Is a consent policy legally required for all NDIS providers?

Registered NDIS providers are required to meet the NDIS Practice Standards, which embed consent obligations throughout. A standalone written policy is the clearest way to demonstrate compliance during an audit. Unregistered providers must still comply with the NDIS Code of Conduct, which carries parallel consent-related obligations.

Does a SIL provider need a separate consent policy or does a general one cover SIL?

A general consent policy can cover SIL, but it must specifically address the unique consent considerations in a home environment — including worker access, overnight and intimate care support, visitor access, and any in-home monitoring. Many SIL providers maintain a companion SIL-specific procedure alongside their general policy.

What happens if a participant lacks capacity to consent?

The presumption of capacity must always be the starting point. Workers should first attempt to support the participant to make their own decision using accessible communication and adequate time. Only where this is not possible should a legally recognised substitute decision-maker be involved. The policy must document this hierarchy and the organisation's obligations under relevant state or territory guardianship legislation.

How often should an NDIS consent policy be reviewed?

There is no single mandated review interval, but best practice — and what auditors expect to see — is a review at least annually and whenever there is a significant regulatory change, a complaint or incident related to consent, or a change in the services your organisation delivers.

Can a participant withdraw consent mid-service?

Yes. Consent is not a one-time event. Participants have the right to withdraw consent to any aspect of their support at any time. Your policy must explain how workers respond to withdrawal, what needs to be documented, and what information the participant must be given about any service implications before they make that decision.

Are consent requirements different for providers using restrictive practices?

Yes, significantly. Regulated restrictive practices require state or territory authorisation and must be part of an approved behaviour support plan. Consent from the participant or a legally authorised substitute decision-maker must be documented as part of that plan. This is distinct from — and additional to — general service consent requirements.

Do you need an NDIS consent policy? Provider requirements

Who needs an NDIS consent policy?

If you are a registered NDIS provider, a formal consent policy is not optional — it is a practical requirement flowing directly from the NDIS Practice Standards and Quality Indicators. The Practice Standards require that participants are supported to make informed decisions, that their choices are respected, and that providers document how consent is sought, obtained, and recorded across service delivery.

SIL (Supported Independent Living) providers face the highest scrutiny. Because SIL involves ongoing, often 24-hour support in a participant's home, the opportunity for consent to be undermined — intentionally or through poor process — is significant. Approved quality auditors look specifically at whether consent is embedded in everyday operations, not just written into a policy document that sits in a drawer.

Unregistered providers are not entirely off the hook either. The NDIS Code of Conduct applies to all providers and workers, registered or not, and includes explicit obligations to act with respect for individual rights, to provide supports in a safe and competent manner, and to prioritise the interests of participants. A consent framework — even if less formally structured — is consistent with meeting these obligations.

Why the strengthened 2026 framework raises the bar

The NDIS Commission's strengthened Practice Standards, which have been progressively rolled out ahead of the 2026 mandatory registration changes, place greater emphasis on rights-based practice and the active support of participant decision-making. Key shifts include:

A stronger focus on supported decision-making, recognising that most participants can make their own decisions when given appropriate support and information.
Clearer expectations that consent is ongoing and can be withdrawn — not a one-time signature at intake.
Greater scrutiny of situations where substitute decision-making is used, requiring providers to document why a substitute decision-maker was involved and what steps were taken to maximise the participant's own input.
Alignment with the strengthened module on high-intensity daily personal activities, where consent to specific support tasks must be individually established.

With the 2026 registration changes bringing more providers under the registered framework, organisations that previously operated unregistered will need to build consent policies that meet audit standards for the first time.

What a compliant NDIS consent policy must cover

While the NDIS Commission does not publish a single prescriptive template, the Practice Standards and associated guidance make clear what auditors will look for. A compliant policy should address each of the following areas:

1. Scope of the policy

Define when and where the policy applies — service agreements, information sharing, photography and video, behaviour support, restrictive practices, health-related decision-making, and any research or evaluation activities. SIL providers should specifically reference consent within the home environment.

2. Informed consent principles

Explain what "informed" means in practice: the participant must understand what they are consenting to, the information must be provided in a format they can access (Easy Read, interpreter, AAC device), and consent must be free from pressure or coercion. Document how your organisation verifies genuine understanding.

