NZDF Deployed Copilot 8 Months Ago — Still Has No AI Rules

Eight months ago, the New Zealand Defence Force rolled Microsoft Copilot out across every phone, tablet, and laptop in the organisation. They did it at “speed” — their word. What they didn’t do, and still haven’t done, is write the rules for using it.

🔍 THE BOTTOM LINE

NZDF deployed AI first and figured they’d work out the governance later. They’re still figuring.

Deploy First, Govern Later

In September 2025, Copilot went live across NZDF devices. An internal FAQ from October celebrated the speed of the rollout:

“The speed with which we were able to roll out Copilot Chat was ONLY possible because Copilot Chat inherited the controls from M365. We would not have been able to do this as fast with any other GenAI.”

That’s not a safety feature. That’s a dependency. The only reason Copilot was fast to deploy is that Microsoft already had the keys to NZDF’s data — the same M365 environment that Copilot now sits inside.

A risk assessment from May 2025 — a full year ago — identified three core vulnerabilities:

Reliance on external, publicly accessible data — Copilot’s free version pulls from the open internet
Potential misuse by end users — no prizes for guessing what military staff might do with unrestricted AI access
Unclear boundaries for anonymisation — nobody defined where the line is between “fine to process” and “classified”

The assessment’s conclusion was unambiguous: “more rigourous and clear governance, ownership, and mitigation strategies should be in place and validated as soon as possible.”

When RNZ asked NZDF this week whether those strategies had been put in place and validated, the answer was: a directive is “currently being drafted” and “a date for when this will be promulgated has not been determined.”

Eight months after deployment. No date for the rules. The word you’re looking for is yikes.

IN-CONFIDENCE? RESTRICTED? Sure, Upload Away

Here’s where it gets properly uncomfortable. The NZDF FAQ states that users can upload documents or enter information classified as:

IN-CONFIDENCE
SENSITIVE
RESTRICTED

…provided it fits within Defence’s “restricted-and-below info environment.” Copilot cannot be used in any secret-and-above environments. Comforting.

The FAQ also notes that Copilot “does not reach into official NZDF data or archives” — it only processes what users explicitly feed it. Which is fine, unless you’ve just told 1,250+ staff they can upload RESTRICTED documents with no governance directive telling them what’s appropriate.

Remember: this is the same military organisation that declined to join its allies in calling for responsible AI use in the military domain. NZ didn’t sign the REAIM summit declaration in Seoul. So there’s no international commitment, and no domestic directive either.

The Pattern Is the Problem

NZDF isn’t an outlier. It’s a pattern. Across New Zealand’s public sector, AI tools are being deployed ahead of governance:

Health NZ deployed Heidi AI scribes across every emergency department — and it took a security firm three prompts to jailbreak it into giving meth recipes and bomb instructions
No national AI strategy has been finalised for the public sector
No standardised risk framework exists for government AI deployments

Each time the story is the same: the tool was already live before anyone worked out the rules. The governance comes after the fact, if it comes at all.

NZDF’s Copilot rollout is just the most stark example. A military organisation — where data classification literally determines national security outcomes — deployed an AI tool at speed, with staff able to feed it RESTRICTED documents, and is still “drafting” the directive eight months later. The risk assessment told them to hurry up. They haven’t.

What Should Happen

Three things, in this order:

Freeze RESTRICTED document uploads immediately — until the directive is in place, there’s no framework governing what goes into Copilot
Publish the directive by end of Q2 2026 — eight months is long enough to write rules. If it takes longer, the delay is the story
Audit what’s already been processed — NZDF should know exactly what data has been fed through Copilot since September

None of this is radical. It’s what the risk assessment recommended a year ago. The fact that it hasn’t happened yet tells you everything about how seriously AI governance is taken in New Zealand’s public sector.

🔍 THE BOTTOM LINE

NZDF deployed Copilot at speed, allowed RESTRICTED document uploads, and is still drafting the rules eight months later. The risk assessment warned them. Nobody listened. This is the deploy-first-govern-later playbook, and it’s running across New Zealand’s public sector like it’s a feature, not a bug.

❓ Frequently Asked Questions

Q: What data does Copilot have access to in NZDF? Copilot sits within NZDF’s existing M365 environment. It doesn’t access official archives, but staff can upload IN-CONFIDENCE, SENSITIVE, and RESTRICTED documents manually. No secret-and-above classification is permitted.

Q: Why is this a problem? Without a governance directive, there’s no framework defining what’s appropriate to feed into Copilot, how long data is retained, or what safeguards prevent misuse. RESTRICTED military data in an AI tool with no rules is a governance gap, not a technical one.

Q: Has any NZDF data been compromised? NZDF says no official data or archives are accessible by Copilot, and no patient data (this is military, not health) has been exposed. But without an audit of what users have manually uploaded, that assurance is incomplete.