SaaS and product AI governance under the Privacy Act, ACL, and the EU AI Act.
Australian tech is embedding AI into every layer of the product development lifecycle. Privacy Act 2024 amendments take effect 10 December 2026. VCs include governance in due diligence. Product liability reform is underway. Full EU AI Act enforcement lands August 2026 with penalties of up to 7% of global turnover.
Built for
What a tech engagement delivers.
Full engagement methodologyProduct AI inventory & risk classification
A documented register of every AI capability in your product, classified against EU AI Act risk tiers and Australian Consumer Law liability exposure.
ADM disclosure ready for Dec 2026
Privacy policy updates, customer-facing disclosure copy, and internal documentation for automated decisions that significantly affect individuals.
Internal AI usage policy
Acceptable use rules for AI coding assistants and generative AI tools, with data leakage prevention and IP protection guardrails.
Investor-ready governance pack
Risk register, model cards, and policy documentation a VC or enterprise procurement team can work through end to end.
Four pressures on Australian tech.
Australia does not have AI-specific legislation, but existing law already applies. Tech businesses face a double governance load: AI in the product customers buy, and AI in the engineering and operations stack.
- 01Dec 2026
Privacy Act 2024 ADM transparency lands.
Privacy Act 2024 amendments require disclosure of automated decision-making in privacy policies and product documentation by 10 December 2026. SaaS platforms training models on customer data, using AI in onboarding or pricing, or processing personal information through machine learning pipelines need to explain which decisions use AI and what personal data is processed. Enhanced data governance obligations apply to training data quality and provenance, and significant penalties apply for serious or repeated violations.
Prepare for the December 2026 deadline - 02In force
ACL strict product liability covers AI-powered products.
The Australian Consumer Law applies strict product liability to businesses manufacturing AI-powered products. The Government is consulting on reforms that could extend liability across the AI supply chain. When an AI system makes a decision that harms a user, accountability structures and risk management controls need to be in place before the harm. Liability questions become harder when multiple parties contribute to an AI solution.
Assess product liability exposure - 03Aug 2026
The EU AI Act reaches any SaaS with EU users.
Extraterritorial scope applies to Australian tech businesses whose AI outputs affect EU users. High-risk AI systems require full compliance by August 2026, with penalties up to 7% of global turnover. General-purpose AI model providers must meet transparency and documentation obligations. Risk classification and conformity assessment determine the compliance strategy for any organisation planning to scale in European markets.
Map EU AI Act obligations - 04Active
Investors now read governance like financials.
Due diligence now includes AI governance questions as standard. VCs review Corporations Act compliance, ACL adherence, privacy controls, and AI risk management. ISO/IEC 42001 is the de facto benchmark for AI management systems and is increasingly required by enterprise procurement. Governance maturity directly influences growth capital decisions and how quickly enterprise deals close.
Build investment-ready governance
AI as product, AI as tool.
Different use cases create different governance requirements. Tech businesses typically face both at once: AI in the product customers buy, and AI in the engineering and operations stack.
Governance that scales with the cap table.
A seed-stage startup and a publicly listed technology business need different governance footprints. Engagements are scoped against your stage, stack, and regulatory obligations.
Stage
Seed to Series B
Lightweight governance that satisfies investor due diligence, establishes responsible AI foundations, and positions the business for growth. Investment-ready documentation, responsible AI principles embedded into product development, Privacy Act compliance foundations before scale, and open source AI model governance with IP protection.
Stage
Scale-up & enterprise
Comprehensive governance across multiple AI products, teams, and jurisdictions. Operating models, committee structures, and compliance strategies that give the board visibility while engineering teams ship with confidence. Multi-jurisdiction compliance for Australia, EU, and global markets, platform AI governance across SaaS and API services, AI safety and testing integrated into DevOps and MLOps, and board-ready KPIs.
Tracks built for product and platform teams.
Three tracks designed to integrate with how engineering and product organisations actually operate. Engagements move at startup speed without sacrificing the artefacts a regulator or enterprise procurement team will read.
Track A
Product AI governance
Product liability risk assessment, bias testing and fairness validation, AI safety in the product development lifecycle, and model monitoring with incident response.
Track B
Privacy, data & internal AI
Privacy Act 2024 readiness, training data governance, cross-border data flows, acceptable use for AI coding assistants, and IP frameworks for generative AI.
Track C
Investor & EU readiness
VC due diligence documentation, ISO/IEC 42001 implementation, EU AI Act extraterritorial applicability assessment, and risk classification with conformity planning.
Governance that accelerates the next round and the next launch.
Get ahead of the Privacy Act 2026 reforms, prepare for investor due diligence, and map your obligations under the EU AI Act. The AI Risk Calculator gives a baseline view in under five minutes.