What Is the NDIS Code of Conduct?
The NDIS Code of Conduct is established under Section 73V of the National Disability Insurance Scheme Act 2013 (Cth). It sets out the conduct expectations for all people and organisations that deliver NDIS supports and services.
The Code is not a set of guidelines or best-practice recommendations. It is a legally binding set of obligations. The NDIS Quality and Safeguards Commission has the power to investigate alleged breaches, make findings, and impose serious consequences — including banning orders that prevent a person from ever delivering NDIS supports again.
The Code was introduced as part of the NDIS Quality and Safeguards Framework and commenced on 1 July 2018 in New South Wales and South Australia, before rolling out to all states and territories by 1 December 2020.
Why the Code of Conduct matters
NDIS participants are among the most vulnerable people in the community. Many have limited capacity to advocate for themselves, may depend entirely on their support workers for daily needs, and may not be able to easily report misconduct. The Code of Conduct exists to create a minimum standard of behaviour that protects participants from harm, regardless of who delivers their supports.
Who Must Follow the Code of Conduct?
The Code applies to a broader group than many providers realise. Under Section 73V of the NDIS Act 2013, the Code applies to:
| Category | Who Is Included | Important Notes |
|---|---|---|
| Registered NDIS providers | The provider entity and all its workers | Applies to the organisation and every individual |
| Unregistered NDIS providers | Any person or entity delivering NDIS supports to self-managed or plan-managed participants | Registration is not required for the Code to apply |
| NDIS workers | Employees, contractors, subcontractors, volunteers, and students on placement | Anyone delivering NDIS supports, regardless of employment type |
| Key personnel | Directors, board members, executive officers | Management is individually accountable |
The NDIS Practice Standards apply only to registered providers. But the Code of Conduct applies to everyone — registered or not. This means an unregistered sole trader delivering support coordination to a self-managed participant is bound by exactly the same Code of Conduct as a large registered SIL provider. The NDIS Commission can investigate and take action against anyone who breaches the Code.
The 8 NDIS Code of Conduct Requirements Explained
The Code of Conduct contains 8 specific requirements. Each one is legally enforceable and carries real consequences for breach.
1. Act with respect for individual rights
"Act with respect for individual rights to freedom of expression, self-determination and decision-making in accordance with applicable laws and conventions."
This means respecting the participant's right to make their own choices — even choices you disagree with. It includes respecting their right to take risks (dignity of risk), express their views, practice their culture and religion, and live the life they choose. Workers must not impose their own values, preferences, or judgements on participants.
2. Respect privacy
"Respect the privacy of people with disability."
Participant information is confidential. Workers must not share participant details with anyone who does not have a legitimate need to know, must not discuss participants in public places, must not take photos or videos without consent, and must handle all records in accordance with the Privacy Act 1988 and Australian Privacy Principles.
3. Provide supports safely and competently
"Provide supports and services in a safe and competent manner with care and skill."
This is the competence requirement. Workers must have the training, qualifications, and skills necessary for the supports they deliver. They must follow established procedures, use equipment correctly, and not perform tasks they are not trained or authorised to perform. Providers must ensure workers are adequately trained before allowing them to deliver unsupervised supports.
4. Act with integrity, honesty, and transparency
"Act with integrity, honesty and transparency."
This covers truthful reporting, honest communication, declaring conflicts of interest, not accepting gifts or inducements, accurate record keeping, and transparent pricing. Workers who falsify shift notes, inflate hours, or misrepresent services are breaching this requirement — and may also be committing fraud under the Criminal Code Act 1995.
5. Raise and act on quality and safety concerns
"Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports and services provided to people with disability."
Workers have an obligation to speak up — to report concerns about the safety or quality of supports, whether the concern involves their own organisation, a colleague, or another provider. This includes reporting incidents, near misses, and systemic issues. Providers must create a culture where workers feel safe to raise concerns without fear of reprisal.
6. Prevent and respond to violence, exploitation, neglect, and abuse
"Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect and abuse of, people with disability."
This is the safeguarding obligation. Workers must know how to recognise signs of violence, abuse, neglect, and exploitation (VANE), and must take action when they observe or suspect it — including reporting to their supervisor, the NDIS Commission, or police as appropriate. "All reasonable steps" is a high bar that expects active prevention, not just passive non-involvement.
7. Prevent and respond to sexual misconduct
"Take all reasonable steps to prevent and respond to sexual misconduct."
Sexual misconduct includes any sexual act, behaviour, or communication directed at a participant. This includes sexual assault, sexual harassment, grooming behaviours, inappropriate comments or jokes of a sexual nature, and any exploitation of a relationship of trust or authority. This requirement reflects the heightened vulnerability of many NDIS participants and the power imbalance inherent in the support relationship.
8. Comply with the NDIS Act and Rules
"Comply with the NDIS Act and Rules."
This catch-all requirement means all providers and workers must comply with the full suite of NDIS legislation, including the NDIS Act 2013, the NDIS (Provider Registration and Practice Standards) Rules 2018, the NDIS (Incident Management and Reportable Incidents) Rules 2018, and any other applicable NDIS Rules and standards.
