NDIS Practice Standards vs Code of Conduct: Key Differences
Understanding the difference between NDIS practice standards vs code of conduct is essential for every provider operating in the National Disability Insurance Scheme. Both frameworks protect participants and drive service quality — but they work in fundamentally different ways, apply to different groups of providers, and carry distinct compliance obligations. If you confuse the two, you risk missing critical requirements and facing serious regulatory consequences. This guide breaks down each framework clearly, compares them side by side, and explains exactly what your organisation must do to stay compliant in 2025 and beyond.
What Is the NDIS Code of Conduct?
The NDIS Code of Conduct is a set of minimum behavioural standards that every NDIS provider and worker must follow when delivering supports and services. It applies universally — regardless of whether a provider is registered or unregistered with the NDIS Quality and Safeguards Commission.
Introduced on 1 July 2018 as part of the NDIS Quality and Safeguarding Framework, the Code focuses on how providers and workers conduct themselves when interacting with participants. It sets the ethical and behavioural floor for all NDIS-funded support delivery.
The 7 Code of Conduct Obligations
Every NDIS provider and worker must comply with these seven core obligations under the Code of Conduct:
- Act with respect and integrity — Treat participants with dignity, respect their privacy, and act honestly in all dealings.
- Deliver services safely and competently — Provide supports to the required standard with proper care and skill.
- Act with integrity, honesty, and transparency — Disclose any conflicts of interest and be honest about service limitations.
- Promptly take steps to raise and act on concerns about safety — Report and respond to risks of harm to participants.
- Provide supports free from violence, abuse, neglect, exploitation, and discrimination — Zero tolerance for any form of harm.
- Take all reasonable steps to maintain the sexual safety of participants — Maintain clear professional boundaries at all times.
- Charge fees in accordance with NDIS price limits and participant plans — Never engage in price gouging or unauthorised billing.
The Code applies to registered providers, unregistered providers, sole traders, and individual workers alike. This broad scope means code of conduct obligations reach into every corner of the NDIS market — not just formally registered organisations. Learn more in our complete NDIS Code of Conduct guide for providers.
What Are the NDIS Practice Standards?
The NDIS Practice Standards are a framework of quality benchmarks that registered NDIS providers must meet to gain and maintain their registration. Unlike the Code of Conduct, the Practice Standards apply exclusively to registered providers — organisations that have applied for and received registration from the NDIS Commission.
The Practice Standards set specific, measurable requirements for how registered providers deliver supports, manage their organisations, and protect participant rights. They are assessed through formal quality audits conducted by approved quality auditors (AQAs). For a full overview, visit our NDIS practice standards guide.
The Four Core Module Standards
The NDIS Practice Standards are structured around a core module containing four sections, plus a range of supplementary modules for specialist services:
- Rights and Responsibilities — Person-centred supports, individual values, privacy and dignity, independence and informed choice, and protection from violence, abuse, neglect, exploitation, and discrimination.
- Provider Governance and Operational Management — Governance systems, risk management, quality management, information management, feedback and complaints handling, incident management, human resource management, continuity of supports, and emergency and disaster management.
- Provision of Supports — Access to supports, support planning, service agreements with participants, responsive support provision, and transitions between providers.
- Provision of Supports Environment — Safe environments, management of participant money and property, medication management, mealtime management, and waste management.
Supplementary Modules
Providers delivering specialist services must also meet additional supplementary modules, including:
- High Intensity Daily Personal Activities
- Specialist Behaviour Support
- Implementing Behaviour Support Plans
- Early Childhood Supports
- Specialist Support Coordination
- Specialist Disability Accommodation
- Verification Module (for lower-risk providers)
Mandatory registration is expanding from late 2025, bringing support coordinators, Supported Independent Living (SIL) providers, and online platform-based services under the registered provider framework — and therefore under the Practice Standards.
