NDIS Code of Conduct: 7 Obligations Every Provider Must Know

Operating as an NDIS provider comes with serious legal and ethical responsibilities. The NDIS code of conduct obligations set a clear standard for how providers and workers must behave when delivering supports. Failing to meet these obligations can result in investigations, fines, and even de-registration. This guide breaks down all seven obligations in plain language. It also explains who the Code applies to, what happens when it is breached, and how technology can help your organisation stay compliant every day. Whether you are a registered provider or operate unregistered, you need to understand these requirements fully.

What Is the NDIS Code of Conduct?

The NDIS Code of Conduct is a legally binding framework established under the NDIS (Code of Conduct) Rules 2018. It outlines the minimum standards of behaviour expected from everyone who delivers NDIS supports. The Code protects the rights, safety, and dignity of people with disability across Australia. For more background, read our complete NDIS Code of Conduct guide for providers.

Obligation 1: Act With Respect for Individual Rights

Every person with disability has the right to freedom of expression, self-determination, and decision-making. Providers must actively support these rights in every interaction. This is the foundational NDIS code of conduct obligation and sets the tone for all other obligations.

What This Looks Like in Practice

Supporting individual rights means offering real choices, not token ones. A worker cannot decide which service a participant receives simply because it is more convenient. Participants must be informed of their options and given the time to decide. Decision-making support must be person-centred, not paternalistic.

Compliance Tips

• Document participant choices in every service agreement and review them regularly.
• Train workers to use supported decision-making language.
• Never override a participant’s choice unless there is a genuine safety concern.

Obligation 2: Respect the Privacy of People With Disability

Privacy is a fundamental human right, and it is also a core provider compliance obligation under the Code. Providers must handle all personal information securely and confidentially. This includes health records, care notes, financial information, and even incidental details shared during support delivery.

What This Looks Like in Practice

Workers must not share participant information with friends, family, or colleagues unless there is a legitimate reason. Photos and videos of participants must never be taken or shared without explicit consent. Participant records must be stored securely and only accessed by authorised staff.

Compliance Tips

• Implement a clear data privacy policy aligned with the NDIS Commission’s guidance.
• Use secure, role-based access controls in your case management software.
• Review your NDIS compliance checklist to ensure privacy procedures are up to date.

Obligation 3: Provide Supports in a Safe and Competent Manner

This obligation sits at the heart of quality service delivery. Providers must ensure that every support is delivered safely, with appropriate skill and care. This is not just a best-practice standard — it is a legal requirement under NDIS worker duties. Reviewing the NDIS Practice Standards alongside your provider compliance obligations will help you set the right benchmarks for your team.

What This Looks Like in Practice

Workers must have the qualifications and skills required for the supports they deliver. A worker providing complex clinical care must hold the relevant credentials. Providers must not allow staff to deliver supports they are not trained or qualified for. Safe manual handling, medication management, and behaviour support must all meet professional standards.

Compliance Tips

• Maintain up-to-date training records for all workers.
• Align service delivery with NDIS Practice Standards.
• Conduct regular supervision and competency reviews.
• Address incidents quickly using your incident management system.

Obligation 4: Act With Integrity, Honesty, and Transparency

Integrity underpins trust between providers, participants, and the NDIS system. Acting with integrity means being honest about your services, pricing, and capabilities. It also means disclosing conflicts of interest and never misleading participants. Fair pricing requirements are embedded in this obligation, making transparency a direct provider compliance obligation under the Code.

What This Looks Like in Practice

Providers must not charge for services not delivered. They must not inflate hours, claim for support workers who were not present, or mislead participants about their plan entitlements. Transparent billing is essential. Contracts, agreements, and invoices must all accurately reflect the support provided.

Compliance Tips

• Keep detailed, time-stamped progress notes for every shift.
• Ensure your service agreements clearly outline pricing and scope.
• Review invoices against shift records before claiming from the NDIS portal.

Obligation 5: Promptly Raise and Act on Concerns About Quality and Safety

This NDIS code of conduct obligation requires workers and providers to speak up when they notice problems. Staying silent about quality or safety concerns is itself a breach of the Code. Understanding all code of conduct 7 elements helps workers see this duty is just as critical as frontline delivery. The NDIS system depends on everyone in the support chain acting as a safeguard.

What This Looks Like in Practice

If a worker notices a participant appears at risk, they must report it immediately — not wait until the next scheduled review. Providers must have a clear, accessible reporting pathway for staff. Whistleblower protections exist to encourage people to raise concerns without fear of retaliation.

Compliance Tips

• Establish a formal incident reporting system. Learn more in our reportable incidents guide.
• Train workers on what constitutes a reportable incident.
• Conduct regular audits of quality and safety records.

Obligation 6: Prevent and Respond to Violence, Exploitation, Neglect, and Abuse

People with disability are at heightened risk of violence, abuse, exploitation, and neglect. Providers have a duty to proactively prevent these harms — not just react after they occur. This is one of the most serious provider compliance obligations in the entire Code. Fulfilling these NDIS worker duties requires structural safeguards and individual accountability from every team member.

What This Looks Like in Practice

Providers must screen all workers before engagement. The NDIS Worker Screening Check is mandatory for many roles. Workers must receive training on recognising signs of abuse, neglect, and exploitation. When concerns arise, providers must act immediately and report to the NDIS Commission as required.