Consequences of Breaching the Code of Conduct
The NDIS Commission has a graduated enforcement framework. Consequences depend on the severity of the breach, whether it is a first or repeated offence, and whether the provider cooperated with the investigation.
| Action | What It Means | Applies To |
|---|---|---|
| Compliance notice | Written direction to take specific actions within a set timeframe | Providers and workers |
| Infringement notice | Financial penalty for specific offences | Providers (mainly) |
| Enforceable undertaking | Binding agreement to take corrective action | Providers |
| Conditions on registration | Additional requirements imposed on the provider's registration | Registered providers |
| Suspension of registration | Temporary halt to the provider's ability to deliver NDIS supports | Registered providers |
| Revocation of registration | Permanent removal of the provider's NDIS registration | Registered providers |
| Banning order | Individual is banned from delivering any NDIS supports — registered or unregistered | Individual workers and providers |
| Criminal referral | Matter referred to police for criminal investigation and potential prosecution | Individuals |
The NDIS Commission publishes a public register of banning orders. If a worker receives a banning order, their name, the details of the breach, and the terms of the order are published on the NDIS Commission's website for anyone to see. This effectively ends a person's career in disability services.
Real Examples of Code of Conduct Breaches
The NDIS Commission regularly publishes enforcement actions on its website. These examples illustrate the types of breaches that are investigated and the consequences that follow.
Example 1: Financial exploitation
A support worker used a participant's bank card to make personal purchases totalling over $3,000. The worker was found to have breached requirements 4 (integrity and honesty) and 6 (exploitation). Outcome: Banning order preventing the worker from delivering NDIS supports for 5 years, and referral to police for criminal investigation.
Example 2: Neglect in a SIL house
A SIL provider failed to ensure adequate staffing overnight, leaving residents without support for extended periods. One resident experienced a medical episode that was not attended to for several hours. The provider was found to have breached requirements 3 (safe and competent) and 6 (neglect). Outcome: Conditions imposed on the provider's registration, including mandatory staffing ratios and an independent compliance monitor appointed at the provider's expense.
Example 3: Falsified records
A provider was found to be claiming for supports that were not delivered, with workers directed to record hours they did not work. This breached requirements 4 (integrity and honesty) and 8 (compliance with the NDIS Act). Outcome: Revocation of provider registration, referral to the Australian Federal Police for fraud investigation, and banning orders for two key personnel.
Example 4: Privacy breach
A support worker shared a participant's personal information, including details of their disability and behaviour, in a social media group chat with friends. This breached requirement 2 (privacy). Outcome: Banning order for 3 years and the provider was required to implement additional privacy training for all workers.
These examples are drawn from enforcement actions published by the NDIS Commission. They represent the serious end of Code breaches — but less severe breaches (such as failing to report concerns or providing supports without adequate training) also attract consequences.
Worker Acknowledgement Requirements
The NDIS Practice Standards expect that all workers are made aware of the Code of Conduct as part of their induction. Best practice — and what auditors expect to see — is a formal Code of Conduct acknowledgement process.
What the acknowledgement should include
- Full text of the 8 Code of Conduct requirements
- Explanation of what each requirement means in practical terms
- Examples of behaviour that would breach the Code
- Process for reporting concerns or suspected breaches
- Consequences of breaching the Code (including banning orders)
- Worker's signature confirming they have read and understood the Code
- Date of acknowledgement
When to obtain acknowledgement
- At induction — before the worker delivers any unsupervised supports
- Annually — as part of annual Code of Conduct refresher training
- After any significant update — if the Code is amended or your organisation's interpretation changes
Keep signed acknowledgement forms in each worker's personnel file. Auditors will check for these.
Get a Code of Conduct Acknowledgement Form
The SIL Rescue Kit includes a ready-to-use Code of Conduct Acknowledgement form, plus a Code of Conduct Training Register to track compliance across your workforce. Part of 65 audit-ready documents for $297.
Get the SIL Rescue KitTraining Obligations for Providers
Providers have an obligation under the NDIS Practice Standards (Core Module, Outcome 2.6 — Human Resource Management) to ensure all workers receive appropriate training, including training on the Code of Conduct.
Training frequency
- Induction training — comprehensive Code of Conduct training as part of the worker induction process, before unsupervised service delivery
- Annual refresher — at least annual refresher training to reinforce the Code and address any new scenarios or issues
- Incident-triggered training — additional training may be required after a specific incident or near miss
What training should cover
- The 8 Code of Conduct requirements in plain language
- Practical scenarios relevant to your services (e.g., what to do if you witness another worker speaking aggressively to a participant)
- Reporting pathways — internal (to your supervisor/manager) and external (to the NDIS Commission)
- Whistleblower protections — workers must know they are protected from reprisal for reporting concerns
- Consequences of breach — including banning orders and criminal referral
- Dignity of risk — how to respect participant choice while maintaining duty of care
- Privacy obligations — what can and cannot be shared, with whom, and how
Evidence of training
Auditors expect to see:
- A training register recording who was trained, when, on what topic, and who delivered the training
- Signed Code of Conduct acknowledgement forms for every worker
- Evidence that the training was fit for purpose — not just a one-page handout but a meaningful session with opportunity for questions and discussion
- Records showing annual refresher training has occurred
Good documentation starts with good daily practice. Our free NDIS Notes Rewriter helps your support workers write compliant shift notes that reflect the quality of care you deliver.
Important: This article provides general guidance about the NDIS Code of Conduct. It is not legal or professional advice. The Code of Conduct is established under the NDIS Act 2013 and may be updated or amended. Always verify current requirements with the NDIS Quality and Safeguards Commission. If you are facing an investigation or enforcement action, seek legal advice immediately.