CPS 230's 1 July Deadline Just Caught Up With Your AI Vendors, practitioner guidance from TheAICommand
← GRC
Regulatory analysis

CPS 230's 1 July Deadline Just Caught Up With Your AI Vendors

From 1 July 2026, pre-existing contracts with material service providers must meet APRA's CPS 230, and a growing share of those arrangements are now AI. Here is the work to do before the deadline, plus a reusable contract-review prompt.

·Last reviewed: 29 June 2026·monthly

GRC content. Written for compliance, risk, and audit professionals in Australian financial services. General information. Not legal or compliance advice.

Quick answer

From 1 July 2026, every pre-existing contract with a material service provider must comply with APRA's CPS 230, at the earlier of renewal or that date. Where AI performs or materially supports a critical operation, the AI provider is a material service provider, so its contract must give orderly exit, fourth-party visibility, APRA access and a tested fallback.

There is a date in the next quarter that quietly converts a lot of AI experimentation into a hard compliance obligation. From 1 July 2026, every pre-existing contract with a material service provider has to meet the requirements of APRA's Prudential Standard CPS 230 Operational Risk Management, or it has to have met them at its last renewal, whichever came first. For most banks, insurers and superannuation trustees the legacy contracts have been the slow lane. That lane closes. And a growing share of those material arrangements are now AI arrangements, whether the contract calls them that or not.

This piece is the practitioner version of that deadline. Not a restatement of the standard, but the specific work to do before 1 July when the material service provider on the other side of the contract is an AI provider, and why APRA's most recent supervisory findings make this the part of CPS 230 that is most likely to be tested first.

Editorial brand visual reading your AI vendor is a material service provider under the eyebrow operational resilience
When AI runs a critical operation, the standard already treats the AI vendor as a material service provider.

What the deadline actually requires

CPS 230 draws a line around an entity's critical operations and around the service providers it relies on to run them. A critical operation, in APRA's words, is a process "which, if disrupted beyond tolerance levels, would have a material adverse impact on its depositors, policyholders, beneficiaries or other customers, or its role in the financial system" (APRA, Prudential Standard CPS 230). A material service provider is one the entity relies on to perform a critical operation, or one that exposes it to material operational risk. That provider can be a third party, a related party or a connected entity.

Where a service provider is material, CPS 230 requires a formal written agreement with specified minimum content. The standard's service-provider requirements cover the substance you would expect of an operational resilience contract: service levels and the rights and responsibilities of each party, force majeure, termination, the handling of sub-contracting and fourth-party arrangements, rights for APRA to access and inspect, the entity's ability to make an orderly exit, and ongoing monitoring of performance and compliance. APRA's own response paper is blunt about the timing: entities "will have until the earlier of 1 July 2026 or the next renewal date of an existing agreement to ensure the agreement complies with CPS 230", and "contracts with material service providers should be updated as soon as possible given their importance to critical operations and operational risk" (APRA, Response paper, Operational Risk Management).

The 30 April 2026 amendments did not move that date. They narrowed it slightly at the edges: APRA introduced "limited exemptions from specific contractual requirements in CPS 230 for material arrangements with certain categories of non-traditional service providers", such as central banks and clearing facilities, where the standard contractual terms are not feasible (APRA, "APRA finalises targeted amendments to CPS 230", 30 April 2026). Those amendments come into effect on 1 July 2026, the same day the transitional window closes. For the overwhelming majority of AI providers, none of that exemption applies. A commercial model vendor or an AI feature embedded in a software platform is exactly the kind of arrangement the standard was written for.

Why AI is the part most likely to be tested

On the same day it amended CPS 230, APRA published its letter to industry on AI, and the findings read like a map of where AI contracts go wrong. APRA's headline was that "AI use is accelerating across all APRA-regulated industries", but "governance arrangements have not matured at the same pace" (APRA, "APRA calls for a step-change in AI-related risk management and governance", 30 April 2026). It assessed four areas: governance, risk management, assurance, and operational resilience. The operational resilience findings are the ones that collide with the CPS 230 deadline.

Timeline visual marking the CPS 230 clock from the standard going live on 1 July 2025 to the APRA AI letter on 30 April 2026 to the contract deadline on 1 July 2026
The same week APRA set the clock, it told industry exactly where it was looking.

