Does the NDIS Code of Conduct Apply to Unregistered Providers?
Short answer: Yes. The NDIS code of conduct unregistered providers must follow is the same one that applies to registered providers. Many unregistered providers assume they operate outside Commission oversight. That assumption is wrong — and it can be costly.
Every year, more providers enter the NDIS market without registering. They often work with self-managed or plan-managed participants and believe that unregistered status means fewer rules. However, the NDIS Code of Conduct for unregistered providers is exactly the same as for registered ones — every person who delivers NDIS supports must comply, regardless of registration status.
This guide breaks down exactly what the NDIS code of conduct for unregistered providers requires, how the Commission enforces it, and what happens when someone breaches it. Additionally, we cover the mandatory registration changes expected in 2025 and 2026 that every provider should understand now.
What Is the NDIS Code of Conduct?
The NDIS Code of Conduct is a set of binding standards for everyone who delivers supports or services under the NDIS. It was established by the NDIS Quality and Safeguards Commission. The code sets clear expectations for how workers and providers must treat participants.
The code contains seven core obligations. These obligations require providers and workers to act with honesty, respect participant rights, deliver safe and competent services, and raise concerns when something goes wrong. For a deeper overview, see our complete NDIS Code of Conduct guide for providers.
The seven obligations under the code are:
- Act with respect for individual rights to freedom of expression, self-determination, and decision-making
- Respect the privacy of people with disability
- Provide supports and services in a safe and competent manner with care and skill
- Act with integrity, honesty, and transparency
- Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports
- Take all reasonable steps to prevent and respond to all forms of violence, exploitation, neglect, and abuse
- Take all reasonable steps to prevent and respond to sexual misconduct
Importantly, the code covers both providers and their workers. So even staff employed by an unregistered provider must meet these standards individually.
Does the Code of Conduct Apply to Unregistered Providers?
Yes — absolutely and unambiguously. The NDIS code of conduct for unregistered providers is identical to the obligations that apply to registered providers. Every person who delivers NDIS supports must comply. This is one of the most misunderstood aspects of NDIS compliance.
The NDIS code of conduct scope extends beyond the registered provider framework. Section 73E of the NDIS Act 2013 specifically confirms that unregistered providers and their workers are bound by the code. The NDIS Commission has the authority to investigate complaints and take enforcement action against unregistered providers.
Key point: Being unregistered does not exempt you from the NDIS Code of Conduct. It only limits which participants you can serve. You can work with self-managed or plan-managed participants, but you must still meet all seven obligations of the code.
This is a critical distinction. Many new providers confuse registration requirements with conduct obligations. Registration determines eligibility to receive NDIS funding. The NDIS code of conduct for unregistered providers governs how you behave when delivering any NDIS support — and that applies universally.
What Obligations Apply to Unregistered Providers?
Unregistered providers carry substantial obligations under the NDIS code of conduct unregistered providers must follow. These requirements are not watered-down versions of what registered providers face. They are the same standards — applied fully.
1. Deliver Services Ethically and Safely
Unregistered providers must deliver services with genuine care and skill. This means employing or engaging workers with the right qualifications and competencies. It also means having systems in place to monitor service quality and address any deficiencies.
Poor service delivery is a breach — even if no formal complaint is lodged. Participants receiving unsafe care can report to the NDIS Commission at any time.
2. Maintain Participant Safeguards
Unregistered provider obligations include having adequate safeguards to protect participant safety. This covers identifying risks of harm, responding to incidents promptly, and ensuring participants are not exploited or abused.
While unregistered providers are not required to notify the Commission of reportable incidents (that obligation applies to registered providers), they must still have internal processes to respond to harm. Our NDIS incident management guide explains how to build these systems effectively.
3. Keep Proper Records
Accurate record-keeping is both a compliance expectation and a practical necessity. If the Commission investigates a complaint, your records will be the primary evidence. Poor documentation makes it very difficult to demonstrate that you met your obligations.
Records should cover service delivery notes, participant consent, agreements, incident logs, and any communication about participant wellbeing. Using purpose-built NDIS software can simplify this significantly.
4. Continuously Improve
The code requires providers to actively seek to improve service quality. This is not a passive standard. Providers must identify gaps, train workers, and respond to feedback. Complacency — even when no harm has occurred — can constitute a breach of the obligation to deliver services competently.
5. Act With Honesty and Transparency
Unregistered providers must be honest with participants, families, and the Commission. This includes providing accurate information about qualifications, experience, and the nature of services. Misleading conduct is a serious breach that can result in banning orders.
