Content reviewed and verified by Graham Chee, with FCPA-led practice at Local Knowledge, Mascot NSW. Continuous CPA Australia member since 1986. Prior career at Goldman Sachs, BNP Investment Management and Merrill Lynch.. Last reviewed July 2026. Next review scheduled for October 2026.
Safeguard NDIS participants and your practice by integrating ethical AI with robust compliance frameworks.
The National Disability Insurance Scheme (NDIS) stands as a cornerstone of support for Australians with disability, fostering independence and community participation. As NDIS providers increasingly explore the transformative potential of Artificial Intelligence (AI) – from optimising service delivery to enhancing participant outcomes – a critical need arises for rigorous ethical and professional compliance. This isn't merely about technological adoption; it's about safeguarding vulnerable individuals and upholding the highest standards of professional conduct. For chartered accountants advising NDIS providers, this landscape presents a unique challenge: how to ensure AI integration aligns with not only regulatory obligations but also the fundamental ethical principles embedded in professional standards like APES 110 Code of Ethics for Professional Accountants (including Independence Standards) [APESB: APES 110].
This article, guided by the insights of Principal Advisor Graham Chee (FCPA, GRCP), delves into the specific ethical considerations for NDIS providers deploying AI. We will explore the direct implications of APES 110, examine best practices for data privacy and security, and outline a robust framework for ethical AI governance. Our aim is to provide practical, authority-grade guidance for NDIS providers and their advisors to navigate this complex yet vital intersection of innovation and integrity, ensuring that AI serves to genuinely enhance, rather than compromise, the trust placed in NDIS services. You will learn how to proactively manage AI-related risks, understand your professional obligations, and implement strategies for responsible AI innovation.
The NDIS sector operates within a framework of profound trust and responsibility. The introduction of AI tools, while promising efficiencies and improved participant experiences, concurrently introduces novel ethical dilemmas. These range from algorithmic bias impacting service allocation to the potential for data misuse and the erosion of human oversight. For NDIS providers, the ethical imperative isn't just a moral consideration; it's a foundational requirement for maintaining participant trust, ensuring regulatory compliance, and upholding the integrity of the NDIS itself. Unethical AI deployment can lead to significant reputational damage, financial penalties, and, most critically, adverse impacts on the very individuals the NDIS is designed to support.
Consider AI applications in NDIS: predictive analytics for service needs, automated scheduling, or even AI-powered assistive technologies. Each carries a unique risk profile related to fairness, accountability, and transparency. For instance, an AI system trained on biased historical data could inadvertently perpetuate or exacerbate inequalities in service provision. A lack of transparency in AI decision-making could prevent participants from understanding why certain services are recommended or denied. Therefore, a proactive and principle-based approach to AI ethics is not optional but essential for any NDIS provider seeking to responsibly leverage these technologies. This requires a shift from viewing AI as purely a technical solution to understanding its profound social and ethical implications within a sensitive sector.
APES 110 Code of Ethics for Professional Accountants (including Independence Standards) [APESB: APES 110] provides the foundational ethical framework for all professional accountants in Australia. For NDIS providers, particularly those with internal accounting functions or relying on external CPA advice, these principles directly extend to the ethical governance of AI. The five fundamental principles are: Integrity, Objectivity, Professional Competence and Due Care, Confidentiality, and Professional Behaviour. Each principle demands careful consideration in an AI context:
The sensitive nature of NDIS participant data necessitates a heightened focus on privacy and security when integrating AI. Basic compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 [legislation.gov.au: Privacy Act 1988] is merely the starting point. AI systems, by their nature, often process vast quantities of data, potentially identifying patterns or making inferences that could inadvertently reveal sensitive personal information. This demands a 'privacy-by-design' approach, where privacy considerations are baked into the AI system from its inception, not as an afterthought.
