Insights
Practical AI governance guides, regulatory analysis, and research — for enterprise leaders, businesses, and individuals navigating the AI landscape.
AI Governance Maturity: The Five Levels and How to Progress
Not all AI governance is equal. Understanding where your organisation sits on the maturity spectrum, and what the next level requires, is the most practical starting point for a governance improvement program.
Read article
Australia's AI Safety Standard: What It Actually Requires and Who It Applies To
2026
The Australian Government's voluntary AI Safety Standard sets out ten core guardrails for safe and responsible AI. For enterprises, voluntary doesn't mean optional — procurement, liability, and reputation make compliance effectively mandatory.
The Privacy Act, AI, and What the OAIC Expects from Australian Organisations
2026
Australia's Privacy Act 1988 already regulates AI in ways many organisations don't realise. The OAIC has made clear that the APPs apply fully to AI systems that collect, use, and disclose personal information — and the reform agenda will tighten these obligations further.
APRA and ASIC: What Australian Financial Services Firms Need to Know About AI Regulation
2026
Australian banks, insurers, and superannuation funds face AI governance expectations from two powerful regulators simultaneously. APRA's operational risk prudential standards and ASIC's responsible lending and market conduct obligations apply to AI in ways that many compliance teams haven't fully mapped.
Australian Directors and AI: What Your Governance Obligations Actually Mean
2026
Australian directors have personal governance obligations that extend to material AI risks. ASIC's liability focus, the ASX Corporate Governance Principles, and the Robodebt Royal Commission findings have changed what 'appropriate oversight' of AI means at board level.
Robodebt's Lessons for Australian AI Governance: What Every Organisation Must Learn
2026
The Robodebt Royal Commission produced the most significant analysis of automated decision-making governance failure in Australian history. Its lessons extend well beyond government — they apply to every Australian organisation using AI in decisions that affect people.
AI Governance in Australian Financial Services: The Complete Regulatory Guide
2026
Australian banks, insurers, superannuation funds and credit providers face overlapping AI obligations from APRA, ASIC, the OAIC and the ACCC. This guide maps every obligation and tells you what to do first.
AI in Australian Healthcare: TGA, Privacy Act, and Clinical Governance
2026
Clinical AI in Australia sits at the intersection of TGA medical device regulation, Privacy Act health information obligations, state-based health records laws, and professional indemnity obligations. Here is what healthcare organisations need to know.
AI in Australian HR and Employment: What People Teams Must Get Right
2026
HR and people teams in Australia are using AI for recruitment, performance management, workforce planning, and employee monitoring. Each use case creates specific legal obligations under the Fair Work Act, Privacy Act, anti-discrimination law, and state workplace surveillance legislation.
ASX-Listed Companies and AI: Disclosure, Directors Duties, and Governance Obligations
2026
Listed companies face AI governance obligations beyond those applying to private entities — continuous disclosure, ASX Corporate Governance Principles, and heightened director liability exposure. What boards and company secretaries need to know.
AI in Australian Superannuation: Trustee Obligations, Member Communications, and Investment AI
2026
Superannuation funds are using AI in member communications, investment management, complaints handling, and fraud detection. The SIS Act trustee obligations, APRA prudential standards, and ASIC conduct requirements create a governance framework that most funds have not fully mapped.
AI Governance for Australian Law Firms: Professional Obligations, Privilege, and Practical Steps
2026
Australian law firms are adopting AI for research, document review, contract analysis, and drafting. The professional obligations of solicitors and barristers — confidentiality, competence, candour to tribunals — apply fully to AI-assisted legal work. Here is what Australian legal practitioners need to know.
Singapore PDPA and AI: What the Personal Data Protection Act Means for AI Systems
2026
Singapore's Personal Data Protection Act applies fully to AI systems that collect, use and disclose personal data. The PDPC has issued AI-specific advisory guidelines that organisations must understand alongside the Model AI Governance Framework.
