NDIS Code of Conduct vs Practice Standards: What’s Different?
Understanding NDIS code of conduct vs practice standards is essential for every provider navigating the compliance framework — yet the two instruments are frequently confused. Both are enforced by the NDIS Quality and Safeguards Commission, but they serve fundamentally different purposes, apply to different audiences, and are assessed through entirely different mechanisms. In this guide, you will find a clear comparison of what each framework covers, who it applies to, how it is enforced, and — most importantly — how they work together to protect NDIS participants and drive quality service delivery.
What Is the Difference Between the NDIS Code of Conduct and Practice Standards?
The NDIS Code of Conduct sets behavioural expectations for all providers, workers, and key personnel — registered and unregistered. NDIS Practice Standards set operational and quality benchmarks for registered providers only. In short: the Code governs how people behave, while the Standards govern how well services are delivered and managed.
The Two Frameworks at a Glance
Before diving into the detail, the following comparison table provides a side-by-side overview of the NDIS code of conduct vs practice standards across the most important dimensions.
| Dimension | NDIS Code of Conduct | NDIS Practice Standards |
|---|---|---|
| Purpose | Sets behavioural expectations for all workers and providers | Sets quality and operational benchmarks for service delivery |
| Who it applies to | All providers (registered AND unregistered), all workers, key personnel | Registered providers only |
| Legislative basis | NDIS (Code of Conduct) Rules 2018 | NDIS (Practice Standards) Rules 2018 |
| Enforced by | NDIS Quality and Safeguards Commission | NDIS Quality and Safeguards Commission |
| Assessment mechanism | Complaints investigations and compliance monitoring | Formal audits (verification or certification) |
| Scope | 7 behavioural obligations | Core module + supplementary modules by registration group |
| Enforcement tools | Compliance notices, banning orders, civil penalties, deregistration | Conditions on registration, suspension, deregistration, audit requirements |
| Worker-level obligations | Yes — directly applies to individual workers | No — applies at the provider/organisation level |
Understanding Code of Conduct Scope
The Code of Conduct scope is intentionally broad. It applies to every person and organisation that provides NDIS supports — regardless of whether they are registered with the Commission. This is one of the most important distinctions in the entire provider compliance framework.
Who Does the Code Apply To?
The following categories of people and organisations are subject to the Code of Conduct:
- Registered NDIS providers — organisations or individuals formally registered with the NDIS Commission.
- Unregistered NDIS providers — providers serving self-managed and plan-managed participants who have chosen not to register.
- Workers — every individual who delivers supports on behalf of a provider, including casual and contracted workers.
- Key personnel — directors, executives, and senior managers who influence the governance and conduct of a registered provider.
Therefore, an unregistered sole trader providing support worker services to a self-managed participant is fully subject to the Code of Conduct — even though they have no obligation to meet the Practice Standards. This is a critical distinction that many smaller providers and individual workers overlook. You can explore the full obligations in the complete guide to the NDIS Code of Conduct for providers.
The Seven Code Obligations
The Code of Conduct scope covers seven specific obligations that govern how everyone in the NDIS behaves:
- Respect the rights of people with disability to freedom of expression, self-determination, and decision-making.
- Respect the privacy of people with disability.
- Provide supports and services in a safe and competent manner with care and skill.
- Act with integrity, honesty, and transparency.
- Promptly take action to raise and act on concerns about matters that might affect quality and safety.
- Take all reasonable steps to prevent and respond to all forms of violence, exploitation, neglect, and abuse.
- Take all reasonable steps to prevent and respond to sexual misconduct.
These obligations apply at the individual level. As a result, even if a provider organisation is found to have adequate systems, an individual worker can still be investigated and sanctioned for their personal conduct. The detailed guide to NDIS Code of Conduct obligations covers each obligation in practical depth.
Understanding NDIS Practice Standards
NDIS Practice Standards are a quality framework that applies exclusively to registered providers. They specify the outcomes and indicators that providers must demonstrate across their governance, service delivery, and safeguarding systems. Unlike the Code — which is primarily about individual conduct — the Practice Standards are about organisational systems.