6. Respect Participant Rights and Privacy
Participants have the right to make their own decisions. Providers must respect these choices — including decisions that the provider may personally disagree with. Privacy obligations require that participant information is stored securely and only shared with appropriate consent.
Registered vs. Unregistered Provider Obligations: Comparison
| Obligation / Requirement | Registered Provider | Unregistered Provider |
|---|---|---|
| NDIS Code of Conduct | Yes — mandatory | Yes — mandatory |
| NDIS Practice Standards | Yes — audited against standards | No — not required to be audited |
| NDIS Worker Screening | Mandatory for risk-assessed roles | Cannot access Worker Screening Check; participants bear screening responsibility |
| Mandatory incident reporting | Yes — reportable incidents to Commission | No — not required to report to Commission |
| Who can serve | Agency-managed, plan-managed, self-managed participants | Self-managed and plan-managed participants only |
| Restricted supports (SDA, SIL, Plan Management, Behaviour Support) | Can deliver (with correct registration group) | Cannot deliver — these require registration |
| Commission complaint investigations | Yes — subject to investigation | Yes — subject to investigation |
| Banning orders possible | Yes | Yes |
| Quality audits | Yes — certification and verification audits | No — no scheduled audits |
| Worker Code of Conduct obligations | Workers must comply | Workers must comply |
NDIS Worker Screening for Unregistered Providers
NDIS worker screening is one of the most important — and most misunderstood — areas for unregistered providers. The formal NDIS Worker Screening Check is only accessible to registered providers for risk-assessed roles. Unregistered providers cannot request this check for their workers.
However, this does not mean unregistered providers have no screening obligations. Participant safety still depends on providers employing safe and suitable workers. The code of conduct requires providers to take all reasonable steps to prevent abuse, exploitation, and neglect.
For self-managed participants, the responsibility to screen workers often falls on the participant or their nominee. However, an unregistered provider still has a duty of care and must not knowingly engage workers who pose a risk to participants.
Our NDIS worker screening guide explains what checks are available and what unregistered providers can do to verify worker suitability. State and territory working with vulnerable people checks remain accessible and are strongly recommended.
What Happens If Unregistered Providers Breach the Code?
The NDIS Commission has broad enforcement powers that apply to both registered and unregistered providers. Many unregistered providers are surprised to learn that the Commission can investigate them directly.
The NDIS Commission’s compliance and enforcement framework sets out possible consequences when the NDIS code of conduct unregistered providers are required to follow is breached. These include:
- Formal investigations — The Commission can investigate complaints from participants, families, or other providers
- Compliance notices — Requiring a provider or worker to fix specific issues
- Enforceable undertakings — Binding commitments to change practices
- Banning orders — Prohibiting a person from delivering NDIS supports for a set period or permanently
- Civil penalties — Financial penalties for serious breaches under the NDIS Act
- Referrals to other agencies — Including the ACCC, state police, or child protection authorities
Banning orders are particularly serious. A banned provider or worker cannot deliver any NDIS supports — registered or unregistered — for the duration of the ban. This effectively ends a person’s ability to work in the sector. For more detail on how enforcement works, see our NDIS reportable incidents guide.
What Services Can Unregistered Providers NOT Deliver?
One of the clearest limitations for unregistered providers is the list of supports that legally require registration. These are high-intensity or specialist supports where participant risk is greatest. No unregistered provider can deliver the following, regardless of their experience or qualifications:
- Specialist Disability Accommodation (SDA) — Housing solutions for participants with extreme functional impairment
- Supported Independent Living (SIL) — 24/7 or intensive daily living support in shared accommodation
- Plan Management — Financial management of a participant’s NDIS funds
- Behaviour Support — Specialist behaviour interventions, particularly those involving restrictive practices
- Early Childhood Supports — Certain supports under the Early Childhood Approach
Delivering these supports without registration is illegal. It also exposes both the provider and the participant to serious risk. See our NDIS Practice Standards guide to understand what registration groups cover these supports.
Mandatory Registration Changes Coming in 2025–2026
The landscape for unregistered providers is likely to change significantly in the coming years. Government reviews of the NDIS code of conduct unregistered providers must meet have raised the prospect of mandatory registration for a much broader group of providers.
Key proposed changes include:
- Expanding mandatory registration to include more support categories currently available to unregistered providers
- New baseline requirements for all providers who wish to receive NDIS funding, even those serving only self-managed participants
- Stronger screening requirements across the workforce, including for unregistered providers’ staff
- Graduated registration pathways designed to reduce the barrier for smaller providers to register
The exact scope and timing of these changes depends on government decisions and consultation outcomes. Nevertheless, providers who are currently unregistered should start preparing now. Voluntary compliance with the NDIS Practice Standards is a wise investment — it builds operational maturity and reduces the effort needed if registration becomes mandatory.