MAS and AI in Singapore Financial Services: FEAT Principles, Veritas, and Regulatory Expectations
2026
The Monetary Authority of Singapore has the most developed AI governance framework for financial services in Asia. MAS's FEAT principles, the Veritas methodology, and evolving model risk expectations set the standard for banks, insurers, and asset managers across the region.
India's Digital Personal Data Protection Act 2023: What It Means for AI Systems
2026
India's DPDP Act came into force in 2023, establishing a comprehensive data protection framework that applies directly to AI systems processing personal data. With 1.4 billion people and a massive AI industry, understanding India's data protection framework is essential for any organisation operating in or building AI for the Indian market.
UK AI Governance: The Pro-Innovation Approach, ICO Guidance, FCA Expectations, and What It Means Post-Brexit
2026
The UK has chosen a principles-based, sector-led approach to AI regulation rather than a comprehensive AI law. But that doesn't mean AI governance in the UK is simple — ICO, FCA, CMA, Ofcom, and MHRA all have relevant powers, and UK companies with EU customers still face the EU AI Act.
US AI Governance for Enterprise: Navigating Federal Agencies, State Laws, and the Absence of Federal Legislation
2026
The United States has no comprehensive federal AI law — but that doesn't mean US enterprises are ungoverned. FTC, CFPB, EEOC, and sector regulators all have active AI enforcement programs. State laws are proliferating. And the EU AI Act applies to US companies with EU customers.
EU AI Act Omnibus 2026: The Complete Guide to What Changed on 7 May 2026
2026
The EU AI Act Omnibus reached provisional agreement on 7 May 2026, extending the high-risk AI deadline from August 2026 to December 2027. This is the definitive guide to what changed, what did not, and what organisations must do now.
Australia's Guidance for AI Adoption (AI6): The Six Essential Practices Replacing the 10 Guardrails
2026
On 21 October 2025, Australia's National AI Centre published new Guidance for AI Adoption, replacing the 2024 Voluntary AI Safety Standard with a streamlined framework of six essential practices. This is the authoritative guide to what changed and what it means for Australian organisations.
Brazil LGPD and AI Governance 2026: ANPD Priorities, Enforcement, and What Organisations Must Know
2026
Brazil's LGPD applies fully to AI systems processing personal data. In 2026, the ANPD became an independent regulatory agency with strengthened enforcement powers and made AI a top supervisory priority for 2026-2027. Here is what organisations operating in Brazil need to understand.
Canada AI Governance 2026: AIDA Is Dead, Quebec Law 25 Leads, and What Organisations Must Do
2026
Canada's federal AI legislation (AIDA) died in January 2025 when Parliament was prorogued and will not return in its original form. Canada has no federal AI law. Quebec's Law 25 is the strongest privacy legislation in the country. Here is what organisations in and doing business with Canada actually need to know.
Japan's AI Promotion Act 2025: The World's Most Innovation-Friendly AI Law
2026
Japan passed its first dedicated AI law in May 2025 — the AI Promotion Act. It has no penalties, no prohibitions, and no mandatory conformity assessments. But METI guidelines carry real weight, and the new AI Strategic Headquarters chaired by the Prime Minister signals Japan's serious approach to AI governance.
South Korea's AI Framework Act 2026: The First Comprehensive AI Law in Asia-Pacific
2026
South Korea's AI Framework Act took effect January 22, 2026 — making it the first country in APAC to have a comprehensive AI law with real obligations for high-impact AI systems. Unlike Japan's approach, South Korea's law requires transparency, risk assessments, human oversight, and carries financial penalties.
UAE AI Governance: DIFC Regulation 10, Federal PDPL, and the World's Most Ambitious AI Strategy
2026
The UAE has no single AI law but three concurrent binding frameworks: the Federal PDPL (effective January 2026), DIFC Regulation 10 on autonomous AI systems (full enforcement January 2026), and ADGM data protection rules. Plus the world's first national AI system as an advisory Cabinet member.