3. Capacity and supported decision-making

Outline your approach when a participant's decision-making capacity is in question. The starting presumption under Australian law — and reinforced in the NDIS Practice Standards — is that all people have capacity unless there is clear evidence to the contrary. Describe how workers support participants to make their own decisions before involving a substitute decision-maker, and which decision-makers are legally recognised in your state or territory (guardians, administrators, persons responsible).

4. Recording and storage

Specify how consent is documented (signed forms, recorded verbal consent, case notes) and where records are stored. Records must be retrievable during an audit. The NDIS Commission expects consent records to be kept for the duration of the service relationship and for a defined period afterwards, consistent with your state's health records legislation.

5. Withdrawal of consent

Participants have the right to withdraw consent at any time. Your policy must describe how withdrawal is handled, including any service implications that must be explained to the participant before they make their decision.

6. Restrictive practices

If your organisation uses or plans to use regulated restrictive practices, consent requirements are significantly more stringent. State and territory authorisation is required, and the consent of the participant or their substitute decision-maker must be documented as part of the behaviour support plan process. This should be a distinct section in your policy or a referenced companion procedure.

7. Complaints and review

Explain how participants can raise a concern if they feel their consent was not respected, and how the organisation will review the policy over time to keep it current with regulatory changes.

What auditors actually check

During a certification or verification audit conducted by an approved quality auditor, auditors will typically:

Request a copy of your consent policy and check it against the relevant Practice Standards quality indicators.
Interview workers to assess whether they understand the policy and can describe how they apply it in daily support delivery.
Review participant files to confirm consent records exist and are contemporaneous (not backdated).
Look for evidence of accessible formats — Easy Read versions, translated materials, or records showing an interpreter was used.
Check that consent was re-sought when services or support arrangements changed.
In SIL specifically, assess whether consent extends to home access by workers, visitors, and any monitoring or surveillance in the property.

Common non-conformances include consent forms that are signed at intake and never reviewed, policies that conflate capacity with literacy, and records that are incomplete or inconsistent across support workers' documentation.

Consequences of not having a policy

Operating without a compliant consent policy as a registered provider can result in:

Non-conformance findings during audit, which must be remediated within a set timeframe or risk registration conditions, suspension, or revocation.
Incident and complaint escalation — if a consent-related incident occurs and there is no documented policy or process, the NDIS Commission's compliance and enforcement team may treat this as a systemic failure rather than an individual worker issue.
Worker conduct findings under the Code of Conduct, which can result in banning orders for individuals.
Reputational damage and potential civil liability where a participant's rights were demonstrably ignored.

A practical checklist for SIL providers

Requirement	In place?
Written consent policy covering all service types	Yes / No / Partial
Accessible formats available (Easy Read, translated, AAC-compatible)	Yes / No / Partial
Process documented for supported decision-making	Yes / No / Partial
Substitute decision-maker rules recorded per jurisdiction	Yes / No / Partial
Withdrawal of consent procedure included	Yes / No / Partial
Restrictive practices consent addressed separately	Yes / No / Partial
Worker training records show policy awareness	Yes / No / Partial
Participant files contain current, signed consent records	Yes / No / Partial
Policy reviewed within the last 12 months	Yes / No / Partial

Getting your documentation audit-ready

Building a consent policy from scratch is straightforward once you understand the framework, but it needs to sit alongside your broader compliance documentation — service agreements, behaviour support policies, incident management procedures, and worker screening records — to be meaningful. Providers preparing for the 2026 registration changes or upcoming re-certification audits often find it more efficient to work from a structured document set.

The 74-document audit-ready SIL compliance kit at ndiscompliant.com.au includes a pre-built consent policy, accessible participant-facing consent forms, and companion procedures covering restrictive practices and supported decision-making — designed to meet current NDIS Commission requirements and aligned to the strengthened Practice Standards.

Regardless of the path you take, the non-negotiable outcome is the same: your organisation must be able to demonstrate, with documented evidence, that every participant who receives your supports did so with genuine, informed, and freely given consent.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.