NDIS Code of Conduct guide for Australian disability service providers

NDIS Code of Conduct: Complete Guide for Providers

/ NDIS Code of Conduct, NDIS Compliance, NDIS Incident Management, NDIS Practice Standards / By

The NDIS Code of Conduct is a fundamental framework that guides the behaviour and actions of all NDIS providers and workers across Australia. Whether you’re a registered provider, an unregistered provider delivering services to self-managed participants, or a support worker, understanding and complying with the NDIS Code of Conduct is not just a legal requirement—it’s essential for delivering safe, respectful, and quality disability support services.

In this comprehensive guide, we’ll break down everything you need to know about the NDIS Code of Conduct, including its seven key requirements, how to implement compliance measures in your organisation, and what happens when breaches occur.

What is the NDIS Code of Conduct?

The NDIS Code of Conduct is a set of requirements established under Section 73V of the National Disability Insurance Scheme Act 2013. It sets out the expected standards of behaviour and conduct for all NDIS providers and their workers when delivering supports and services to people with disability.

Unlike the NDIS Practice Standards which focus on organisational systems and processes, the Code of Conduct is primarily about individual behaviour and the ethical treatment of NDIS participants. It applies to:

  • All registered NDIS providers
  • Unregistered providers delivering NDIS supports
  • All workers employed or engaged by NDIS providers
  • Sole traders providing NDIS supports
  • Subcontractors working in the NDIS space

The 7 Key Requirements of the NDIS Code of Conduct

The NDIS Code of Conduct consists of seven core requirements that all providers and workers must follow. Understanding each requirement is essential for maintaining compliance and delivering quality services to participants.

1. Act with Respect for Individual Rights to Freedom of Expression, Self-Determination, and Decision-Making

The first requirement emphasises the fundamental rights of NDIS participants. As a provider or worker, you must:

  • Respect each participant’s right to make their own decisions about their life and supports
  • Support participants to exercise choice and control over their NDIS plan
  • Recognise and respect cultural, linguistic, and religious diversity
  • Acknowledge participants’ right to dignity of risk
  • Never impose your own values or beliefs on participants
  • Support informed decision-making by providing clear, accessible information

This requirement aligns with the core NDIS principle of choice and control, recognising that people with disability have the right to direct their own lives and make decisions that others might perceive as risky.

2. Respect the Privacy of People with Disability

Privacy protection is a crucial aspect of the Code of Conduct. Providers and workers must:

  • Only collect personal information that is necessary for delivering supports
  • Store personal information securely and protect it from unauthorised access
  • Only share information with explicit consent or when legally required
  • Dispose of personal information appropriately when no longer needed
  • Train staff on privacy obligations and best practices
  • Maintain confidentiality in all interactions

This requirement works alongside the Privacy Act 1988 and the Australian Privacy Principles (APPs), creating multiple layers of privacy protection for participants.

3. Provide Supports and Services in a Safe and Competent Manner

Safety and competence are non-negotiable elements of quality service delivery. This requirement means:

  • Ensuring all workers have appropriate qualifications, skills, and experience
  • Providing adequate training and professional development opportunities
  • Implementing safe work practices and risk management procedures
  • Using evidence-based approaches and interventions
  • Maintaining appropriate supervision and support for workers
  • Regularly reviewing and improving service delivery methods

Providers must also ensure they have appropriate insurance coverage and meet all relevant work health and safety requirements.

4. Act with Integrity, Honesty, and Transparency

Trust is the foundation of effective support relationships. This requirement covers:

  • Being honest and truthful in all communications with participants
  • Providing accurate information about services, costs, and capabilities
  • Declaring and managing any conflicts of interest
  • Not making misleading claims about qualifications or services
  • Being transparent about limitations or constraints
  • Honouring commitments and service agreements

Providers must also ensure their marketing materials and public communications are accurate and not misleading.

5. Promptly Take Steps to Raise and Act on Concerns About Matters That May Impact the Quality and Safety of Supports

This requirement creates a culture of continuous improvement and vigilance. It means:

  • Encouraging workers to report concerns without fear of reprisal
  • Establishing clear processes for raising and responding to concerns
  • Taking immediate action when participant safety is at risk
  • Reporting incidents to the NDIS Commission as required
  • Implementing corrective actions and preventive measures
  • Regularly reviewing incidents and near-misses for learning opportunities

This links directly to the NDIS incident management and reportable incidents framework.

6. Take All Reasonable Steps to Prevent and Respond to All Forms of Violence, Exploitation, Neglect, and Abuse

Protecting participants from harm is paramount. This requirement involves:

  • Implementing robust safeguarding policies and procedures
  • Training all staff to recognise signs of abuse, neglect, and exploitation
  • Creating safe environments for participants to disclose concerns
  • Responding immediately and appropriately to allegations
  • Reporting to relevant authorities including the NDIS Commission and police
  • Supporting participants who have experienced harm

This requirement has zero tolerance for any form of violence or abuse against participants, and providers must have comprehensive prevention strategies in place.

