About MSD’s Automated Decision-Making Standard

Our Automated Decision-Making Standard (ADM Standard) governs any process where we use automated decision-making (ADM). 

Read the standard in full below

What we use automated decision-making for

We use automated decision-making in some situations, such as:

  • re-granting Jobseeker Support, when all criteria are met and there are no issues
  • checking if Student Allowance and Loan applicants are getting a benefit or have debt with MSD
  • identifying eligible young people to invite them to join ‘not in education, employment or training’ (NEET) services.

Automated Decision-Making - Work and Income

How we safeguard our automated decision-making use

The ADM Standard puts sufficient safeguards in place when we implement an automated decision-making process. This includes:

  • making sure we protect people’s rights and interests
  • identifying, assessing and, where possible, mitigating risks (including around bias, discrimination and accuracy)
  • making sure there’s appropriate human oversight, transparency and ongoing assurance when using Automated Decision-Making.

We review the Automated Decision-Making Standard every three years, most recently in 2026. In this recent review, we have updated the Standard to make sure it remains an effective safeguard for any individual affected by an automated decision and for MSD's use of ADM.

Any automated decision-making process being considered must meet the requirements from the ADM Standard before being implemented.

Our processes must also meet the Privacy, Human Rights and Ethics (PHRaE) Framework – another safeguard. This framework works alongside the ADM Standard and identifies and addresses risks around using personal information.

Using personal information responsibly - Ministry of Social Development

Automated Decision-Making Standard

1. Definitions

1.1.  Automation is the use of systems or components of systems to replace repeatable processes in order to reduce dependency on manual actions or interventions.

1.2.  Processes, or parts of processes, are those that can be automated based on the application of:

  1. known business rules; and/or 
  2. data-based algorithms developed without involvement or review by a human, including statistically or analytically derived patterns in machine learning.

1.3.  A decision is the action of choosing between two or more possible actions and can be operational or derived from legislative, Cabinet, or other legal authority, and may be discretionary or non-discretionary.

1.4.  An automated decision is a decision within an automated process where there is no substantial human involvement in making the decision.

1.5.  Discretionary decisions require an exercise of judgment to choose between two or more possible actions.

1.6.  Non-discretionary decisions do not require any exercise of judgement to determine the appropriate action.

1.7.  A Business Owner is the person who is accountable for the automated process at any given time.

1.8.  Bias refers to the tendency of an automated decision-making process to create unfair and unjustified outcomes for a group, such as favouring or disfavouring that group over others. Automated decisions may be biased because, for instance, the datasets they rely on are biased, potentially as a result of how data was collected in the past, or because social conditions mean that some groups are overrepresented in some risk groups.

1.9.  Discrimination is unjustified, direct or indirect, discrimination on any of the grounds set out in the Human Rights Act 1993.

Top

2. Scope

2.1.  The requirements in the Standard must be met when:

  1. there is a proposal to automate a decision (as defined in sections 1.1, 1.3 and 1.4); and
  2. the automated decision has the potential to affect an individual’s entitlement or eligibility status for support delivered or funded by the Ministry of Social Development (the Ministry), or any obligations, other requirements, or sanctions related to that support.

2.2.  Any exception to this standard must be approved by the Chief Executive before automated decision-making can be implemented.

Top

3. Standard Requirements

3.1.  General

3.1.1.  Automated Decision-Making must:

  1. improve the efficiency and effectiveness of decision-making; and
  2. balance that efficiency and effectiveness gain against factors such as cost, operational changes required, and the impact of the decision on those affected.

3.1.2.  The implementation of automated decision-making must be conducted in a way that:

  1. adheres to all applicable Ministry safeguards for the wellbeing, rights, and interests of those impacted by decisions; and
  2. complies with all applicable Ministry policies and standards that relate to human rights and ethics, and to the privacy, security, and management of information.

3.1.3.  The automation of a decision-making process must not create any additional burden for those the decision directly affects, such as by reducing the accessibility of services.

3.1.4.  Where a complex algorithm is being proposed, the Model Development Lifecycle must be used.  

3.2.  Accuracy and reliability

3.2.1.  Both accuracy and reliability must be assessed before automated decision-making is implemented to ensure, insofar as possible, that automated decision-making will produce expected results, and that automated decision-making will not deny clients their correct entitlement.