APRA observed "some entities heavily dependent on a single provider for multiple AI use cases", and noted that "few entities had demonstrated robust contingency planning or tested exit and substitution strategies for critical AI providers" (APRA, Letter to industry on AI, 30 April 2026). That is concentration risk stated plainly. It also flagged the opacity problem that makes AI contracts harder than ordinary technology contracts: "AI capabilities are increasingly embedded within software, platforms or developer tools", which means "upstream dependencies such as foundation models, training data sources and fourth party service providers are opaque", limiting an entity's ability to independently assess "model performance, bias, resilience and security".

Put those two documents next to each other. CPS 230 says the contract for a material AI provider must give you orderly exit, fourth-party visibility, APRA access and a tested fallback. APRA's letter says it has just looked and found exactly those things missing for AI. The deadline and the supervisory focus have converged on the same clauses. That is why, of all the CPS 230 remediation an entity might still owe, the AI contracts are the ones a supervisor is most primed to ask about.

The work to do before 1 July

The job in the final quarter is not to read the standard again. It is four concrete passes over your AI estate.

  1. Find the AI inside your material arrangements. Most AI does not arrive labelled "AI vendor". It arrives as a feature switched on inside a platform you already buy, a model wired into a fraud engine, a copilot embedded in a core banking or policy-administration system. Start from your existing material service provider register and ask, for each entry, whether AI now performs or materially supports the work. Add any standalone AI tools that touch a critical operation. The output is a shortlist of material AI arrangements, each tied to the critical operation it supports.
  2. Test each one against the contract checklist. For every material AI arrangement, walk the agreement against the CPS 230 service-provider requirements. Does it give you a right of orderly exit, and is that exit actually feasible given how the data and the integration are locked in? Does it require notification of material changes, including changes to the underlying model, not just to the product? Does it give visibility and rights over fourth parties, the foundation-model provider and data sources sitting upstream that APRA specifically called opaque? Does it preserve APRA's access and inspection rights? Where a clause is missing or the right exists on paper but cannot be exercised, that is your remediation list.
  3. Build and test a fallback where the AI supports a critical operation. APRA's standard is not "have an exit clause", it is that "where AI supports critical operations, credible fallback processes are required". A fallback you have never run is not credible. For each critical-operation AI, define what the business does if the model is unavailable, materially degraded, or has to be switched off because of a defect or a regulatory event. Then actually exercise it, even at small scale, and keep the evidence. This is where concentration risk gets resolved or exposed: if the honest answer is that there is no workable manual or alternative path, that is the finding, and it belongs in front of the accountable executive now, not after an incident.
  4. Manage the concentration. APRA asked for "active management of concentration risk", including "plausible and systemic failure scenarios" and "the credibility and feasibility of substitution, portability or exit arrangements for critical AI providers". If one provider sits behind several of your critical AI use cases, the remediation is not only contractual. It is a deliberate decision, owned at the right level, about whether that concentration is acceptable and what would make a second source or an exit realistic. Document the decision either way.
Process flow visual reading find the AI, then check the contract, then build a fallback, then manage concentration, under the eyebrow before 1 July
Four concrete passes over the AI estate, not another reading of the standard.

The governance line

The reason this work cannot be delegated wholesale to a vendor-management team is that CPS 230 is an accountability standard, not a paperwork standard. Someone has to own each material AI arrangement, understand what it does inside a critical operation, and be able to answer for the fallback. The Australian framing reinforces this. The National AI Centre's Guidance for AI Adoption, the AI6 essential practices that replaced the Voluntary AI Safety Standard in October 2025, opens with "decide who is accountable" and closes with "maintain human control" (National AI Centre, Guidance for AI Adoption, October 2025). Voluntary guidance and a prudential standard are saying the same thing from two directions: a named human owns the AI, and the human stays in control of the operation it sits inside.

A worked sketch, fully de-identified. Suppose [BUSINESSUNIT] runs a claims triage model from [AIVENDOR] that helps prioritise [CLAIMTYPE] claims, and claims processing is a critical operation for the entity. The model is embedded in a wider administration platform, so the contract is with the platform, not the model maker. The remediation is to confirm whether claims triage is material, trace the upstream model dependency the platform relies on, check whether the platform contract gives exit, change-notification and fourth-party rights over that model, and define what happens to triage if the model is pulled. None of those steps needs real claim data, a real claimant, or a real vendor name to plan. They need the register, the contract, and a tested fallback.