Key considerations for NDIS providers include:
To systematically address the ethical challenges of AI, NDIS providers should develop and implement a comprehensive Ethical AI Framework. This framework moves beyond mere compliance, embedding ethical considerations into every stage of AI's lifecycle. Here’s a numbered process for establishing such a framework:
Effective risk mitigation for AI in NDIS hinges on three pillars: transparency, accountability, and continuous monitoring. Without these, AI systems, no matter how well-intentioned, can introduce unforeseen risks that compromise participant safety and trust. Transparency means making the workings of AI systems as clear as possible to all stakeholders. This is particularly challenging with complex 'black box' AI models. NDIS providers must strive for explainable AI (XAI) where the logic behind AI decisions can be understood and communicated. This includes transparency about the data used, the algorithms employed, and the limitations of the AI system.
Accountability establishes clear lines of responsibility for AI outcomes. Who is responsible when an AI system makes an erroneous or biased decision? NDIS providers must define roles and responsibilities for AI development, deployment, and oversight. This includes assigning accountability for data quality, algorithm validation, and the ethical implications of AI-driven recommendations. The human in the loop remains ultimately accountable for decisions affecting participants.
Continuous monitoring is essential because AI systems are dynamic. Their performance can drift over time, biases can emerge as new data is introduced, and regulatory landscapes can evolve. Regular audits of AI models, performance metrics, and ethical compliance are non-negotiable. This proactive approach allows NDIS providers to identify and address issues before they escalate, ensuring that AI remains a beneficial tool rather than a source of risk. This iterative process of review and refinement is critical for maintaining ethical integrity.
The integration of AI into NDIS services is not a fleeting trend but a fundamental shift that will redefine how support is delivered. To future-proof NDIS services, providers must embrace AI innovation responsibly, embedding ethical considerations at the core of their strategic planning. This means viewing ethical compliance not as a barrier to innovation, but as its enabler. Responsible AI innovation ensures that technological advancements genuinely enhance the lives of NDIS participants, rather than creating new vulnerabilities or exacerbating existing inequalities.
Building a culture of ethical AI within an NDIS organisation involves ongoing education, open dialogue, and a commitment to continuous improvement. It requires leadership to champion ethical AI, allocating resources for training, robust governance, and the necessary technical infrastructure. Providers should actively engage with participants and their families, seeking feedback on AI-powered services and ensuring their voices are heard in the development process. Furthermore, collaborating with industry bodies, technology experts, and professional advisors (like FCPAs with GRCP/GRCA credentials) can provide invaluable insights and support in navigating this evolving landscape. By proactively addressing ethical challenges and fostering a culture of responsible innovation, NDIS providers can harness the full potential of AI to deliver more personalised, efficient, and impactful services, ultimately fulfilling the NDIS's promise to empower individuals with disability.
APES 110 is the Code of Ethics for Professional Accountants [APESB: APES 110], setting out fundamental ethical principles like integrity, objectivity, and confidentiality. It's relevant to NDIS providers using AI because these principles extend to the ethical governance of AI systems, especially where professional accountants are involved in oversight, data management, or strategic advice. For instance, the principle of 'Professional Competence and Due Care' mandates understanding AI's risks and ensuring appropriate controls, while 'Confidentiality' directly impacts how participant data is handled by AI. Upholding these principles ensures AI is deployed responsibly, safeguarding both participants and the provider's professional standing.
Algorithmic bias occurs when AI systems produce unfair or discriminatory outcomes due to biased training data or flawed algorithms, potentially leading to unequal access to NDIS services or inaccurate assessments. For example, if an AI is trained on historical data reflecting past systemic biases, it might perpetuate those biases in service recommendations. Mitigation strategies include ensuring diverse and representative training datasets, conducting rigorous ethical impact assessments before deployment, implementing explainable AI (XAI) to understand decision-making, and maintaining robust human oversight to review and override biased AI outputs [business.gov.au: AI Ethics Framework]. Regular auditing and continuous monitoring of AI performance are also crucial to detect and correct emerging biases.
