Registered provider obligations
NDIS provider compliance hub
Registered NDIS providers must meet the NDIS Practice Standards, comply with the NDIS Code of Conduct, notify reportable incidents, screen their workers, and pass a quality audit set by the risk of their services. Here's the full map — plus the reforms reshaping registration.
The NDIS Quality and Safeguards Commission registers and regulates NDIS providers. To become — and stay — a registered provider you must be registered for each registration group you deliver, meet the NDIS Practice Standards, comply with the NDIS Code of Conduct, operate incident management (including notifying reportable incidents to the Commission), run a complaints system, and complete NDIS Worker Screening Checks for workers in risk-assessed roles.
The Practice Standards are modular. Every provider meets the Core module (rights and responsibilities; governance and operational management; provision of supports; support environment). Supplementary modules are added by the services you deliver — High Intensity Daily Personal Activities, Specialist Behaviour Support, Implementing Behaviour Support Plans (regulated restrictive practices), Early Childhood Supports, Specialist Disability Accommodation (SDA) and Specialist Support Coordination. Your audit pathway is risk-based: lower-risk services take the lighter verification audit; higher-risk services take a full certification audit against the Core plus every applicable supplementary module.
Reforms are in progress. The NDIS Review recommended a new graduated registration model with provider risk tiers, and the Commission and the Department are progressively implementing it — so registration categories and audit requirements may change. Use the tools and obligations below to scope your current requirements, and confirm the live model with the Commission.
Free tools
Key obligations
Comply with NDIS Practice Standards
Registered NDIS providers must meet the NDIS Practice Standards for their registration groups.
Verify NDIS worker screening clearance
Registered providers must only engage workers in risk-assessed roles with a current NDIS Worker Screening clearance.
Report serious NDIS incidents to the NDIS Commission
Death, serious injury, abuse, neglect, unauthorised restrictive practices, and sexual misconduct must be notified.
Develop + authorise Behaviour Support Plans for restrictive practices
Use of restrictive practices in NDIS supports requires a comprehensive Behaviour Support Plan.
Comply with NDIS quality auditor cycle for registered providers
Registered NDIS providers must pass NDIS Quality auditor cycle (verification + certification audits).
Comply with NDIS Pricing Arrangements + Price Limits
NDIS providers must claim within NDIA-published price limits + arrangements.
Regulators
FAQ
Who has to be a registered NDIS provider?
You must be registered by the NDIS Commission to deliver Specialist Disability Accommodation, to use regulated restrictive practices, to develop behaviour support plans, and to provide supports to NDIA-managed or plan-managed participants who require a registered provider. Registration is per registration group / service type — you register for each type of support you deliver.
What are the NDIS Practice Standards?
The quality benchmarks a registered provider must meet. Every provider meets the Core module (rights and responsibilities; governance and operational management; provision of supports; support environment). Supplementary modules apply based on your services, including High Intensity Daily Personal Activities, Specialist Behaviour Support, Implementing Behaviour Support Plans, Early Childhood Supports, SDA and Specialist Support Coordination.
What's the difference between a verification and a certification audit?
Verification is the lighter, desktop-style audit for lower-risk services (such as plan management, support coordination and community participation) — the auditor checks a defined evidence set. Certification is the full quality audit for higher-risk services (such as personal care, high intensity supports, SDA and behaviour support) — the auditor assesses conformity against the Core module and every applicable supplementary module, at initial registration and again at mid-term, on a three-year cycle.
What is the NDIS Code of Conduct?
A set of enforceable standards of behaviour for NDIS providers and workers — covering respect for rights, acting with integrity, delivering safe and competent supports, and preventing and responding to violence, abuse, neglect, exploitation and sexual misconduct. It applies to registered and unregistered providers alike, and the Commission can take action against workers as well as providers.
When do I have to notify a reportable incident?
Registered providers must notify the NDIS Commission of reportable incidents — including death, serious injury, abuse or neglect, unlawful sexual or physical contact, sexual misconduct, and the unauthorised use of a restrictive practice — that occur in connection with the supports they deliver. Serious incidents must be notified within 24 hours, with a follow-up report, and other reportable incidents within five business days. You must also have an incident management system that records and manages all incidents.
Which workers need an NDIS Worker Screening Check?
Workers in risk-assessed roles — broadly, roles involving more than incidental contact with participants, or roles with the power to make decisions affecting participants. Registered providers must identify risk-assessed roles, ensure workers hold a clearance, and keep a worker screening record. A clearance is issued through the participating state or territory worker screening unit.
What are the behaviour support and restrictive practices rules?
If your supports involve regulated restrictive practices you must meet additional rules: behaviour support plans must be developed by an NDIS behaviour support practitioner and lodged with the Commission, each regulated restrictive practice must be authorised under the relevant state or territory framework, and providers must report monthly on the use of regulated restrictive practices. Unauthorised use of a restrictive practice is a reportable incident.
Is NDIS registration changing?
Yes. The NDIS Review recommended a new graduated registration model with provider risk tiers, and the NDIS Commission and the Department are progressively implementing reforms. Registration categories, provider risk tiers and audit requirements may change — so confirm the current model and your specific registration groups directly with the NDIS Commission before you plan your audit.
Free assessment
What compliance applies to my business?
2-minute structured check → personalised list of obligations.
AI advisor (waitlist)
Ask any compliance question
Coming Phase 2 — grounded answers with citations.