APP 1.7 commences — 10 December 2026 Your firm's privacy policy is public — no AI disclosures AI-adjacent tools identified in your public digital footprint Compliance and infringement notices under s.13G — up to $66,000 per breach Member compliance + PI renewal — one document covers both APP 1.7 commences — 10 December 2026 Your firm's privacy policy is public — no AI disclosures AI-adjacent tools identified in your public digital footprint Compliance and infringement notices under s.13G — up to $66,000 per breach Member compliance + PI renewal — one document covers both
Your Firm · CPA Australia / CA ANZ members

AUSTRAC was hard.
The OAIC will be harder.

Your privacy policy has been reviewed by practitioners. It meets many existing compliance obligations — but it does not name the AI-assisted tools your team uses when making decisions about clients. APP 1.7 closes that gap on 10 December 2026.

APP 1.7 commences 10 December 2026. It requires disclosure of any computer program that contributes to decisions about clients. You're disclosing where your data goes. You're not disclosing the programs that make the decisions.

01
12 questions
~15 minutes
02
Practitioners review
Your policy, already read
03
Signed PDF · 48 hrs
Ready to file
See your firm's gap — $497 →
$497 fixed fee. 48-hour delivery. Signed by both practitioners.
No retainer No billable hours One document, one job Not legal advice

Built by AI governance practitioners. Sam Banerjee — PhD Researcher in Responsible AI (UTS), 25 years in regulated industries, MAICD. Rae Dev — 18 years inside Privacy Act entities, APRA-regulated institutions and AFSL-holder environments. Every assessment signed by both.

The finding

One obligation. Three pressures. One document closes all of them.

The Scorecard maps your specific gap, your specific exposure, and the documentation your professional body, your insurer, and your clients are starting to ask for.

The gap

A thorough privacy policy. The one new obligation is missing.

Your policy covers the existing APPs well. APP 1.7 — commencing 10 December 2026 — requires disclosure of computer programs that make or substantially contribute to decisions affecting your clients, using their personal information. Your policy doesn't contain those disclosures yet.

The exposure

Tools identified in your public digital footprint. None named in your policy.

Standard market intelligence on your firm identifies several AI-adjacent tools that are not named in your published policy. Under s.13G, failure to maintain a compliant privacy policy attracts compliance notices and infringement notices — up to $66,000 per breach for corporations. Civil penalty proceedings ($3.3M and above) are reserved for serious or repeated interference; the realistic exposure for an unupdated policy is the infringement notice tier. The Scorecard identifies which of those tools actually contribute to decisions about clients — that's where APP 1.7 applies.

The fix

A scorecard maps your firm's exact obligations

Your specific gap. Your partially-disclosed tools. Your penalty band under s.13G. A minimum-action roadmap — with the documentation your professional body and PI insurer will expect to see. $497. Delivered in 48 hours. Practitioners have already reviewed your published policy.

PI renewal
Brokers are asking about AI
Insurers are adding AI governance questions to renewal forms. You either have documentation that answers them, or you don't. The Scorecard is what you attach to settle the question in one move.
Practising certificate
CPA Australia & CA ANZ compliance
Member firms must comply with applicable laws. APP 1.7 is law. A Privacy Act breach is a member compliance matter. The Scorecard is the documentation your professional body expects to see.
Client trust
Clients are asking where their data goes
Sophisticated clients — family offices, HNW individuals, corporate clients — increasingly ask directly: "Do you use AI on my data? Where is it processed?" A firm whose policy is silent on this cannot answer coherently.
See your firm's gap — $497 →

Fixed fee · 48-hour delivery · signed by practitioners

The practitioners
SB
Sam Banerjee
Co-Founder, Attesta · PhD Researcher, Responsible AI (UTS) · MAICD

PhD Researcher in Responsible AI at the UTS Data Science Institute. 25 years building and exiting technology ventures across banking, finance and regulated industries. Advises Audit and Risk Committees on Shadow AI exposure and director liability under the 2026 Privacy Act reforms.

RD
Rae Dev
Co-Founder, Attesta · AI Governance · APP 1.7 Compliance

18 years inside regulated organisations evaluating AI and SaaS implementations and designing governance structures. Built AI governance registers for Privacy Act entities, APRA-regulated institutions and AFSL-holder environments. Every Attesta assessment is practitioner-prepared and personally delivered.

AI tool inventory

The tools in your firm's stack — mapped against your policy.

