Service 03 — The horizon
Your staff are already using AI.
Govern it before it governs you.
AI readiness for Australian businesses: know what's in use, control what it touches, and meet the disclosure obligations that are already on the books.
What's included
From shadow AI to sanctioned AI.
Shadow-AI discovery
We find what's actually in use across your business — the browser extensions, the free chatbots, the tools nobody approved — and what data is flowing into them.
Tenant-level controls
Governance enforced where it works: Microsoft 365 data-loss prevention, conditional access, and sanctioned tools like Copilot configured with guardrails — policy as configuration, not as a memo.
AI use policy
A practical policy aligned to the National AI Centre's current guidance — what staff can use, for what, with which data. Short enough to be read; specific enough to be followed.
Privacy disclosure obligations
From December 2026, privacy policies must disclose substantially automated decisions that significantly affect people. If software makes calls about your customers, we make sure you're disclosing it correctly.
AI claims review
Marketing something as “AI-powered”? Misleading-conduct penalties in Australia are severe. We review what you claim against what your systems actually do.
Tender-ready documentation
Enterprise and government buyers increasingly ask suppliers about AI governance. We prepare the documentation that answers the question before it's asked.
Before the rollout
AI can only be as safe as the data you point it at.
Here's the uncomfortable mechanic: assistants like Copilot can surface anything the person asking is technically allowed to see. In most businesses that's years of loosely-shared files nobody remembers — salary spreadsheets, board papers, client records sitting one careless link away. AI doesn't create that exposure. It industrialises it.
Know what's exposed first
Before any AI tool goes near your files, we map what's actually accessible to whom — the oversharing audit almost every business fails on the first pass.
Classify, then permit
Sensitive information gets labelled and locked to the people who should hold it, so an AI assistant answering “summarise our contracts” draws only on what that person is genuinely entitled to see.
Guardrails that follow the data
The same classification drives what can be pasted into chatbots, shared externally, or fed to third-party tools — one set of rules, enforced by the tenant, not by memos.
Then roll out with confidence
With the data governed, sanctioned AI stops being a risk decision and becomes a productivity one — and you can put the governance evidence in front of anyone who asks.
On the chart ahead
What's real, and what isn't.
There is no Australian “AI Act,” and anyone selling you readiness for one is selling fog. What exists is sharper: existing law applied to AI — privacy, consumer protection, sector rules — plus national guidance that tenders are starting to reference. We govern to what's real.
Automated-decision disclosure — Privacy Act
Privacy policies must disclose substantially automated decisions that significantly affect people's rights, including the kinds of decisions and personal information involved.
Existing law already applies
Privacy, consumer law, and sector regulation apply to AI use today. The regulator you'll hear from about AI is one you already know.
Buyers are asking
Enterprise and government procurement increasingly includes AI governance questions. Alignment to national guidance is becoming table stakes for suppliers.
Not sure what your staff are pasting into chatbots?
Neither are most businesses. The review will tell you.