NZDF still drafting AI directive months after rolling out tech

by · RNZ
Copilot was rolled out across NZDF phones, tablets and laptops in September.Photo: AFP / Joe Raedle

The defence force is drafting a directive about acceptable use of generative AI - a year after it was told stronger strategies were needed and eight months after it rolled the tools out at "speed".

A risk assessment carried out 12 months ago looked at how New Zealand Defence Force (NZDF) staff and contractors could use the free version of Microsoft's Copilot AI, which predominantly uses publicly accessible internet content.

It concluded this presented "a low to moderate risk profile".

However, "more rigourous and clear governance, ownership, and mitigation strategies should be in place and validated as soon as possible to monitor and prevent the risk profile from escalating," said the six-page assessment released in an Official Information Act request.

RNZ asked if the NZDF had put each of these strategies in place and validated them, as recommended.

It said on Monday: "A Chief of Defence Force Directive is currently being drafted that sets out the acceptable use of AI.

"A date for when this will be promulgated has not been determined."

Copilot was rolled out across phones, tablets and laptops in September.

An FAQ in October in the OIA said: "The speed with which we were able to roll out Copilot Chat was ONLY possible because Copilot Chat inherited the controls from M365. We would not have been able to do this as fast with any other GenAI."

A full risk assessment process was carried out and controls were put in place, it said.

Unlike some other GenAI systems, "data and information stays within an organisation's boundaries and is not used to train public models".

The risk assessment in May 2025 had listed the vulnerabilities as "reliance on external, publicly accessible data, potential misuse by end users, and unclear boundaries for anonymisation".

"Continued monitoring required," it added.

The FAQ said the AI did not reach into official NZDF data or archives.

Users were allowed to upload documents or enter information marked IN-CONFIDENCE, SENSITIVE or RESTRICTED provided it fit within Defence's restricted-and-below info environment - but it could not be used in any secret-and-above environments.

No one, including contractors, was allowed to use other types of generative AI.

Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.

Related Stories

NZ doesn't join allies in call for responsible use of AI by the militaryAI has been used in unprecedented ways in the war in Iran, for instance in drawing up hit lists and targeting missiles, according to overseas media reports.Phil Pennington, 01 Apr 2026Military alliances: is NZ getting a tangled web or a ticket to get in?China is warning that alliances will likely escalate rather than de-escalate tensions and "spread rather than limit the conflicts".Phil Pennington, 19 Mar 2026Defence Force to test air, land, and sea drones from Mount Maunganui companyThe government said the trial of the combat-proven tech would strengthen capability while growing local industry.26 Feb 2026Where does NZ stand on killer drones?The Prime Minister is calling for new norms on how armies use artificial intelligence, but also says rules are "giving way to power".Phil Pennington, 19 Mar 2025