The Real Cost of a TGA Breach: What Clinics Need to Know in 2026

If you’re a cosmetic injector or aesthetic clinic owner, this one’s for you. Because in 2026, “pretty marketing” isn’t the goal, compliant marketing is.

One wrong word (“safe”), one accidental testimonial, one Story that shows a syringe, one Google ad that implies an outcome… and you could be in hot water with the TGA, AHPRA and Australian Consumer Law (ACL).

And yes, regulators are watching. (Think: website checks, socials monitoring, email list sign-ups, audits… the works.)

This guide will help you identify the biggest risk zones, make simple fixes, and avoid incurring huge fines (and the stress that comes with them).

---

For busy clinic humans

• If the public can tell you’re promoting prescription-only injectables, you’re at serious risk under the TGA rules.
• AHPRA’s advertising rules ban practices such as testimonials, misleading claims, and creating “unreasonable expectations”, and penalties can apply per offence.
• ACL applies to everyone: claims must be truthful and not misleading, with very serious maximum penalties for corporations.
• “But it was just a comment” isn’t a defence, you’re responsible for advertising content you control (including reviews/testimonials used for promotion).
• The simplest way to stay safe? A repeatable workflow + checklists your whole team follows.

---

Content Index

• What counts as a “TGA breach” for cosmetic clinics?
• The “real cost” of getting it wrong
• The 8 most common clinic marketing mistakes (and fixes)
• A simple compliance workflow you can implement this week
• How the AHPRA & TGA Marketing Compliance Pack for Cosmetic Injectors helps
• FAQs
• About the Author + Legal Disclaimer

---

What counts as a “TGA breach” for cosmetic clinics?

Let’s put this plain English.

The TGA, or Therapeutic Goods Administration (TGA), regulates how therapeutic goods are advertised in Australia. Some therapeutic goods cannot be advertised to the public at all, including prescription-only medicines.

That means if your marketing (Instagram, website, Google Ads, emails, signage, Google Business Profile posts, all of it) effectively promotes a prescription-only injectable, you may already be in breach of the TGA’s advertising rules.

Importantly, not naming the product or brand does not make the content compliant. If a reasonable consumer would understand that a prescription-only medicine is being promoted, the TGA treats that as advertising.

---

The real cost of getting it wrong

A breach isn’t just a matter of deleting a post and moving on. Depending on the content, a single piece of marketing can trigger enforcement action from multiple regulators at once, with real financial, professional and operational consequences.

1) TGA compliance action

The TGA can take compliance action, and penalties can apply for unlawful advertising. “Compliance action” refers to the steps regulators take in response to violations of their rules.

They can also issue infringement notices (fines). The TGA explains how infringement notice amounts are calculated and gives an example showing $19,800 for a corporation (and $3,960 for an individual) for one type of advertising breach, and notes multiple notices can be issued for multiple breaches.

2) AHPRA (National Law) consequences

If you’re advertising a regulated health service, your advertising must not be misleading, use testimonials, create unreasonable expectations, or encourage unnecessary use.

AHPRA also notes increased maximum penalties under the National Law, up to $60,000 per offence for individuals and $120,000 per offence for bodies corporate (with the increased penalties applying across all jurisdictions, including WA).

3) ACL penalties for misleading claims

This is the one clinics forget because it’s not “health regulator flavoured”… but it absolutely applies.

The ACCC outlines that maximum penalties for many ACL (Australian Consumer Law) or CCA (Competition and Consumer Act) breaches can be the greater of $50,000,000, 3x the benefit, or 30% of adjusted turnover during the breach period.

So yes, wording matters. “Guaranteed results” language is a fast track to regulatory trouble.

---

The 8 most common clinic marketing mistakes and fixes

These mistakes aren’t edge cases. They’re the patterns regulators see again and again, especially in cosmetic clinics that rely heavily on social media, email marketing and paid ads. Most happen unintentionally, often because marketing decisions are made quickly without a consistent compliance process.

Mistake 1: Naming (or hinting at) prescription-only products

If the public can identify a prescription-only medicine from your content (caption, hashtag, visible boxes in the background, “we use X”, etc.), you’re entering high-risk territory under the TGA rules, because prescription-only medicines are prohibited from public advertising.

The fix: Use generic service descriptions rather than product names, and create approved “safe wording” your team can use consistently.

If you want a ready-made wording system, with channel-specific examples, this is exactly what the AHPRA & TGA Marketing Compliance Pack for Cosmetic Injectors™ is designed to support.

Mistake 2: Before-and-after content that implies injectables

Before/after images can easily imply a prescription-only treatment, even without naming anything.

The fix: Create a clear internal rule:

• Allowed: non-prescription, non-medical cosmetic services (still must be truthful, not misleading)
• High risk: anything that implies a prescription-only injectable

If your team can’t confidently explain why it’s compliant, it doesn’t go up.

Mistake 3: Using “too certain” language (aka making therapeutic promises)

Words like “safe”, “guaranteed”, “risk-free”, “no side effects”, “instant results” are common in clinic marketing, and often the exact phrases regulators hate.

