What does the NDIS Code of Conduct require under Section 73V?

Section 73V of the NDIS Act 2013 establishes the NDIS Code of Conduct which requires workers and providers to: act with respect for individual rights to freedom of expression, self-determination, and decision-making; respect the privacy of people with disability; provide supports and services in a safe and competent manner with care and skill; act with integrity, honesty, and transparency; promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports; take all reasonable steps to prevent and respond to all forms of violence, exploitation, neglect, and abuse; and take all reasonable steps to prevent and respond to sexual misconduct.

Who must sign an NDIS Code of Conduct acknowledgement?

Every person who delivers supports or services on behalf of a registered NDIS provider must acknowledge the NDIS Code of Conduct. This includes permanent employees, casual staff, contractors, subcontractors, volunteers, students on placement, and agency staff. The acknowledgement must be signed before the person commences any work with participants, and refreshed annually. The provider must maintain a register of all signed acknowledgements.

What happens if an NDIS worker breaches the Code of Conduct?

A breach of the NDIS Code of Conduct can result in consequences at two levels. At the provider level, the organisation's Code of Conduct policy should specify a graduated consequences framework: verbal warning, written warning, mandatory retraining, increased supervision, suspension pending investigation, and termination of employment. At the regulatory level, the NDIS Commission can investigate Code of Conduct breaches and issue compliance notices, banning orders preventing a person from working in the NDIS sector, or infringement notices with financial penalties.

How often must NDIS Code of Conduct training be refreshed?

NDIS auditors expect Code of Conduct training to be refreshed annually for all workers. The initial training should occur during induction before the worker has unsupervised contact with participants. Annual refresher training should cover any updates to the Code, real-world scenarios relevant to the provider's service context, and a re-signing of the acknowledgement form. The training register should record the date, content, attendees, and trainer for each training session.

What is the difference between worker and provider obligations under the NDIS Code of Conduct?

The NDIS Code of Conduct creates obligations for both individual workers and providers as organisations. Worker obligations relate to personal conduct: treating participants with respect, providing competent care, acting with integrity, and reporting concerns. Provider obligations are systemic: ensuring all workers understand and comply with the Code, having systems to enforce the Code, taking action when breaches occur, and creating a workplace culture that supports compliance. The NDIS Commission can take enforcement action against both individual workers and the provider organisation.

How to Write an NDIS Code of Conduct Policy: Acknowledgement, Training and Enforcement

Understanding Section 73V: The Seven Obligations

The NDIS Code of Conduct is established by Section 73V of the National Disability Insurance Scheme Act 2013. It applies to all NDIS providers (both registered and unregistered) and all workers delivering NDIS supports. The Code contains seven core obligations:

#	Obligation	What It Means in Practice
1	Act with respect for individual rights to freedom of expression, self-determination, and decision-making	Support participants to make their own choices, including decisions about risk (dignity of risk). Do not make decisions for participants. Use person-centred language.
2	Respect the privacy of people with disability	Handle personal information in accordance with the Privacy Act 1988. Do not discuss participant information outside of professional contexts. Maintain confidentiality.
3	Provide supports and services in a safe and competent manner with care and skill	Only perform tasks you are trained and qualified to do. Follow organisational policies and procedures. Report concerns about your own or a colleague’s competence.
4	Act with integrity, honesty, and transparency	Be truthful in all professional dealings. Disclose conflicts of interest. Do not accept gifts or financial benefits from participants beyond nominal value. Maintain accurate records.
5	Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports	Report incidents, hazards, and concerns through the organisation’s reporting systems. Do not ignore or cover up concerns. Support a speak-up culture.
6	Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect, and abuse of, people with disability	Understand the signs of VANED (Violence, Abuse, Neglect, Exploitation, and Discrimination). Follow safeguarding procedures. Report concerns immediately.
7	Take all reasonable steps to prevent and respond to sexual misconduct	Maintain professional boundaries at all times. Never engage in sexual conduct with a participant. Report any allegations or concerns immediately.

