Australia's Privacy Act amendments take effect 10 December 2026. With 69% of organisations running agentic AI but only 22% holding advanced governance, the clock is ticking.
69% of Australian organisations are now running agentic AI, yet only 22% report a highly advanced governance model, according to Deloitte Australia's State of AI in the Enterprise 2026. That gap becomes a legal liability on 10 December 2026, when the Privacy and Other Legislation Amendment Act 2024 requires every APP-regulated entity to disclose the personal data used by automated decision systems and the types of decisions those systems make. Enterprises treating governance as an afterthought face penalties of up to $50 million or 30% of annual turnover — while those building controls into the architecture from day one gain a durable competitive advantage.
Australian enterprises have moved faster on agentic AI adoption than on the governance scaffolding required to run it safely. 69% are already deploying agents, but only 22% have advanced governance in place — leaving 78% operating production AI without the controls regulators will expect by December 2026.
The pressure is not theoretical: Dynamic Business reports 68% of Australian organisations say AI is advancing faster than their security measures can keep pace, with 19% describing security concerns as "extreme" yet proceeding regardless.
In Corporate Agents' experience deploying agents for mid-market operations teams, the governance gap rarely surfaces as one failure. It accumulates through shadow agents — marketing teams running Copilot workflows on customer data, finance teams piping ledgers into consumer-grade LLMs, support teams building autonomous ticket triage without audit logs. By the time compliance is raised, the organisation has lost visibility of what systems are making decisions about whom. The agentic AI for enterprise resource explains why agent inventory must precede governance policy.
From 10 December 2026, APP-regulated entities must update their privacy policies to disclose the personal information used in automated decisions and the types of decisions made — where those decisions are fully automated or substantially assisted and could significantly affect an individual's rights or interests. The obligation is framed as transparency, but it forces substantive data mapping and accountability work.
McCullough Robertson's analysis confirms the civil penalty regime carries real force. Serious or repeated breaches attract the greater of $50 million, three times the benefit obtained, or 30% of adjusted turnover during the contravention period, per the OAIC.
APP 1.7 requires the privacy policy to describe the personal information used in automated decisions. APP 1.8 requires disclosure of the kinds of decisions made by or with substantial assistance from those systems. APP 1.9 governs presentation — clearly and accessibly. Together, they form one coherent narrative connecting data inputs to decision outputs, which requires genuine traceability, not documentation drafted after the fact.
A decision significantly affects an individual when it determines access to finance, insurance, employment, housing, or government services. Agentic pricing engines, underwriting assistants, fraud flagging systems, and automated credit decisions all fall inside the boundary. Marketing personalisation generally does not — unless a pricing engine gates access based on inferred demographics. The test is impact on the individual, not the technical model type.
Agentic AI raises compliance difficulty because decisions emerge from dynamic tool use, retrieval, and multi-step reasoning — not a static rules table. Unlike a deterministic rules engine, an agent's behaviour depends on its prompt, retrieved context, and tool calls, which means audit trails must capture the entire execution path to satisfy APP 1.8.
CFOtech Australia reports 94% of organisations globally say AI sprawl is increasing complexity and security risk, while only 12% have a centralised platform to manage it. When each business unit runs its own agents on different infrastructure, producing consolidated disclosures for a privacy policy becomes a forensic audit, not a database query.
Many agentic systems use retrieval-augmented generation, tool calling, or fine-tuned adapters that shift behaviour over time. A pattern Corporate Agents observes across engagements: the agent described in the initial privacy policy disclosure no longer matches the one running in production six months later. Governance must treat agent behaviour as a versioned artefact — every material change to tools, prompts, or retrieval sources requires a recorded review. Workflow automation built on an agentic AI architecture demands release discipline closer to regulated software than to internal tooling.
When Agent A triages a ticket, Agent B recommends a refund, and Agent C executes the payment, every step is in scope under APP 1.8 — not just the final action. Accountability cannot live in a prose description. It must live in structured logs showing inputs, tool calls, intermediate outputs, and human approvals at every boundary.
Commonwealth Bank offers the clearest Australian blueprint for governed agentic AI at scale. CBA's newsroom confirms the bank makes over 55 million AI-powered decisions daily across more than 2,000 models, governed through a unified observability and risk plane. Project Coral, its multi-agent engineering framework, shows how that governance is operationalised at the infrastructure level.
