The law was driven partly by a specific scandal: an audit published in 2024 found that the Ministry for Children's risk-scoring algorithm, used to identify families for early intervention, had systematically over-scored Māori families by a factor of 1.7 compared to demographically equivalent non-Māori families β€” a disparity that the ministry had not detected in four years of operation because the algorithm's logic was not publicly auditable.

The legislation requires publication not just of algorithm code but of training data documentation β€” a harder requirement, because training data often contains personal information that cannot be published directly. Agencies must instead publish data cards describing the composition, sources, and known biases of training datasets, along with the results of mandatory pre-deployment bias audits conducted by a new independent Algorithmic Accountability Office.

The private sector lobbied against provisions that would have extended the requirements to private companies providing services under government contract. Those provisions were removed in committee, producing a law that covers government-developed systems but not the contracted systems that increasingly perform the same functions. Critics have described this gap as the law's central weakness.

"You cannot have accountable government and unaccountable algorithms," said Privacy Commissioner Michael Webster. "If a human official made that decision, you could ask them to explain it. We should require no less from a machine."