Frequently Asked Questions

Ethos works exclusively with companies that build and sell AI products or services - AI SaaS companies, AI-powered platform providers, companies offering AI APIs or models and B2B AI vendors. We do not work with companies that merely use AI tools internally, as their governance obligations and risk surface are fundamentally different.

No. Ethos is an AI governance consultancy. We provide governance frameworks, compliance documentation and advisory services - not legal advice or legal representation. Clients should seek independent legal counsel where legal advice is required. This distinction is important: Ethos sits at the intersection of governance, risk and compliance, not legal practice.

ISO/IEC 42001:2023 is the world's first international standard for AI Management Systems (AIMS). Published in 2023 and adopted in Australia as AS ISO/IEC 42001:2023 in February 2024, it specifies 38 controls across 9 governance areas. It provides a structured framework for organisations to demonstrate responsible AI development, deployment and governance. Certification is issued by independent accredited certification bodies.

Certification is not currently mandatory in Australia. However, it is increasingly expected by enterprise procurement teams as a vendor qualification criterion and government procurement is expected to follow as the standard matures. Fewer than approximately 30 companies worldwide hold certification as of early 2026 - organisations that achieve it now gain a significant and defensible competitive advantage.

The free governance audit is a structured assessment of your current AI governance posture. You complete a questionnaire covering core governance domains and submit any existing documentation. Ethos produces a branded traffic-light risk report (red / amber / green) showing your compliance posture against Australian obligations, key gaps mapped to specific requirements and recommended next steps. The audit is fixed in scope and limited to 3 engagements per month.

Approximately 9 months from engagement start to certification-ready. This timeline assumes reasonable access to relevant personnel and documentation within your organisation. Clients with existing ISO 27001 certification typically achieve readiness faster due to the shared management system structure. Certification itself is the independent decision of the accredited certification body.

Yes, significantly. ISO 42001 shares structural elements with ISO 27001 - both are management system standards using the Annex SL high-level structure. Organisations with an existing ISO 27001 management system can integrate ISO 42001 requirements without duplicating foundational work, materially accelerating the pathway to readiness. Raise this in your discovery call and Ethos will provide an integration mapping.

The Privacy Act 2024 amendments introduce new automated decision-making transparency obligations that take effect in December 2026. Entities subject to the Privacy Act whose AI systems make or substantially inform decisions affecting individuals will be required to provide meaningful transparency about how those decisions are made. AI vendors whose products perform automated decision-making functions for clients should be preparing now.

Both AU Compliance Core and the Full Responsible AI Toolkit include a 30-day relevance guarantee: if the deliverables are not relevant to your AI product or business model, you receive a full refund within 30 days, no questions asked. The guarantee covers relevance to your product and business model only. It does not extend to: compliance with any law or standard, business outcomes such as winning contracts or passing procurement assessments, third-party decisions such as certification body determinations, or regulatory changes after the service date. The ISO 42001 Certification Pathway is scoped with defined deliverables and a clear timeline. Ethos does not guarantee certification outcomes; certification is the independent decision of the accredited certification body.

The Free AI Governance Audit is at no cost. AU Compliance Core is $999 AUD (one-time). The Full Responsible AI Toolkit is $1,699 AUD and includes 6 months of governance retainer. The ISO 42001 Certification Pathway is $13,990 AUD for an approximately 9-month engagement. All deliverables are professional governance resources provided as frameworks and starting points.

AU Compliance Core ($999) covers the legislative minimum: every current Australian regulatory obligation relevant to AI vendors, provided as professionally documented governance templates in standard format. Your team reviews, adapts and implements them independently.

The Full Responsible AI Toolkit ($1,699) includes everything in AU Compliance Core plus the complete responsible AI framework, company branding throughout all documents, done-for-you delivery configured for your business and 6 months of governance retainer with automatic template updates and priority consulting access. It also includes all bonuses (implementation sequence, procurement readiness guide, clause guide, board summary, tabletop exercise, benchmarking and governance badge).

Most Ethos clients choose the Full Responsible AI Toolkit.