of safe and responsible AI governance" — the AU canonical board-readable AI governance...
ReadISO/IEC (2023) · ISO/IEC 42001
The international ISO/IEC normative standard for AI Management Systems. Specifies requirements for establishing, implementing, maintaining, and continually improving an AI...
ReadISO/IEC (2022) · ISO/IEC 22989
The terminology standard underpinning the entire ISO/IEC AI MS family. Defines 117 numbered terms across seven groups (AI generally, data, machine learning, neural networks,...
ReadISO/IEC (2025) · ISO/IEC 42005
The operational guidance for AI system impact assessment — the practical implementation of ISO/IEC 42001 Clause 6.1.4 and Annex A.5. Five informative annexes; Annex A Table A.1...
ReadISO/IEC (2023) · ISO/IEC 23894
AI-specific risk management guidance. Operationalises ISO 31000:2018 for AI by mirroring its clause structure (Principles in Clause 4, Framework in Clause 5, Process in Clause 6)...
ReadISO/IEC (2022) · ISO/IEC 38507
The governance standard addressed to the governing body (board / top management), not the AIMS owner. Overlays ISO/IEC 38500:2015 (governance of IT) and ISO 37000:2021 (governance...
ReadSchuett (2023) · AI & Society 40(2)
Applies the Institute of Internal Auditors' canonical Three-Lines-of-Defence model (operational management — Line 1; risk management and compliance — Line 2; internal audit —...
ReadCutler et al. (2024) · PACMPL 8, OOPSLA1
The reference paper for Amazon's Cedar policy language. Combines role-based and attribute-based access control with formal analysis so that authorisation policies can be...
ReadMerigoux, Chataing, Protzenko (2021) · PACMPL 5, ICFP
A peer-reviewed domain-specific language designed to make legal text mechanically translatable into executable code, built around defeasible logic so the language structure mirrors...
ReadMantelero (2024) · CLSR 54
A leading legal-scholarship treatment of the EU AI Act Article 27 Fundamental Rights Impact Assessment (FRIA). Article-by-article reading of FRIA's roots, scope, obligations,...
ReadBurton Crawford (2023) · Public Law
A peer-reviewed Australian public-law critique of Rules-as-Code on rule-of-law grounds. Identifies the constitutional and administrative-law objections to translating legislation...
ReadBrand (2024) · Griffith Law Review
Direct AU academic treatment of director-duty implications of AI adoption. Applies the Corporations Act 2001 (Cth) ss 180–183 duty framework to board-level AI governance. The...
ReadBednarz, Bennett (2025) · AJCL
Risk-failure-consequence triad applied to AU corporate governance under AI conditions. Operationalises the abstract director-duty framework into concrete failure modes and...
ReadAmantea, Governatori, Quaranta (2026) · CLSR 61
Applies defeasible deontic logic — the Governatori computational-law lineage — to AI-system compliance. Bridges Lane A (AI compliance and audit) and Lane B (formal methods /...
ReadASIC (2024) · ASIC REP 798
ASIC's landmark AI-in-financial-services report. Documents how 23 AFS and credit licensees were using and planning to use AI, how they were identifying and mitigating associated...
ReadOAIC (2024) · OAIC Guidance
The OAIC's October 2024 position on how the Privacy Act 1988 (Cth) and the Australian Privacy Principles apply when entities adopt and use commercially-available AI products....
ReadOAIC (2024) · OAIC Guidance
The OAIC's October 2024 position on the privacy obligations of entities developing or training generative AI models using personal information. Sets out OAIC expectations on data...
ReadAPRA (2023, amended 2026) · CPS 230 / CPG 230
Cross-industry prudential standard for operational risk management applying to all APRA-regulated entities (ADIs, insurers, superannuation trustees). Requires boards to maintain...
ReadAPRA (2018, in force 2019) · CPS 234 / CPG 234
The information-security companion to CPS 230 (§25). Requires APRA-regulated entities to maintain information-security capability commensurate with information-security...
ReadNSW Government (2022, renamed 2024) · NSW AIAF
The NSW state-government framework for assessing AI risk in agency projects. Originally issued March 2022 as the AI Assurance Framework; renamed and substantially updated 1 July...
ReadNSW Government (2020) · NSW AI Strategy
The NSW Government's strategic policy frame for AI development and deployment by NSW Government agencies. Built around five themes — building public trust, digital uplift, building...
ReadDISR (2024) · DISR Voluntary
Australia's voluntary AI safety standard — ten guardrails covering accountability, risk management, data governance, testing, human oversight, transparency, contestability,...
ReadDISR (2024) · DISR Guardrails
The Commonwealth proposals paper on regulating high-risk AI through mandatory guardrails, proposed approaches to defining high-risk AI, and three regulatory options for mandating...
