What are the consequences of not meeting NDIS provider obligations?

Consequences range from education and compliance notices (least severe) through enforceable undertakings, conditions on registration, suspension of registration, to revocation of registration (most severe). The NDIS Commission can also issue banning orders against individual workers or key personnel. Financial penalties may also apply. The Commission publishes enforcement actions on its website, which can affect your reputation and ability to attract participants.

Do these obligations apply to unregistered providers too?

Some obligations apply to all providers regardless of registration status. The NDIS Code of Conduct applies to all NDIS providers and workers, registered or unregistered. Incident reporting obligations for reportable incidents also apply to unregistered providers. However, the full Practice Standards compliance, audit requirements, and registration conditions only apply to registered providers. From 1 July 2026, all SIL providers must be registered, so these obligations will apply to all SIL providers.

How often does the NDIS Commission check provider compliance?

The NDIS Commission monitors compliance through several mechanisms: scheduled audits (initial, mid-term, and renewal every 3 years), complaint investigations (triggered by participant, family, or worker complaints), own-motion investigations (initiated by the Commission based on risk intelligence), reportable incident monitoring, and data analysis of provider patterns. Compliance can be checked at any time — not just at audit.

What is the single most important obligation for a registered provider?

While all obligations are important, the safety of participants is paramount. This means incident reporting (particularly reportable incidents within 24 hours), worker screening for all risk-assessed roles, and maintaining safeguarding systems are the obligations the NDIS Commission treats most seriously. Failure in these areas attracts the strongest enforcement response.

Can I delegate my compliance obligations to a staff member?

You can delegate the operational tasks of compliance (e.g., maintaining registers, submitting reports) to staff members, but the legal obligation remains with the registered provider entity and its key personnel. Key personnel — including directors, the CEO, and senior managers — bear personal responsibility for the organisation's compliance. You cannot outsource accountability.

NDIS Provider Obligations: Everything You Must Do as a Registered Provider

Obligation 1: NDIS Code of Conduct

The NDIS Code of Conduct applies to all providers and workers delivering NDIS supports, whether registered or unregistered. The 8 requirements are:

Act with respect for individual rights to freedom of expression, self-determination, and decision-making
Respect the privacy of people with disability
Provide supports and services in a safe and competent manner with care and skill
Act with integrity, honesty, and transparency
Promptly take steps to raise and act on concerns about quality and safety
Take all reasonable steps to prevent and respond to violence, exploitation, neglect, and abuse
Take all reasonable steps to prevent and respond to sexual misconduct
Comply with the NDIS Act and Rules

What you must do: Ensure all workers acknowledge the Code in writing at induction and annually. Provide Code of Conduct training at induction and annual refresher. Maintain a Code of Conduct register. Respond to any breaches with investigation and appropriate action.

Obligation 2: Incident Management and Reporting

You must have a comprehensive incident management system and report specified incidents to the NDIS Commission.

Reportable incidents (notify within 24 hours)

Death of a participant
Serious injury of a participant
Abuse or neglect of a participant
Unlawful sexual or physical contact with, or assault of, a participant
Sexual misconduct committed against, or in the presence of, a participant
Unauthorised use of a restrictive practice in relation to a participant

What you must do: Notify the NDIS Commission within 24 hours of becoming aware of a reportable incident. Submit a detailed 5-day report with investigation findings and actions taken. Maintain an incident register for all incidents (reportable and non-reportable). Investigate all incidents, identify root causes, and implement corrective actions. Use incident data to inform continuous improvement.

Obligation 3: Complaints Management

You must maintain an accessible, responsive complaints process and inform participants of their right to complain externally.

What you must do: Have a complaints policy and process that is accessible to participants with diverse needs. Record all complaints in a complaints register. Investigate and respond to complaints within a reasonable timeframe. Inform participants they can complain directly to the NDIS Commission (1800 035 544). Ensure no adverse consequences for complainants. Use complaint data to drive improvements.

Obligation 4: Worker Screening

All workers in risk-assessed roles must hold a current NDIS Worker Screening Check clearance.

What you must do: Ensure all workers with more than incidental participant contact have a current clearance before commencing unsupervised work. Workers pending clearance must be supervised at all times by a cleared worker. Maintain a worker screening register documenting clearance status, number, date, and expiry for all workers. Monitor expiry dates and renew clearances before they lapse. Never allow an excluded person to work in a risk-assessed role.

Obligation 5: Staff Training and Development

Workers must be competent to deliver supports safely and effectively.

What you must do: Ensure all workers complete the NDIS Worker Orientation Module. Provide mandatory training at induction: Code of Conduct, incident reporting, complaints handling, manual handling, first aid/CPR, infection control, fire safety, and medication management (for SIL). Provide participant-specific training (BSPs, mealtime management plans, individual support needs). Deliver annual refresher training on key topics. Maintain a training register documenting all training. Provide regular, structured supervision with documented records. Conduct performance reviews.

The Documentation to Back Up Every Obligation

65 audit-ready documents including training registers, incident registers, worker screening registers, complaint registers, and all supporting policies. Mapped to Practice Standards.

Get the SIL Rescue Kit — $297

Obligation 6: Records and Information Management

You must maintain accurate, secure, and accessible records of all aspects of service delivery.

