Do all group and centre based providers need a Certification audit rather than a Verification audit?

Yes. Providers delivering group and centre based supports are required to undergo a Certification audit conducted by an Approved Quality Auditor. Certification involves on-site assessment, worker and participant interviews, and document review. The simpler Verification audit applies only to lower-risk registration groups and does not apply to group or centre based support providers.

What is the Group and Centre Based Supports supplementary module and what does it cover?

The Group and Centre Based Supports supplementary module sits alongside the Core module and sets out the additional Practice Standards that apply specifically to shared support environments. It covers safe physical environment management, meeting individual needs within a group setting, appropriate participant-to-worker ratios, emergency and evacuation procedures, and transport safety where relevant.

How does the 2026 strengthened registration framework affect existing registered providers?

Existing providers will need to demonstrate conformance with the strengthened requirements at their next registration renewal. Key changes include enhanced governance and financial management obligations, extended fit and proper person assessments for Key Personnel, stronger worker screening integration, and more detailed continuity of support planning requirements.

Are there specific incident reporting timeframes for group-setting providers?

Yes. The NDIS Commission prescribes specific notification timeframes for reportable incidents. The most serious events — including death, serious injury, abuse, or unlawful sexual or physical contact — require immediate notification followed by a full written report within a set number of days. Group settings must ensure their incident management system captures all events, including near-misses, and that staff understand their mandatory reporting obligations.

What happens if we use a restrictive practice in our centre without an authorised behaviour support plan?

Using a regulated restrictive practice without an authorised Positive Behaviour Support Plan and the required consent or authorisation under the applicable state or territory framework is a serious breach. The NDIS Commission can take compliance action, including issuing compliance notices, enforceable undertakings, or in severe cases seeking civil penalties. Providers must ensure any restrictive practice is documented, authorised, and reported to the Commission within required timeframes.

Can we operate a group day program across multiple locations under one registration?

A single registration can cover multiple locations, but all sites must be included in the registration and assessed against the Practice Standards. Material changes such as opening a new centre must be notified to the NDIS Commission. The physical environment requirements under the Group and Centre Based Supports module apply to each individual site.

NDIS group and centre based provider: registration requirements (2026)

Who this guide is for

If your organisation delivers supports to multiple NDIS participants in a shared setting — including day programs, community participation groups, life-skills centres, or centre-based therapy sessions — you are operating as a group and centre based supports provider. Under the NDIS (Provider Registration and Practice Standards) Rules, this support category requires registration with the NDIS Quality and Safeguards Commission and carries its own set of Practice Standards obligations.

The 2026 period is particularly significant. The NDIS Commission's strengthened registration framework, developed following the Independent Review of the NDIS, introduces more rigorous requirements around governance, verification of qualifications, and ongoing compliance obligations. Existing registrations must be reviewed against the updated framework when they fall due for renewal.

Registration: the legal foundation

Registration is mandatory for any provider that delivers group and centre based supports to NDIS participants. Operating without registration is a breach of the National Disability Insurance Scheme Act 2013 and can attract civil penalties. The NDIS Commission issues a Certificate of Registration that specifies the support categories a provider is approved to deliver.

To obtain and maintain registration, a provider must:

Submit a registration application through the NDIS Commission's online portal, nominating the relevant support categories including Group and Centre Based Activities (NDIS support category 4) or other applicable categories.
Nominate a Key Personnel structure that meets the Commission's fit and proper person requirements, including disclosure of any relevant criminal history, insolvency, or disciplinary findings.
Engage an Approved Quality Auditor (AQA) to conduct a conformance assessment against the applicable Practice Standards modules.
Satisfy the Commission that the organisation has the governance, financial viability, and operational capacity to deliver safe, quality supports.
Agree to and uphold the NDIS Code of Conduct, which applies to both the registered entity and all its workers.

Applicable Practice Standards modules

The NDIS Practice Standards are structured as a Core module that applies to all registered providers, supplemented by modules that apply based on the supports delivered. Group and centre based providers must demonstrate conformance with the following:

Module	Applies to	Key focus areas
Core Module	All registered providers	Rights and responsibilities, governance and operational management, provision of supports, support planning, feedback and complaints, incident management
Group and Centre Based Supports (Supplementary)	Providers delivering centre-based or group supports	Safe environment management, group dynamics and individual needs, participant ratios, emergency and evacuation procedures, transport safety
Behaviour Support	Where regulated restrictive practices are used	Behaviour support plans, PBSP authorisation, reportable incidents involving restrictive practices
Verification Module	Lower-risk registration groups (not typically group supports)	Documentary verification only — not applicable to most group/centre providers

For most group and centre based providers, the audit will be a Certification audit (not a Verification audit), which involves on-site assessment by an AQA team, worker and participant interviews, and document review.

