Guvn.AI gives every Australian organisation complete visibility over every AI system in its environment, the controls to govern it, and the evidence to prove it — built natively for APRA, the Privacy Act and the boards who carry personal liability when AI goes wrong.
Shadow AI creates breach pathways IT cannot see — across browsers, endpoints, cloud services and autonomous agents operating inside your infrastructure.
Employees paste sensitive organisational data, customer records, source code and financial information into AI systems outside enterprise visibility. 46% of sensitive AI inputs are sent to personal accounts rather than sanctioned corporate tools.
Boards cannot produce audit evidence for frameworks now arriving: APRA CPS 234, NAIC AI6, Privacy Act 1988. Manual processes cannot keep pace with the regulatory timeline.
Duplicate AI subscriptions, uncontrolled API spend and ungoverned SaaS AI tools are invisible to the CFO. No organisation can optimise what it cannot see.
Under Corporations Act s.180, directors face personal exposure for AI risks they cannot demonstrate were identified, assessed and managed. Ignorance is not a defence.
Australian regulatory instruments arriving in 2026–27 — DISR mandatory AI register, APRA CPS 234 extended to AI assets, Privacy Act amendments, NAIC AI6, Corporations Act s.180, Australian AI Safety Institute (launched 2026).
Australian organisations with a material AI governance obligation — including 1,300+ APRA-regulated entities, 2,370 ASX-listed companies, 537 local governments and 6,500+ large NFPs.
of Australian directors say they do not feel adequately equipped to govern AI risks at board level — yet AI has crossed the threshold of materiality for personal liability under Corporations Act s.180.
Operational in hours, not months. No data science team required. Built natively for Australian law.
Discover every AI system operating in your organisation — across all five detection domains simultaneously.
Know the risk every AI system carries. Enforce policy. Manage vendor exposure. Stay ahead of the next regulatory obligation.
Generate the evidence that boards, regulators, acquirers and insurers require — in one click, not one quarter.
Global platforms are designed for US SOC 2 and EU AI Act compliance — then translated for Australian requirements as an afterthought. Guvn.AI maps natively to every Australian regulatory obligation from day one. No translation layer. No gaps.
Requires APRA-regulated entities — banks, insurers and superannuation trustees — to maintain information security capabilities commensurate with AI-driven information assets. Enforcement guidance (2024) explicitly extends CPS 234 to AI systems.
Requires APRA-regulated entities to identify, assess and manage operational risks arising from third-party and technology dependencies — including AI services procured from external vendors and embedded in critical business processes.
The National AI Centre's AI6 framework covers accountability, transparency, safety, reliability, fairness, privacy, security and human oversight. Mandatory adoption is signalled for federal government suppliers and regulated industries. Guvn.AI maps every safeguard at the data layer.
Amendments create obligations when AI makes or significantly influences decisions affecting individuals — credit, employment, insurance, healthcare. Organisations must explain AI decisions, provide correction mechanisms and maintain records under the Australian Privacy Principles.
Directors must exercise reasonable care and diligence in managing material risks. AI has crossed the threshold of materiality for most Australian organisations. An AI-related incident creates a direct pathway to ASIC enforcement if a board cannot demonstrate governance processes were in place.
The Department of Industry, Science and Resources is consulting on a mandatory AI register for Australian organisations. The Guvn.AI AI Register is purpose-built to satisfy this obligation from day one — no retrofit required when the mandate arrives.
International AI management system standard. Full framework gap assessment and certification readiness tracker in the Compliance Hub. The only international AI standard currently certifiable in Australia.
US National Institute of Standards and Technology AI Risk Management Framework — Govern, Map, Measure and Manage functions. Cross-mapped to NAIC AI6 for Australian applicability.
European Union AI Act risk classification and obligations for high-risk AI systems. Cross-mapped for Australian organisations with EU operations or multinational AI procurement chains.
International information security management standard. AI system controls mapped within the ISMS framework. Relevant for organisations already certified or in audit preparation.
Every Australian organisation with more than 20 employees has at least three obligations from the list above. Most have five or more. We can map them in an hour.