7. Take All Reasonable Steps to Prevent and Respond to Sexual Misconduct

Sexual misconduct is treated with particular seriousness under the Code. Providers must:

  • Establish clear boundaries and professional standards
  • Provide training on recognising and preventing sexual misconduct
  • Implement robust reporting mechanisms
  • Take immediate action when allegations arise
  • Report to the NDIS Commission and police as required
  • Support affected participants with appropriate services

The NDIS Commission has specific worker screening requirements designed to prevent people who pose a risk from working with participants.

Who Must Comply with the NDIS Code of Conduct?

The Code of Conduct has broad application across the disability support sector. It applies to:

Registered NDIS Providers
All providers registered with the NDIS Commission must comply with the Code of Conduct as a condition of their registration. This includes providers of all support types, from plan management to specialist disability accommodation.

Unregistered Providers
Even providers who are not registered with the NDIS Commission must comply with the Code of Conduct when delivering supports to self-managed or plan-managed participants. From late 2025, mandatory registration requirements are expected to expand, bringing more providers under formal regulation.

NDIS Workers
All workers delivering NDIS supports must comply with the Code, regardless of their employment status. This includes:

  • Employees of NDIS providers
  • Contractors and subcontractors
  • Volunteers
  • Agency staff
  • Sole traders

Governing Bodies
Board members and key personnel of NDIS providers also have obligations under the Code, particularly regarding governance and oversight responsibilities.

NDIS Code of Conduct vs NDIS Practice Standards: Understanding the Difference

Many providers confuse the Code of Conduct with the NDIS Practice Standards. While both are essential for NDIS compliance, they serve different purposes:

NDIS Code of Conduct

  • Focuses on individual behaviour and conduct
  • Applies to all NDIS providers and workers (registered and unregistered)
  • Sets out ethical standards for interactions with participants
  • Addresses how individuals should behave when delivering supports

NDIS Practice Standards

  • Focus on organisational systems and processes
  • Only apply to registered NDIS providers
  • Include specific quality indicators that must be demonstrated
  • Require external verification or certification audits

Both frameworks work together to ensure participants receive safe, quality supports. The Code of Conduct addresses the ‘how’ of individual behaviour, while the Practice Standards address the ‘what’ of organisational capability.

How to Implement NDIS Code of Conduct Compliance

Compliance with the Code of Conduct requires more than just awareness—it requires systematic implementation across your organisation. Here’s a practical approach:

Step 1: Develop Clear Policies and Procedures

Create comprehensive policies that translate each Code requirement into practical guidance for your organisation. Your policies should:

Be accessible to all workers

Step 2: Provide Comprehensive Training

All workers must understand the Code of Conduct and how it applies to their role. Effective training should:

  • Cover all seven requirements in detail
  • Include practical scenarios and case studies
  • Be provided at induction and refreshed annually
  • Be documented and tracked for compliance purposes
  • Include assessment to confirm understanding

Step 3: Establish Reporting and Response Mechanisms

Create systems that enable concerns to be raised and addressed effectively:

  • Multiple channels for reporting concerns (verbal, written, anonymous)
  • Clear escalation pathways
  • Defined timeframes for response
  • Protection for whistleblowers
  • Connection to incident management systems

Step 4: Monitor and Review

Ongoing compliance requires continuous monitoring:

  • Regular supervision and performance reviews
  • Feedback collection from participants and families
  • Internal audits of Code of Conduct compliance
  • Review of complaints and incidents for patterns
  • Benchmarking against industry best practices

Consequences of NDIS Code of Conduct Breaches

Breaching the Code of Conduct can have serious consequences for both individual workers and provider organisations. The NDIS Commission has broad powers to investigate and take action.

For Individual Workers

Workers who breach the Code may face:

Damage to professional reputation

For Provider Organisations

Providers whose workers breach the Code may face:

  • Compliance notices and directions
  • Infringement notices with financial penalties
  • Conditions imposed on registration
  • Suspension or revocation of registration
  • Civil penalties through the courts
  • Reputational damage affecting business viability

The severity of consequences depends on factors including the nature and seriousness of the breach, whether it was deliberate or negligent, the impact on participants, and the provider’s response and cooperation with investigations.

How to Report a Code of Conduct Breach

If you witness or become aware of a potential breach of the NDIS Code of Conduct, you have options for reporting:

Internal Reporting

Start by reporting concerns through your organisation’s internal processes. Most providers have established channels for raising concerns about worker conduct.