3.2.2.  To support ongoing accuracy, there must be clear, relevant, and accessible guidance for people who are required to input or provide data to be used in automated decision-making, for example, a client entering their information into MyMSD.

3.3.  Bias and discrimination

3.3.1.  Both bias and discrimination must be assessed before automated decision-making is implemented to ensure, insofar as possible, that any potential bias and discrimination in the automated decision-making is well managed, that any resulting risks have been identified, and that steps have been taken to remove or mitigate those risks.

3.3.2.  Any residual risk from bias or discrimination must be accepted by the Business Owner.

3.3.3.  Where bias and discrimination cannot be removed or sufficiently mitigated, substantial human involvement must be included in the process. This would then mean that the decision is no longer an automated decision.

3.4.  Legal and policy considerations

3.4.1.  Automated decisions must be lawful and align with policy intent.

3.4.2.  Prior to automating discretionary decisions, any legal risk(s) must be identified and then mitigated, removed, or accepted by the Business Owner.

3.5.  Fraud considerations

3.5.1.  An assessment must be undertaken to determine whether any proposed automated decision-making has the potential to:

  1. increase (or decrease) the likelihood that people will commit internal or external fraud or client non-compliance; or
  2. increase (or decrease) the scale or size of potential internal or external fraud or client non-compliance.

3.5.2.  Any increased risk of fraud must be accepted by the Business Owner before automated decision-making can be implemented.

3.6.  Transparency

3.6.1.  A clearly communicated and accessible point of contact must be nominated for public inquiries or complaints about the use of automated decision-making.

3.6.2.  The Ministry must make information publicly available about:

  1. what decisions are made using automated decision-making as soon as reasonably practicable after they have been:
    1. identified;
    2. assessed against the Standard;
    3. approved by the Business Owner and the Standard Owner; and
    4. where required by legislation, published in the New Zealand Gazette.
  2. for each of those decisions, how that decision has been made through the use of automation, including the role of humans in automating the decision, and who is accountable for the process and the decision made; and
  3. what policies and processes are used to identify and mitigate risks associated with automated decision-making, in particular those that relate to human rights and ethics.

3.6.3.  The Ministry must clearly communicate to each individual affected by an automated decision information about:

  1. the outcome of the decision;
  2. who is accountable for the decision;
  3. the process for challenging or appealing the decision including any timeframes involved; and
  4. general information about the decision, including as specified under 3.6.2 (ii).

3.6.4.  If a lawful restriction or an operational obligation such as fraud prevention prevents full explanation to either the public or an affected individual, the Ministry must provide as much explanation as possible and clearly outline what details have been withheld and why. 

3.7.  Human oversight

3.7.1.  The Ministry must provide a channel for challenging or appealing decisions made using automation and this channel must:

  1. be clearly communicated to, and easily accessible by, the individual(s) affected by the decision; and
  2. not be the same as the point of contact described in 3.6.1.

3.7.2.  The process to review an automated decision that has been challenged or appealed must:

  1. involve human decision-makers (that is, not be an automated process);
  2. be empowered to correct a decision; and
  3. be empowered to look more broadly than the specifics of the decision made in the automated part of the process when determining correctness.

3.8.  Compliance and assurance

3.8.1.  Compliance with this standard must be verified for all new uses of automated decision-making through the existing Security, Privacy, Human Rights and Ethics Certification and Accreditation process.

3.8.2.  Regular monitoring proportionate to the risks involved must be carried out to ensure that the automated decision-making continues to produce expected results and to ensure bias and discrimination are well managed. How this monitoring will be resourced and carried out must be agreed prior to the implementation of the automated decision-making process.

3.8.3.  If this regular monitoring identifies issues, these issues must either:

  1. be corrected as soon as practicable, with the Business Owner accepting all risks involved until this occurs; or
  2. be addressed through incorporating substantial human involvement into the process (meaning it would no longer be an automated decision).

3.8.4.  A compliance review must be carried out at least once every three years or more frequently (based on the nature and level of risk connected to the process) to ensure that any automated decision-making that is approved under this standard continues to meet the requirements of the standard.

Top

4. References

4.1.  Tools that directly support the application of this Standard:

Operational Guidance

Model Development Lifecycle

PHRaE guidance: Operational analytics and automation    

Top