AI compliance for regulated Australian businesses
Your team is using AI.
Can you prove it's compliant?
40° South monitors every AI interaction your business makes, creates a tamper-evident audit trail, and keeps your data under Australian law. Compliance is automatic, not an afterthought.
Built for financial services, superannuation, and insurance. Covers APRA CPS 234, the Privacy Act, and the new ADM transparency requirements. Integrate in an afternoon.
10 December 2026
Automated decision-making transparency laws commence.
From this date, every Australian business using AI to make decisions that significantly affect someone's rights must disclose what data was used and how the decision was made. Civil penalties up to $50 million. This isn't optional.
Privacy and Other Legislation Amendment Act 2024 (Cth) — Schedule 1, Part 15
Is your business ready? See what Guard covers ↓THE PROBLEM
Your team adopted AI faster than your
compliance framework could keep up.
Across regulated Australian businesses, the same pattern is playing out. Teams are using AI to work faster. Compliance has no visibility into what's being sent, where it's going, or whether any of it creates a breach. And the regulatory bar just got higher.
No visibility
Your team is using ChatGPT, Copilot, and Claude right now. Some with approval, some without. You have no audit trail for any of it.
A hard deadline
The ADM transparency reforms commence 10 December 2026. Every AI decision affecting someone's rights must be documented. The clock is running.
Real penalties
Up to $50 million in civil penalties under the Privacy Act. APRA enforcement is hardening. One non-compliant AI interaction is a reportable breach.
40° South closes that gap.
40° SOUTH GUARD
Every prompt. Every response.
Compliant by default.
Guard is compliance middleware. It sits between your team and whatever AI model they're already using. Every interaction is monitored, checked against your regulatory obligations, and logged to a tamper-evident audit trail. Your team doesn't change how they work. You get proof they're compliant.
- Monitors all AI interactions in real time, inputs and outputs
- Scans for Australian PII: TFN, Medicare, ABN, account numbers, and more
- Detects prompt injection in prompts and inside uploaded documents
- Per-call cryptographic attestation, tamper-evident and audit-ready
- Works with any AI model: OpenAI, Anthropic, Azure AI, Bedrock, or your own
- ADM transparency reporting, built for the December 2026 deadline
- 7-year tamper-evident audit trail, exportable as JSON
- Jurisdiction enforcement: data stays under Australian law
- One API URL change. No infrastructure rebuild. Live in a day.
HOW IT WORKS
Integrate once. Stay compliant always.
Step 01
Point your AI calls through Guard
Swap one API URL. Guard works with any model: OpenAI, Anthropic, Azure AI, Bedrock, or your own. No infrastructure changes. No new tools for your team to learn. Takes less than a day.
Step 02
Every interaction is checked in real time
When your team sends a prompt, Guard intercepts it, scans for PII, checks for prompt injection, enforces jurisdiction policy, and lets it through or blocks it. Responses get the same treatment on the way back. Every call generates a cryptographically signed attestation.
Step 03
A 7-year audit trail your board and regulators can trust
Every interaction is logged with timestamp, model, user, PII findings, compliance outcome, and regulatory mapping. Your compliance team gets dashboards and exportable reports. Your auditors get tamper-evident evidence. Your ADM transparency obligations are covered.
Guard adds minimal latency per call. Your team won't notice it's there.
WHAT GUARD DETECTS
The threats your current tools don't see.
Guard scans every prompt and every response. Every AI interaction is checked for sensitive data and manipulation attempts before anything leaves your organisation.
Australian PII detection
Catches sensitive data before it leaves your organisation.
Guard scans for personally identifiable information specific to Australian regulations, not just generic patterns.
What happens when PII is found:
Configurable per policy: block the request, mask the sensitive data, or flag and log it. Every detection is recorded in the audit trail with the PII type, location, and action taken.
Guard scans prompts and the content of uploaded files (PDF, DOCX). A staff member uploading a customer document for AI summarisation is covered.
Prompt injection detection
Catches hidden instructions before the AI reads them.
Prompt injection is when someone hides instructions inside content that gets fed to an AI. The AI follows those hidden instructions, potentially leaking data or bypassing controls. Guard catches these before they reach the model.
What Guard detects:
Why this matters for compliance:
If an AI system can be tricked into bypassing controls, your information security controls are ineffective. Under CPS 234, that's a reportable control weakness. Under APP 8, it could result in an uncontrolled cross-border disclosure of personal information.
THE DIFFERENCE
Not all AI tools are compliance tools.