Your Code of Conduct policy should reproduce these seven obligations verbatim, then explain what each means in the context of your specific service delivery. A SIL provider’s interpretation of these obligations will differ from a plan management provider because the nature of the service relationship is different — SIL workers are in participants’ homes, often overnight, creating unique boundary and privacy considerations.

Worker vs Provider Obligations

The NDIS Code of Conduct creates parallel obligations for individual workers and for the provider organisation. Your policy must address both.

Worker Obligations

Individual workers must personally comply with the seven obligations. This is a personal legal obligation — a worker who breaches the Code can face enforcement action from the NDIS Commission directly, including banning orders that prevent them from working in the NDIS sector.

Provider Obligations

Providers have systemic obligations:

Ensure all workers understand the Code and their obligations under it
Provide training on the Code at induction and annually
Require all workers to sign an acknowledgement of the Code before commencing work
Have systems to monitor compliance with the Code
Take action when a breach is identified, including investigation and consequences
Create a culture where workers feel safe to raise concerns without retaliation
Report serious Code of Conduct breaches to the NDIS Commission where required

Key Point

The NDIS Commission can take action against the provider even if the breach was committed by an individual worker — particularly if the provider did not have adequate systems to prevent the breach, did not respond appropriately, or created a culture where the breach was normalised. Your policy must demonstrate that you take systemic responsibility for Code compliance.

Code of Conduct Acknowledgement Process

Every person who delivers supports on behalf of your organisation must sign a Code of Conduct acknowledgement. This is non-negotiable for audit compliance.

Who Must Sign

Permanent employees (full-time and part-time)
Casual staff
Contractors and subcontractors
Agency staff placed through labour hire providers
Volunteers
Students on placement
Board members and key personnel (management)

When the Acknowledgement Must Be Signed

The acknowledgement must be signed before the worker has any unsupervised contact with participants. In practice, this means it should be completed during the induction process, before the worker commences their first shift.

What the Acknowledgement Form Must Include

The acknowledgement form (Document 31 in the SIL Rescue Kit) should contain:

The full text of the seven Code of Conduct obligations
A statement that the worker has read and understood the Code
A statement that the worker has received training on the Code
A statement that the worker understands the consequences of breaching the Code
The worker’s signature and date
A witness signature and date
Space for annual re-acknowledgement signatures

Annual Re-Acknowledgement

Require all workers to re-sign the acknowledgement annually, typically in conjunction with annual Code of Conduct refresher training. Record the re-acknowledgement in the Code of Conduct Training Register.

Training Requirements and Delivery

A signed acknowledgement without supporting training is insufficient. Auditors will check that workers not only signed the form but actually understand the Code and can apply it in practice.

Induction Training (Before First Shift)

Initial Code of Conduct training should cover:

Each of the seven obligations explained with practical examples relevant to your service
What constitutes a breach and the consequences
How to report concerns (internal reporting channels)
The NDIS Commission’s role in enforcing the Code
Scenario-based exercises (e.g., “What would you do if...”)
Professional boundaries in SIL environments (particularly relevant for overnight workers)

Annual Refresher Training

Annual refresher training should include:

Review of any changes to the Code or Commission guidance
De-identified case studies from actual Code of Conduct complaints (the NDIS Commission publishes summaries)
Discussion of scenarios specific to your service context
Re-assessment of worker understanding (quiz or scenario response)
Re-signing of the acknowledgement form

Record all training in the Training Register (Document 45 in the SIL Rescue Kit) with: date, topic, duration, trainer name, delivery method (face-to-face, online, blended), attendee names, and signatures.

Support workers also benefit from tools that reinforce compliant practices. Our free NDIS Notes Rewriter helps workers write progress notes that meet NDIS standards, reinforcing the Code’s requirement to provide supports “in a safe and competent manner with care and skill.”

Skip the Writing — Get Audit-Ready Policies Today

The SIL Rescue Kit includes the Code of Conduct Acknowledgement Form (Document 31), Code of Conduct Training Register (Document 46), Staff Induction Checklist (Document 32), and all 25 policies — mapped to the Practice Standards and ready to customise.