The Structure of the Practice Standards
The Practice Standards are structured around a Core Module that applies to all registered providers, plus Supplementary Modules that apply depending on the types of supports a provider is registered to deliver.
The Core Module covers four key areas:
- Rights and Responsibilities — ensuring participants’ rights are upheld and their support is delivered in accordance with their plan and preferences.
- Governance and Operational Management — demonstrating sound governance, risk management, and administrative systems.
- The Provision of Supports — planning, delivering, and reviewing supports in a person-centred way.
- The Support Environment — ensuring the physical and safety environment of support delivery meets required standards.
In addition, supplementary modules address higher-risk supports including Specialist Behaviour Support, Implementing Behaviour Support Plans, Early Childhood Supports, Specialist Disability Accommodation, and Specialised Support Coordination. For a comprehensive breakdown of what each module requires, see our NDIS practice standards guide.
How Practice Standards Are Assessed
Unlike the Code of Conduct — which is assessed reactively through complaints — Practice Standards are assessed through formal, scheduled audits. The type of audit depends on the registration groups a provider holds:
- Verification audit — required for lower-risk registration groups such as household tasks, transport, and assistive products. Typically document-based and less intensive.
- Certification audit — required for higher-risk registration groups such as supported independent living (SIL), personal care, specialist behaviour support, and early childhood supports. This involves an on-site assessment by an accredited audit body and is more comprehensive.
Furthermore, certification providers undergo a mid-term surveillance audit approximately 18 months after their initial certification. Registration renewal occurs every three years and requires a renewal audit. The NDIS provider registration checklist for 2025 outlines the full audit timeline and documentation requirements.
How the Code and Standards Work Together
The NDIS code of conduct vs practice standards comparison is not an either/or question — both frameworks work as complementary layers of the same provider compliance framework. Understanding how they interact is essential for effective compliance management.
Complementary but Separate Enforcement Pathways
A provider can fail a Practice Standards audit without breaching the Code of Conduct — and vice versa. For example, a provider may have excellent documentation of governance systems (satisfying Practice Standards) but have a worker who behaves disrespectfully toward a participant (breaching the Code). Consequently, compliance with one framework does not guarantee compliance with the other.
However, strong Practice Standards compliance significantly reduces the risk of Code breaches. When governance, training, supervision, and incident management systems meet Practice Standards benchmarks, workers are better equipped and more supported to behave in accordance with the Code. Therefore, the two frameworks are mutually reinforcing in well-run organisations.
Where the Frameworks Overlap
Several areas of the provider compliance framework are addressed by both instruments:
- Incident management — the Code requires workers to raise concerns and take action; the Practice Standards require the organisation to have a compliant incident management system. Both apply simultaneously. Review your NDIS incident management guide to ensure your system meets both sets of requirements.
- Worker screening — the Code requires workers to act safely; Practice Standards require providers to verify worker clearances as part of governance. The NDIS worker screening guide covers how to meet both requirements.
- Complaints — the Code requires honest, transparent conduct; Practice Standards require a functional complaint management system at the organisational level.
- Rights and dignity — both frameworks address participant rights, but from different angles: the Code governs individual conduct; the Standards require organisational systems that protect those rights.
Enforcement: Code vs Standards
The enforcement mechanisms for the Code of Conduct and Practice Standards differ significantly. Understanding these differences is important for providers managing compliance risk.
Code of Conduct Enforcement
The NDIS Commission enforces the Code of Conduct primarily through the complaints pathway. When a complaint is lodged — by a participant, family member, worker, or any other person — the Commission investigates whether the Code was breached. Enforcement tools include:
- Compliance notices requiring specific corrective actions.
- Enforceable undertakings where providers commit to remediation steps.
- Banning orders preventing individuals from delivering NDIS supports — either for a fixed period or permanently.
- Civil penalty proceedings in the Federal Court — up to $330,000 for individuals and $1.6 million for organisations for breaching banning orders.
- Deregistration for registered providers where breaches are systemic.