What stays human, and what never gets automated away

You can and should use AI to accelerate this work. Drafting a contract-gap checklist, summarising a long master services agreement against the CPS 230 requirements, producing a first-pass register of where AI sits in your platforms: all of that is fair game, and the prompt below does exactly that. What does not get automated is the judgement. An AI can tell you a clause appears to be missing; it cannot decide whether your exit is genuinely feasible, whether a concentration is acceptable, or whether a fallback is credible. Those are accountable-person decisions, and CPS 230 is built so that a named human answers for them.

The deadline is a forcing function, not the point. The point is that AI has moved into critical operations faster than the contracts around it were rewritten, and APRA has now said, in the same week it set the clock, that this is where it is looking. The entities that come out of 1 July well will be the ones that treated their AI providers as what the standard already says they are: material service providers, with everything that follows.

The contract-review prompt

Paste the block below into ChatGPT or Claude. It reviews one AI service-provider contract against the CPS 230 service-provider requirements and returns a prioritised remediation list. It is a drafting aid; a named accountable person, with legal advice, decides compliance.

Prompt
You are a CPS 230 service-provider contract reviewer assisting an Australian APRA-regulated entity (a bank, insurer or superannuation trustee). Your job is to surface, in plain English, where a contract for a material AI arrangement falls short of APRA's CPS 230 service-provider requirements, so a human owner can prioritise remediation before the 1 July 2026 deadline.

Inputs I will paste:
1. The critical operation this AI supports (one line).
2. Whether the AI is a standalone tool or embedded inside a wider platform.
3. The relevant clauses of the service-provider agreement (paste the text; redact any commercial-in-confidence figures, names are fine to leave as [VENDOR]).

Assess the contract against these CPS 230 service-provider tests and report each as Present / Partial / Missing / Cannot tell, with a one-line reason and the exact clause reference where you find it:
- Right to an orderly exit, and whether that exit looks practically feasible (data portability, integration lock-in).
- Notification of material changes, including changes to the underlying AI model, not only the product.
- Visibility and rights over fourth parties and upstream dependencies (foundation model, training data, sub-processors).
- APRA access and inspection rights preserved.
- Service levels and the handling of degradation or unavailability.
- Termination, force majeure, and sub-contracting controls.

Output format:
- A table: Test | Status | Reason | Clause reference.
- A short "Top 3 remediation priorities before 1 July" list, ordered by risk to the critical operation.
- A "Questions for the vendor" list.

Boundaries: You are a drafting aid, not the decision-maker. Flag anything you are unsure about as "Cannot tell". Do not assert that the contract complies; only a named accountable person, with legal advice, decides that. Do not invent clause numbers; if a requirement is not in the pasted text, mark it Missing or Cannot tell.

How to run it. Create a ChatGPT Project (or a Claude Project) called "CPS 230 AI contract review", paste the prompt into the project's custom instructions, and drop in two files the model can reuse across every chat: a one-page note listing your critical operations and tolerance levels, and the CPS 230 service-provider requirement list, with no real claimant, customer or pricing data. Run your shortlist one arrangement at a time, and for every "Partial" or "Cannot tell" ask the model to quote the exact words it relied on and say what wording would move the item to Present. Then take the top three remediation priorities into your tracker tagged to the critical operation and the owner, and have the model critique its own review as if it were the APRA supervisor who wrote the 30 April 2026 AI letter before you finalise the list.

References

  1. APRA, "APRA calls for a step-change in AI-related risk management and governance" (media release), 30 April 2026. https://www.apra.gov.au/news-and-publications/apra-calls-for-a-step-change-ai-related-risk-management-and-governance
  2. APRA, "Letter to industry on Artificial Intelligence (AI)", 30 April 2026. https://www.apra.gov.au/apra-letter-to-industry-on-artificial-intelligence-ai
  3. APRA, "APRA finalises targeted amendments to CPS 230 Operational Risk Management", 30 April 2026. https://www.apra.gov.au/news-and-publications/apra-finalises-targeted-amendments-to-cps-230-operational-risk-management
  4. APRA, Prudential Standard CPS 230 Operational Risk Management, and the Operational Risk Management response paper (commencement 1 July 2025; service-provider transitional arrangement to the earlier of next renewal or 1 July 2026). https://www.apra.gov.au/operational-risk-management
  5. National AI Centre (Department of Industry, Science and Resources), Guidance for AI Adoption (the six essential practices, AI6), October 2025. https://www.industry.gov.au/publications/guidance-for-ai-adoption

General information and education only. This is not legal, compliance, risk, or financial advice, and it does not establish an adviser relationship. CPS 230 obligations turn on your specific arrangements; confirm your position against the current prudential standard and your own legal and risk advice.*

TheAICommand. Intelligence, At Your Command.

