For Tier 2/3 Sub-Contractors · National AI Plan Compliance

Your head contractor is asking AI governance questions in pre-qual. The ones who can answer them are getting the work.

Pre-qual is no longer just safety records and financials. AI governance questions are appearing on tender schedules across infrastructure, defence, resources, and energy. Some subbies are already being marked down because they can't prove the answer. The good news: the right answer doesn't require an enterprise compliance program. It requires a system that's proportionate to what your business actually does with AI, and that a principal can score.

Not sure what your obligations are? Check in under 2 minutes, no email required.

Book a 20-Minute Scoping Call Check Where You Need to Comply →
Tier 2/3 sub-contractor — audit-ready AI governance evidence

Trusted by leaders from

What's changed

Five questions that are now on pre-qual schedules. And what happens if you can't answer them.

Principals and head contractors are asking sub-contractors to document how they use AI, who approves it, what data it touches, how they prove control, and what happens when something goes wrong. These aren't future questions. They are on tenders right now across Australian heavy industry.

The risk isn't just failing pre-qual on a single bid. It's being seen as a governance risk across a supply chain. Primes are building preferred supplier lists. The subbies on them are the ones who can demonstrate a governance position, not just say they have one.

Doing nothing.

A blank answer or a vague policy statement is being scored as a gap. Principals are getting more specific, not less.

Doing too much.

An enterprise compliance program your team can't maintain creates its own risk. It overpromises what your system can actually prove, and auditors notice.

Doing it project by project.

Building a new answer for every tender from scratch costs time you don't have and produces inconsistent answers that don't hold up across bids.

What works

A right-sized, audit-ready compliance system built once, maintained by your team, and reused across every bid.

Know before you build

Not every sub-contractor has the same obligations. Here's how to find yours.

Your NAIP obligations depend on three things: the sectors you work in, what your AI tools actually do, and whether your work touches government projects, critical infrastructure, or decisions affecting your employees. A small civil subcontractor using AI for scheduling has different obligations to a defence sub whose AI touches personnel data.

Getting this wrong in either direction is a problem. Too little, and you fail pre-qual. Too much, and you build a system your team won't maintain and your margin can't support.

The compliance check tool covers this in under 2 minutes. Three yes/no questions. Instant result. No email.

Standard scope sub-contractor

Layers 1 and 2. AI Ethics and Usage Policy, Privacy Act ADM position, and the AI6 six-pillar compliance system. This covers the vast majority of Tier 2/3 subs.

Government projects, critical infrastructure, or AI affecting employees

Layers 1, 2, and 3. Everything above plus a full AI Impact Assessment — principals and agencies are requiring it through contract on these scopes, so expect to produce one.

Tier 2 sub with a complex scope or active government tender

Layers 1, 2, 3, and TenderPulse. Live compliance dashboard mapped to the specific project and principal.

Check Where You Need to Comply →

Four ways to work together

Pick the level of help that matches where you are.

Check where you stand, get a baseline, have the system built, or get a live tender answered. Start anywhere — every dollar you spend on a lower rung credits toward the next one, so you never pay twice for overlapping work.

Option 1 · Not sure your answers stack up

Pre-Qual Gap Check

$950 + GST · 48 hours

Your head contractor's pre-qual form is asking about AI and you're not sure your answers stack up. Send us your last pre-qual response and a list of the tools your team uses. Within 48 hours you get back: the questions you'd be marked down on, why, and what to fix first — in plain English, one page. No call required unless you want one.

  • 48-hour turnaround on your actual submissions, not a generic checklist
  • Gap list scored against the five evidence pillars assessors use
  • Clear call on what you can fix yourself and what needs building
  • The full $950 comes off the audit or the compliance system if you go on
Book a Gap Check

Option 2 · Not sure where you stand

National AI Plan Readiness Audit

$3,750 + GST

If you haven't prepared for the National AI Plan yet, or you're not sure what's already happening with AI across your business, start here. Before you spend money fixing the wrong things, this tells you exactly what the gap is and what order to close it in.

  • Clear picture of every AI tool in use across the business, risk-rated
  • Gap check against likely tender, pre-qual, and audit questions specific to your sectors
  • Plain-English priority list — what to fix first, what can wait, what doesn't apply to you
  • Honest recommendation on whether you need the full compliance package next
  • The full $3,750 comes off the Compliance System if you proceed within 60 days

Best first step if you are not sure what is already happening in the business, or if you want to know exactly what you're buying before committing to the full system.

Book a Readiness Audit

Option 3 · Ready to build the system

National AI Plan Compliance System

$6,500 + GST · five days

A five-day, fixed-price engagement that builds your AI governance system inside a pre-configured, NAIP-aligned infrastructure. Not a folder of Word documents. Not a policy template. A live compliance system populated with your data, producing audit-ready outputs your team can maintain without ongoing consultancy.