Discover every AI tool across all five detection domains — including shadow AI invisible to network monitoring. Enforce policy at the browser level. Eliminate blind spots before they become incidents.
A Board AI Governance Report in your quarterly board papers — plain English, 15 minutes to review. Know your compliance posture at all times without relying on your CISO to translate it.
Directors face personal liability under s.180 of the Corporations Act for AI risks they cannot demonstrate were managed. Guvn.AI provides the governance trail that protects directors personally — before an incident, not after.
Guvn.AI removes the objection that stops integrators serving clients on AI governance. Deploy across your entire client base from a single multi-client dashboard. Co-branded reports under your own firm name.
Guvn.AI connects via SSO — no endpoint installation required for 80%+ of discovery coverage in a typical Australian mid-market environment. The AI Tool Registry begins populating immediately.
M365 Unified Audit Log via Microsoft Graph API provides 80%+ discovery coverage with zero endpoint installation. Cloud provider connectors and browser extension coverage extend discovery across your entire environment.
Every AI tool found is enriched from the Guvn.AI AI Tool Registry — 200+ tools with detection signatures, vendor jurisdiction, data residency classification, training data policy and Australian regulatory flags.
Proprietary five-factor risk model: Tool Inherent Risk, Data Sensitivity, Policy Alignment, Usage Pattern and Regulatory Context — scored 1–100 with CRITICAL / HIGH / MEDIUM / LOW banding aligned to NAIC AI6.
Apply pre-built policy templates aligned to APRA, NAIC AI6 and the Privacy Act. Approval workflows for new tools. Employee declarations. Real-time alerting on policy breaches.
One-click Board Report, Regulatory Examination Package or M&A Due Diligence output. Immutable audit trail. ISO 42001 certification readiness tracker. Evidence-grade documentation for every governance action.
Guvn.AI is the only AI governance and risk platform built natively for the Australian regulatory environment. Every compliance framework, every risk taxonomy and every report template is designed for Australian law, Australian boards and Australian regulators — not translated from a US or EU product.
Our team brings deep expertise across enterprise cybersecurity, AI governance, platform engineering and Australian regulatory frameworks. We have worked inside the organisations Guvn.AI serves — conducting technology due diligence, running cybersecurity assessments, and sitting on the boards that carry the governance obligations our platform addresses.
The AI Tool Registry — the core IP underpinning every discovery scan and risk score — contains 200+ AI tools with Australian-weighted risk scores, detection signatures, vendor jurisdiction flags and regulatory mapping. It compounds with every deployment: each customer scan improves detection accuracy for every subsequent customer.
All Guvn.AI customer data is stored and processed exclusively within Australian sovereign infrastructure. Your data never leaves Australian jurisdiction without your explicit consent. No foreign government access. No cross-border data transfers. Full compliance with the Privacy Act 1988 and Australian Government data sovereignty requirements.
Guvn.AI is an Australian company, governed by Queensland law. Our team operates from Brisbane — inside the same regulatory environment, time zone and business community as the organisations we serve.
All production infrastructure runs exclusively in Australian sovereign data centres. No customer data is processed, stored or transmitted outside Australian jurisdiction under any circumstances.
Guvn.AI's architecture is designed to prevent compelled disclosure to foreign governments — including under US CLOUD Act, UK Investigatory Powers Act or equivalent legislation. Your governance data stays yours.
Data handling is fully compliant with the Privacy Act 1988 Australian Privacy Principles, the Australian Government Information Security Manual (ISM), and Protective Security Policy Framework (PSPF) requirements for government deployments.
Row-level security enforced at the database layer. Schema isolation for enterprise and government customers. No cross-tenant data access is architecturally possible — your register is visible only to your organisation.
All data encrypted at rest using AES-256. All data in transit over TLS 1.3. Browser extension communicates via authenticated WebSocket — only classification signals transmitted, never prompt content or document data.
Every governance action — discovery scan, risk assessment, policy change, user access event — is written to an immutable audit log. Tamper-evident. Exportable for regulatory examination on demand.
Whether you're a board trying to understand your liability, a CISO dealing with shadow AI proliferation, or an AI integrator looking for a governance layer — we want to hear from you.