GOVERNANCE
Privacy Act 2026: What AI Firms Must Do
From 10 December 2026, entities that use personal information in automated decisions must disclose it in their privacy policy. Here is what the reforms require and a 90-day readiness plan for Australian mid-market firms.
If your firm uses personal information in a computer program to make decisions that significantly affect people, from 10 December 2026 you must say so in your privacy policy. That is the practical core of the automated decision-making (ADM) transparency reforms introduced by the Privacy and Other Legislation Amendment Act 2024, which received Royal Assent on 10 December 2024 and gave entities a 24-month runway to prepare. The reforms do not ban automated decisions and they do not require you to publish your models. They require disclosure, and they sit alongside a security obligation (APP 11) that already applies and penalties that were raised in 2022. This article sets out what the reforms actually demand and gives a 90-day plan to get an Australian mid-market firm ready.
What the automated-decision transparency requirement actually says
The reform inserts a new transparency obligation into Australian Privacy Principle 1 (open and transparent management of personal information). Where an entity has arranged for a computer program to make, or to do something substantially and directly related to making, a decision that could reasonably be expected to significantly affect an individual's rights or interests, the entity must include information about that in its privacy policy.
Two points matter for firms building or buying AI systems.
First, the trigger is not "artificial intelligence." It is a computer program using personal information to make a qualifying decision. The Office of the Australian Information Commissioner (OAIC) and legal commentators have been explicit that this captures rules-based systems with hard-coded logic, not only machine-learning models. A firm that has quietly automated eligibility, pricing, or ranking with a deterministic script is as much in scope as one running a large model. If your instinct is "we don't use AI, so this doesn't apply," check what your existing systems already decide without a human in the loop.
Second, the disclosure is about the kinds of personal information used and the kinds of decisions made — not a line-by-line explanation of every model. The obligation is a privacy-policy transparency duty, discharged through what you publish, not a requirement to open the black box on request. That is a meaningful distinction: the compliance artefact is a clear, accurate privacy policy, and the work is knowing your own systems well enough to describe them truthfully.
The threshold — a decision "that could reasonably be expected to significantly affect the rights or interests of an individual" — is where most of the judgement lives. Decisions about granting or refusing a benefit, decisions affecting rights under a contract, and decisions affecting access to a significant service or support are the kinds of things that fall in scope. A product recommendation carousel is unlikely to qualify. An automated credit, insurance, hiring, or service-eligibility decision very likely does. We treat borderline cases as in-scope until a documented assessment says otherwise, because the cost of over-disclosing is low and the cost of a silent qualifying decision is not.
For worked examples of which systems cross the line, see our note on automated decisions under the Privacy Act 2026.
Commencement: 10 December 2026
The ADM transparency provisions commence on 10 December 2026 — 24 months after Royal Assent. There is no phased grace period beyond that date for the transparency obligation itself: the privacy-policy requirement is expected to be enforceable from commencement. Firms that treat the date as a soft target risk being non-compliant on day one, because the fix — an accurate privacy policy backed by an inventory of automated decisions — takes longer to produce honestly than it looks.
Guidance from the OAIC on transparency in automated decision-making has been the subject of public consultation, which means the interpretive detail around the threshold and the expected content of disclosures is still settling. The practical implication is not to wait for perfect guidance. The statutory obligation has a fixed date; the guidance clarifies how to meet it. Build the inventory now, draft the disclosure against the words of the Act, and refine the language as OAIC guidance is finalised.
APP 11 has not gone away
Transparency about decisions is the new obligation. Security of the personal information behind those decisions is the standing one. APP 11 requires entities to take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure, and to destroy or de-identify it when no longer needed.
For AI systems this is where the real exposure sits, because these systems concentrate personal information in places that traditional security reviews often miss:
- Prompts and inputs sent to a model, which may contain personal information and are frequently logged.
- Retrieval stores and vector databases that hold embeddings derived from personal information.
- Fine-tuning and training datasets, which are difficult to purge once a model has learned from them.
- Third-party model providers, where "reasonable steps" extends to the contractual and technical controls you place on a processor.
An automated decision cannot be more secure than the pipeline that feeds it. A firm can have a flawless privacy-policy disclosure and still breach APP 11 if personal information is retained indefinitely in inference logs or sent to an offshore provider without adequate safeguards. The two obligations are assessed together in practice.
Penalties: the numbers that concentrate the mind
The penalty regime for serious or repeated interference with privacy was raised in 2022 and remains the backdrop to all of this. For a body corporate, the maximum civil penalty is the greatest of:
- A$50 million;
- three times the value of the benefit obtained from the contravention; or
- if the court cannot determine that benefit, 30% of the entity's adjusted turnover during the breach turnover period.
For a mid-market firm, the turnover-linked limb is the one that changes the risk calculus. A A$50 million ceiling reads as remote for a smaller entity, but "30% of adjusted turnover" scales the exposure to the business. The OAIC also holds infringement-notice and compliance-notice powers that commenced in December 2024, which apply to failures to maintain a compliant privacy policy — including, once the ADM provisions commence, the automated-decision disclosure. Enforcement is no longer theoretical: the regulator has already secured its first civil penalties under the Act.
A 90-day readiness plan for mid-market firms
The work divides cleanly into three phases. This assumes you are starting from a standing position with existing systems, not building from scratch.
Days 1–30 — Find your automated decisions. Inventory every place a computer program uses personal information to make, or materially contribute to, a decision. Include rules-based systems, not only models. For each, record: what personal information is used, what decision is produced, and whether it could reasonably significantly affect a person's rights or interests. Flag borderline cases as in-scope pending assessment. This inventory is the single artefact that everything else depends on; do not delegate it entirely to a vendor questionnaire, because vendors describe capabilities, not the decisions you have actually wired up.
Days 31–60 — Close the APP 11 gaps and draft the disclosure. For each in-scope system, map the data pipeline end to end: inputs, logs, retrieval stores, training data, and third-party providers. Set and enforce retention periods on prompt and inference logs. Confirm contractual and technical safeguards with model providers. In parallel, draft the privacy-policy language describing the kinds of personal information used and the kinds of automated decisions made, written against the words of the Act. Have legal review the threshold calls documented in phase one.
Days 61–90 — Publish, govern, and rehearse. Finalise and publish the updated privacy policy so it is live before 10 December 2026. Stand up a lightweight governance step so that any new automated decision is added to the inventory and the disclosure before it goes to production — a single owner and a checklist is enough for a mid-market firm; you do not need a committee. Finally, rehearse the response to a regulator query or a complaint about an automated decision, so the inventory and the disclosure can be produced quickly rather than reconstructed under pressure.
None of this requires halting your AI roadmap. It requires knowing what your systems decide and being able to say so accurately.
If the reforms are one part of a broader picture for your firm, the Voluntary AI Safety Standard covers the governance practices that sit above the Privacy Act obligations.
Where to start
The practice runs a structured readiness audit that produces the automated-decision inventory, the APP 11 pipeline map, and a draft privacy-policy disclosure in a form your legal team can sign off. If the 10 December 2026 date is closer than your preparation, get in touch and we will scope the work to your systems.