According to the NDIS Commission’s compliance and enforcement records, the Commission has commenced civil penalty proceedings against individuals for breaching banning orders, demonstrating the serious consequences of Code violations.
Practice Standards Enforcement
Practice Standards enforcement is primarily audit-driven. When an audit identifies non-conformance, the audit body reports findings to the Commission, which then determines the appropriate response:
- Minor non-conformances may require a corrective action plan within a specified timeframe.
- Major non-conformances can result in conditions being placed on registration.
- Repeated or unresolved major non-conformances can lead to registration suspension or cancellation.
- In addition, the Commission may conduct unannounced compliance audits if it has concerns about a provider’s ongoing performance.
Therefore, the Practice Standards enforcement pathway is more structured and predictable than the Code enforcement pathway — which can be triggered at any time by a complaint from anyone. Maintaining robust compliance against both frameworks is essential. Use the NDIS compliance checklist to ensure your systems address both sets of requirements simultaneously.
Practice Standards Comparison: Registration Groups and Module Requirements
A key feature of the Practice Standards that has no equivalent in the Code is the registration group structure. Different registration groups require compliance with different supplementary modules — making this practice standards comparison relevant at the strategic planning stage of registration.
The following table summarises which audit type and modules apply to common registration groups:
| Registration Group | Audit Type | Supplementary Module |
|---|---|---|
| Household Tasks | Verification | None |
| Transport | Verification | None |
| Assistive Products for Personal Care | Verification | None |
| Personal Activities (daily) | Certification | None (Core only) |
| Supported Independent Living (SIL) | Certification | High Intensity Daily Personal Activities |
| Specialist Behaviour Support | Certification | Specialist Behaviour Support |
| Early Childhood Supports | Certification | Early Childhood Supports |
| Specialist Disability Accommodation (SDA) | Certification | Specialist Disability Accommodation |
As a result, providers delivering multiple registration groups must comply with multiple supplementary modules — significantly increasing audit scope and documentation requirements. Strategic selection of registration groups during the initial application can meaningfully reduce audit complexity and cost.
People Also Ask: NDIS Code of Conduct vs Practice Standards
Do Practice Standards apply to unregistered providers?
No. NDIS Practice Standards apply only to registered providers. Unregistered providers are exempt from the Practice Standards and are not subject to formal audits. However, unregistered providers remain fully subject to the NDIS Code of Conduct — including all seven behavioural obligations. As a result, unregistered providers cannot use the absence of a Practice Standards audit as evidence that their services meet quality benchmarks.
Furthermore, unregistered providers serving self-managed or plan-managed participants should consider developing internal quality frameworks aligned with the Practice Standards as a voluntary best-practice measure. This prepares them for eventual registration and demonstrates commitment to quality service delivery.
Which is harder to comply with — the Code of Conduct or Practice Standards?
This depends on your perspective and role. For individual workers, the Code of Conduct is more immediately relevant — it governs daily behaviour and personal conduct. For provider organisations, Practice Standards are more demanding in terms of documentation, system development, and audit preparation.
Moreover, the Code is harder to predict in terms of enforcement because it is triggered by complaints that can arise at any time. Practice Standards compliance, by contrast, is more manageable because it follows a structured audit cycle with known requirements. Both demand sustained attention within a provider compliance framework.
Can a provider be deregistered for breaching the Code of Conduct rather than Practice Standards?
Yes. The NDIS Commission can cancel or suspend a provider’s registration for serious or systemic breaches of the Code of Conduct — independent of any Practice Standards audit outcome. The Commission has broad enforcement powers that extend to deregistration for Code violations. For detailed information on breach consequences, see the NDIS code of conduct breach overview.
Therefore, providers must not assume that passing a Practice Standards audit means they are protected from Code enforcement action. The two pathways are independent. Comprehensive compliance management addresses both simultaneously.
