National AI Plan · Built for the Prime–Sub tender chain

The AI rules are in tenders now. Your position in the supply chain decides what you need — and what you can safely cut.

I build the governance that satisfies the audit, scaled to where you sit. Pre-built systems, populated with your data, from someone who's sat on both sides of the tender table — bid teams and the subbies they flow requirements down to.

Not sure what's required? Check where you need to comply — under 2 minutes, no email.

Where do you sit?
I'm a Prime Contractor
Flowdown, supply chain audit surface, principal requirements I'm a Sub-Contractor
Pre-qual questions, tender responses, audit-ready evidence I'm an Asset Owner
CIRMP, supply chain standards, board assurance
4
Regulatory streams covered — Privacy Act, DTA Policy, Assurance Framework, SOCI
Dec 2026
Privacy Act ADM disclosure obligations take effect
5
Pre-built systems deployed, configured and populated with your data
90 days
Full-stack NAIP coverage for Primes — solvable, sequenced, fixed scope
For Tier 2/3 Sub-Contractors

The pre-qual paperwork is the start. The work you do for it is the asset.

Your head contractor is asking new questions on pre-qual. Some subbies are already being marked down because they can't prove the answer. We can fix that in five days. But there's something else in this for you that most consultants won't mention — the data, the systems, and the records you put in place to govern AI properly become the foundation that lets you actually use AI to run a better business. Passing the gate is the start. Getting noticed is what you do with it.

What gets deployed for Subs

Layer 1 + 2 — Foundation and Core Compliance
AI Ethics and Usage Policy, Privacy Act ADM position, and the AI6 six-pillar compliance system. Pre-structured, populated with your data during the engagement. Audit-ready evidence pack under 15 pages, version-controlled, maintainable by your team without ongoing consultancy.
Layer 3 — AI Impact Assessment (where triggered)
If your AI use touches government work, critical infrastructure, or your employees, expect to be asked for an AIIA — principals and agencies are requiring it through contract. Guides the full 12-section assessment, drafts from your own documents, produces a board- and tender-ready PDF. Australian-hosted, data never leaves the country.

The must-do

Pass pre-qual in five days, not five months

Fixed-scope sprint. We audit your last three pre-qual responses, identify the AI governance gaps, and deliver the documentation and tender language to close them. Your team reviews and approves — they don't have to write it.

  • Five-day sprint, AUD $6,500 + GST, with a qualified refund if an eligible bid is rejected solely on AI governance grounds
  • Audit-ready document pack — under 15 pages, version-controlled
  • Copy-paste-ready tender language for the five evidence pillars assessors score
  • One named accountable executive, one AI Use Policy, one register that works

The upside

The foundation to put AI to work

Most subbies treat governance as a cost. It can also become the paperwork, data and controls you need to use AI safely on quoting, scheduling, claims and variations. Once your AI register, data classification, and access controls are in place, you have the starting point for tools that save time and protect margin — in a way your head contractor approves.

  • Time back on tenders — the same evidence pack serves every bid
  • Margin protection — AI tools you can use on quoting, scheduling, claims and variations
  • Smarter site reporting — the data you classified for governance powers better insight
  • A position primes notice — subbies who govern AI well get more repeat work

This is not a tick-box exercise.

It is a chance to build a foundation primes can see — and it is solvable in five days.

Start smaller if you want — the $950 Gap Check and $3,750 audit both credit in full toward the system. You never pay twice.

View the $6,500 compliance package Check where you need to comply

Trusted by leaders from

What Gets Deployed

Pre-built systems. Automated data capture. Structured reports, audit and tender packs, compliance dashboards your team can maintain. Steered by someone who's run the bids and the projects.

Every engagement deploys a pre-configured compliance infrastructure aligned to Australia's National AI Plan — not templates handed over in a folder, not a software subscription left to run itself. The systems below are built, configured to your business, and populated with your data before anything goes near a tender or an auditor. What they produce is structured, version-controlled, and yours to maintain after the engagement closes.

The apps handle automated data ingestion, compliance dashboards, audit pack generation, and tender response drafting from your live compliance data. The decisions, the data gathering, the face-to-face sessions, the risk calls — that's where James works. You get both.

Layer 1 · Foundation · All clients

AI Ethics & Usage Policy Builder + Privacy Act ADM Update

Every contractor using AI needs a documented policy and a Privacy Act disclosure position before anything else. Generates a complete, board-ready AI Ethics and Usage Policy aligned to the National AI Plan, structured for board sign-off and updated to meet Privacy Act ADM obligations in force from December 2026.