The fix: Swap “certainty words” for compliant, accurate phrasing:

• “may assist…”
• “results vary…”
• “consultation required to assess suitability…”
• “information is general and not medical advice…”

This also helps you avoid risking huge fines under ACL if your marketing drifts into misleading territory.

Mistake 4: Testimonials and reviews are being used as advertising

AHPRA’s advertising requirements include that advertising must not use testimonials about the service or business.

The fix:

• Audit where testimonials appear (website, booking pages, social highlights, Google reviews embedded on-site)
• Train staff on what to do if reviews mention outcomes
• Have a consistent moderation process

Mistake 5: Discounts, giveaways, and “limited-time specials” that encourage unnecessary treatment

If your promo structure encourages people to jump into a regulated health service they may not need, that’s a risk zone, especially under AHPRA’s rule against encouraging indiscriminate/unnecessary use.

The fix: Promote education, consultation pathways, and non-problematic offers (that are still accurate and honest).

Mistake 6: Images that create the breach (even if the caption is “clean”)

You can write a perfectly compliant caption… and still breach through imagery:

• syringes/needles
• injection clips
• visible packaging
• overly “perfect” transformations

The fix: Build a “green light” image library: clinic fit-out, consult rooms, team headshots, educational graphics, neutral skin education visuals.

Mistake 7: Forgetting that emails count (and regulators can subscribe)

TGA guidance is clear that unlawful advertising can attract penalties, and advertising isn’t limited to a single platform.

The fix: Treat email marketing like it’s being read by a regulator (because it might be). Keep disclaimers consistent. Avoid outcome promises. Avoid product references.

Mistake 8: Not knowing which regulator applies (and when)

Here’s the simplest breakdown:

• TGA: rules for advertising therapeutic goods; prescription-only medicines can’t be advertised to the public.
• AHPRA/National Law: rules for advertising regulated health services (no testimonials, no misleading claims, no unreasonable expectations, etc.).
• ACL: truthfulness and not misleading, with very significant maximum penalties.

The fix: Stop relying on “we’ve always posted this” logic. Build a process that checks content across all three frameworks.

---

A simple compliance workflow you can implement this week

Here’s your “less chaos, more control” plan:

• Pick one channel to clean up first (usually Instagram or your website)
• Create a shared Do/Don’t list for:
• wording
• imagery
• offers/pricing
• testimonials/reviews
• Add a 30-second pre-post checklist (every post, every time)
• Assign a comment moderation owner (and make it someone reliable)
• Schedule a monthly mini audit (30 minutes) to review your last 10 posts/ads/emails

It’s not glamorous. But neither is a takedown notice.

---

How the AHPRA & TGA Marketing Compliance Pack for Cosmetic Injectors helps

If you’re tired of second-guessing whether your marketing is compliant, this pack provides a structured, clinic-friendly way to manage advertising risk.

The AHPRA & TGA Marketing Compliance Pack for Cosmetic Injectors™ is designed specifically for cosmetic injectors and aesthetic clinics delivering regulated health services. It brings AHPRA, TGA and ACL requirements together in one system, so your marketing isn’t compliant in one channel and risky in another.

Inside the pack:

• Master Advertising & Compliance Guide (AHPRA + TGA + ACL)
• Social Media Posting Guide + daily checklist
• Email Marketing Compliance Guide
• Website Advertising Compliance Guide
• Google My Business Guide (including reviews)
• Meta & Google Ads Compliance Guide
• Print, TV & Radio Advertising Guide
• Collaborations & Influencer Compliance Guide
• Mandatory wording templates with compliant examples

Ready to reduce risk and bring your team onto one standard?
Explore the Compliance Pack and apply a consistent approach across your clinic.

---

FAQs

Can the TGA really monitor my Instagram or website?

The TGA has publicly stated it conducts online monitoring and responds to complaints.

What’s the AHPRA rule on testimonials?

AHPRA’s (Australian Health Practitioner Regulation Agency) advertising requirements include that advertising must not use testimonials about the service or business.

What are the maximum AHPRA advertising penalties?

AHPRA notes the increased maximum penalties per offence: $60,000 for individuals and $120,000 for bodies corporate (now applying across all jurisdictions, including WA).

How big can ACL penalties get?

For many breaches, the ACCC outlines that maximum penalties can be the greater of $50 million, 3x the benefit, or 30% of adjusted turnover during the breach period.

If I want personalised help, what’s the next step?

If you want a proper review of your website, socials, ads, disclaimers, workflows and internal processes, the audit option (as described in your pack info) is the “please just tell me what to fix” upgrade.

---

 

 

SIGN UP TO OUR FREE BUSINESS CHECKLIST

Disclaimer

We do our best to keep this content accurate and up to date, but laws change, interpretations evolve, and the internet isn’t perfect. Occasionally, information may be outdated or contain errors.

This content is for general information only and isn’t legal advice. If you choose to rely on it, you do so at your own discretion. For advice specific to your business, you’ll need support tailored to your situation. 

All rights reserved. © Foundd Legal Pty Ltd