SAN MATEO, Calif. — Just one day after Xero unveiled XeroForce, its natural-language AI agent builder targeting small businesses and accountants, industry analysts and privacy advocates on Friday began pressing the New Zealand-based accounting software giant for clarity on how sensitive financial data fed into the platform will be stored, processed, and used to train future AI models.
The Institute of Certified Bookkeepers and several regional accounting associations in Australia and the United Kingdom issued coordinated requests to Xero on Friday asking the company to publish its full data governance framework for XeroForce, including whether client financial records processed through the platform are used in any form to improve Xero's underlying AI models. The concerns mirror broader anxieties that have dogged AI-powered business tools across the sector.
Xero, listed on the Australian Securities Exchange (ASX: XRO), positioned XeroForce as a low-code solution enabling small business owners and accountants to build custom AI agents capable of automating invoicing queries, cash-flow analysis, and compliance reminders. However, the platform's reliance on natural-language inputs — which may include client names, transaction histories, and tax identifiers — has prompted immediate questions about compliance with Australia's Privacy Act, the UK's GDPR obligations, and New Zealand's Privacy Act 2020.
Privacy attorney firms in Sydney and London noted Friday that Xero's updated terms of service, quietly amended alongside the XeroForce announcement, contain broader data-use language than the company's previous agreements. 'The clause permitting Xero to use aggregated and de-identified data for service improvement is standard in the industry, but the definition of de-identified in an AI training context is increasingly contested by regulators,' said one London-based data protection counsel familiar with the matter.
Xero's communications team acknowledged the inquiries and said the company would publish a dedicated XeroForce Data Trust FAQ by the end of next week. The company emphasized that no individually identifiable client financial data is used to train its foundational AI models, a position it said is consistent with its existing privacy commitments. Analysts at Macquarie and Jarden noted that the scrutiny, while not unusual for a major AI product launch, arrives at a sensitive moment as Australian and UK regulators are actively reviewing AI data practices across fintech platforms, and that Xero's share price slipped modestly on the ASX during Friday trading amid the uncertainty.