  • Board-ready policy output, version-controlled with multi-signatory workflow
  • Annual re-attestation trigger built in
  • Auto-generates a board minutes reference paragraph
  • Privacy Act ADM disclosure position documented

Layer 2 · Core Compliance · All clients

AI6 Guidance Compliance System

The six-pillar documentation system that turns your AI use into an audit-ready evidence pack. Pre-structured to the AI6 Guidance standard principals are already referencing in tender schedules.

  • Pre-built register and log structure, populated during the engagement
  • Tender response language mapped to the five evidence pillars assessors score
  • One-click audit and pre-qual export pack
  • Under 15 pages, version-controlled, maintainable by your team

Layer 3 · AI Impact Assessment · Required where triggered

AIIA — AI Impact Assessment App

Guides the full 12-section DTA assessment. Ingests your existing documentation, drafts answers traced directly to source passages in your own files, computes the risk matrix without judgement calls missed. The AI drafts, never decides.

  • AI document ingestion — drafts from your vendor docs, contracts, and specifications
  • Every suggestion traced to its exact source passage, accept or reject
  • Auto-computed risk matrix with threshold branching
  • One-click board- and tender-ready PDF export, versioned and audit-ready
  • Australian-hosted, AWS Sydney — data never leaves the country

Layer 4 · Full NAIP Coverage · Primes only · Requires Layers 2 + 3

Full Compliance App — Complete NAIP Obligation Coverage

Picks up every NAIP obligation outside AI6 and the AIIA. Includes the Cascade Response Engine — ingests principal questionnaires, pulls answers from your stored compliance data, drafts the tender response. Your bid team reviews and approves.

  • Complete NAIP obligation coverage beyond AI6 and AIIA
  • Cascade inbox — ingest principal questionnaires by upload or email forward
  • Auto-populated tender response answers drawn from your live compliance data
  • One-click audit evidence pack export mapped to what the principal is asking for
  • Governance policy multi-sig workflow and version archive

Layer 5 · Live Bid Cockpit · Primes + Tier 2 Subs with complex scopes

TenderPulse — Live Compliance Dashboard

Your AI governance position mapped to a specific project, principal, and all four NAIP streams in real time. Gap alerts before your bid team finds them. Dashboard left running after the engagement closes.

  • Live compliance status across Privacy Act ADM, DTA Policy, National Assurance Framework, and SOCI
  • Prime requirement vs NAIP baseline gap analysis with flagged alerts
  • Artefact status tracking — published, in progress, missing
  • Sovereign AI posture documented and defensible
  • Compliance dashboard maintained by your team after engagement closes

These systems exist because the compliance problems in Australian heavy industry are specific enough to warrant pre-built infrastructure. A sub on a five-day sprint gets Layers 1 and 2 configured and populated. A Prime on a government or defence project gets the full stack. In every case, the systems are steered, not just switched on.

Scope, stated plainly. This is AI governance scoped to the National AI Plan. It complements your enterprise GRC system rather than replacing it — every register, log and evidence pack is structured to feed your existing GRC platform and audit programme. And Sovereign AI is not bundled in: running your own AI tools on Australian-hosted systems is a requirement that exceeds the NAIP baseline, asked for mostly on Defence and data-centre work. Our infrastructure is Australian-hosted; making your AI stack sovereign is its own scope — if your tender asks for it, TenderPulse flags it and we'll tell you straight what it takes.

Not sure which layers apply to your business? Check where you need to comply in under 2 minutes.

See the full infrastructure page →
The challenge — Tier 2/3 Sub-Contractors

The National AI Plan is already showing up in tenders.

The deadline is not theoretical. Tenders for next year’s projects are already asking how you use AI, who approves it, what data it touches and how you prove control. The risk is doing too little and failing pre-qual, or doing too much and building a system your team will not maintain.

Get compliant

Pre-qual is becoming a real gate, not a paperwork exercise

Head contractors are asking clearer questions about AI tools, data, approvals and accountability. A short, audit-ready evidence pack beats a long policy nobody uses.

  • Know what the National AI Plan means for your business
  • Keep the evidence pack simple enough for your team to maintain
Keep AI useful

Right-sized compliance helps your AI program, not hinders it

The point is not to stop your team using AI. It is to know what is being used, where the risks are, and what controls let you keep using AI safely for tenders, admin, claims, scheduling and reporting.

  • A baseline you can defend in tenders and improve over time
  • Controls matched to your maturity, not enterprise theatre
Services — Tier 2/3 Sub-Contractors

Three practical ways to get compliant without building enterprise theatre.

Four rungs, in the order contractors actually buy: check where you stand, get a baseline, have the system built, or get a live tender answered. Start anywhere — every dollar you spend on a lower rung credits toward the next one, so you never pay twice for overlapping work.