The 2026 strengthened registration framework

The strengthened framework introduces a number of changes that group and centre based providers must understand before their next registration renewal or initial application:

Enhanced governance requirements: Providers must demonstrate a clear governance structure, including a board or equivalent accountable body, documented risk management processes, and financial management practices that protect participant funds.
Fit and proper person checks: Key Personnel assessments now extend to a broader range of leadership roles, and the Commission has strengthened its powers to refuse or revoke registration where concerns are identified.
Worker screening integration: All workers engaged in risk-assessed roles delivering group supports must hold a current NDIS Worker Screening Check. Providers must maintain and be able to produce a register of screened workers on request.
Incident management tightening: Reportable incident obligations remain central. Group settings carry particular risk because multiple participants are present; providers must demonstrate that their incident management system captures near-miss events and that root cause analysis is used to drive improvement.
Continuity planning: Providers must have documented plans for service continuity to protect participants if the organisation encounters operational disruption — a requirement that has become more prominent under the strengthened framework.

Step-by-step: how to prepare for registration or renewal

Map your support categories. Confirm exactly which NDIS support categories and registration groups apply to your service model. Centre-based day programs, group social activities, and life-skills training each sit under specific registration groups.
Review your governance documentation. Ensure your constitution, board structure, and delegations are current and clearly documented. The Commission will assess whether governance is fit for purpose.
Audit your policies against the Practice Standards. Every standard in the Core and Group/Centre Based Supports modules should be addressed by at least one policy or procedure. Gap areas must be resolved before the audit.
Verify worker screening currency. Pull your worker screening register and check expiry dates. Any lapsed checks must be renewed before the audit and before workers deliver supports.
Conduct a mock audit. Walk through your site with the AQA's assessment framework in mind. Check physical environment safety, emergency exit signage, equipment maintenance logs, and participant record management.
Brief your team on Code of Conduct obligations. Workers should be able to articulate their obligations, including mandatory reporting and how to raise a concern. Interview-readiness matters in a Certification audit.
Engage your Approved Quality Auditor early. AQA availability can be limited. Book your audit well in advance of your registration expiry to avoid a gap in registration status.
Submit or renew through the NDIS Commission portal. Complete all required disclosures, attach supporting documentation, and track your application status actively.

Incident management and restrictive practices in group settings

Group and centre based environments carry a heightened obligation around incident management because a single incident can affect multiple participants. The NDIS Commission requires providers to:

Maintain an incident management system that classifies events by severity, documents investigations, and records corrective actions.
Notify the Commission of reportable incidents within the prescribed timeframes — serious incidents involving death, serious injury, abuse, or neglect require immediate notification followed by a written report.
Where any regulated restrictive practice is used, ensure a current Positive Behaviour Support Plan (PBSP) is in place, written by a registered behaviour support practitioner, and that the practice is authorised under the applicable state or territory consent framework.
Report every use of a regulated restrictive practice to the NDIS Commission through the provider portal, within the required timeframes.

Non-compliance in this area is one of the most common findings in NDIS Commission compliance audits of group settings. Providers should treat their incident register as a live compliance document, not a post-event formality.

Common non-conformances found in group and centre based audits

Participant support plans that are generic rather than individually tailored, failing to address the distinct needs of each person within the group setting.
Emergency and evacuation procedures that have not been rehearsed or documented, or that do not account for participants with mobility or communication support needs.
Inadequate records of incidents, near-misses, or complaints — particularly the absence of root cause analysis and documented follow-up actions.
Worker screening registers that are incomplete, contain expired checks, or cannot be produced promptly on request.
Absence of documented processes for managing participant ratios when staffing changes occur unexpectedly.

Practical tools and support

Preparing a complete policy and procedure suite aligned to the Core and Group and Centre Based Supports modules is a substantial undertaking. For providers that want a head start, ndiscompliant.com.au offers a 74-document audit-ready SIL and group supports compliance kit, pre-mapped to the NDIS Practice Standards, which many providers use as the documentary backbone of their registration preparation.

Regardless of the tools you use, the most important thing is to test your documentation against actual practice: a policy that exists on paper but is not followed in your centre will be identified in worker interviews during a Certification audit.

Maintaining registration: ongoing obligations

Registration is not a one-time event. Registered group and centre based providers must:

Notify the NDIS Commission of any material changes to the organisation (change of legal entity, new locations, changes in Key Personnel, significant adverse events).
Participate in the Commission's compliance and enforcement activities, including responding to requests for information, cooperating with compliance audits, and implementing any compliance notices or enforceable undertakings.
Complete registration renewal audits within the timeframes specified on the Certificate of Registration.
Ensure all workers complete and maintain mandatory training, including NDIS Worker Orientation Module completion where required.

The NDIS Commission publishes guidance, updated registration requirements, and sector alerts on its website. Providers should subscribe to Commission communications to stay current as the strengthened framework continues to be implemented through 2026 and beyond.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.