Layers 1 and 2 deployed as standard. Layer 3, the AI Impact Assessment, added where your AI use triggers the threshold.

  • Layer 1, Foundation — board-ready AI Ethics and Usage Policy aligned to the National AI Plan. Privacy Act ADM disclosure position documented. Multi-signatory sign-off workflow. Annual re-attestation trigger built in.
  • Layer 2, Core Compliance — AI6 six-pillar compliance system. Use case register, vendor register, training log, incident log, quarterly monitoring schedule, and audit trail. Tender response language mapped to the five evidence pillars assessors score. One-click audit and pre-qual export pack, under 15 pages.
  • Layer 3, AI Impact Assessment (where triggered) — full 12-section DTA assessment completed. AI drafts answers from your own documents. You review and approve every answer. Board- and tender-ready PDF export. Australian-hosted, data never leaves the country.

The qualified refund. If an eligible bid is rejected solely on AI governance grounds after the system is in place, you get a refund. The system is built to hold up. This backs that.

Five days is the delivery headline. The setup period depends on how complete your existing information is when we start. The readiness audit removes that uncertainty.

Book a Scoping Call

Option 4 · Tender already on the street

Tender AI Response

$2,750 + GST (system in place) · $5,000 + GST (readiness audit required)

When a tender is already live and the AI governance section needs an answer now, this is the engagement. We build the response around the compliance system you have, close the gaps that are likely to be tested before award, and produce a response that doesn't overpromise what your system can actually prove.

  • AI governance section drafted for your specific tender submission
  • Evidence list mapped to the exact questions being asked
  • Gap strategy for anything likely to be tested before award or at post-shortlist audit
  • Plain-English response language that holds up under scrutiny

The $2,750 rate applies where a compliant system already exists. The $5,000 rate applies where a readiness audit is required first to understand what the system can and can't prove.

Discuss Your Tender

You never pay twice. The $950 Gap Check credits in full toward the audit or the compliance system. The $3,750 audit credits toward the system within 60 days. Every dollar steps up.

The Infrastructure

This isn't consulting with a report at the end. Here's what gets built and left running.

Every engagement deploys pre-built, NAIP-aligned systems, configured to your business and populated with your data. What comes out the other end is structured, version-controlled, and maintainable by your team without ongoing consultancy.

The apps handle automated data ingestion, register management, audit pack generation, and compliance tracking. The decisions, the data gathering, the face-to-face work, the risk calls — that's where James works alongside you. Both are part of every engagement.

Layer 1 — AI Ethics & Usage Policy Builder

Board-ready policy. Privacy Act ADM position. Multi-sig sign-off. Version-controlled.

Layer 2 — AI6 Compliance System

Six-pillar evidence pack. Pre-built registers. One-click audit export. Tender response language ready.

Layer 3 — AIIA App (where triggered)

12-section DTA Impact Assessment. AI drafts from your documents. Source-traced answers. Audit-ready PDF. Australian-hosted.

TenderPulse (complex scopes)

Live compliance dashboard mapped to your project and principal. Gap alerts. Artefact tracking. Left running after the engagement closes.

See the Full Infrastructure →

Supplying Defence?

The March 2026 Defence Responsible AI policy is binding, not voluntary. If you hold or are bidding Defence work, your obligations are already set — here's the entry point.

See the Defence track →
Beyond compliance

The system you build to pass pre-qual is the same system that lets you use AI properly.

Most subbies treat AI governance as a cost. It doesn't have to be. The data, the registers, the access controls, and the approval chains you put in place to satisfy a principal's pre-qual question are also the foundation that lets you use AI safely on the work that matters: quoting, scheduling, claims, variations, and reporting.

Once your use case register, vendor register, and data classification are in place, you know exactly which AI tools your team can use, on which tasks, with which data, in a way your head contractor will approve and your board can attest to. That's not a compliance burden. That's a capability position.

Time back on tenders

The same evidence pack serves every bid — no rebuilding from scratch.

Margin protection

AI tools you can use on quoting, scheduling, claims and variations with confidence.

Smarter site reporting

The data you classified for governance powers better operational insight.

A position primes notice

Subbies who govern AI well, and can prove it, get more repeat work and stronger preferred supplier standing.

Why this works

I'm not a tech consultant explaining governance to you. I'm a Project Director who's sat on your side of the table.

Thirty years directing major projects and winning complex bids across Oil and Gas, Defence, Energy, and Infrastructure for FTSE 100 and ASX contractors. I've written the pre-qual responses. I've scored the sub-contractors. I've been on both sides of the commercial table that determines who gets the work and who doesn't.