Every tool below is identified in your firm's public digital footprint via standard market intelligence, cross-referenced against your published privacy policy. Two categories: tools absent from your policy entirely, and tools your policy names but not as AI or automated systems. The Scorecard confirms which of these actually contribute to decisions about clients — that's where APP 1.7 applies.

Identified in your digital footprint · not in your policy
These tools were identified in your firm's public digital footprint. Your published privacy policy does not name them. APP 1.7 disclosure is required where they make or substantially contribute to decisions about clients.
tools
AI
Tools identified in your public digital footprint
Loaded from standard market intelligence
Not in policy
APP 1.7 gap
Named in policy · not framed as AI
Your policy names these tools — but doesn't disclose them as making or contributing to automated decisions. APP 1.7 requires the framing, not just the name.
tools

Public digital footprint identified via standard market intelligence. Cross-referenced against your firm's published privacy policy. The Scorecard confirms which tools actually contribute to decisions about clients.

See your firm's gap — $497 → 48-hour delivery · signed PDF
One product. One job.

Know exactly where you stand.
Know exactly what to do.

Delivered as a completed PDF — not a template, not a form for you to fill in.

AI Governance Advisory · attesta.com.au
Ref: ATT-2026-XX-0000
Private & Confidential
Prepared for
Your Firm
Australia
Re
AI Governance Assessment — APP 1.7 Compliance & PI Renewal Attestation
Assessment finding
Remediation required before 10 December 2026
Policy comprehensive across existing APPs. APP 1.7 AI disclosure not present. Remediation documents required before commencement.
Compliance checklist
RequirementStatus
APP 1.7 AI system disclosure✕ Not met
Assessed and signed by
Rae Dev and Sam Banerjee
AI Governance Practitioners
Delivered within 48 hours
Attesta · attesta.com.au
Confidential · Your Firm
Signed PDF within 48 hours
of completing your 15-minute assessment
Risk Exposure Scorecard
$497 Fixed fee · inc. GST

Less than one hour of PI exclusion-clause negotiation.

You answer 12 questions about your firm's tools and policies. Practitioners review and deliver a completed PDF within 48 hours.
Your PDF contains
APP 1.7 Risk Score
Your score out of 100 across the legal dimensions
Penalty Exposure Figure
Compliance and infringement notice exposure under s.13G — up to $66,000 per breach
Tool-by-tool gap mapping
Undisclosed and partially-disclosed tools, separated and explained
Prioritised Remediation Roadmap
Exactly what to fix, in what order, before 10 December
Signed PDF — practitioner-prepared
File it, send to your insurer, show your professional body
See the gap — $497 →

Ready immediately. Not legal advice — your existing solicitor reviews before action.

Common questions

Your questions answered

You answer 12 questions about your firm's tools, policies, and governance position. Practitioners cross-reference your answers against your published policy and the AI-adjacent tools identified in your firm's public digital footprint. The completed PDF contains your exposure score, penalty figure, PI gap flag, and prioritised action list. Delivered within 48 hours.

Yes. APP 1.7, 1.8 and 1.9 were introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth) and commence on 10 December 2026. They apply to any APP entity that arranges for a computer program to make, or do something substantially and directly related to making, a decision that could reasonably be expected to significantly affect an individual's rights or interests — using personal information about that individual. The OAIC's published guidance on Chapter 1 of the APP guidelines confirms this commencement date.

For failing to maintain a compliant privacy policy under APP 1.4, the OAIC can issue compliance notices and infringement notices of up to $66,000 per breach for corporations under s.13G. The larger civil penalties ($3.3M for moderate, up to $50M / 30% of turnover for serious or repeated interference) are reserved for civil penalty proceedings, which require demonstrating serious or repeated interference with privacy. The Scorecard gives you the realistic figure for your firm's profile, not the maximum statutory cap.

No. Attesta delivers practitioner-prepared compliance documents — not legal advice. The Scorecard maps your firm's obligations against APP 1.7. Your existing solicitor should review the output before you act on it.

Templates require you to inventory your own tools and judge your own obligations. The Scorecard is the reverse: practitioners have already reviewed your firm's published policy, identified the AI-adjacent tools in your firm's public digital footprint, and separated them into undisclosed (absent from policy) and partial (named, but not as AI). You confirm or correct. The final document is specific to your firm.

Ready to handle this before 10 December?

See your firm's gap — $497 →

Signed PDF · 48-hour delivery · practitioner-prepared