Questions we hear
all the time.

The 8 AI Ethics Principles are voluntary right now — but Privacy Act ADM obligations are mandatory today. If your AI influences decisions about individuals (hiring, credit, insurance, customer service), you must be able to explain how and why. APRA CPS 230 and ASIC AI guidance are binding for regulated entities. From December 2026, Privacy Act amendments require regulated businesses to disclose automated decision-making in their privacy policies, with penalties up to $50 million.

An ADM obligation means that if your AI system makes or substantially influences a decision that affects an individual's rights or interests — such as a hiring decision, a credit assessment, an insurance quote, or a content moderation outcome — you must be transparent about how that decision was made and give individuals the ability to seek review. The Privacy and Other Legislation Amendment Act 2024 strengthens these requirements significantly, with key provisions taking effect December 2026.

The Privacy Act applies to organisations with annual turnover above $3 million, as well as health service providers, credit reporting bodies, contractors to the Australian Government, and certain other entities regardless of size. However, the Privacy Act reforms may lower or remove the turnover threshold. Businesses that handle sensitive personal information or make automated decisions about individuals should treat Privacy Act compliance as relevant to them regardless of current size thresholds.

The AI Readiness Audit tells you where you stand. It assesses your current state across five domains, identifies gaps, maps your ADM obligations, and gives you a 90-day action plan. The AI Strategy Sprint takes those findings and builds on them — producing your full AI strategy, ethics and governance framework, use case business cases, proof of concept scope, and a 30-slide board presentation. The Audit is the foundation; the Sprint is what you build on top of it. The Audit fee is credited in full against the Sprint.

Two weeks from kick-off to final deliverables. The first week covers discovery and assessment (stakeholder interviews, document review, systems inventory). The second week covers analysis, synthesis, and production of the full deliverable pack. Total time commitment from your team is typically 4–6 hours across the two weeks — interviews and briefings, plus any document provision.

Every retainer tier includes a Monthly AI Governance Report, Regulatory Watch Briefing, Policy Maintenance, Advisory Hours (4–16 per month depending on tier), Board/Exec Briefings, and Incident Support. The Professional and Enterprise tiers add the AI Model Risk Register, staff training, and a dedicated engagement lead. Full details at retainer page.

Because hourly billing creates the wrong incentives and makes budgeting unpredictable. Fixed price means you know exactly what you're paying before we start. We define scope in writing before day one — there are no change requests, no scope creep, and no billing surprises. If our deliverables don't meet the agreed scope, we work until they do at no additional cost.

Yes — we specifically designed our pricing to be accessible for the mid-market. The Readiness Audit starts at $5,500 because we want governance to be within reach for businesses of any size. SMEs are often more exposed than large enterprises because they adopt AI tools quickly without the legal bandwidth to review them. The free health check is the right starting point for any business unsure whether they need a paid engagement.

If our deliverables don't meet the agreed scope as defined in the engagement agreement, we work until they do at no additional cost. The guarantee is backed by our written scope definition — there are no ambiguous boundaries. We have never had to invoke the guarantee, but the promise matters to us and to our clients.

We take data security seriously and handle all personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. Please see our Privacy Policy for full details on how your information is collected, used, and protected.

No. We never share client information with third parties except where required by law or with your explicit consent. We never use client data to train AI models. We never share client data with technology vendors. All engagements are covered by our standard confidentiality obligations.