A Sydney fintech runs a $6 million ARR lending product. The underwriting decision is made in about 900 milliseconds by a gradient-boosted model that reads open banking data, a bureau file and a handful of behavioural signals. A human credit officer signs off on files the model routes to a “grey” queue — around 8% of applications — and rubber-stamps the rest. The privacy policy on the marketing site was written in 2022 by a growth marketer using an Airtable template and has three lines about “automated processes.” In December 2025 the founders read a Norton Rose alert on the Privacy and Other Legislation Amendment Act 2024 (Cth) and decide the privacy policy is a June 2026 problem. In April 2026 the OAIC publishes draft guidance saying that a human reviewer who cannot practically override the model does not turn “solely automated” into “human-made.” In September 2026 the final guidance lands. On 10 December 2026 the new APP 1.7 obligations commence. On 11 December 2026 the fintech’s privacy policy is unlawful.
That is the compressed timetable most Australian startups are quietly walking into. The reforms have been law since Royal Assent on 10 December 2024. The two-year commencement window closes at the end of this year. And the operative concepts — “substantially and directly related to making a decision,” “significantly affect the individual’s rights or interests,” “kinds of personal information” — do not map cleanly onto the way most product teams describe what their systems actually do.
What the New Obligation Is
The Privacy and Other Legislation Amendment Act 2024 (Cth) inserts new sub-clauses into Australian Privacy Principle 1. From 10 December 2026, an APP entity’s privacy policy must, in addition to everything it already contains, spell out:
- the kinds of personal information used in the operation of a computer program that makes, or does something substantially and directly related to making, a decision described below; and
- the kinds of decisions that are made solely by such a computer program; and
- the kinds of decisions for which such a computer program does a thing that is substantially and directly related to the making of the decision.
The trigger applies where the decision could reasonably be expected to significantly affect the rights or interests of an individual. There is no monetary threshold, no carve-out for SaaS-only businesses, and no small-business exception beyond the existing $3 million turnover test in s 6D of the Privacy Act 1988 (Cth) — a test that is itself narrower than founders assume and is being reviewed as part of the next tranche of reforms.
This is a transparency obligation, not a right of appeal and not a ban. Nothing in APP 1.7 stops a startup from running fully automated credit, hiring, pricing or moderation decisions. It requires the startup to tell people it does so, and to describe the input data and decision categories in enough specificity that a reader can understand what is happening to them.
The Two Concepts That Do the Real Work
Two definitional pieces carry almost all of the practical risk.
“Substantially and directly related to making a decision.” A rules engine that pre-scores applicants and drops the bottom 40% off the human queue is substantially and directly related to the reject decision even though a person clicks the final button. So is a model that shortlists candidates for interview, sets a dynamic price band, generates a fraud-risk score that triggers manual review, or ranks content for enforcement action. The OAIC’s April 2026 draft guidance takes an expansive view: where a human signs off in circumstances that make genuine reconsideration unlikely — time pressure, volume, absence of explanation from the model, absence of an override log — the decision is still caught, and it is caught under the “solely” branch, not just the “substantially and directly related” branch.
“Significantly affect the individual’s rights or interests.” Credit, insurance, employment, tenancy, welfare, education, healthcare, immigration and access to essential services are the paradigm cases. But the drafting is not limited to those. Access decisions on a platform — account suspension, content demotion, refund refusal — will often qualify where the platform is material to a person’s livelihood or public participation. Dynamic pricing that materially and repeatedly affects what a person is offered, or KYC/AML risk scoring that gates account opening, are inside the perimeter. The safer working assumption for founders is that any automated output which changes what a real human can get, do or be charged is in scope, and the burden of arguing otherwise sits with the entity.
Who Actually Is an APP Entity
Most startups think of themselves as too small to be caught by the Privacy Act. Three carve-outs to that intuition matter now.
- The $3 million turnover threshold is aggregated across related bodies corporate. A $500k ARR startup that is majority-owned by a $10 million ARR parent is an APP entity through the group rules in s 6D.