Developer tools like Cloudflare and Azure check whether AI outputs are harmful. Guard proves your AI controls are active, tested, and effective. That's what your auditor needs.
| Feature | Cloudflare AI Gateway | Azure AI Content Safety | AWS Bedrock Guardrails | 40° South Guard |
|---|---|---|---|---|
| Australian PII detection (TFN, Medicare, ABN) | ✗ | ~ | ~ | ✓ |
| Per-call cryptographically signed attestation | ✗ | ✗ | ✗ | ✓ |
| Australian data jurisdiction enforcement | ✗ | ~ | ~ | ✓ |
| CPS 234 Section 15 compliance evidence | ✗ | ✗ | ✗ | ✓ |
| ADM transparency logging and export | ✗ | ✗ | ✗ | ✓ |
| 7-year tamper-evident audit trail | ✗ | ✗ | ✗ | ✓ |
| Prompt injection detection in attachments | ✗ | ✗ | ✗ | ✓ |
| Regulatory mapping (CPS 234, APP 8, ADM) | ✗ | ✗ | ✗ | ✓ |
| Market | Global dev tools | Global dev tools | AWS ecosystem | Australian regulated industries |
✓ = supported · ✗ = not supported · ~ = partial capability only
Microsoft Copilot and Purview are not shown because they operate within the Microsoft ecosystem only. Guard covers every AI interaction across every provider. For organisations using Copilot alongside other AI tools, Guard provides the compliance layer Microsoft can't.
INDUSTRIES
Built for Australia's most regulated sectors.
Guard is configured per industry. The compliance rules your business is checked against are specific to your sector, not a generic one-size-fits-all ruleset.
Financial services
Banks, lenders, wealth managers, and AFSL holders face some of the highest AI compliance obligations in the country. Guard covers them.
Superannuation
Super funds face APRA scrutiny on technology risk. Guard provides the audit trail your next RSE review needs.
Insurance
Insurers handle sensitive personal and health data at scale. Guard monitors every AI interaction against your obligations.
COMPLIANCE COVERAGE
The Australian regulations your business is already obligated to meet.
Guard is built against Australian regulatory frameworks, not retrofitted from US compliance tools.
Regulation
ADM Transparency (Dec 2026)
Automated decision-making disclosure requirements
Regulation
Privacy Act 1988
Australian Privacy Principles (APPs), NDB scheme
Regulation
APRA CPS 234
Information security for APRA-regulated entities
Additional frameworks including AHPRA, ISM, and AFSL are in development. Talk to us about your requirements.
PRICING
Simple pricing. One product. Everything included.
No tiers. No per-seat charges. No add-ons. One price for every compliance capability Guard offers.
APRA COMPLIANCE PLATFORM
40° South Guard
$5,500
/month · $66,000 /yr
Unlimited API calls (fair use) · Onboarding support · Australian team · 99.9% uptime SLA · 7-year audit retention
WHAT YOU'RE REPLACING
$80–200k/yr
Big 4 CPS 234 engagement
$120–180k/yr
Compliance FTE (1 person)
up to $50M
APRA enforcement action
Guard costs less than half a compliance hire. And it never takes annual leave.
START SMALL
Start with a 60-day pilot.
Not sure yet? Start small. We'll deploy Guard on one team or use case for 60 days. If it works, convert to a monthly plan. If it doesn't, walk away with your data and full audit logs. No lock-in.
Full Guard for 60 days
Deployed on one team or use case. Full compliance monitoring, PII detection, prompt injection scanning, and audit trail from day one.
Compliance gap report included
At the end of 60 days, you get a compliance gap report showing your AI exposure and what you need before December 2026.
No lock-in
At day 60, convert to a monthly plan or walk away. We'll export your data and audit logs. No questions.
$4,500
Flat fee. 60 days. Includes integration support and policy setup.
Start your pilot →Priced so your compliance budget can approve it without a capital expenditure process.
GET STARTED
See Guard in action.
Book a 30-minute demo, or start your 60-day pilot. We'll show you exactly what Guard covers for your industry and what integration looks like.
We'll respond within one business day. No sales pressure.
Australian company · Your data stays under Australian law · No spam
WHAT EARLY CUSTOMERS SAY
— CTO, mid-market Australian wealth management firm
“The audit trail alone was worth it. Our APRA auditors asked for AI governance evidence and we had it in 10 minutes.”
Head of Compliance, Australian superannuation fund
“We needed AI compliance without adding headcount. Guard gave us a live compliance posture from day one.”
CRO, mid-tier Australian bank
“The December deadline forced our hand. Guard meant we didn't have to choose between using AI and staying compliant.”
General Counsel, Australian insurance company
Infrastructure and compliance