ReadNIST (2023) · NIST AI RMF 1.0
The US national voluntary framework for managing AI risk. Organised around four core functions — Govern, Map, Measure, and Manage — applied across the AI lifecycle. The most...
ReadNIST (2024) · NIST AI 600-1
The generative-AI specific profile of the NIST AI RMF (§31). Identifies twelve risk categories unique or exacerbated by generative AI — confabulation, dangerous content, data...
ReadEU (2024) · EU 2024/1689
The EU's first horizontal AI regulation — sets harmonised rules on AI systems, classifies them by risk (unacceptable / high-risk / limited-risk / minimal-risk), and imposes...
ReadAHRC (2021) · AHRC HR&Tech
The foundational AU statutory-body report on AI and human rights. Culmination of three years of consultation with industry, governments, civil society, and communities. 38...
ReadAustralian Government (2019) · AU AI Ethics
Australia's eight-principle AI Ethics Framework — human, social and environmental wellbeing; human-centred values; fairness; privacy protection and security; reliability and...
ReadAustralian Government et al. (2024) · National Assurance Framework
The federal-and-aligned-states AU framework for AI assurance in government. A joint authoring achievement of the Commonwealth and every state and territory government, signed at...
ReadDISR / NAIC (2025-2026) · NAIC Guidance
The current AU national-level voluntary AI governance framework. 6 essential practices — (1) Decide who is accountable, (2) Understand impacts and plan accordingly, (3) Measure...
ReadAPRA (2026) · APRA Letter (30 Apr 2026)
APRA's first AI-specific Letter to Industry. Reports findings from a late-2025 targeted supervisory review across all APRA-regulated industries — that AI adoption is accelerating...
ReadNSW Government (2025) · NSW AI Agents Guide
The first AU public-sector framework specifically addressed to agentic AI deployment in government. Sets out a six-element framework (policy position, use case identification,...
ReadOWASP Gen AI Security Project (2025) · OWASP LLM Top 10
OWASP enumeration of the ten most critical security risks for LLM-integrated applications across the build, deploy and manage lifecycle. 2025 edition; LLM01 Prompt Injection...
ReadOWASP API Security Project (2023) · OWASP API Top 10
OWASP enumeration of the ten most critical API security risks, 2023 edition, weighted toward broken authorisation and authentication of API endpoints.
ReadOWASP Gen AI Security Project (2026) · OWASP Agentic Top 10
OWASP enumeration of the ten most critical security risks for autonomous and agentic AI systems that plan, act and make decisions across workflows. ASI01 Agent Goal Hijack through...
ReadThe MITRE Corporation (2026) · MITRE ATLAS
MITRE knowledge base of real-world adversary tactics and techniques against AI-enabled systems, modelled on the ATT&CK structure. Current data: 1 matrix, 16 tactics, 84 techniques,...
ReadThe MITRE Corporation (2026) · MITRE CWE
Community-developed MITRE catalogue of common software and hardware weakness types, each with a stable CWE identifier.
ReadRicher, Imbault (2024) · RFC 9635
IETF protocol defining a mechanism for delegating authorisation to a piece of software and conveying the resulting grant artifacts, covering API access and subject information....
ReadSharif (2026) · draft-sharif-agent-audit-trail-00
JSON-based, tamper-evident audit log format for autonomous AI agents, with SHA-256 hash chaining per RFC 8785 and optional ECDSA signatures for non-repudiation.
ReadKasselman et al. (2026) · draft-klrc-aiagent-auth-01
IETF draft setting out authentication and authorisation considerations for AI agents acting on behalf of users, building on OAuth 2.0 and related token mechanisms.
ReadMCP (LF Projects) (2025) · MCP spec
Open protocol standardising how LLM applications connect to external tools, data sources and context through a client-server interface.
ReadCNCF / OPA community (2026) · OPA v1.17.0
General-purpose policy engine that decouples policy decision-making from application logic, using the Rego declarative language for policy-as-code across the stack.
ReadOso Security, Inc. (2026) · Oso Cloud + Polar
Authorisation platform built on the Polar declarative policy language, delivered as the hosted Oso Cloud service with open-source Polar client libraries.
ReadFilho (2026) · arXiv 2602.23193
Event-sourcing architecture that separates an agent's cognitive intention from project state mutation: agents emit validated JSON intentions, a deterministic orchestrator persists...
ReadFilho (2026) · arXiv 2603.06365
Domain-specific specialisation of the ESAA event-sourcing architecture (§51) for agent-assisted security auditing of AI-generated code: a governed pipeline of reconnaissance,...
ReadNo resources match the current filters.