How Inficurex Supports Both Code and Standards Compliance
Managing compliance against both the NDIS Code of Conduct and Practice Standards simultaneously requires systems that span governance, training, incident management, and service delivery documentation. Inficurex is built to support exactly this — giving NDIS providers a single platform that links Code obligations to practice-level evidence and keeps audit documentation current and accessible.
With Inficurex, you can map each Practice Standards indicator to the relevant governance documents and policy evidence. Furthermore, training records, worker screening clearances, and incident reports are linked in one place — making it straightforward to demonstrate compliance across both frameworks during an audit. Your team avoids the fragmented, last-minute compliance scramble that many providers experience before audit cycles.
Additionally, Inficurex’s compliance dashboards surface gaps between Code obligations and Standards requirements so you can prioritise remediation intelligently. Visit Inficurex to see how Australia’s purpose-built NDIS software helps providers stay confidently compliant.
Frequently Asked Questions
What legislation establishes the Code of Conduct and Practice Standards?
Both frameworks are established under the National Disability Insurance Scheme Act 2013 and associated rules. The Code of Conduct is set out in the NDIS (Code of Conduct) Rules 2018. The Practice Standards are set out in the NDIS (Practice Standards) Rules 2018. Both are available on the Federal Register of Legislation. The NDIS Commission has published supplementary guidance for both instruments.
Does the Code of Conduct apply to allied health workers under the NDIS?
Yes. Allied health workers — including occupational therapists, physiotherapists, speech pathologists, and psychologists — are subject to the NDIS Code of Conduct when delivering NDIS supports. They also have separate obligations under their own professional registration bodies (AHPRA). As a result, allied health workers delivering NDIS supports carry dual obligations: their professional code and the NDIS Code of Conduct. Both must be met simultaneously.
How do I know which Practice Standards modules apply to my registration?
The modules that apply to your organisation depend on the registration groups you hold or are applying for. The NDIS Commission’s registration portal and the NDIS website provide guidance on which modules apply to each registration group. Your approved auditor will also confirm the audit scope during the planning stage. For a comprehensive overview of registration requirements, review the NDIS provider registration checklist for 2025.
Can a worker comply with the Code of Conduct but fail Practice Standards?
Yes. An individual worker may fully comply with the Code of Conduct in their personal conduct and behaviour while the provider organisation they work for fails to meet Practice Standards requirements — for example, due to inadequate governance systems or incomplete support plans. The two levels of compliance are separate. Consequently, workers and provider organisations each carry their own compliance obligations.
What is a verification audit vs a certification audit?
A verification audit applies to lower-risk registration groups and is primarily document-based. An auditor reviews policies, procedures, and records against the NDIS Practice Standards Core Module, but on-site visits are typically not required. A certification audit applies to higher-risk registration groups, involves on-site assessment, staff interviews, and participant consultations, and is significantly more comprehensive and costly. Certification audits cost between $3,000 and $15,000+ depending on organisation size and scope.
Are workers informed of the difference between the Code and Standards during induction?
Best-practice induction programmes explain both frameworks and how they relate to each other — but the primary focus for frontline workers is the Code of Conduct, since it applies directly to their individual behaviour. Practice Standards governance requirements are more relevant to management and quality roles. Effective induction differentiates these audiences and tailors content accordingly. See the NDIS Code of Conduct training resource for guidance on structuring induction content.
Can the same compliance action satisfy both Code and Standards requirements?
In many cases, yes. For example, maintaining current worker screening clearances satisfies both a Code of Conduct governance obligation and a Practice Standards governance indicator. Similarly, a functional incident management system that meets Practice Standards requirements also helps workers meet their Code obligations to raise and act on safety concerns. Therefore, designing compliance systems to satisfy both frameworks simultaneously is more efficient than treating them as entirely separate workstreams.
What should I prioritise — Code compliance or Practice Standards compliance?
Both must be addressed. However, for providers approaching their first registration audit, Practice Standards compliance has the most immediate structural requirement — because registration depends on passing the audit. Code compliance must be maintained on an ongoing basis, as complaints can arise at any time. For ongoing operations, use the NDIS compliance checklist to manage both frameworks in parallel within a single governance cycle.