Skip to main content
🇦🇺 Australia · jurisdiction-aware

Sovereign AI ready for Australia.

ReguNav supports AI vendors operating under Australian Privacy Act 1988 + APPs, TGA SaMD pre-market for medical-device AI, APRA CPS 230 operational risk + CPS 234 information security, ASIC AI guidance, and ACSC Essential 8. NDB scheme notification routed automatically to OAIC.

Australia regulator landscape

Every Australia control on the platform is anchored to a named regulator artefact. When the regulator updates their guidance, the framework registry takes the bump and every dependent control inherits it.

Office of the Australian Information Commissioner

Privacy Act 1988 · APPs · NDB schemeofficial ↗

Therapeutic Goods Administration

Medical devices · SaMD pre-marketofficial ↗

Australian Prudential Regulation Authority

CPS 230 operational risk · CPS 234 information securityofficial ↗

Australian Securities and Investments Commission

Financial-services AI guidanceofficial ↗

Australian Cyber Security Centre

Essential 8 · ISM controlsofficial ↗

Frameworks anchored in Australia

Australia Privacy Act

1988 (Cth); amended 2022 (Enforcement & Other Measures)16 clauses · 12 controls

Australia's federal privacy statute. Applies to APP-entities — Commonwealth agencies and private-sector organisations with annual turnover above AUD 3 million plus the prescribed lower-threshold categories (health-service providers, traders in personal information, related-body-corporates, credit-reporting bodies, contractors to a Commonwealth contract). Establishes the thirteen Australian Privacy Principles (APPs) in Schedule 1 covering open + transparent management of personal information; anonymity and pseudonymity; collection of solicited / unsolicited / sensitive information; notification of collection; use or disclosure; direct marketing; cross-border disclosure; identifiers; quality + security; access + correction. Part IIIC contains the Notifiable Data Breaches scheme. The 2022 amendments substantially increased civil-penalty exposure for serious or repeated interference with privacy.

Australia SaaS, fintech, healthcare-AI, or essential-service?

We work with organisations supervised by every regulator listed above. The jurisdiction-aware engine routes incident reports, DSARs, and FRIA submissions to the correct authority + timeline automatically.

Talk to Australia team →

Jurisdiction codes + regulator data are sourced from @regunav/jurisdictions (Apache-2.0, open-source). Adding a new market is a single registry entry — no copy-paste regulator content. See /uk for the bespoke deep-dive template.