For Tier 2/3 Sub-Contractors
Check first

Pre-Qual Gap Check

Send us your last three pre-qual or tender responses. Within 48 hours you get a plain-English read on exactly where an assessor would mark you down on AI governance — and what closing each gap takes.

$950 + GST
  • 48-hour turnaround on your actual submissions, not a generic checklist
  • Gap list scored against the five evidence pillars assessors use
  • Clear call: what you can fix yourself and what needs building
  • Full $950 credits toward the audit or the compliance system

The lowest-risk way to find out where you stand before a tender finds out for you.

Book a Gap Check
Baseline first

National AI Plan Readiness Audit

For businesses that have not yet prepared for the National AI Plan or put basic AI governance around the tools their team already uses. This gives you a clear baseline before you spend money fixing the wrong things.

$3,750 + GST
  • Audit of current AI tools, uses, data exposure and approval habits
  • Gap check against likely tender, pre-qual and audit questions
  • Plain-English priority list so you can move forward in the right order
  • Practical recommendation on whether you need the full compliance package next

Best first step if you are not sure what is already happening in the business or what the head contractor is really asking for.

Book a readiness audit
Fixed-price system

National AI Plan Compliance System

A five-day, fixed-price package that turns your existing setup into a client-ready AI compliance pack for pre-qualification, tender response and post-shortlist audit.

$6,500 + GST
  • AI use policy, privacy update and accountable AI Officer requirements
  • Use case register, vendor register, training log and incident log
  • Tender response inputs included in the scope
  • Assumes your AI system is already structured, being implemented, or documented well enough to complete the pack

Five days is the delivery headline. The setup period depends on how mature your existing information is before we start.

View package details
Live tender support

Tender AI Response

When a tender is already on the street and the AI questions need an answer, we build the response around the system you have, the gaps you need to close and the Prime’s flow-down requirements.

$2,750 + GST

$2,750 where a compliant system already exists. $5,000 where a readiness audit is required, including gap analysis and a pre-audit strategy to address gaps.

  • AI governance section drafted for your tender submission
  • Evidence list mapped to the specific tender questions
  • Gap strategy for anything likely to be tested before award
  • Plain-English response that does not overpromise what your system can prove
Discuss your tender

You never pay twice. The $950 Gap Check credits in full toward the audit or the compliance system. The $3,750 audit credits toward the system within 60 days. Every dollar steps up.

Supplying Defence?

The March 2026 Defence Responsible AI policy is binding, not voluntary. If you hold or are bidding Defence work, your obligations are already set — here's the entry point.

See the Defence track →
How I Work

Govern it. Measure it. Prove it.

Most AI programs stall because the governance, business case and proof of value sit in different conversations. My work connects them — and the infrastructure that gets deployed is structured from the start to serve all three stages.

01

Govern It

Put the minimum viable controls in place so AI use is approved, recorded, risk-rated and ready for tender or audit scrutiny. The compliance infrastructure is configured and populated. The dashboards are live. The evidence pack is built.

02

Measure It

Connect AI activity to the measures contractors already care about: tender speed, admin time, rework, margin protection and work won. The same governance registers that satisfy the audit also capture the context that determines whether your AI is actually delivering — win rate at target margin, rework cost, bid efficiency relative to conversion.

03

Prove It

Turn the evidence into board-ready and client-ready proof, so your AI position survives scrutiny when the tender or audit lands. The governed audit trail becomes the evidence base. Anomalies are identified. The board gets commercial language, not dashboards.

Why this work, from James Clements

I'm not a tech consultant who found his way into heavy industry. I'm a Project Director who found his way into AI governance.

Three decades directing major projects and leading business development across Oil & Gas, Defence, Energy, and Infrastructure for FTSE 100 and ASX contractors. I've built $2B+ defence bids, led Asia Pacific strategy across seven business units and four countries for Wood PLC, and sat at enough commercial tables to know what principals actually score and what auditors actually test.

That's the background behind every framework I build. When I talk about proportionate flowdown, I'm not reading from a governance textbook — I know what a sub can realistically carry without pricing it back into your bid. When I talk about audit confidence, I know what a principal's governance team is actually looking for, because I've been on both sides of that conversation.

No innovation theatre. No enterprise overhead for its own sake. Governance that fits where you sit in the supply chain, and holds up when it needs to.

Bid Director — Australia's largest naval shipbuilding programme ($2B+ Defence EPC)
VP Strategy & Development, Asia Pacific — Wood PLC (FTSE 100), 7 business units, 4 countries
Energy Transition architect — pivoting O&G portfolios to low-carbon markets
Alliance model pioneer — reduced Defence ship upgrade cycles from 4 years to 18 months
MBA · University of New England Certified Master Project Director · AIPM AI Fluency Professional · USyd Certified AI Lead Partner · Mindhive
James Clements

Heavy industry strategy, project delivery and AI governance — translated into actions contractors can use.

