Questions we hear
all the time.

The 8 AI Ethics Principles are voluntary right now — but Privacy Act ADM obligations are mandatory today. If your AI influences decisions about individuals (hiring, credit, insurance, customer service), you must be able to explain how and why. APRA CPS 230 and ASIC AI guidance are binding for regulated entities. From 10 December 2026, APP 1.3 ADM disclosure requirements become mandatory for all businesses subject to the Privacy Act.

ADM is any process where an AI system makes or materially influences a decision that affects an individual — without meaningful human review of that specific decision. This includes credit scoring, candidate shortlisting, insurance pricing, customer service AI that affects account access, and clinical triage tools. From 10 December 2026, APP 1.3 requires businesses to disclose ADM in their privacy policy.

The OAIC (Office of the Australian Information Commissioner) enforces the Privacy Act 1988. They can review your privacy policy without notice, issue infringement notices up to $330,000 without going to court, and refer serious matters for penalties up to $50 million. They commenced proactive compliance sweeps in 2026.

A structured 30-minute video call where we ask 12 questions across five governance domains. Within 24 hours you receive a 1-page written scorecard showing your traffic-light status across each domain, your top 3 compliance gaps, and specific next steps. There is no pitch on this call. The scorecard is yours regardless of what you decide next.

It means we agree the full scope and price in writing before any work starts. If the engagement takes us longer than expected, that is our problem — not yours. No change requests, no hourly billing, no invoice surprises. If we don't deliver the agreed scope, we fix it at no extra cost.

Yes — this is the recommended path for most clients. The health check gives you a clear picture of your exposure with no financial commitment. If you decide to proceed to an audit, you go in with the full picture already established.

Every tier includes: Monthly AI Governance Report, Regulatory Watch Briefing, Quarterly Compliance Calendar, AI Use Policy maintenance, and Incident Response Plan maintenance. Professional and Enterprise tiers add board briefings, Model Risk Register maintenance, and staff training. Enterprise adds a Quarterly Board AI Governance Pack, Executive AI Literacy Session, dedicated engagement lead, and fortnightly check-in call.

Unused hours roll forward to the immediately following month. They expire if not used in that month. Hours cannot be accumulated beyond two months or redeemed for cash.

Completely. We receive no commissions, fees, or incentives from any software vendor, platform provider, or technology company. Our only obligation is to give you advice that is right for your business — not advice that benefits a commercial relationship.

All client data is held in compliance with the Privacy Act 1988 and the Australian Privacy Principles. We do not use client data to train AI models. We do not share client data with third-party AI platforms without explicit written consent. All data is stored in Australia.