From 1 July 2026, cloud becomes the default consideration for new ICT investments across the Australian Government. Here’s what the policy means, who it applies to, and why organisations, including those supporting government, should be preparing now.
By NEXTDC
Last updated: 26 June 2026
The Australian Government’s Whole-of-Government Cloud Computing Policy, commonly referred to as the Cloud-First Policy, marks a significant milestone in Australia’s digital transformation journey.
Effective from 1 July 2026, the policy establishes cloud computing as the default consideration for new ICT investments across Australian Government agencies. More than a technology initiative, it provides a strategic framework for how agencies will plan, procure, secure and modernise digital infrastructure to deliver secure, trusted and resilient government services.
While the policy applies directly to Australian Government agencies, its influence extends well beyond government. Enterprise organisations, cloud providers, systems integrators, managed service providers, software vendors and infrastructure partners supporting government should understand how the policy may influence future procurement, infrastructure strategy and technology investment decisions.
For organisations that have already embedded sovereign, compliant and highly connected infrastructure into their operating model, or are advising agencies that must, the policy formalises a direction that forward-looking organisations have already been moving toward. NEXTDC’s facilities are purpose-built to support exactly this: IRAP-assessed environments, Hosting Certification Framework (HCF)-certified facilities, and a nationwide interconnection ecosystem connecting government agencies to the cloud providers, carriers and partners they need.
Table of Contents
| Executive Summary |
|
The Whole-of-Government Cloud Computing Policy:
|
Government agencies are under increasing pressure to deliver secure, reliable and digitally enabled public services, while responding to growing cyber security risks, evolving citizen expectations and rapid advances in technology.
The Whole-of-Government Cloud Computing Policy has been introduced to help agencies:
Ultimately, the policy aims to ensure government technology investments remain secure, scalable and capable of supporting Australia’s future digital economy.
Although the policy commences on 1 July 2026, infrastructure planning and government procurement often span several years. Technology decisions being made today, including infrastructure investments, cloud strategies and supplier selection, may continue supporting government services well beyond the policy’s commencement date.
Organisations that prepare early will be better positioned to:
| Infrastructure planning decisions made today will shape an organisation’s ability to support government programs for years to come. The organisations best placed to support agencies under the new policy are those building compliant, sovereign and highly connected infrastructure now. |
| Policy Overview | |
| Official Policy | Whole-of-Government Cloud Computing Policy |
| Common Name | Australian Government Cloud-First Policy |
| Effective Date | 1 July 2026 |
| Applies To | Non-Corporate Commonwealth Entities (NCCEs) |
| Primary Objective | Cloud becomes the default consideration for new ICT investments |
| Deployment Models | Public, Private, Hybrid and Multi-Cloud |
| Supports | Security, resilience, sovereignty, interoperability, AI readiness and cost optimisation |
| Official Guidance | digital.gov.au |
The policy establishes cloud computing as the preferred approach for new digital and ICT investments across Non-Corporate Commonwealth Entities. Importantly, it does not mandate a single cloud provider or deployment model.
Instead, it establishes principles that help agencies determine the most appropriate infrastructure based on:
Agencies may adopt public cloud, private cloud, hybrid cloud or multi-cloud depending on the needs of each workload. This principle-based approach provides flexibility while encouraging modern, secure and resilient infrastructure decisions.
Hybrid and multi-cloud environments, connecting on-premises and cloud workloads across multiple providers, will remain central to how agencies deliver digital services under the policy. Neutral colocation and interconnection infrastructure, such as that provided by NEXTDC, plays a critical role in enabling agencies to connect to multiple cloud platforms, carriers and partners without lock-in, while maintaining full sovereignty over where their data physically resides.
No. The policy does not require agencies to immediately migrate every existing workload to the cloud. Instead, cloud becomes the default consideration whenever agencies:
Existing environments can continue operating while agencies transition over time through planned investment cycles. This creates an opportunity for agencies to host legacy assets alongside cloud workloads in a colocation environment, reducing complexity, preserving existing value and enabling a self-paced transition to modern infrastructure.
The policy is mandatory for Non-Corporate Commonwealth Entities (NCCEs). These are Australian Government departments and agencies that legally form part of the Commonwealth of Australia.
Corporate Commonwealth Entities, including organisations such as Australia Post, CSIRO and Airservices Australia, are encouraged to adopt the policy where appropriate.