Get the SIL Rescue Kit — $297

Breach Consequences Framework

Your policy must include a documented breach consequences framework that specifies what happens when a worker breaches the Code of Conduct. A graduated approach is standard:

Severity	Examples	Consequence
Minor — First Instance	Using informal or disrespectful language, minor privacy lapse (e.g., discussing participant in common area), inconsistent documentation	Verbal counselling, documented in personnel file, targeted re-training on the relevant obligation
Minor — Repeated	Repeated minor breaches after counselling, pattern of non-compliance with privacy or documentation standards	Written warning, mandatory re-training, increased supervision for a specified period
Moderate	Failure to report a concern or incident, unauthorised disclosure of participant information, failure to follow a care plan that creates risk	Final written warning, mandatory re-training, period of direct supervision, consideration of role change
Serious	Any form of abuse, neglect, or exploitation of a participant; sexual misconduct; fraud; falsification of records; physical aggression; working under the influence of alcohol or drugs	Immediate suspension pending investigation, potential termination of employment, mandatory report to NDIS Commission, referral to police where appropriate

Mandatory Reporting

Serious Code of Conduct breaches may also constitute reportable incidents that must be reported to the NDIS Commission within 24 hours. If a breach involves alleged abuse, neglect, exploitation, or sexual misconduct, you must report it under both your Code of Conduct breach process and the Incident Management and Reportable Incidents Rules. These are parallel obligations — one does not replace the other.

Code of Conduct Register

Maintain a Code of Conduct register that tracks:

Field	Description
Worker Name	Full name of the worker
Role	Position title and employment type (permanent, casual, contractor, volunteer)
Initial Acknowledgement Date	Date the worker first signed the acknowledgement
Initial Training Date	Date the worker completed induction Code of Conduct training
Annual Refresher Dates	Dates of each annual refresher training and re-acknowledgement
Breaches (if any)	Reference to any breach investigations and outcomes
Status	Current (active worker), Expired (needs renewal), Ceased (no longer working for the organisation)

This register should be reviewed monthly by the person responsible for human resources or workforce management to ensure no worker has an expired acknowledgement. Any worker whose acknowledgement has lapsed should not have unsupervised contact with participants until it is renewed.

What Auditors Check and Common Failures

Auditor Checklist

Code of Conduct policy exists, is current, and references Section 73V of the NDIS Act
All seven obligations are included verbatim with organisational context
Signed acknowledgement forms exist for every current worker
Acknowledgements were signed before workers commenced unsupervised contact
Annual refresher training has been conducted and recorded
Training register shows dates, topics, and attendee signatures
Breach consequences framework is documented in the policy
Workers can articulate the Code obligations when interviewed
Workers can describe how they would report a Code breach
Participants confirm that workers treat them with respect and dignity

Common Failures

Failure 1: Missing acknowledgements. The policy exists but not every worker has a signed acknowledgement on file. Casual staff, agency workers, and volunteers are frequently missed.

Failure 2: No training evidence. Workers signed the acknowledgement but there is no evidence they received training. The form was signed as a paperwork exercise without genuine engagement with the content.

Failure 3: No annual refresher. Initial training was conducted but annual refreshers have not occurred. The training register shows one entry per worker with no subsequent entries.

Failure 4: Workers cannot articulate the Code. When auditors interview staff and ask “What are your obligations under the NDIS Code of Conduct?”, workers cannot name even the basic obligations. This indicates training was ineffective.

Failure 5: No breach process documented. The policy describes the Code obligations but does not include a consequences framework. Without documented consequences, the Code lacks enforcement power.

All 25 Audit-Ready Policies — Written and Formatted

Or skip the writing entirely — get all 25 audit-ready policies, 25 forms, 10 registers, and 5 guides in the SIL Rescue Kit ($297). Every document is mapped to the NDIS Practice Standards and ready to customise.