When I say proportionate governance, I mean proportionate to what a principal will actually score, not what an enterprise compliance framework would require. When I say audit-ready, I mean ready for the specific questions a governance team asks at post-shortlist, not a theoretical standard.

The system is pre-built. The judgement behind it is not.

Bid Director — Australia's largest naval shipbuilding programme ($2B+ Defence EPC)
VP Strategy & Development, Asia Pacific — Wood PLC (FTSE 100), 7 business units, 4 countries
Energy Transition architect — pivoting O&G portfolios to low-carbon markets
Alliance model pioneer — reduced Defence ship upgrade cycles from 4 years to 18 months
MBA · University of New England Certified Master Project Director · AIPM AI Fluency Professional · USyd Certified AI Lead Partner · Mindhive
What clients say

Trusted by industry leaders

★★★★★

"We knew little about AI previously, except we were falling behind. The pilot process was easy, we learned a lot, and the AI agent has everyone excited. We are now developing our AI Scaling Strategy with James."

Paul McCarthy
Required Services Pty Ltd
★★★★★

"James provides fractional support as both the Lead Account Partner and GTM Focal Point. We have a global mandate and James brings the strategic clarity and industry depth to operate at that level."

CEO
Accenture engagement
★★★★★

"He led our AsiaPac Strategy process, focused on growth and diversification. Thanks to his unique knowledge across the region and industry, he was invaluable — delivering exactly what we needed."

Paul McCarthy
Regional Director, EnerMech
★★★★★

"Working alongside James, I was always impressed by his tenacity in getting after opportunities and his rigorous approach to ensuring outcomes were achieved."

Common questions

Straight answers to the questions subs ask before they book a call.

We only use AI for a few admin tasks. Do we really need this?

Possibly not the full system. But you need to be able to document what those tools are, what data they touch, and who approved their use. If you can't answer those three questions in writing, you have a pre-qual gap. The Gap Check or the readiness audit tells you exactly what you need without overbuilding.

How do we know what our head contractor is actually asking for?

The questions vary by principal, but they're converging around five evidence pillars: accountability, transparency, data governance, human oversight, and incident management. The AI6 compliance system covers all five. The tender response module produces language mapped to whatever the specific tender is asking.

We don't have a formal AI program. We just use tools like ChatGPT and Copilot. Does that count?

Yes, and this is where most subs are caught out. Informal AI use without documented approval, risk assessment, or data handling controls is exactly what principals are asking about. The system starts by mapping what's actually in use across the business, formally or not.

Do I pay twice if I start small?

No — every dollar steps up. The $950 Gap Check credits in full toward the readiness audit or the compliance system. The $3,750 audit credits in full toward the compliance system if you proceed within 60 days. You never pay twice for overlapping work.

Is Sovereign AI included?

No — and be careful of anyone who implies it comes free with compliance. NAIP compliance is what this package delivers. Sovereign AI — running your AI tools on Australian-hosted systems — is a requirement that exceeds the NAIP baseline, asked for mostly on Defence and data-centre work. Our own systems are Australian-hosted; making your AI stack sovereign is its own scope. If your tender asks for it, we'll tell you straight what it takes.

Five days seems fast. What does the engagement actually involve?

Five days is the delivery window for the outputs. The engagement before that involves a structured audit session, data gathering across your existing tools and documentation, risk classification decisions, and a review and approval process. The pre-built infrastructure means the structure is ready on day one. We're configuring and populating it, not building it from scratch.

What if our AI use changes after the engagement?

The system is built to be maintained, not archived. The registers are version-controlled. The annual re-attestation trigger is built in. If your AI use changes significantly, you update the relevant register entries and re-export the evidence pack. That's a maintenance task, not a new engagement.

Is the $6,500 package a one-off or ongoing?

One-off engagement fee. The system is yours after the engagement closes. There are no ongoing consultancy fees required to maintain it. James is available for check-ins, tender support, and layer additions as your scope grows, but none of that is mandatory.

What's the qualified refund exactly?

If an eligible tender bid is rejected solely on AI governance grounds after the compliance system is in place and the tender response language has been used, you receive a refund. The conditions are specific and documented before the engagement starts. It's not a blanket guarantee — it's a confidence signal that the system is built to the standard it claims.

The subbies who get on the preferred list are the ones who can prove a governance position now.

A 20-minute scoping call covers which layers apply to your business, what the five-day engagement looks like in practice, what your obligation timeline is, and what it costs. If you're not ready for a call yet, check your obligation tier first. It takes under 2 minutes and tells you exactly where you stand.

Book a 20-Minute Scoping Call Check Where You Need to Comply →