What is the regulatory landscape for NDIS providers?
An evolving regulator
The National Disability Insurance Scheme Quality and Safeguards Commission (Commission) is now in its seventh year of operation. Since its establishment in 2018, it has matured in its operations and priorities. The Commission is now a regulator with an appetite to take tough regulatory action against providers, commencing enforcement proceedings and seeking substantial penalties.
The Commission’s development has been shaped by several reviews and inquiries, each of which has identified areas for development. Those areas have included compliance and enforcement, funding, and staffing and resourcing.
In the past two federal budgets, the government provided increased funding to the Commission to ensure it is a modern, fit-for-purpose regulator.
The government has also implemented a significant legislative reform agenda to ensure the longevity and integrity of the National Disability Insurance Scheme (NDIS). As part of that reform agenda, the government is expected to introduce proposed reforms that include new statutory duties for providers and their key personnel, a new and increased penalties framework and new criminal offence provisions. The Commission will be instrumental in enforcing these laws.
Record civil penalties
In 2024-2025, the Commission has demonstrated its preparedness to take tough action against providers who have fallen short of the standards required of them and to prosecute workers who have allegedly breached banning orders. The Commission has obtained several record penalties.
-
Provider ordered to pay $1.9 million
The Federal Court ordered a provider to pay a pecuniary penalty of approximately $1.9 million in relation to the death of an NDIS participant and two other participants who were put at serious risk of harm.
-
Civil penalty proceedings
The Commission commenced civil penalty proceedings in the Federal Court against two individuals alleged to have breached banning orders. These are the first proceedings of their kind.
-
Provider ordered to pay $2.2 million
The Federal Court ordered a provider to pay $2.2 million in relation to the death of an NDIS participant.
-
Provider ordered to pay $2.5 million
The Federal Court ordered a provider to pay $2 million for failing to keep participants and workers safe and $500,000 for failing to notify the Commission of reportable incidents within the required timeframes. This is the highest civil penalty ever obtained by the Commission.
Enhanced data gathering
The Commission is tasked with several functions, including to secure compliance with the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act) and associated Rules through effective compliance and enforcement arrangements. The Commission’s powers are broad and enable it to gather information from a range of sources to oversee provider compliance and, where potential non-compliance is identified, to investigate it.
The Commission gathers information in a range of ways including from reportable incident notifications, complaints and data sharing between other Commonwealth or state and territory government departments or agencies.
In relation to the latter, in the 2024-2025 federal budget, the government provided $160 million over four years and $24.6 million per year ongoing to upgrade the Commission’s IT systems, to better protect the safety of NDIS participants, to reduce regulatory burden on providers, and to improve cyber security. The IT system upgrade forms part of the Data and Regulatory Transformation (DART) Program, which will improve the Commission’s capabilities and enable it to:
Escalate and action significant matters of concern raised through a complaint or incident.
Use data intelligence to focus its regulatory activities.
Improve its capacity to regulate and contribute to the sustainability and integrity of the NDIS.
Key regulatory priorities
The Commission’s key regulatory priorities for 2025-2026 are:
The reduction and elimination of regulated restrictive practices.
Strengthened oversight and regulation of unregistered NDIS providers and sole traders.
Provider obligations to support participants to proactively identify and manage high-risk health concerns.
Provider obligations to support, train and monitor appropriately skilled and capable workers.
What’s next
Over the next 12 months, the Commission is expected to undertake a range of actions to achieve its key regulatory priorities, and those actions are likely to include provider education and continuing increased enforcement action.
For less serious non-compliance, warnings and corrective action requests will continue to be issued.
However, the Commission is expected to continue to take stronger enforcement action against providers who it believes have failed to provide safe services to people with disability, including civil penalty proceedings.
Providers should ensure they are prepared to respond appropriately to any regulatory inquiries or action, noting that Commission investigations can and often do carry significant legal and commercial risks.
What you should do now
Ensure all key personnel are aware of the Commission’s regulatory priorities for 2025-2026.
Ensure all staff are aware of relevant NDIS Practice Standards and the requirements under the NDIS Code of Conduct.
Review work systems and practices and ensure all staff are qualified, have completed all required training and can deliver supports and services safely and competently, and to the requisite standards. Any identified gaps should be addressed as a priority.
Review incident management systems to ensure they comply with the requirements under the NDIS Act and Rules and take appropriate steps to ensure compliance.
Review and, if necessary, establish clear processes and procedures for responding to incidents. Ensure all relevant personnel receive necessary training.
Read our NDIS in focus series: