Compliance for NDIS providers in Australia
NDIS Commission registration, Quality + Safeguards framework, Practice Standards, worker screening, Code of Conduct, reportable incidents, audit cycle, fraud risk + Provider + Worker Registration Taskforce reforms.
NDIS providers operate under one of the most active reform programs in Australia. The NDIS Commission (established 2018) is the federal Quality + Safeguards regulator for registered providers. The 2024 Provider + Worker Registration Taskforce report is driving significant changes through 2025-2027.
Registered providers face: certification by approved quality auditor against NDIS Practice Standards; worker screening clearances; reportable incident notifications; Code of Conduct; annual self-assessment; behaviour support practitioner endorsement; banning order register.
This page is the practical NDIS compliance picture as at May 2026.
1. Registration (NDIS Commission)
Provider registration under NDIS Act 2013 Pt 3A. Choice of registered or unregistered (subject to reform). Application includes Practice Standards self-assessment + audit certification.
2. NDIS Practice Standards
Core Module (4 outcomes) plus supplementary modules for specialist services (high intensity supports, behaviour support, early childhood, etc.). Certification by approved quality auditor; renewal every 3 years.
3. Worker screening clearance
All workers in 'risk-assessed roles' require NDIS Worker Screening clearance — state-issued, recognised nationally. 5-year clearance. Provider duty to verify on hire + during employment.
4. NDIS Code of Conduct
Applies to all workers + providers (registered + unregistered). Sets behavioural expectations + grounds for banning orders. NDIS Commission can issue banning order on breach.
5. Reportable incidents
Reportable incidents (death, serious injury, abuse, neglect, unlawful sexual contact, unlawful physical contact, unauthorised restrictive practice) — 24-hour notification to NDIS Commission via portal + 5 business day report.
6. Behaviour support + restrictive practices
Behaviour support plans by registered behaviour support practitioners. Restrictive practices (chemical, mechanical, physical, environmental, seclusion) require behaviour support plan + state authorisation + monthly reporting.
7. Annual self-assessment + audit cycle
Annual self-assessment confirming Practice Standards compliance. Certification audit at 18-month midpoint + recertification at 36-month mark.
8. Fraud risk + integrity
NDIS Commission + Department + ATO joint fraud taskforce — significant focus on plan-managers + support coordinators + high-billing providers. Data-matching ongoing.
9. PRT reforms 2024-2027
Provider + Worker Registration Taskforce 2024 report drives tiered registration model — Risk-Proportionate Registration commences phased from 2025-2027. Currently unregistered providers will likely require enrolment + Worker Screening.
10. State authorisation overlay
Some matters (restrictive practices authorisation, behaviour support practitioner endorsement) require state body authorisation in addition to federal Commission engagement.
FAQ
Can I operate as an unregistered NDIS provider?
Currently yes for some supports — but the PRT reform pipeline is moving towards mandatory enrolment for all providers and registration for higher-risk supports. Plan now for Worker Screening + Code of Conduct compliance regardless.
Is a Police Check enough for workers?
No. NDIS Worker Screening clearance is a different + more comprehensive check, state-issued, and recognised across all jurisdictions.
What is a reportable incident timeline?
24-hour initial notification via NDIS Portal + 5 business day report. Death or serious injury attracts immediate notification expectation.
Published obligations that apply to ndis providers (9)
- criticalCWLTHComply with NDIS Practice Standards
Registered NDIS providers must meet the NDIS Practice Standards for their registration groups.
- criticalCWLTHComply with NDIS Pricing Arrangements + Price Limits
NDIS providers must claim within NDIA-published price limits + arrangements.
- criticalCWLTHComply with NDIS quality auditor cycle for registered providers
Registered NDIS providers must pass NDIS Quality auditor cycle (verification + certification audits).
- criticalCWLTHDevelop + authorise Behaviour Support Plans for restrictive practices
Use of restrictive practices in NDIS supports requires a comprehensive Behaviour Support Plan.
- criticalCWLTHMake mandatory notifications to AHPRA
Practitioners, employers and education providers must notify AHPRA of conduct that puts the public at risk.
- criticalCWLTHNDIS fraud prevention + reporting obligations
NDIS providers must implement fraud-prevention systems + report suspected fraud.
- criticalCWLTHReport serious NDIS incidents to the NDIS Commission
Death, serious injury, abuse, neglect, unauthorised restrictive practices, and sexual misconduct must be notified.
- criticalCWLTHVerify NDIS worker screening clearance
Registered providers must only engage workers in risk-assessed roles with a current NDIS Worker Screening clearance.
- highCWLTHImplement Food Safety Program where prescribed (Standard 3.2.1)
High-risk food businesses must implement a documented Food Safety Program audited by a recognised food safety auditor.