Does an NDIS provider need a separate consent policy or can it be part of a broader policy?

While consent obligations can be addressed within a broader participant rights or service agreement policy, most approved quality auditors expect consent to be covered in sufficient depth that it functions as a standalone section or document. For SIL and higher-risk supports, a dedicated consent policy is strongly recommended to demonstrate the organisation treats the obligation with the seriousness the Practice Standards require.

Can a participant's guardian or nominee sign consent forms on their behalf?

A guardian, nominee, or person responsible can provide consent where they hold legal authority to do so and the consent falls within the scope of that authority. However, providers must still make reasonable efforts to involve the participant in the decision, as the NDIS Practice Standards prioritise supported decision-making and the participant's own expressed preferences over substituted decision-making wherever possible.

Is verbal consent acceptable under the NDIS Practice Standards?

Verbal consent can be acceptable in many circumstances, but your policy must specify how it is contemporaneously documented — for example, a staff member recording the date, what was explained, the participant's response, and any witnesses. Without a clear documentation process, verbal consent creates an audit gap and an evidentiary risk if a dispute arises.

How often does a consent policy need to be reviewed?

At minimum, your consent policy should be reviewed annually and whenever the NDIS Practice Standards, Code of Conduct, or relevant state/territory legislation changes. It should also be reviewed following any incident or complaint that reveals a gap in your consent process. A version history with approval dates is expected as audit evidence.

Do consent requirements apply to restrictive practices differently?

Yes. Regulated restrictive practices require explicit consent from the participant or their authorised decision-maker, a behaviour support plan prepared by a registered behaviour support practitioner, and — depending on the state or territory — formal authorisation from the relevant oversight body. The NDIS Commission also requires providers to report the use of regulated restrictive practices through the incident management portal, regardless of whether consent was obtained.

What happens if a participant withdraws consent during a support session?

Staff must stop the relevant activity immediately upon withdrawal of consent. The withdrawal must be documented in the participant's file, and the incident escalated to a supervisor if it creates an immediate safety concern. Your policy should guide staff on how to record withdrawal, how to communicate with the participant about next steps, and when it is appropriate to involve a behaviour support practitioner or senior leader.

NDIS Consent Policy Checklist for New Providers (2026)

Why Consent Policy Is Non-Negotiable for New NDIS Providers

Consent is one of the foundational obligations embedded in the NDIS Code of Conduct and the NDIS Practice Standards. For any organisation seeking registration — particularly those delivering higher-risk supports such as Supported Independent Living (SIL) — having a written, audit-ready consent policy is not optional. Approved quality auditors will look for it as part of the initial registration audit and every subsequent re-verification audit.

The strengthened Practice Standards framework, which reflects the NDIS Commission's continued focus on participant safety and rights, places explicit obligations on providers to obtain informed consent before delivering supports, to respect a participant's right to refuse, and to keep contemporaneous records of how consent was sought and given. Gaps in consent documentation are among the most commonly cited non-conformances in quality audits for new providers.

This checklist walks you through every element your consent policy must address before you submit your registration application or face your first audit.

NDIS Consent Policy Checklist

Use the following checklist to assess whether your consent policy is complete. Each item maps to obligations under the NDIS Practice Standards or the NDIS Code of Conduct.

1. Statement of Purpose and Scope

The policy clearly states what "consent" means in your service context.
It identifies which supports and situations require explicit consent (e.g., sharing participant information, delivering personal care, using restrictive practices, photography).
It covers all service settings and all staff roles, including contractors and volunteers.

2. Informed Consent Requirements

The policy defines "informed consent" — the participant must understand what they are agreeing to, including risks, benefits, and alternatives.
Consent must be voluntary — free from pressure, manipulation, or undue influence.
Consent must be current — obtained at the time of the relevant support or decision, not assumed from a previous interaction.
The policy requires that information is provided in a format the participant can understand (plain English, Easy Read, Auslan, translated materials, or with communication support as needed).

3. Capacity and Supported Decision-Making

The policy acknowledges that all participants are presumed to have decision-making capacity unless formally assessed otherwise.
It includes a process for supporting participants with complex communication or cognitive needs to exercise their decision-making (consistent with the NDIS Commission's emphasis on supported decision-making, not substituted decision-making).
Where a guardian, nominee, or person responsible holds legal authority, the policy specifies how this is identified, documented, and reviewed.
The policy does not allow staff to assume a substitute decision-maker can override the participant's expressed wishes without legal authority to do so.