NDIS Practice Standards vs Code of Conduct: Key Differences at a Glance
The most important distinction in any NDIS practice standards comparison is scope: the Code of Conduct applies to everyone, while the Practice Standards apply only to registered providers. Here is a detailed comparison:
| Feature | NDIS Code of Conduct | NDIS Practice Standards |
|---|---|---|
| Who It Applies To | All NDIS providers and workers (registered AND unregistered) | Registered NDIS providers only |
| Purpose | Sets minimum behavioural standards for ethical conduct | Sets quality and safety benchmarks for service delivery |
| Focus | How providers and workers behave | How providers operate and deliver services |
| Legal Basis | NDIS (Code of Conduct) Rules 2018 | NDIS (Provider Registration and Practice Standards) Rules 2018 |
| Enforcement | NDIS Commission — applies to all workers and providers | NDIS Commission — assessed by approved quality auditors |
| Compliance Measure | Complaints investigations, compliance actions | Formal third-party audits (verification or certification) |
| Audit Required? | No formal audit — assessed reactively via complaints | Yes — third-party audit required for registration |
| Renewal Cycle | Ongoing obligation — no renewal cycle | 3-year registration cycle with mid-term audits at 18 months |
| Documentation Required | Evidence of policies supporting Code compliance | Extensive documented policies, procedures, and records |
How the Two Frameworks Work Together
The Code of Conduct and Practice Standards are complementary. They work together within the NDIS Quality and Safeguarding Framework to create a comprehensive safety net for participants. Think of them as two layers of the same system:
- Layer 1 — The Code of Conduct sets the ethical floor. Every provider and worker must meet these behavioural minimums. The Commission can investigate breaches reactively, following complaints or incidents.
- Layer 2 — The Practice Standards establish the quality benchmark. Registered providers must demonstrate compliance proactively through documented systems, policies, and third-party audits.
In practice, this means a registered provider must meet both frameworks simultaneously. A registered organisation that delivers great services on paper but whose workers behave unethically will breach the Code of Conduct. Equally, a registered provider whose systems are weak and documentation is poor will fail the Practice Standards audit. See our NDIS compliance checklist for a practical guide to meeting both requirements.
Provider Compliance: What Each Framework Requires
Code of Conduct Compliance Steps
Meeting provider compliance obligations under the Code requires every organisation to take these practical steps:
- Implement clear policies that embed Code of Conduct principles into daily practice — including anti-discrimination, privacy, and incident response policies.
- Train all workers on their Code obligations through induction and ongoing learning. The NDIS Worker Orientation Module is mandatory for registered providers and strongly recommended for all workers.
- Create reporting mechanisms so workers can raise concerns about Code breaches safely and confidentially.
- Monitor compliance regularly by reviewing incident reports, complaints registers, and feedback from participants.
- Take corrective action promptly when breaches are identified — documenting the investigation and resolution.
Practice Standards Compliance Steps
Compliance with the Practice Standards is more structured and requires systematic documentation, which auditors review formally:
- Identify your audit pathway — verification (lower-risk services) or certification (higher-risk or complex supports). The NDIS Commission determines this based on your registration groups.
- Develop policies and procedures for each required standard — covering governance, risk management, incident management, complaints, human resources, support planning, and service delivery.
- Maintain records including staff qualifications, screening checks, training records, support plans, service agreements, incident logs, and participant feedback.
- Conduct internal audits at least annually to identify and address gaps before the formal audit.
- Engage an approved quality auditor for your third-party audit (stage 1 desktop review, and stage 2 site visit for certification audits).
- Address non-conformities within the required timeframe — typically 3 months for major non-conformities.
Read our NDIS provider registration checklist for 2025 to make sure you are meeting every requirement. Also review our NDIS incident management guide for practical incident reporting support.
Who Does Each Framework Apply to in 2025?
As the NDIS evolves, the distinction between registered and unregistered providers is becoming more significant — and understanding your obligations is more important than ever.
Registered Providers
If you are a registered NDIS provider, you must comply with both the Code of Conduct and the Practice Standards. You are subject to formal audits and must maintain comprehensive documentation across all relevant Practice Standards modules.
Unregistered Providers
Unregistered providers are still subject to the Code of Conduct — but not the Practice Standards. However, from late 2025 and into 2026, mandatory registration is being introduced for support coordinators, SIL providers, and online platform-based services. When registration becomes mandatory, these providers will need to meet the Practice Standards for the first time.
Individual Workers
Individual support workers — whether employed by a registered provider or working independently — must comply with the Code of Conduct. Workers at registered providers also benefit indirectly from the Practice Standards through the systems and governance their employer must maintain. Check our NDIS worker screening guide for obligations specific to workers.
What Happens When Providers Breach Each Framework?
The consequences for breaching the Code of Conduct versus the Practice Standards differ significantly in how they are investigated and what penalties apply.
Code of Conduct Breaches
The NDIS Commission investigates Code of Conduct breaches following complaints or reportable incidents. The Commission considers factors including the seriousness of the breach, whether harm occurred, and whether the breach was intentional or negligent. Consequences can include:
- Compliance notices requiring corrective action
- Banning orders preventing individuals from working in the NDIS
- Civil penalties for serious breaches
- Conditions placed on registration
- Suspension or cancellation of registration for providers
For guidance on managing reportable incidents, see our NDIS reportable incidents guide.