Delivered through

Partnered delivery where it adds capability.

AI That Works

The delivery vehicle for fixed-price AI compliance and readiness programs. The pre-built infrastructure stack — AI6 Compliance System, AIIA App, TenderPulse, and the Full Compliance App — is built and maintained through AI That Works.

Kipanga

Engineering partner for AI transformation at scale. ISO 27001 certified, secure Australian hosting. Kipanga provides the sovereign infrastructure layer that underpins data residency requirements across government and critical infrastructure engagements.

Mindhive

Collective intelligence platform. Certified Lead Partner for strategic collaborative engagements where broader organisational input is required alongside governance framework design.

What clients say

Trusted by industry leaders

★★★★★

"James provides fractional support as both the Lead Account Partner and GTM Focal Point. We have a global mandate and James brings the strategic clarity and industry depth to operate at that level."

CEO
Accenture engagement
★★★★★

"He led our AsiaPac Strategy process, focused on growth and diversification. Thanks to his unique knowledge across the region and industry, he was invaluable — delivering exactly what we needed."

Paul McCarthy
Regional Director, EnerMech
★★★★★

"Working alongside James, I was always impressed by his tenacity in getting after opportunities and his rigorous approach to ensuring outcomes were achieved."

Chief Operating Officer
Heavy industry contractor
★★★★★

"We knew little about AI previously, except we were falling behind. The pilot process was easy, we learned a lot, and the AI agent has everyone excited. We are now developing our AI Scaling Strategy with James."

Free tools & resources

Find out where you stand — before someone else does

Built specifically for Australian heavy industry. No login. No cost.

Interactive map

Australia's AI Regulatory Map

Click through every active AI regulation that applies to heavy industry contractors — Privacy Act, DTA Policy, National Assurance Framework, SOCI Act. See status, deadlines, and what it means for your business in plain English.

Open Regulatory Map →
Quick Compliance Check

3 Yes/No Questions to Understand Your Governance Grouping

Based on the business sectors you work in or plan to work in, 3 Yes/No questions can determine what your broad Governance requirements will be under the National AI Plan. 2 Minutes, Instant Briefing, No Email.

Find Out Now
Free generator

Free AI Policy Generator — board-ready in 15 minutes

Generate a complete, board-ready AI Ethics & Usage Policy tailored to your organisation, aligned to Australia's National AI Plan — including the Privacy Policy update the December 2026 ADM obligations require. Start with an AI maturity assessment that pre-fills the policy automatically, or build each section directly with guided prompts. Takes about 15 minutes. Free. Your data stays private — the result appears on screen instantly, and if you want it as a formatted Word document ready to sign off, we'll email it to you.

Generate your policy →
Insights

Straight talk on AI governance for heavy industry

Practical, no-hype guidance for boards, prime contractors, and supply chain businesses navigating Australia's AI regulatory landscape.

Beyond compliance

When Stage 1 is complete, the foundation is built. Here’s what it unlocks.

02
Measure It

Governed AI Performance Advisory

Your governance registers are structured from the start to also capture the context that determines whether your AI is delivering real value — not just productivity metrics, but the board-level outcomes your AI was supposed to move. Win rate at target margin. Rework cost. Bid resource efficiency relative to conversion. The variables your AI system can’t see but that determine whether an output was actually good.

  • Board-level outcome metrics defined before AI deployment, not after
  • Context variables — relationship origin, competitor position, programme factors — built into governance register
  • 90-day measurement baseline established
  • Connects compliance infrastructure to performance evidence

Available to clients who have completed a Stage 1 governance engagement. Can be scoped as a standalone advisory for organisations with existing governance frameworks.

Ask about Stage 2
03
Prove It

AI ROI Review & Board Reporting

Periodic review of what your AI is actually producing at the board level. Before-and-after analysis in commercial language — not dashboards, not task completion rates. The governed audit trail becomes the evidence base. Anomalies are identified: where AI looks like it’s working but the board number says otherwise. This is the conversation your board is starting to ask for — and that most AI vendors cannot facilitate because they only measure their own system.

  • Board-level AI performance report in commercial language
  • Anomaly identification — metrics that look good but mask a business problem
  • ROI evidence structured for board and investment decision-making
  • Redeployment or discontinuation recommendations where warranted

Requires Stage 2 measurement baseline. Delivered as a structured advisory engagement at 90-day or 6-month intervals.

Ask about Stage 3

Primary pathways: Prime Contractor · Sub-Contractor. Asset Owner facilitation is handled on a separate page. Read the Asset Owner note.