Prosperity Path • Axiom
It arrived before you were ready. Here is what that means, and what you can do about it.
On 10 December 2026, Australian law changes. Every business with over $3M in turnover must document in its privacy policy the automated decisions it is making using AI: what personal data was used, what decisions were affected and how individuals can seek an explanation. The obligation extends well beyond generative AI to any computer-assisted decision that significantly affects someone's rights or interests. OAIC has signalled it will take a broad view of what qualifies, and penalties for serious non-compliance reach $50M.
APRA sharpened the pressure for regulated entities further. In April 2026, it wrote to every financial institution, insurer and super fund in Australia naming four specific AI governance failures it had observed. Most could not demonstrate they were addressing any of them.
These are not new risks. In 2022, Optus and Medibank exposed the cost of data governance failure at national scale. In 2023, Samsung lost semiconductor IP to an unapproved AI tool within three weeks. The regulators have simply caught up. That is where most Australian organisations are today: AI in use everywhere, governance nowhere.
Banning AI does not stop AI. It drives it to personal devices and personal accounts, where there is no visibility at all. The shadow grows. The risk grows with it. You have the paperwork of a policy and none of the protection.
Microsoft Copilot and Google Gemini are well-engineered. They are also context-blind. They do not know what your organisation believes, how it operates, what its policies say or what its clients expect. Employees use the platform for simple tasks and go back to unapproved tools for anything real. The problem changes shape.
Your staff are already using Microsoft Copilot, Teams, Salesforce and whatever else is in your stack. They will keep using them. Axiom is not a replacement for those tools. It is the governance layer that sits behind all of them and determines what AI is allowed to know about your organisation and how it is allowed to answer.
An Axiom brain holds everything you want AI to know: strategy, policies, client context, delivery standards, financial position, governance decisions. That knowledge is tiered by sensitivity so different people see different content. It is reviewed before it reaches any AI. It is owned by you, not by a vendor, and it runs on Australian infrastructure. Your data does not leave the country.
When a question comes in through Teams, a Salesforce workflow or a ServiceNow ticket, the answer comes from your brain. Not from the internet. Not from another organisation's documents. It is cited, traceable and accurate to your actual position. Every query is logged to a named individual. Every source is cited. Every decision is documented.
That documentation is not a byproduct. It is the compliance output. When OAIC asks how your automated decisions were made, the evidence already exists. Privacy Act ADM obligations are met by design, not by scrambling before the December deadline.
We did not give you a chatbot.
We gave you control.
Axiom is a Prosperity Path managed service. Every engagement is designed around your organisation's knowledge, your governance requirements and your team's existing tools.