Practice Standards Non-Conformities
When auditors identify non-conformities during a Practice Standards audit, they are rated on a scale from 0 (major non-conformity) to 3 (best practice conformity). Major non-conformities must be resolved before registration can be granted or renewed. Unresolved non-conformities can result in:
- Corrective action plans with strict deadlines
- Conditions placed on registration
- Suspension of registration
- Cancellation of registration in serious cases
Common Misconceptions About the Two Frameworks
Providers frequently confuse or conflate the two frameworks. Here are the most common misunderstandings:
- “If I’m unregistered, I have no compliance obligations.” Wrong. Every provider and worker in the NDIS must comply with the Code of Conduct, regardless of registration status.
- “If I pass my Practice Standards audit, I automatically meet the Code of Conduct.” Not necessarily. The Code of Conduct covers individual worker behaviour that may not be directly assessed in an audit.
- “Only large organisations need to meet the Practice Standards.” Incorrect. All registered providers — including sole traders — must comply with the Practice Standards proportionate to their size and complexity.
- “The Practice Standards are just about paperwork.” Auditors assess both your documented systems AND how those systems operate in practice, including interviews with participants and workers.
2025 Changes Affecting Both Frameworks
Several significant changes in 2025 and 2026 affect both the Code of Conduct and the Practice Standards:
- Mandatory registration expansion — Support coordinators, SIL providers, and online platform providers will become subject to the Practice Standards as mandatory registration rolls out from late 2025.
- New SIL Practice Standards — The NDIS Commission is developing new Practice Standards specifically for Supported Independent Living providers, with a focus on participant safety, human rights, and worker training.
- Increased enforcement activity — The Commission has confirmed that audit frequency and enforcement intensity are increasing, with particular scrutiny on quality of supports in regional and remote areas.
- Evidence-based supports requirement — October 2024 guideline updates mean providers must ensure all therapeutic supports are evidence-based, adding a new documentation obligation that bridges both frameworks.
For help staying on top of these changes, explore our NDIS software for providers to manage compliance documentation efficiently.
How Inficurex Helps Providers Meet Both Frameworks
Navigating both the NDIS Code of Conduct and the Practice Standards simultaneously can feel overwhelming — especially when your team is focused on delivering supports, not managing paperwork. Inficurex helps registered and emerging NDIS providers build the systems, documentation, and workflows they need to stay compliant. From compliance checklists and service agreement templates to NDIS billing software and progress notes guides, our resources help you meet every requirement confidently and efficiently. Whether you are preparing for your first audit or planning for the 2025 registration changes, Inficurex has the tools to support your compliance journey.
Frequently Asked Questions
What is the main difference between the NDIS Practice Standards and the Code of Conduct?
The Code of Conduct sets behavioural standards for all NDIS providers and workers — registered or not. The Practice Standards are quality benchmarks that only registered providers must meet, assessed through formal audits.
Does the Code of Conduct apply to unregistered NDIS providers?
Yes. The Code of Conduct applies to all NDIS providers and workers, including those who are unregistered. Unregistered providers are not subject to the Practice Standards, but they must still comply with the Code at all times.
Do I need to pass an audit to comply with the Code of Conduct?
No. The Code of Conduct does not require a formal audit. Compliance is assessed reactively by the NDIS Commission following complaints, reportable incidents, or investigations.
What happens if a worker breaches the NDIS Code of Conduct?
The NDIS Commission can investigate and take action against individual workers, including issuing banning orders that prevent them from working in the NDIS. Providers must also support workers in understanding and meeting Code obligations.
How often do registered providers need to demonstrate Practice Standards compliance?
Registered providers undergo a full audit every 3 years for registration renewal. Certification providers also face a mid-term audit at 18 months into the registration cycle. The Commission can also conduct special audits at any time if concerns arise.
Can a provider comply with the Practice Standards but breach the Code of Conduct?
Yes. The frameworks are separate. A provider whose systems meet the Practice Standards can still have workers breaching the Code of Conduct through individual behaviour. Both must be managed independently.
What are the Practice Standards modules?
The Practice Standards include a core module (Rights and Responsibilities, Governance, Provision of Supports, Support Environment) plus supplementary modules for specialist services such as High Intensity Daily Personal Activities, Specialist Behaviour Support, and Specialist Disability Accommodation.
Will unregistered support coordinators need to meet Practice Standards in 2025?
Yes — mandatory registration is being introduced for support coordinators from late 2025. Once registration is mandatory, they will need to meet the relevant NDIS Practice Standards and undergo formal audits.