NDIS Commission Complaints

You can make a complaint directly to the NDIS Quality and Safeguards Commission:

  • Online through the NDIS Commission website
  • By phone on 1800 035 544
  • By email to contactcentre@ndiscommission.gov.au
  • In writing to GPO Box 210, Penrith NSW 2750

Mandatory Reporting

Providers and workers have mandatory reporting obligations for certain matters, including reportable incidents involving participants. These must be reported to the NDIS Commission within specified timeframes.

NDIS Code of Conduct Training Requirements

While the NDIS legislation doesn’t prescribe specific training requirements for the Code of Conduct, best practice and the NDIS Practice Standards expect providers to ensure all workers are trained and competent.

Essential Training Elements

Effective Code of Conduct training should include:

Regular refresher training (recommended annually)

Training Delivery Options

Organisations can deliver Code of Conduct training through:

  • Face-to-face workshops and seminars
  • Online learning modules and e-learning platforms
  • Blended learning approaches
  • External training providers
  • Integration with broader induction programs

Code of Conduct Compliance Checklist

Use this checklist to assess your organisation’s Code of Conduct compliance:

Policies and Procedures

  • [ ] Code of Conduct policy documented and accessible
  • [ ] Clear expectations for worker behaviour outlined
  • [ ] Reporting procedures established
  • [ ] Policies reviewed within the last 12 months

Training and Awareness

  • [ ] All workers trained on the Code of Conduct
  • [ ] Training records maintained
  • [ ] Refresher training scheduled
  • [ ] Training materials up to date

Monitoring and Response

  • [ ] Supervision processes in place
  • [ ] Complaint handling procedures established
  • [ ] Incident management system operational
  • [ ] Regular compliance reviews conducted

Documentation

[ ] Audit and review documentation

Frequently Asked Questions About the NDIS Code of Conduct

Does the Code of Conduct apply to unregistered providers?

Yes, the NDIS Code of Conduct applies to all providers delivering NDIS supports, regardless of registration status. Unregistered providers who deliver services to self-managed or plan-managed participants must comply with the Code. From late 2025, mandatory registration requirements are expected to expand, bringing more providers under formal NDIS Commission oversight.

What is the difference between the NDIS Code of Conduct and NDIS Practice Standards?

The Code of Conduct focuses on individual behaviour and ethical conduct when delivering supports, while the Practice Standards focus on organisational systems, processes, and capabilities. The Code applies to all providers and workers, while Practice Standards only apply to registered providers. Both frameworks work together to ensure quality and safety.

How often should Code of Conduct training be provided?

While there’s no prescribed frequency in legislation, best practice recommends providing Code of Conduct training at induction for all new workers and refresher training at least annually. Training should also be provided when significant changes occur or when issues are identified.

Can I be banned from working in the NDIS for breaching the Code of Conduct?

Yes, the NDIS Commission can issue banning orders that prevent individuals from providing NDIS supports. Banning orders are typically reserved for serious breaches, such as abuse, neglect, or sexual misconduct. A banning order can be permanent or for a specified period.

What should I do if I witness a Code of Conduct breach?

You should report the breach through your organisation’s internal reporting processes. For serious matters, you can also report directly to the NDIS Commission. You’re protected from retaliation when making genuine complaints, and in some cases, reporting is mandatory.

Conclusion

The NDIS Code of Conduct is a cornerstone of the quality and safeguards framework that protects NDIS participants. By understanding the seven key requirements, implementing robust compliance systems, and fostering a culture of ethical practice, providers can ensure they deliver supports that respect participants’ rights and keep them safe.

Compliance isn’t just about avoiding penalties—it’s about building trust with participants and their families, demonstrating your commitment to quality, and contributing to a disability support sector that truly empowers people with disability to live their best lives.

As the NDIS continues to evolve, staying informed about regulatory changes and continuously improving your compliance practices will help ensure your organisation remains well-positioned to deliver quality services into the future.

For more information about NDIS compliance requirements, explore our comprehensive guides on NDIS Practice Standards, Worker Screening, and Reportable Incidents.The NDIS Quality and Safeguards Commission is responsible for enforcing the Code of Conduct and can take action against providers or workers who breach its requirements.

[ ] Worker acknowledgment of Code of Conduct

[ ] Training completion records

[ ] Incident and complaint records

Overview of the NDIS and its purpose

Detailed explanation of all seven Code requirements

Practical examples relevant to different support settings

Case studies and scenario-based learning

Understanding of reporting obligations

Assessment of knowledge and understanding

Investigation by the NDIS Commission

Compliance notices requiring specific actions

Banning orders preventing them from working with NDIS participants

Criminal prosecution for serious matters

Employment consequences including termination

Clearly state expectations for worker behaviour

Provide practical examples relevant to your service type

Include reporting and escalation procedures

Be regularly reviewed and updated

Scroll to Top