‘Department of Governance Efficiency’: The Evolution of Records Management in 2025

By Rachael Greaves (pictured), Co-Founder & CEO, Castlepoint Systems

The way organisations manage records is changing. In a world with exponentially growing digital repositories, and increasingly dangerous risk, automation, AI-driven classification, and seamless integration into business processes are now essential to ensure compliance, security, and efficiency. Records management is not just about storing information sensibly. It’s about governing, securing, and leveraging data intelligently, as a vital foundation of enterprise-wide security and productivity. Does this mean that records managers are an endangered species?

This shift towards AI doesn’t diminish the role of human records managers – it amplifies it. With escalating threats, increasing regulatory scrutiny, and the new pressures of Ethical AI laws, organisations must rethink how they manage their records, and their AI records systems, to remain compliant and competitive. AI brings a level of oversight that was not available before, and that oversight needs (human) overseers.

Learning from Failure – The Cost of Poor Records Governance

Records management has traditionally been seen as a ‘preservation’ function, making sure important things aren’t deleted before they should. But in a highly interconnected world, the mission protocols of managing information have transformed to focus much more on security, adaptation, and organisational resilience – and that means making sure risky things are deleted, and quickly. There is much more importance placed on destroying sensitive information than on preserving it, while also making it more searchable and interoperable than ever before.

This has changed the value proposition of records management. Traditional ‘archivists’ are falling out of favour; lifecycle managers are the (AI-enabled) future.

This is because, as organisations create and capture vast amounts of digital data, over-retention and poor findability exposes them to significant legal, financial, and reputational risks. Outdated policies, fragmented systems, and manual processes have proven unsustainable, leading to some of the most damaging incidents in recent years.

• Equifax Data Breach (2017) – Failure to enforce proper data retention policies left 147 million people vulnerable to identity theft, demonstrating the risks of indefinitely storing sensitive personal data that you don’t need.
• Optus Data Breach (2022) – Over-retained records were exposed in multiple cyber incidents, increasing liability and eroding public trust.
• Medibank Cyberattack (2023) – Insecure data management left millions of health records of former customers vulnerable to exploitation, intensifying scrutiny on data protection policies in the wake of ‘Australa’s worst ever breach’.

Each of these failures highlights a growing challenge: modern records governance must be proactive, and focus as much on discoverability and compliant disposal as it does on cataloging and preservation, to help prevent costly incidents and harm to stakeholders.

The Shift to “Manage in Place” and AI-Driven Compliance

The traditional approach to records management – relying on standalone Electronic Document and Records Management Systems (EDRMS) – is no longer viable in terms of ensuring records are properly sentenced and disposed. These systems require too much manual input (either from users or from the governance team) to try to determine (and maintain) the correct classification, creating friction that leads to very low compliance rates and sentencing accuracy (especially as records are continually updated and changed).

To address these limitations, organisations are moving to AI models, where records are governed automatically, usually within their existing business systems, eliminating the need for manual intervention and reducing inefficiency and inaccuracy in compliance workflows.

This approach ensures record governance processes are:

• Automated – AI-driven systems classify, secure, and apply retention policies to records in real-time without user involvement.
• Integrated – Records governance is invisibly embedded within business platforms, ensuring compliance without disrupting operations, and records can be related across systems to show the whole story of an event, customer, or project.
• Risk-Aware – Compliance, security, and privacy controls are proactively applied, mitigating and managing risks before they escalate to be issues.

Key policy drivers shaping this shift include:

• Global Digital Records Strategies – Governments worldwide, including Australia, the UK, and the EU, are prioritising automation, AI-driven compliance, and secure data governance to enhance transparency, interoperability, and risk mitigation.
• International Organisation for Standardisation (ISO) – ISO has developed several standards addressing AI compliance and transparency, such as ISO/IEC 42001:2023, which provides guidelines for the governance and management of AI technologies.​
• Global Data Privacy Regulations – In most jurisdictions, these are consistently introducing stricter penalties for mismanaged data, reinforcing the need for robust, automated records governance.

AI and Automation: The New Standard for Records Management

Artificial Intelligence is no longer an emerging concept in records management – it is an operational necessity. However, not all AI implementations are equal, and the way organisations deploy automation determines their success.

High-Touch AI: Inefficient and Costly

Some organisations have implemented AI that still requires extensive human oversight, limiting its efficiency. This high-touch AI can be of two main types.

• ‘Auto-manual’ AI: These systems often rely on rules engines, file plans, metadata, and other manual intervention to implement, resulting in continued high operational costs, compliance risks, and inconsistent governance as classification still relies on general users understanding and applying policies properly.
• Machine learning AI: These systems need to be trained and supervised on source data for each ‘rule’, of which there can be hundreds across different retention policies. This creates a very high overhead to deploy and maintain, and the outputs are not explainable (meaning more effort to scrutinise and validate the matches).

Low-Touch AI: Transparent, Secure, and Efficient

A more effective and sustainable approach leverages Explainable AI (XAI), achieving 95%+ accuracy without input required by general users, and with no file plans, rules engines, or ML supervision for governance teams to maintain. This model ensures records lifecycle management, as well as autoclassification of data value, risk, and sensitivity, remains consistent, defensible, and efficient across an organisation.

Real-World Applications:

• Commonwealth Treasury – XAI-enhanced governance eliminated manual classification errors, increasing compliance accuracy and reducing records management overhead.
• Higher Education Provider Cybersecurity Response – XAI rapidly assessed compromised records during a data breach, enabling swift remediation and minimising risk exposure.
• Public Sector Misconduct Investigation – XAI uncovered 60,000+ previously hidden records on staff misconduct in health and youth services, exposing systemic reporting failures and enhancing accountability.

The Evolving Role of Records Managers

Rather than diminishing in importance with the advent of AI, the role of records managers is evolving into a strategic function that spans risk management, cybersecurity, and compliance. Records management professionals are at the helm as:

• Governance Leaders – Overseeing AI-driven compliance, ensuring that autoclassification and automated decision making aligns with regulatory and ethical standards for explainability, transparency, and contestability.
• Cybersecurity Partners – Working alongside security teams to reduce the likelihood and impact potential data breaches and spills by identifying high-risk records automatically, and tracking their usage.
• Strategic Advisors – Leveraging AI-driven insights to advise on regulatory matters, litigation risks, cyber risk exposure, business transformation such as Copilot rollout, and storage management and carbon reduction policies.

The Path Forward

AI isn’t replacing records managers – it’s redefining their impact. The organisations that thrive in 2025 will be those that embrace AI-driven governance, integrate automation seamlessly into business processes, and proactively mitigate risk using XAI.

The future of records management is no longer focused on just storing and organising information – it’s about securing, governing, and leveraging it intelligently, no matter what system or format it’s in, at a high velocity of change and growth. Automated, embedded, and risk-aware records management isn’t just a competitive advantage, it’s a necessity for resilience and compliance in the years ahead.