The 8 things any AI system in your NDIS service must have
A buyer's checklist. If an AI system touches participant data and can't do these eight things, it puts your registration at risk.
Most AI vendors selling to NDIS providers cannot answer the question “where does our data get processed?”
Ask it. Watch what happens.
If the answer is a pause, or “the cloud,” or “the US, but it's encrypted,” the system you're being sold can put you in breach of the Privacy Act — and you, not the vendor, are the one the NDIS Commission holds accountable.
So here is the checklist. Eight things. If an AI system touches participant data and it can't do all eight, it isn't ready for your service — no matter how good the demo looks.
It runs in Australia.
Inference and storage both. Participant data is sensitive information; sending it to an overseas AI endpoint is a cross-border disclosure under APP 8, and you stay liable if it's mishandled offshore. Ask which region the model runs in. "Sydney" is an answer. "AWS, generally" is not.
A human signs off every decision that affects a participant.
The AI can flag, draft, classify, and route. It cannot finalise. The 24-hour reportable-incident notification to the Commission, in particular, is a human act — it cannot be delegated to software. If a vendor's system "auto-submits," walk away.
It can't touch participant data until consent is recorded.
Not assumed from your existing intake. Recorded, in the system, as covering AI-assisted processing. The check should be built into the software, not left to a staff member to remember.
It explains itself in plain language.
For every output that affects a participant, the system has to show what data it used, what it produced, and why. APP 10 makes this a legal requirement, not a nice-to-have. "The AI decided" is not an answer you can give an auditor — or a participant exercising their right to know.
It logs everything, and keeps it for seven years.
Every access, every output, every human sign-off, timestamped. If the Commission or the OAIC asks you to reconstruct what happened on a given day eighteen months ago, the log is the only thing that can.
You can switch it off.
Without calling the vendor. A named person at your organisation needs to be able to stop the system from processing or issuing anything, immediately. An autonomous system with no off switch is a liability, not an asset.
No participant data ever goes into a public AI tool.
ChatGPT, the consumer Claude app, Gemini — their terms allow them to train on what's entered. A compliant system uses business-grade infrastructure that doesn't, and your staff acceptable-use policy says so in writing.
A named person at your organisation owns it.
Accountability cannot be outsourced to the vendor. The Commission holds the provider responsible for outcomes in their service. Before go-live, one specific person owns the system. If that person leaves, ownership transfers — it never lapses.
That's the standard. We built it into every agent we install before we'd let one near a participant record, because the alternative is handing a client a system that quietly puts their registration at risk — and that helps no one.
Print it. Take it to your next vendor conversation. The ones who can answer all eight are rare. The ones who can't will tell you a lot by how they dodge the question.