What you must do: Keep all records for a minimum of seven years. Comply with the Australian Privacy Principles when collecting, using, disclosing, and storing personal information. Maintain secure information systems (physical and electronic) with appropriate access controls. Obtain informed consent before collecting and sharing participant information. Have a data breach response plan. Maintain document control with version numbers, review dates, and approval records. Ensure records are accessible to the NDIS Commission on request.

Obligation 7: Pricing and Financial Compliance

You must comply with the NDIS Pricing Arrangements and Price Limits and manage finances transparently.

What you must do: Charge within the NDIS price limits for NDIA-managed and plan-managed participants. Claim only for supports that were actually delivered and documented. Issue accurate invoices and maintain records to support all claims. If managing participant funds, maintain separate accounting, provide regular statements, and keep a participant money register. Comply with cancellation terms set out in the Pricing Arrangements. Maintain adequate financial management systems and insurance. Report financial matters as required by the NDIS Commission.

Obligation 8: Key Personnel and Governance

Key personnel must be fit and proper, and changes must be reported to the NDIS Commission.

What you must do: Ensure all key personnel (directors, board members, CEO, senior managers responsible for service delivery) are assessed as fit and proper persons. Notify the NDIS Commission of any changes to key personnel within the required timeframe. Maintain effective governance structures including clear organisational chart, defined roles and responsibilities, and accountability mechanisms. Hold regular governance meetings with documented minutes. Ensure key personnel understand and fulfil their compliance responsibilities.

Obligation 9: Continuous Quality Improvement

You must operate a quality management system that drives ongoing improvement.

What you must do: Maintain a continuous improvement register documenting identified improvements, actions taken, responsible persons, timelines, and outcomes. Collect and act on feedback from participants, families, and staff. Conduct regular internal audits against the Practice Standards. Review policies and procedures at least annually. Analyse incident and complaint data for trends and themes. Implement corrective actions when gaps are identified. Evaluate the effectiveness of improvements. Prepare for mid-term and renewal audits.

Obligation 10: Restrictive Practices

If you support participants who are subject to restrictive practices, additional obligations apply.

What you must do: Ensure all restrictive practices are authorised by the relevant state/territory authorisation body. Ensure all restrictive practices are documented in a current Behaviour Support Plan. Report all use of restrictive practices to the NDIS Commission as required. Maintain a restrictive practices register. Train all relevant staff in the participant's BSP strategies. Work actively towards the reduction and elimination of restrictive practices. Report any unauthorised use of restrictive practices as a reportable incident within 24 hours.

Obligation 11: Cooperation with the NDIS Commission

You must cooperate with the NDIS Commission in the exercise of its functions.

What you must do: Respond to information requests from the Commission in a timely manner. Cooperate with complaint investigations and own-motion investigations. Provide access to premises, records, and staff when requested. Comply with compliance notices, enforceable undertakings, and conditions on registration. Not obstruct, mislead, or provide false information to the Commission. Notify the Commission of any changes to your registration details, services, or circumstances that may affect your compliance.

Obligation 12: Registration Renewal

Registration is granted for three years and must be actively renewed.

What you must do: Prepare for and participate in a mid-term audit at approximately 18 months. Apply for registration renewal before your registration expires (allow at least 6 months lead time). Engage an Approved Quality Auditor for your renewal audit. Address any non-conformances from the renewal audit. Maintain continuous compliance throughout the registration period — not just at audit time.

Quick Reference: Obligations at a Glance

Obligation	Frequency	Key Deadline
Code of Conduct acknowledgement	At induction + annually	Before unsupervised work
Code of Conduct training	At induction + annually	Before unsupervised work
Reportable incident notification	As incidents occur	Within 24 hours
Detailed incident report	Following reportable incident	Within 5 business days
Worker Screening Check	Per worker	Before unsupervised risk-assessed work
Worker Screening renewal	Every 5 years per worker	Before clearance expiry
Worker Orientation Module	Once per worker	Before unsupervised work
Mandatory training	At induction + annually	Before unsupervised work (induction)
Staff supervision	Every 4-6 weeks	Ongoing
Policy review	At least annually	Within 12 months of last review
Risk register review	At least quarterly	Ongoing
CI register update	At least monthly	Ongoing
Key personnel change notification	As changes occur	Within required timeframe
Mid-term audit	Once per registration	At ~18 months
Registration renewal application	Every 3 years	6 months before expiry
Restrictive practices reporting	As practices occur	Per NDIS Commission requirements
Pricing compliance	Ongoing	Every claim
Records retention	Ongoing	Minimum 7 years

Meeting these obligations is not optional and it is not just for audit day. The NDIS Commission monitors compliance continuously through multiple mechanisms including complaint investigations, incident report analysis, and own-motion reviews. Building compliance into your daily operations — rather than treating it as an annual audit exercise — is the only sustainable approach.

For practical tools to support daily compliance, try our free Notes Rewriter for audit-ready progress notes. For the documentation infrastructure to support all 12 obligations, the SIL Rescue Kit provides 65 policies, forms, registers, and guides mapped to the Practice Standards.

Important: This article provides general guidance about NDIS compliance requirements. It is not legal or professional advice. Requirements may change as the NDIS Commission updates its policies and Practice Standards. Always verify current requirements with the NDIS Quality and Safeguards Commission or a registered NDIS consultant before making compliance decisions.