- Health service providers are APP entities regardless of turnover. Digital health, telehealth, femtech, mental-health and wellness startups are almost always caught, and their automated triage, escalation and clinician-matching workflows are exactly what APP 1.7 targets.
- Trading in personal information without consent, being a credit provider or credit reporting body, and being a contracted service provider to the Commonwealth each independently pull a business into the regime. Marketplaces and B2B SaaS that host or route personal data for government clients regularly find themselves inside.
The Documentation Problem Startups Underestimate
APP 1.7 is a privacy policy obligation, but the real work is upstream. You cannot describe the “kinds of personal information used” without a current, accurate data-flow map. You cannot describe the “kinds of decisions made solely by” the system without an ADM inventory that a general counsel can defend. Most seed-and-Series-A startups have neither.
Three artefacts are worth building now.
- An ADM register. One row per automated or partially automated decision the company makes about a person. Columns: what the decision is; what input data (with categories, not fields); model or ruleset; how a human is involved; whether the person is a customer, prospect, employee or someone else; the significance test analysis; retention.
- A data-flow map keyed to customer journeys. For each ADM row, a diagram or table showing where personal information enters, which systems it traverses, and where it lands. This is also the artefact that finally makes cross-border transfer disclosures under APP 8 accurate.
- A “kinds of decisions” taxonomy. Written at the level of outcomes for the individual — “eligibility for a loan,” “rate offered,” “account suspension,” “resume shortlisting” — rather than at the level of internal system names.
The privacy policy update is the last five days of that project, not the whole project.
Enforcement Teeth
The 2024 Act also delivers the OAIC an expanded enforcement toolkit that will be live when APP 1.7 commences: infringement notices for interference with privacy (including material breaches of the APPs), a new tier of civil penalties for lower-grade contraventions, and the existing Tier 1 civil penalty regime under s 13G — which was uplifted by the 2022 amendments to the greater of $50 million, three times the benefit obtained, or 30% of adjusted turnover in the relevant period — sitting behind serious or repeated contraventions. A privacy policy that misdescribes or omits automated decision-making from 11 December 2026 is squarely inside the infringement notice pathway, and materially misleading disclosure can escalate. The reputational tail — being the first mid-tier fintech or HR-tech named in a determination — is arguably larger than the penalty.
What to Do Between Now and 10 December 2026
- Run the ADM inventory this quarter. Include partially automated decisions and any rules-based or scoring engines, not just AI models.
- Apply the “significantly affects” test conservatively. Where the answer is not clearly no, treat the decision as in scope.
- Watch for the final OAIC guidance in September 2026. Do not lock the privacy policy in July 2026 and forget it. The taxonomy of “kinds of decisions” the OAIC endorses will shape the compliant form of words.
- Build the ADM disclosure as a distinct, well-signposted section of the privacy policy — not buried in the “how we use your information” paragraph. Regulators and journalists will read that section first from the day it commences.
- Refresh contractor and processor contracts. Vendors running scoring, matching or moderation models on your behalf need to feed you the information required to describe their processing accurately.
The Bottom Line
APP 1.7 is not primarily an AI-safety rule and not a rebadged GDPR Article 22. It is a plain transparency obligation that lands on every Australian APP entity that uses personal information to drive decisions materially affecting the people the decisions are about — which, in 2026, is a much larger share of the startup ecosystem than the language of “automated decision-making” suggests. The founders who get this right will have used the second half of 2026 to build an ADM register, sharpen the “kinds of decisions” taxonomy against OAIC guidance, and rewrite the privacy policy as a live compliance document rather than a template inherited from the marketing site. The ones who do not will spend early 2027 explaining to the OAIC why a nine-hundred-millisecond model wrapped around a human sign-off button was still, on any fair reading, a decision the policy should have disclosed.
Viridian Lawyers advises Australian startups, fintechs, healthtechs and AI companies on Privacy Act compliance, ADM disclosure obligations, privacy policy drafting and OAIC engagement. If you are scoping the impact of the 10 December 2026 changes on your product, building an ADM register from scratch, or refreshing your privacy policy ahead of commencement, get in touch.