The Australian regulatory environment has shifted in ways that matter for in-house legal teams this year. From the ACCC’s enforcement priorities sharpening around digital economy conduct, to the High Court expanding upon the unconscionable conduct ruling. Read on to hear the key regulatory pressure points that deserve close attention.

However, what's changed isn't just the rules. Operational challenges caused by AI usage without proper governance is leaving businesses exposed to risk. Some of the most acute compliance exposure no longer arises from what companies say to consumers, but from how they design systems, structure choices, and manage information asymmetries. 

Regulatory Focus for 2026

Dark Patterns and Choice Architecture

The ACCC has named dark patterns and manipulative design as explicit 2026–27 enforcement priorities, and it's already acting on them. The proceeding against Microsoft - where consumers were allegedly steered toward higher-priced Microsoft 365 plans by concealing the free default behind a cancellation pathway - illustrates how the risk manifests. The conduct under scrutiny wasn't a false statement - it was the architecture.

Proposed Section 28B of the Australian Consumer Law will go further, targeting conduct that "unreasonably manipulates" consumer decision-making even where it falls short of existing misleading or deceptive conduct thresholds. 

For legal teams, this extends compliance review into interface design - friction placement, option visibility, confirmation flows, cancellation pathways. A legal sign-off that stops at the terms and conditions will miss the risk entirely.

Watch out for:

• Cancellation flows that require more steps than signup

• Cheaper or alternative options buried behind exit pathways

• Pre-selected options that benefit the operator by default

Get ahead of it:

• Walk your cancellation flow as a customer before legal reviews it

• Document every design decision that affects option visibility - regulators will ask

Unconscionable Conduct and System Design

Unconscionable conduct has traditionally centered on vulnerable consumers and sharp sales practices. The High Court has moved beyond that. Courts have confirmed that unconscionable conduct can arise from system design itself, not just exploitative intent. Where a platform systematically removes friction from paths that benefit the operator and adds it to paths that benefit the consumer, that architecture can ground a claim, provided the consequences were reasonably foreseeable.

This matters for digital platforms, subscription services, and any sector where system design choices routinely diverge from consumer interests. The ACCC is alert to it, and plaintiff firms running class actions will find these claims structurally attractive given the scale of platforms involved. Design review and conduct risk can no longer be cleanly separated.

Watch out for:

• System design that makes operator-beneficial actions easier than consumer-beneficial ones

• Friction added to refund, cancellation, or switching pathways

Get ahead of it:

• Map every point in your customer journey where operator and consumer interests diverge

• Ensure product and legal teams share a common framework for assessing design decisions

Doubled Penalties

Maximum penalties for Competition and Consumer Act contraventions doubled to $100 million per contravention on 26 March 2026. The conduct being penalized hasn't changed - misleading claims, subscription traps, greenwashing - but the financial consequence has.

For organizations with high-volume compliance workflows, the exposure compounds quickly. A compliance program calibrated to the prior penalty environment, and relying on manual, probabilistic review, deserves a close look. The ACCC's funding and enforcement mandate have grown alongside the penalties. Enforcement probability and enforcement intensity are both rising.

Watch out for:

• Compliance programs last reviewed before March 2026

• High document volumes reviewed manually without consistent standards

Get ahead of it:

• Audit your highest-volume content workflows against the new penalty baseline

• Treat each public-facing document as carrying individual contravention exposure

New Challenges: The Operational Reality

Why Manual Compliance Can’t Keep Pace

There's a huge operational problem looming over in-house legal teams. The infrastructure most in-house lawyers rely on for compliance reviews - email review loops, Word document approvals, institutional knowledge living in one GCs head - can't scale to meet the new levels of output created by AI. 

The problem shows up in predictable ways: 

• Marketing guidelines go out of date while offers and eligibility criteria change week to week. 

• Every iteration between marketing and legal happens via email and document revision. When a reviewer leaves, the reasoning behind past compliance decisions disappears with them. 

• New product teams ask the same questions that were resolved six months ago and receive different answers from different reviewers. 

• Older compliance tools flag the same underlying issue repeatedly without resolving it, creating alert fatigue rather than clarity. 

• Legal capacity gets consumed by reactive iteration on straightforward assets, with no bandwidth left for strategic work.

The doubled penalty environment makes this structural weakness harder to ignore. An organization managing 1,500 public-facing documents annually across multiple teams - each document carrying potential contravention exposure at $100 million baseline - cannot rely on manual review that is probabilistic and inconsistent. You cannot simply hire enough lawyers to close this gap.

The organizations that are managing it are deploying AI-powered compliance platforms that integrate into existing workflows, reduce manual review time substantially, and capture institutional knowledge before it walks out the door. Rather than relying on individual reviewers' mental models, compliance standards become explicit rules applied consistently - ones that product and legal teams both access and update. When marketing asks whether a design change is compliant, the answer is evaluated against the organization's documented risk tolerance, not reconstructed from scratch each time. 

The regulatory pressure is real and it's intensifying. The question for most in-house teams isn't whether their compliance program covers the right areas - it's whether it's built to operate at the volume and consistency the current environment demands.

About Haast

Leading financial services, insurance, telecommunications, and retail organizations in Australia are already deploying such platforms to manage compliance at scale. Haast is purpose-built for this environment: combining pre-publish review, live monitoring, and regulatory horizon scanning (beta) into a single compliance platform powered by AI agents trained on ACCC, FCA, FINRA, and other regulatory standards.