Quick answer: The NDIS Code of Conduct applies to all NDIS providers and workers, whether registered or unregistered. It sets the minimum behaviour standard the Commission expects across the sector.
Last reviewed: March 2026 by the BlueSafe Technical Team.
NDIS regulations change frequently. Always verify current requirements with the NDIS Commission before making compliance decisions.
The Code matters because it reaches beyond formal registration. A provider can avoid registration in some settings, but it cannot avoid the Code.
At a glance
| Item | Summary |
|---|---|
| Applies to registered providers | Yes |
| Applies to unregistered providers | Yes |
| Applies to workers personally | Yes |
| Main purpose | Set minimum behavioural and safety expectations |
| Enforced by | NDIS Commission |
| Common mistake | Treating the Code as a poster instead of an operational rule |
What is the NDIS Code of Conduct?
The Code sets out how providers and workers are expected to behave when supporting people with disability.
It is not just a values statement. It is an enforceable conduct framework.
Who must comply?
| Provider type | Applies to provider? | Applies to workers? |
|---|---|---|
| Registered provider | Yes | Yes |
| Unregistered provider | Yes | Yes |
| Sole trader provider | Yes | Yes |
The key point is that workers carry personal obligations as well as working inside the provider's broader compliance system.
The seven obligations in plain language
- Respect a person's rights to expression, self-determination, and decision-making.
- Respect privacy.
- Deliver supports safely and competently.
- Act with honesty, integrity, and transparency.
- Raise and act on concerns that may affect quality or safety.
- Take reasonable steps to prevent and respond to violence, abuse, neglect, and exploitation.
- Take reasonable steps to prevent and respond to sexual misconduct.
Each one sounds broad until it is tested in practice. That is why providers need more than awareness posters. They need systems, training, supervision, and escalation processes.
What "all reasonable steps" means
The approved notes for this page highlight this phrase because it is where many providers get exposed.
In practice, "reasonable steps" usually means:
- having a documented process
- training workers on it
- monitoring whether it is being followed
- acting when problems are identified
Saying "staff should know better" is usually not enough.
Worker obligations vs provider obligations
Workers must personally comply with the Code.
Providers must also:
- communicate the Code
- train workers on expected conduct
- respond to concerns and complaints
- take corrective action when breaches occur
This is why Code compliance sits across recruitment, induction, supervision, and incident response.
Consequences of a breach
| Breach severity | Possible consequence |
|---|---|
| Lower-level concern | Education or corrective direction |
| Repeated or serious issue | Compliance action or notice |
| High-risk conduct | Banning order |
| Criminal conduct | Referral to police or other authorities |
The Commission's response depends on the facts, but providers should never treat Code complaints lightly.
Handling Code complaints internally
Providers should have a clear internal pathway for:
- receiving concerns
- triaging seriousness
- separating immediate risk from longer-term investigation
- documenting actions
- deciding whether external reporting is also needed
This is where Code compliance overlaps with incident, complaints, and workforce systems.
Code of Conduct vs Practice Standards
| Issue | Code of Conduct | Practice Standards |
|---|---|---|
| Applies to unregistered providers | Yes | No |
| Behaviour expectations | Yes | Indirectly |
| Audit framework | No | Yes |
| Registered-provider operational systems | Partial | Yes |
The Code is broader in reach. The Practice Standards are deeper for registered providers.
State and territory variations
The Code is national, but some linked systems such as worker screening and restrictive-practice interfaces involve state and territory arrangements.
Related guides
- What is an NDIS Provider? Registered vs Unregistered Explained
- NDIS Worker Screening Check - Complete Guide for Providers and Workers (2026)
- NDIS Incident Management - Reportable Incidents, Obligations and Procedures
Frequently asked questions
What is the NDIS Code of Conduct?
It is the conduct framework applying to all NDIS providers and workers.
Does it apply to unregistered providers?
Yes.
What happens if a worker breaches the Code?
The Commission can investigate and take enforcement action.
What are the seven Code obligations?
They cover rights, privacy, safe support, integrity, raising concerns, preventing abuse, and preventing sexual misconduct.