Key data privacy considerations for NDIS providers using AI revolve around the highly sensitive nature of participant information. Beyond basic compliance with the Privacy Act 1988 [legislation.gov.au: Privacy Act 1988] and Australian Privacy Principles, providers must adopt a 'privacy-by-design' approach. This includes data minimisation (collecting only essential data), robust anonymisation or pseudonymisation techniques, obtaining explicit and informed consent for AI data usage, and implementing stringent cybersecurity measures like encryption and access controls. A comprehensive data governance framework is vital to manage the entire lifecycle of participant data within AI systems, ensuring its protection from collection to destruction.
An Ethical Impact Assessment (EIA) for AI is a structured process to identify, evaluate, and mitigate the potential ethical risks and societal impacts of an AI system before its deployment. For NDIS providers, EIAs are crucial because AI can profoundly affect vulnerable individuals. An EIA would assess potential biases, fairness issues, privacy risks, transparency concerns, and accountability gaps. It helps ensure that the AI system aligns with NDIS values, ethical principles (like APES 110), and regulatory requirements. Conducting EIAs proactively helps prevent unintended harm, builds trust with participants, and demonstrates a commitment to responsible AI innovation.
An FCPA with GRCP (Governance, Risk, and Compliance Professional) and GRCA (Governance, Risk, and Compliance Auditor) credentials offers NDIS providers a unique and comprehensive perspective on AI ethics. Beyond traditional accounting, they can design and implement robust enterprise-wide GRC frameworks tailored to AI, ensuring compliance with APES 110, privacy laws, and NDIS Quality and Safeguards. Their expertise allows them to proactively identify AI-related risks, establish accountability mechanisms, advise on data governance strategies for sensitive participant data, and integrate ethical considerations into the provider's overall business strategy, moving beyond reactive compliance to proactive ethical leadership in AI adoption.
In principal-led practice at Local Knowledge, we've seen first-hand that the rapid evolution of AI presents both immense opportunities and significant ethical challenges for NDIS providers. It's not enough to simply adopt new technology; the true measure of innovation lies in its responsible and ethical deployment. My experience, spanning institutional finance and deep compliance, informs a strong belief that robust governance is the bedrock of trustworthy AI. For NDIS providers, this means embedding APES 110 principles into every AI decision, from data selection to algorithmic design, and maintaining a human-centric approach. The goal is to leverage AI to enhance NDIS participant outcomes without ever compromising their privacy, dignity, or trust. This requires a proactive, continuous commitment to ethical oversight, akin to the rigorous compliance standards we uphold in financial services.
The journey towards integrating AI ethically within the NDIS sector is complex but essential. By meticulously adhering to professional standards like APES 110, prioritising robust data privacy and security, and implementing a comprehensive ethical AI framework, NDIS providers can harness the transformative power of AI responsibly. This commitment not only safeguards participants but also strengthens the integrity and sustainability of NDIS services for the future. As the landscape of AI and regulation continues to evolve, having a trusted advisor with deep expertise in compliance, governance, and ethical frameworks is invaluable. Our principal-led practice, Local Knowledge, is dedicated to guiding NDIS providers through these intricacies, ensuring that your AI strategies are not only innovative but also ethically sound and fully compliant.

Principal and Founder, Local Knowledge
Graham Chee is the principal and founder of Local Knowledge, an FCPA-led Australian practice that brings institutional-grade compliance, investment-structure and intellectual-property experience directly to owner-managed businesses. Graham is a Fellow of CPA Australia (FCPA since November 2005, continuous CPA member since 1986) and holds the OCEG Governance, Risk & Compliance Professional (GRCP) and Governance, Risk & Compliance Auditor (GRCA) designations. His prior career includes senior roles at Goldman Sachs, BNP Investment Management and Merrill Lynch. Graham was previously portfolio manager of the Asian Masters Fund (IPO December 2007 – 31 December 2009), which returned +29% in AUD terms versus the MSCI Asia Pacific (ex Japan) benchmark. He signs off on 100% of client files personally.
Areas of Expertise:
This article is especially relevant to these industries. See how we tailor our services for each.
General information only. Speak to us for advice specific to your situation. Every file is signed off by our principal under CPA Code of Ethics.
Graham Chee FCPA, CPA, GRCP, GRCA · Principal, Local Knowledge · Mascot NSW · CPA-signed files