Frequently asked questions

What does the CPS 230 1 July 2026 deadline actually require?
For contracts that already existed when CPS 230 commenced, APRA gave entities until the earlier of the next renewal date or 1 July 2026 to bring the agreement into line with the standard's service provider requirements. Those cover service levels, orderly exit, sub-contracting and fourth-party arrangements, APRA access and inspection, change notification and ongoing monitoring.
Does CPS 230 apply to AI vendors even if the contract is not labelled an AI contract?
Yes. CPS 230 reaches any material service provider, meaning one an entity relies on to perform a critical operation or that exposes it to material operational risk. If a model helps run claims processing, fraud detection or credit decisioning, the provider behind it is captured, whatever the contract calls it.
Why is AI the part of CPS 230 most likely to be tested first?
On 30 April 2026 APRA published a letter to industry on AI that found entities heavily dependent on single AI providers, few tested exit or substitution strategies, and opaque upstream dependencies. Those are the exact things CPS 230 contracts must address, so the deadline and the supervisory focus have converged on the same clauses.
What should a GRC team do before 1 July 2026?
Four passes over your AI estate. Find the AI inside your material arrangements, starting from the service provider register. Test each contract against the CPS 230 service provider requirements. Build and actually exercise a fallback where AI supports a critical operation. Then manage and document the concentration risk.
Can I use an AI model to help review these contracts?
Yes, for drafting a gap checklist, summarising a long agreement against the requirements and producing a first-pass register. It is a drafting aid, not the decision-maker. A named accountable person, with legal advice, decides whether a contract complies and whether an exit or fallback is genuinely feasible.

Context

CPS 230 has been live for core operations since 1 July 2025, but service provider management was on a timer. On 30 April 2026 APRA finalised targeted amendments to CPS 230 and published a separate letter to industry on AI. Read together, they point at the same risk: AI sitting inside critical operations under contracts never written to the operational resilience standard.

AI angle

APRA's 30 April 2026 AI letter found entities heavily dependent on single AI providers with few tested exit or substitution strategies, the exact clauses CPS 230 requires for material service providers, so AI contracts are the part of the standard a supervisor is most primed to test first.

Primary sources

CPS 230APRAOperational ResilienceService Provider ManagementAI GovernanceFinancial Services
← Back to GRC

Read next

Brussels Financial Quarter Blue Hour
GRCRegulatory analysis·

The Scams Prevention Framework Meets AI: What 'Reasonable Steps' Now Demands

Treasury's exposure-draft codes for the Scams Prevention Framework set a technology-neutral reasonable-steps duty on banks, telcos and digital platforms. The scams it targets are now AI-generated, which raises the bar and creates a second duty: govern the detection AI you deploy to meet the first.

Read article
Warsaw Financial District Blue Hour
GRCRegulatory analysis·

AUSTRAC Just Put AI Risk Into Your AML Program Documents

On 19 June 2026 AUSTRAC updated the program starter kit documents that reporting entities build their AML/CTF programs from, adding artificial intelligence to the risk information. If you built your program before that date, your risk assessment is now out of step with the regulator's.

Read article
Doha West Bay Financial Dusk
GRCRegulatory analysis·

AML Tranche 2: What AI Can and Cannot Do for Your New Program

From 1 July 2026, tens of thousands of lawyers, accountants, real estate agents and dealers in precious metals become AML regulated for the first time. AI can help them stand up a program fast. It cannot own the risk-based judgement AUSTRAC will hold them to.

Read article

Content disclaimer: This article is for general educational and informational purposes only. It does not constitute legal advice, regulatory guidance, or a substitute for professional compliance judgement. Regulatory obligations vary by entity type, licence, and circumstance. Always refer to primary source guidance from APRA, ASIC, or the relevant regulatory authority.