4. Consent for Information Sharing and Privacy

Separate consent provisions exist for sharing participant information with third parties (other providers, family members, government agencies).
The policy aligns with the Privacy Act 1988 (Cth) and Australian Privacy Principles.
Participants are informed of who may access their information and why.
Consent for information sharing can be withdrawn at any time, and the process for doing so is documented.

5. Consent for Restrictive Practices

If your organisation delivers supports that may involve regulated restrictive practices (chemical, mechanical, physical, environmental restraint, or seclusion), the policy includes a dedicated consent section.
It references the requirement for NDIS behaviour support plans and state/territory authorisation, as applicable.
Consent from the participant or authorised decision-maker is required and documented before any regulated restrictive practice is used.
The policy specifies that consent to a restrictive practice does not remove the obligation to report its use to the NDIS Commission via the incident management system.

6. Withdrawal of Consent

The policy explicitly states participants may withdraw consent at any time, without penalty or adverse consequence to their supports.
There is a clear process for staff to record withdrawal and escalate where withdrawal creates a safety concern.
The policy distinguishes between withdrawal of consent for a specific activity and withdrawal from a service agreement.

7. Recording and Documentation Requirements

The policy specifies how consent is recorded — whether written, digital, or verbal (with requirements for how verbal consent is contemporaneously documented).
Consent records must be stored securely as part of the participant's file and retained in accordance with your record-keeping obligations.
Records must be accessible to auditors and to participants (upon request).
The policy sets a review schedule for stored consents — at minimum, whenever a participant's circumstances change or at regular plan review intervals.

8. Complaints and Feedback About Consent

Participants are informed of their right to raise a concern or complaint if they feel consent was not properly sought or respected.
The policy references your complaints management process and the right to contact the NDIS Commission directly.

9. Staff Training and Accountability

The policy requires all staff to complete training on consent obligations before delivering supports independently.
It identifies who is responsible for overseeing consent processes (e.g., a Quality and Compliance Lead or Registered Manager).
Non-compliance with the consent policy is addressed under your staff conduct and performance framework.

10. Policy Review and Continuous Improvement

The policy has a documented review cycle (at minimum annually, or when legislation or Practice Standards change).
A version history is maintained showing who approved each version and when.
Learnings from incidents, complaints, or audits are fed back into policy updates.

Common Audit Non-Conformances for New Providers

Approved quality auditors frequently identify the following gaps in consent policies submitted by new providers:

Generic templates not tailored to the provider's supports — a consent policy that does not reflect the specific risks and decisions relevant to SIL or the support types being registered is typically found non-conformant.
No provision for supported decision-making — policies that treat guardianship as the default for participants with cognitive or communication disability, rather than starting from presumed capacity, are inconsistent with the Practice Standards.
Verbal consent with no documentation guidance — if your policy allows verbal consent but does not specify how it is recorded, auditors will raise this as a gap.
Absence of a withdrawal mechanism — failing to give participants a clear pathway to withdraw consent is a direct breach of the Code of Conduct's dignity and autonomy obligations.
No linkage to information-sharing and privacy obligations — consent for care and consent for data sharing are distinct; conflating them in one generic statement is inadequate.

Practical Tips for Implementing Your Consent Policy

Draft the policy in plain English first, then create an Easy Read summary for participants.
Map each section to the specific Practice Standard or Code of Conduct clause it addresses — this makes audit evidence gathering straightforward.
Build consent recording into your client management system from day one so it becomes a workflow step, not an afterthought.
Test your consent process with a small group of staff using real scenarios before going live with participants.
Align your consent policy with your incident management, complaints, and restrictive practices policies so the obligations are consistent across your document suite.

If you are building your full SIL compliance document suite from scratch, the 74-document audit-ready kit available at ndiscompliant.com.au includes a pre-mapped consent policy, consent forms, Easy Read versions, and staff training records — designed specifically for providers preparing for initial registration or re-verification under the 2026 strengthened framework.

Summary: What Auditors Want to See

Policy Element	Audit Evidence Required
Informed consent definition	Written policy with plain-language definition
Supported decision-making	Process for participants with complex needs; no assumption of incapacity
Consent for information sharing	Separate signed or recorded consent; aligned with Privacy Act
Restrictive practices consent	Documented authorisation and behaviour support plan reference
Withdrawal of consent	Clear process; no penalty clause
Record-keeping	Consent records in participant file; retention policy stated
Staff training	Training records; role-specific competency requirement
Policy review	Annual review cycle; version control; approval sign-off

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.