Know where your firm stands before ASIC and the OAIC ask you to prove it. This free checklist identifies your exposure across the four obligations that matter most before December 2026.
Enter your details below and we'll send it straight to your inbox.
🔒 Your details are kept strictly confidential. No spam — ever. You can unsubscribe at any time.
Privacy Act APP 1.7 mandatory ADM disclosure obligations apply from 1 December 2026. Civil penalty exposure applies after this date — this checklist helps you understand your firm's position right now.
The checklist evaluates your firm across the same four pillars used in the full AI Readiness Scorecard — giving you an honest picture of where your compliance gaps are before you engage with regulators or PI insurers.
Do your AI systems "substantially and directly" influence decisions about individuals? This is the trigger threshold for your Privacy Act APP 1.7 obligations.
Does your Privacy Policy explain your AI use in "Meaningful Terms"? OAIC expects plain-English disclosure of how decisions are made and what data is used.
Are your internal AI policies aligned with ASIC s912A? Efficient, honest and fair service delivery requires documented supervision of automated systems.
Do you have Human-in-the-Loop (HITL) controls and an explainability framework? Can your firm demonstrate how AI decisions can be reviewed and reversed?
The checklist uses a 10-point scoring system. Each range maps directly to a risk level — and a recommended next step.
Your firm has significant unaddressed exposure. Immediate action is required before your next client interaction involving AI-assisted advice or decisioning.
You have a foundation but material gaps remain. Your firm needs a structured remediation plan before the December 2026 deadline — not just intent to act.
Your posture is strong — but can you document it? ASIC and OAIC expect evidence, not assurances. Your focus is on attestation, not remediation.