Free ADM disclosure template for Australian businesses
An editable disclosure for your privacy policy, ready to adapt. From 10 December 2026, organisations covered by the Australian Privacy Act must disclose in their privacy policy where automated processes make decisions that significantly affect individuals. This template gives you the structure to do that.
A starting template, not legal advice. Review it with a qualified privacy professional before you rely on it.
What an ADM disclosure is
An automated decision-making (ADM) disclosure is a section of your privacy policy that explains, in plain language, where your organisation uses computer programs or AI to make or substantially assist in decisions that could significantly affect individuals.
The obligation comes from the Privacy and Other Legislation Amendment Act 2024 (Cth), which takes effect on 10 December 2026. At that date, organisations covered by the Privacy Act 1988 must make the disclosure in their privacy policy.
This template gives you a ready-made structure: a section heading, fields for each automated process in scope, a statement of individual rights, and a review date. Fill in the fields for your actual processes, embed the completed text in your privacy policy, and have it reviewed before the deadline.
How to adapt the template to your organisation
Download the Markdown file and work through it in order. Replace everything in square brackets with your own details. The goal is accuracy, not length.
1. Map your automated processes first
Before filling in the template, list every AI tool or automated process that uses personal information and produces outputs that could significantly affect individuals. You cannot write an accurate disclosure without this list.
2. Complete one section per process
For each process in scope, fill in the four fields: what is being decided, how automation is involved, what personal information is used, and what human review (if any) is in place.
3. Be specific, not vague
A disclosure that says only 'we use AI in some decisions' does not meet the obligation and does not help individuals. Name the type of decision and describe the process in plain terms.
4. Embed it in your privacy policy
Add the completed disclosure as a section of your privacy policy, or include a clear reference to it from your policy. The privacy policy is where the legal obligation sits.
5. Have it reviewed before 10 December 2026
A privacy professional can check that your disclosure covers all in-scope processes, uses accurate language, and meets the requirement. Building in time for review is important.
6. Keep it current
Update the disclosure whenever you introduce or change an automated process that affects individuals. Set a review date and stick to it.
Download the template
The template is available as a Markdown file. Open it in any plain-text editor, Word, Google Docs, or a Markdown editor, replace the bracketed fields with your organisation's details, and paste the completed text into your privacy policy.
Free. A starting template, not legal advice. Adapt it to your organisation before you rely on it.
The disclosure template
Below is the full template text. Everything in [square brackets] is a placeholder to replace with your organisation's own details. Duplicate the decision-area section for each automated process in scope.
Use of automated decision-making
[Organisation name] uses automated processes and computer programs (including artificial intelligence tools) in the following ways that may significantly affect individuals. Where we use your personal information in these processes, we disclose that use below.
[Decision area 1 - e.g. Application screening]
What we decide: [Brief description, e.g. whether to progress your application to a human review stage.] How automation is involved: [Describe the process and tool, e.g. we use [tool name] to score applications against defined criteria. The output is reviewed by a staff member before any final decision is made.] Personal information used: [List categories, e.g. name, employment history, qualifications.] Human involvement: [Describe the review step, e.g. all automated outputs are reviewed by [role name] before a final decision is communicated.] Outcome: [Describe next steps, e.g. if your application does not progress, you will receive notice and may request a manual review.]
[Decision area 2 - add as needed]
What we decide: How automation is involved: Personal information used: Human involvement: Outcome:
Where we do not use automated decision-making
[Optional but useful: state contexts where you do not use automated decision-making to reduce ambiguity. E.g. All complaints, appeals and enforcement-related decisions are made by staff without automated assistance.]
Your rights
If a decision significantly affects you and an automated process was involved, you may request information about how the decision was made, ask for human review of the decision, or correct personal information we hold that was used in the process. To make a request, contact [privacy contact name or role] at [email address].
Review of this disclosure
We review our automated decision-making processes and update this disclosure when processes change. This section was last reviewed on [date].
Not legal advice. This template is general information only. It does not constitute legal advice or a legal opinion on your obligations under the Privacy Act 1988 (Cth) or any other law. VibeZero is not a law firm. Consult a qualified privacy professional before 10 December 2026.
What to do next
The disclosure is one part of compliance. You also need to know which processes are in scope, how data flows through them, and whether your privacy policy as a whole is accurate. These resources and services help with the rest.
- •Privacy Act 2026 AI compliance guide. The full picture on what the 2026 obligations mean for your business.
- •Data privacy advisory. Get your privacy posture reviewed and aligned to the 2026 deadline.
- •AI usage review. Map every AI tool and automated process across your team so you know what is in scope.
Frequently asked questions
An ADM (automated decision-making) disclosure is a statement in your privacy policy that explains where you use computer programs or automated processes to make, or substantially help make, decisions that could significantly affect individuals. From 10 December 2026, this disclosure is required for organisations covered by the Australian Privacy Act 1988 (Cth) under the Privacy and Other Legislation Amendment Act 2024.
The obligation is to disclose in your privacy policy. You can include the disclosure directly in the body of your privacy policy, or include a summary in the policy and link to a more detailed document. The key is that the privacy policy makes the disclosure clear and accessible to the individuals it concerns.
If the AI tools you use do not involve personal information about identifiable individuals and do not produce outputs that significantly affect those individuals, the ADM transparency obligation may not apply to those particular processes. However, many AI tools do involve personal information even when they appear to be internal tools. Map your processes carefully and review with a privacy professional if you are uncertain.
The template is a general-purpose starting point for Australian organisations covered by the Privacy Act. It is not tailored to any specific industry. Health service providers, financial services firms, legal practices, and government agencies may need to adapt it further to reflect their specific legal obligations. Treat it as a structure to fill in, not a finished document.
Yes. Download the Markdown version and adapt it to your organisation. It is provided by VibeZero as a practical starting point. It is not legal advice and does not substitute for professional privacy guidance.