AI governance for Australian enterprise.
Sentinel for Australian-domiciled enterprise — anchored on the new Guidance for AI Adoption (GfAA, Oct 2025), the Privacy Act 1988 (Cth) reforms, OAIC AI guidance, and APRA / ASIC obligations for regulated industries.
Voluntary today. Mandatory legislation foreshadowed — not yet enacted.
DISR / the National AI Centre published Guidance for AI Adoption (GfAA) in Oct 2025, replacing the earlier Voluntary AI Safety Standard. The proposed Mandatory Guardrails for High-Risk AI was consulted on but not legislated. Combined with the Privacy Act 1988 reforms (ADM transparency obligations from 2026), OAIC AI guidance, and APRA / ASIC sector obligations, Australian enterprises are operating in a fast-evolving regime — voluntary in name, increasingly mandatory in effect.
Every framework AU Private cares about — encoded as data, cross-mapped on day one.
The Sentinel Framework Engine ships with these frameworks as machine-readable data, with explicit cross-maps. When you assess a use case, the workpaper, the review pack, and the auditor evidence trail are generated from this library — not authored from scratch.
Guidance for AI Adoption (GfAA)
GuidanceDISR / National AI Centre — supersedes the Voluntary AI Safety Standard. Voluntary best-practice guidance.
Proposed Mandatory Guardrails for High-Risk AI
Proposed10 guardrails consulted on by DISR; legislation foreshadowed but not enacted. Trigger event for many Australian buyers.
Privacy Act 1988 (Cth) + APPs — 2024 reform tranche
PhasedFirst reform tranche passed 2024. Automated-decision-making transparency obligations from 2026.
OAIC AI guidance on privacy obligations
GuidanceOAIC's published expectations for AI use under existing APPs.
APRA CPS 230 — Operational Risk Management
In forceOperational risk for APRA-regulated entities; covers AI as a service-provider and operational risk.
APRA CPS 234 — Information Security
In forceControls for information assets including AI systems.
ASIC INFO 225 — AI in financial services
GuidanceASIC's regulatory expectations for AI use by AFSL/credit licensees.
ASIC RG 271 / RG 274
In forceInternal dispute resolution + design and distribution obligations — relevant to consumer-facing AI.
ASD Essential Eight
GuidanceCyber maturity expectations baseline.
AS/NZS ISO 31000:2018
In forceRisk management standard.
Plus universal AI standards (every jurisdiction)
Built for australian private sector.
Chief Risk Officer, Chief Compliance Officer, CIO, or General Counsel at Australian enterprises — strongest fit in financial services, health, energy/utilities, and any APRA- or ASIC-regulated entity. Mandatory guardrails legislation, when it lands, will be the buying trigger for the rest of the market.
What ships, regardless of jurisdiction:
- ✓M1 · AI Use-Case Register
- ✓M2 · AIAF / equivalent Workpaper
- ✓M3 · AI Review Committee Workflow
- ✓M4 · Risk Register
- ✓M5 · Transparency Register
- ✓M6 · Regulatory Gap Tracker
- ✓M7 · Evidence Vault + Audit Log
- ✓M8 · Re-attestation Engine
What changes between jurisdictions is the Framework Library pack — the regulations, statutes, and guidance pre-loaded. The platform structure stays the same.
Help shape Sentinel for Australian Private Sector.
Tell us your jurisdiction-specific needs and we'll prioritise the framework pack accordingly. Registered organisations get founding-partner terms when their jurisdiction goes live.
Sentinel · Arrochar Consulting · sales@arrocharconsulting.com