The NDIS Code of Conduct in practice

The NDIS Code of Conduct is the behavioural baseline for everyone who delivers National Disability Insurance Scheme supports. It is short, plainly worded, and it applies whether a provider is registered or not. For workers it sets out how to treat the people they support. For providers it sets out a duty to build a culture where those standards actually hold. This guide walks through what the Code asks for in practice, how the NDIS Quality and Safeguards Commission responds when it is not met, and how that connects to screening and onboarding.

What the Code is, and who it covers

The Code sits in the National Disability Insurance Scheme (Code of Conduct) Rules 2018. It applies to all NDIS providers and to the people they employ or otherwise engage to deliver supports, regardless of whether the provider is registered with the Commission. That breadth matters: a sole trader supporting one participant under self-managed funding is covered, just as a large registered organisation is.

Compliance with the Code is a civil penalty provision. In plain terms, breaching it is not just a matter of internal policy. It can attract regulatory action from the Commission and, in serious cases, court-imposed penalties.

The elements of the Code

The Code sets out a small number of obligations that everyone delivering NDIS supports must meet. According to the NDIS Commission, people who work in the NDIS must:

• Act with respect for individual rights to freedom of expression, self-determination, and decision-making.
• Respect the privacy of people with disability.
• Provide supports and services in a safe and competent manner, with care and skill.
• Act with integrity, honesty, and transparency.
• Promptly raise and act on concerns about matters that might affect the quality and safety of supports.
• Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect and abuse of, people with disability.

Workers who belong to a professional body with its own code, such as nurses, psychologists or allied health practitioners, are expected to meet that professional code as well as the NDIS Code. There is also a rule preventing providers from charging NDIS participants higher prices for the same goods without a reasonable justification, known as price differentiation.

What the Code means day to day for workers

For a support worker, the Code is less about memorising clauses and more about how each shift runs. A few practical translations:

• Self-determination over convenience. If a participant wants to do a task their own way, or change their mind about an activity, that choice comes first. The Code frames support around the person's decisions, not the worker's routine.
• Privacy is active, not passive. Discussing a participant's circumstances with family, friends or other clients without consent is a breach, even if it feels casual. So is leaving notes or screens visible.
• Stay inside your competence. Providing support "with care and skill" means recognising the edge of your training. If a task needs clinical skill you do not have, the safe and compliant move is to escalate, not to improvise.
• Speak up early. The duty to raise concerns is one of the strongest parts of the Code. Noticing a risk and saying nothing can itself be a breach. That includes concerns about a colleague.

New workers usually meet the Code first through the NDIS Worker Orientation Module, the Commission's free online course that introduces these expectations before someone starts on the floor.

What the Code means for providers

Providers carry the Code at a second level. They must meet it themselves, and they must take reasonable steps so their workers meet it too. In practice that means:

• Making the Code part of induction, not a form signed once and filed.
• Having a complaints process that participants and workers can actually use, and acting on what comes through it.
• Keeping records that show conduct issues were identified and addressed.
• Checking the people they engage, including subcontractors and labour hire, against the same standard. The Code does not stop at the edge of your own payroll. For more on that, see subcontractor and labour hire screening obligations.

How breaches are handled

Anyone can raise a concern with the NDIS Commission: a participant, a family member, a worker, or a member of the public. The Commission then chooses a response proportionate to the conduct. Its compliance and enforcement toolkit runs from educative responses through to formal action, including:

• Compliance notices directing a provider or worker to do, or stop doing, something.
• Enforceable undertakings, which are binding commitments to change conduct.
• Civil penalties sought through the Federal Court for serious breaches.
• Suspension or revocation of a provider's registration.
• Banning orders, the most serious tool, covered below.

The Commission has signalled that it will pursue court action where banning orders are breached, so these are not symbolic measures.

Banning orders and the public register

A banning order is an administrative tool that prohibits or restricts a person or provider, either permanently or for a set period, from working in or being involved in the NDIS market. The Commission describes it as its most serious compliance tool, reserved for the most serious cases of poor conduct.

When the Commission takes formal enforcement action against a provider or worker, it is recorded in the public compliance and enforcement register. The register lets you search for current and past banning orders, compliance notices, enforceable undertakings, and registration suspensions or revocations. This is a government source you can verify directly: a banning order on the register is an authoritative fact, not a claim, which is why employers are expected to check it before engaging someone.

Checking the banning register sits alongside other care sector ban registers that providers should screen against. It is current-state information: a search tells you a person's status when you run it, so providers re-check rather than rely on a one-off result.

Where this fits in onboarding

For someone entering the sector, the Code is one of the first things to understand, alongside qualifications and screening. Our guide on how to become a disability support worker sets out the wider starting checklist. For providers, the Code is a standing obligation that should be visible across induction, supervision and record-keeping, not a one-time tick.

How Koora fits

Koora gives each care worker a Career Passport: a portable, reviewed record of the credentials they carry, including their NDIS Worker Screening Clearance and orientation evidence. For providers, Koora pre-clears that evidence and surfaces a current compliance status, then screens against published government ban registers, including the NDIS Commission's, with results verified at source. The legal duty to sight evidence, respond to conduct concerns and uphold the Code stays with the provider. Koora reduces the manual chasing so that duty is easier to meet, not lighter. You can connect Koora to your existing tools via API and webhooks, with direct integrations built on demand.