Three architectural elements carry over cleanly to mid-market deployments:
For enterprises deploying agents across document processing, reporting, and workflow automation, the same three elements apply. Retrofitting observability to an unlogged agent costs more than building the observable agent from day one.
A December 2026 readiness programme has four tracks: agent inventory, data mapping, observability, and vendor contracts. Each produces an auditable artefact that maps to APP 1.7, 1.8, and 1.9 obligations. The work is tractable — but legal review, policy publication, and training each consume weeks, making this-quarter action the minimum viable timeline.
Catalogue every system that uses AI to make or substantially assist decisions affecting individuals. For each, record the owner, decision type, data inputs, degree of human oversight, and the business process it supports. Classify by impact and document hosting location — 72% of Australian companies factor country of origin into vendor selection, which affects the disclosure risk profile of each agent.
For each in-scope agent, map the personal information types, source systems, retention periods, and decision categories produced. This feeds directly into APP 1.7 and 1.8 disclosures. Draft privacy policy updates in parallel with the technical inventory — legal review is the usual bottleneck.
Every agent execution path requires structured logs covering inputs, retrieved context, tool calls, final outputs, and human approvals. Retain logs for the longer of your sector's audit period or the complaints limitation period. APRA-regulated entities can use the same log structure to satisfy both CPS 234 and the Privacy Act.
Flow APP obligations down to every AI vendor and sub-processor. Require data residency commitments, training opt-outs, model change notification, audit log access, breach notification timelines, and cooperation with OAIC investigations. Where a vendor cannot commit, the question is whether the risk is proportionate to the decision impact class.
The organisations treating December 2026 as an engineering deadline rather than a legal one are building a structural advantage. Google Cloud's 2025 ROI of AI study finds 74% of executives with production AI agents achieved ROI within the first year, with separate research reporting average returns of 171%. That upper end belongs to organisations able to deploy agents quickly into new domains because governance is already in place.
Australia's AI market is projected to reach US$16.15 billion by 2031 at a 26.25% CAGR. Organisations that solve governance once scale across functions without re-litigating controls — and the 22% with advanced governance today are positioned to deploy new agents in days rather than months.
For CTOs: treat the Privacy Act amendments as the forcing function that justifies the governance investment already needed. Build the agent registry, observability plane, and vendor framework once — every subsequent deployment across document processing, analytics, conversational agents, and workflow automation inherits those controls. December 2026 is not the end of a compliance sprint. It is the foundation the next decade of governed AI runs on.
Yes. If your organisation is APP-regulated and uses third-party AI to make or substantially assist decisions affecting individuals, you are the accountable entity under APP 1.7. The vendor hosting the model does not absorb your disclosure and transparency obligations — contractual flow-down is required.
A fully automated decision is made by a system with no meaningful human review. A substantially assisted decision involves AI output that materially influences the outcome, even with a human in the loop. Both categories trigger transparency obligations where the decision significantly affects an individual's rights or interests.
Capture inputs, tool calls, retrieved data, intermediate agent steps, and final outputs in structured traces. You are not required to explain model weights — you must demonstrate the decision logic, data lineage, and human oversight points. OpenTelemetry-based agent tracing has become the practical standard.
Serious or repeated interferences with privacy can attract penalties up to the greater of $50 million, three times the benefit obtained, or 30% of the entity's adjusted turnover during the breach period. The OAIC also holds new infringement notice powers for lower-tier breaches.
CPS 234 covers information security for APRA-regulated entities, while the Privacy Act amendments cover transparency and disclosure. Agentic AI deployments in banking, insurance, or superannuation must satisfy both: secure the system under CPS 234 and disclose its decision-making role under APP 1.7.
Require data residency commitments, sub-processor disclosure, model training opt-outs, audit log access, breach notification timelines, and explicit flow-down of APP obligations. Contracts should also mandate vendor cooperation with OAIC investigations and define liability allocation for automated decision errors.
CBA runs over 55 million AI-powered decisions daily across 2,000+ models within a centralised orchestration and observability platform. Project Coral, its multi-agent engineering framework, shows how CBA operationalises that governance at the infrastructure level — registering every agent, prompt version, and tool binding against a clear owner and review cadence. The lesson for mid-market is architectural: unified governance infrastructure scales; ungoverned sprawl does not.