Compliance Tips

• Implement a zero-tolerance policy for abuse and violence.
• Conduct regular worker screening reviews as required by the NDIS provider standards.
• Provide annual training on safeguarding and mandatory reporting.
• Document all responses to concerns, including timelines and outcomes.

Obligation 7: Prevent and Respond to Sexual Misconduct

Sexual misconduct is treated as a separate, distinct obligation under the Code due to its severity. Providers must take all reasonable steps to prevent sexual misconduct and respond appropriately when it occurs. This obligation applies to all NDIS workers, including those in trusted support roles.

What This Looks Like in Practice

All workers must understand that any sexual contact with a participant is strictly prohibited regardless of apparent consent. Power imbalances in the care relationship mean genuine consent is impossible in this context. Providers must have a clear policy prohibiting sexual misconduct and must report any allegations promptly.

Compliance Tips

• Include sexual misconduct prevention in all worker inductions and annual training.
• Create a safe, confidential reporting channel for participants and workers.
• Report all allegations to the NDIS Commission immediately under the reportable incidents framework.

What Happens If You Breach the NDIS Code of Conduct?

The NDIS Commission takes a responsive and proportionate approach to enforcement. The severity of consequences depends on the nature and extent of the breach. However, even minor or repeated breaches can escalate quickly.

Possible outcomes of a breach include:

• Formal investigations by the NDIS Commission
• Compliance notices requiring corrective action
• Enforceable undertakings
• Banning orders preventing individuals from working in the NDIS
• De-registration for registered providers
• Civil penalties of up to $52,500 for individuals and $262,500 for corporations

Providers should also note that they bear responsibility for their workers’ conduct. If a worker breaches the Code and the provider failed to take reasonable steps to prevent it, the provider may also face consequences. Strong governance, training, and documentation are your best defences.

Who Must Follow the NDIS Code of Conduct?

A common misconception is that the Code only applies to registered providers. In fact, the code of conduct 7 elements apply to a broad range of organisations and individuals.

The Code applies to:

• Registered NDIS providers and their workers
• Unregistered NDIS providers and their workers
• Key personnel within provider organisations
• All NDIS workers, including contractors and sole traders
• ILC (Information, Linkages and Capacity Building) providers
• Commonwealth Continuity of Support Programme providers
• NDIS Commission employees

This wide scope reflects the NDIS system’s commitment to protecting participants at every point of contact. If you deliver any NDIS-funded support, the Code applies to you. For a deeper look at how the Code interacts with other requirements, see our NDIS Practice Standards guide.

How Inficurex Helps Providers Meet Their NDIS Code of Conduct Obligations

Keeping track of seven obligations across a team of workers is genuinely complex. Inficurex is purpose-built NDIS software for providers that makes compliance manageable. The platform centralises incident reporting, progress notes, shift records, and worker compliance in one place.

With Inficurex, you can:

• Automate alerts for overdue incident reports and compliance tasks
• Store signed service agreements and consent records securely
• Track worker training and screening expiry dates
• Generate audit-ready reports for NDIS Commission reviews
• Monitor billing accuracy to ensure integrity and transparency

Meeting your NDIS code of conduct obligations does not have to be a manual burden. Explore how Inficurex NDIS software helps you stay compliant, protect your participants, and grow your business with confidence.

Frequently Asked Questions

What are the 7 NDIS code of conduct obligations?

The seven obligations are: (1) act with respect for individual rights; (2) respect privacy; (3) provide supports safely and competently; (4) act with integrity, honesty, and transparency; (5) raise concerns about quality and safety promptly; (6) prevent and respond to violence, exploitation, neglect, and abuse; and (7) prevent and respond to sexual misconduct.

Who must comply with the NDIS Code of Conduct?

The Code applies to registered and unregistered providers, key personnel, all NDIS workers, ILC providers, Commonwealth Continuity of Support Programme providers, and NDIS Commission employees. No one delivering NDIS-funded supports is exempt.

What are the penalties for breaching the Code?

Breaches can lead to investigations, banning orders, de-registration, and civil penalties of up to $52,500 for individuals and $262,500 for corporations. The NDIS Commission takes a proportionate approach but does not hesitate to act on serious violations.

Does the Code apply to unregistered providers?

Yes. Both registered and unregistered providers must comply with the NDIS Code of Conduct. Unregistered providers are not exempt simply because they are not subject to audit under the Practice Standards.

How does the NDIS Commission enforce the Code?

The NDIS Commission uses a responsive and proportionate approach. It can issue compliance notices, accept enforceable undertakings, impose banning orders, or take civil penalty proceedings. The level of response depends on the risk and severity of the breach.

What are providers’ responsibilities for their workers?

Providers must take reasonable steps to ensure their workers comply with the Code. This includes providing training, supervision, clear policies, and safe reporting channels. If a worker breaches the Code and the provider failed in their oversight duty, the provider may also face regulatory action.

Are fair pricing requirements part of the Code?

Yes. Fair pricing is embedded within the obligation to act with integrity, honesty, and transparency. Providers must not overcharge, claim for services not delivered, or mislead participants about costs.

Where can I read the full Code of Conduct?

The full text is available on the NDIS Commission website and in the NDIS (Code of Conduct) Rules 2018 on the Federal Register of Legislation.