Practical advice: Don’t wait for mandatory registration to improve your practices. Treat your unregistered operations as if registration requirements already apply. This protects participants, reduces your risk, and positions you well for any regulatory changes.
Common Questions About Code of Conduct Scope
Can the Commission investigate me if I am unregistered?
Yes. The Commission can investigate any provider or worker delivering NDIS supports. Registration status does not protect you from complaints or investigations. If a participant or family member raises a concern, the Commission has the authority to act.
Do I need to follow the code even if my participants are self-managed?
Yes. The code of conduct scope is not linked to how a participant manages their funding. Whether your participant is self-managed or plan-managed, you must comply with all seven obligations of the code.
What complaints can be made about unregistered providers?
Participants, family members, carers, or other providers can make complaints to the NDIS Commission about any provider who delivers NDIS supports. Complaints can relate to safety, conduct, quality of service, or breaches of participant rights.
Do unregistered providers need to notify the Commission of incidents?
Unregistered providers are not required to submit mandatory reportable incident notifications to the Commission. However, obligations under the NDIS code of conduct unregistered providers carry still require appropriate incident response. If an incident involves criminal conduct, it must be reported to police. Registered providers have additional formal reporting obligations — see our NDIS reportable incidents guide for details.
Can an unregistered provider use NDIS worker screening?
No. The formal NDIS Worker Screening Check is only available through registered providers for risk-assessed roles. Unregistered providers should instead use state and territory working with vulnerable people checks and conduct thorough reference checking. See our NDIS worker screening guide for alternatives.
How to Build Compliance as an Unregistered Provider
Building compliance with the NDIS code of conduct as an unregistered provider does not require a full registration audit. However, it does require systematic effort. Every unregistered provider operating under the NDIS code of conduct framework should follow these practical steps as a foundation:
- Document your service agreements — Use a clear NDIS service agreement template for every participant to set out mutual expectations and rights
- Create incident response procedures — Know how you will respond if a participant is harmed or at risk
- Screen your workers thoroughly — Apply state and territory vulnerable person checks, reference checks, and identity verification
- Train your team — Ensure every worker understands their code of conduct obligations, including when to raise concerns
- Keep records consistently — Maintain service delivery notes, consent records, and incident logs
- Review your practices regularly — Use our NDIS compliance checklist to identify gaps before a complaint does
How Inficurex Helps Unregistered Providers Stay Compliant
Inficurex supports NDIS providers at every stage of their compliance journey — including those who are currently unregistered. Our tools and resources are designed to make code of conduct compliance manageable, even without a dedicated compliance team.
We offer practical templates, guides, and software that help you document services, manage workers, handle incidents, and stay audit-ready. Whether you plan to register in the future or continue operating as an unregistered provider, compliance with the code of conduct is non-negotiable — and we make it straightforward.
Explore our NDIS software for providers to see how technology can support your compliance processes from day one.
Ready to Strengthen Your Compliance?
Use our free NDIS compliance checklist to identify gaps in your current practices. Whether you are registered or unregistered, knowing your obligations is the first step to protecting your participants and your business.
Frequently Asked Questions
Yes. The NDIS Code of Conduct applies to all providers and workers who deliver NDIS supports, regardless of registration status. Unregistered providers must comply with all seven obligations under the code.
Unregistered providers must act with respect, protect participant privacy, deliver safe and competent services, act honestly, raise concerns promptly, prevent abuse and neglect, and prevent sexual misconduct. These are the same seven obligations that apply to registered providers.
Yes. The Commission can issue banning orders against any person or provider delivering NDIS supports, including those who are unregistered. A banning order prevents a person from delivering NDIS supports for a set period or permanently.
The code of conduct scope covers all seven obligations and applies fully to unregistered providers. The only difference is that unregistered providers are not subject to the NDIS Practice Standards audits. However, the Commission can still investigate complaints about unregistered providers.
Mandatory registration changes are under consideration as part of NDIS reform. While timelines are not yet confirmed, there is a strong possibility that more providers will need to register in 2025 or 2026. Providers should monitor NDIS Commission announcements and begin preparing now.
Unregistered providers cannot access the formal NDIS Worker Screening Check. Instead, they should use state and territory vulnerable person checks and conduct thorough reference and identity checks on all workers. Worker obligations under the code of conduct still apply regardless of provider registration status.