Start a conversation
ACT Cyber Pty Ltd · Legal

AI Use Statement

ABN 86 688 456 957 · Last updated 26 May 2026

ACT Cyber uses AI-assisted tools as part of modern professional practice. This statement explains how, where, and with what safeguards — so prospective clients and procurement evaluators can assess our position and request adjustments where required.

1. Principles

ACT Cyber’s AI use practice is shaped by four principles:

  • Human accountability. AI assists; cleared humans decide. All AI-assisted output that forms part of a client deliverable is reviewed by the Principal Consultant or a cleared Associate Consultant before release.
  • Sovereignty. AI tool selection and data handling are matched to Australian jurisdictional and engagement-specific requirements.
  • Proportionality. The use of AI is scaled to the sensitivity of the information involved, and is never applied to material classified PROTECTED or higher.
  • Transparency. The use of AI in delivering an engagement is disclosed to clients and recorded for assessor review.

2. Position

ACT Cyber’s position is that AI-assisted tools, used carefully, materially improve the quality and timeliness of professional work. We also recognise that without explicit safeguards, AI tools can introduce risks to client confidentiality, sovereign data handling and accountability. This statement sets out the safeguards we apply.

3. Where AI is used

AI-assisted tools are used in our practice for the following categories of work:

  • research, synthesis and rapid information retrieval on public domain technical, regulatory and framework material;
  • drafting and editing of internal documents, marketing material, and initial drafts of non-classified client artefacts that are subsequently reviewed, edited and verified by cleared personnel;
  • code review, configuration analysis and pattern matching against public reference architectures; and
  • productivity tasks including summarisation, formatting, and structured output generation from non-sensitive inputs.

4. Where AI is not used

AI-assisted tools are not used for:

  • processing client information at OFFICIAL: Sensitive or above unless the client has explicitly authorised a specific tool and use case in writing;
  • processing any material classified PROTECTED or higher under any circumstances;
  • final decision-making on security controls, risk acceptance, or architectural choices in client deliverables — these are made by the Principal Consultant under their professional accountability; and
  • handling of personal information beyond what is necessary for the task, and never in a manner inconsistent with the Privacy Act 1988 (Cth).

5. Safeguards

  • Tool selection. AI tools are selected with consideration of vendor privacy posture, data handling commitments, and where applicable, IRAP assessment status. Tools that train on user input are not used for client work.
  • Data minimisation. Only the minimum necessary information is provided to any AI tool. Client identities, classified content, and sensitive personal information are excluded.
  • Sovereign considerations. Where engagement classification or client requirements call for it, AI use is restricted to tools with Australian data residency or is excluded entirely for that engagement.
  • Human accountability. All AI-assisted output that forms part of a client deliverable is reviewed, edited and verified by the Principal Consultant or a cleared Associate Consultant before release.
  • Disclosure. Where AI assistance materially shaped a deliverable, this is disclosed in engagement records and made available for client and assessor review.

6. Client controls

Clients may request stricter controls than the position above as part of engagement scoping, including:

  • prohibition of AI tool use for the engagement entirely;
  • restriction to specific AI tools approved by the client;
  • restriction to tools with documented Australian data residency; or
  • additional disclosure or logging requirements.

These controls are accommodated in the engagement agreement and reflected in the delivery method.

7. Alignment with Australian guidance

ACT Cyber’s AI use practices are aligned with the Australian Government’s Voluntary AI Safety Standard (Department of Industry, Science and Resources, 2024) — specifically the Standard’s 10 guardrails covering accountability, risk management, data governance, testing, human oversight, transparency, contestability, supply chain transparency, record-keeping, and stakeholder engagement — and the Policy for the Responsible Use of AI in Government (Digital Transformation Agency, 2024), as both apply to a private sector supplier. We review this statement and our supporting practices as the regulatory and guidance landscape evolves.

8. Sustainability

ACT Cyber acknowledges the energy and resource footprint of AI compute. AI tools, use patterns and providers are selected with reasonable consideration of efficiency and environmental impact, consistent with our broader operational practices.

9. Changes to this Statement

This statement may be updated as our practices, the available tools, or applicable guidance change. The current version is available on our website with the "last updated" date shown at the top of this document. Material changes will be communicated through reasonable means to clients with active engagements.

10. Contact

For questions about ACT Cyber’s AI use, or to discuss engagement-specific AI controls:

ACT Cyber Pty Ltd

Email: info@actcyber.com.au

Web: www.actcyber.com.au