Although the policy applies directly to government agencies, its impact extends throughout Australia’s government technology ecosystem. Organisations supporting government, including systems integrators, cloud providers, managed service providers, software vendors, telecommunications providers and enterprise organisations, should expect agencies to increasingly assess suppliers against infrastructure capability.
Future procurement decisions are likely to place greater emphasis on:
As agencies modernise, infrastructure capability will become an increasingly important component of demonstrating readiness to support government programs. For organisations partnering with NEXTDC, this means access to HCF-certified, IRAP-assessed colocation infrastructure, the foundation for sovereign, compliant and cloud-ready environments.
Artificial Intelligence is becoming a strategic priority across government, from citizen services and automation to advanced analytics and decision support.
AI workloads require scalable, highly connected and resilient infrastructure. They also demand high-density power, low-latency connectivity and access to a broad ecosystem of AI platform providers.
NEXTDC’s AI Factory infrastructure is purpose-built for exactly this: high-density compute environments, advanced cooling architectures and direct access to Australia’s largest partner ecosystem, giving government agencies and their technology partners the infrastructure foundation to deploy AI securely, responsibly and at scale.
The Whole-of-Government Cloud Computing Policy helps establish the infrastructure conditions needed to support future AI adoption while enabling agencies to modernise ICT environments securely.
The policy establishes five strategic expectations for Commonwealth agencies.
Cloud should become the default consideration for new ICT investments. Agencies are also expected to incorporate cloud planning into future Digital Investment Plans, ensuring cloud adoption is considered as part of long-term investment and transformation strategies.
Agencies should adopt technologies that improve interoperability, portability and flexibility, while reducing unnecessary vendor lock-in. This reinforces the value of cloud-neutral interconnection infrastructure that enables agencies to connect to and move between cloud providers without dependency on a single platform.
Cloud environments should align with Australian Government frameworks including:
Security, governance and resilience should be embedded throughout the cloud lifecycle. Infrastructure sovereignty remains an important consideration when determining where critical workloads and sensitive government data should reside. NEXTDC’s facilities are certified under the Hosting Certification Framework and support IRAP-assessed environments, providing agencies with a direct pathway to sovereign, compliant hosting.
Agencies are encouraged to implement effective governance and FinOps practices to improve visibility, accountability and optimisation of cloud expenditure. A hybrid or multi-cloud strategy, anchored in a neutral colocation environment, provides the operational control and cost transparency needed to manage cloud investment effectively.
Successful cloud adoption requires more than technology. Agencies should continue developing the governance, operating models and workforce capability required to manage modern cloud environments securely and effectively.
| Now | Next | 1 July 2026+ |
| Review ICT roadmap and infrastructure strategy against the policy’s five requirements | Assess cloud, security, sovereignty and supplier readiness. Evaluate HCF certification and IRAP compliance gaps. Engage NEXTDC to explore compliant colocation, interconnection and AI-ready infrastructure options | Whole-of-Government Cloud Computing Policy takes effect. Procurement decisions increasingly weighted toward security, sovereignty, resilience and HCF alignment |
| Resource | Purpose | Official Website |
| Whole-of-Government Cloud Computing Policy | Official policy and implementation guidance | digital.gov.au/cloud-policy |
| Australian Government Architecture | Government cloud architecture principles | architecture.digital.gov.au |
| Hosting Certification Framework (HCF) | Government hosting certification requirements | hostingcertification.gov.au |
| Protective Security Policy Framework (PSPF) | Government protective security requirements | protectivesecurity.gov.au |
| ASD Information Security Manual (ISM) | Australian Government cyber security guidance | cyber.gov.au |
The Whole-of-Government Cloud Computing Policy is more than a cloud adoption initiative, it signals how Australian Government agencies will plan, procure and operate digital infrastructure for years to come.
Whether your organisation is reviewing its cloud strategy, ICT roadmap, procurement plans or AI initiatives, now is the time to ensure infrastructure decisions align with evolving government expectations.
NEXTDC partners with government agencies, enterprise organisations, cloud providers and technology partners to deliver secure, sovereign and highly connected digital infrastructure, supporting hybrid cloud, AI-ready workloads and mission-critical environments. Our HCF-certified, IRAP-assessed facilities, combined with Australia’s largest interconnection ecosystem, provide the infrastructure foundation agencies and their partners need to meet the policy’s requirements confidently.
| Speak to an infrastructure specialist about HCF-ready colocation and cloud-neutral connectivity, visit nextdc.com or contact your NEXTDC account manager. |