Ultimate Guide to NDIS Provider Compliance and Registration Renewal 2025

Why Ongoing Compliance Matters

Staying compliant with NDIS requirements is crucial for your business survival and competitiveness. All NDIS providers must operate according to Australian laws and NDIS rules, including the NDIS Act, Rules, and Code of Conduct. With over 22,000 registered providers as of mid 2025, maintaining compliance helps you stand out in a competitive marketplace while avoiding sanctions, fines or de-registration.

The NDIS Commission actively refuses or revokes registrations for businesses that don’t meet the necessary standards to uphold participant trust in the scheme. In the October-December 2024 quarter alone, the Commission refused over 1,200 registration applications that didn’t meet standards, demonstrating that renewals are taken as seriously as initial registrations.

Maintaining compliance isn’t just about ticking boxes; it supports quality service delivery. Participants deserve supports from providers who consistently meet NDIS Practice Standards and the Code of Conduct. Strong compliance demonstrates your commitment to safe, quality services and helps you avoid costly disruptions from enforcement actions.

Non-compliance, even if unintentional, can range from minor breaches to serious issues like fraud. If left unchecked, small issues can accumulate into major risks. The NDIS Quality and Safeguards Commission monitors providers and will enforce corrective actions for breaches. Providers found non-compliant may be required to undergo additional audits, have conditions placed on their registration, or face civil penalties.

A culture of compliance also drives continuous improvement. Providers committed to meeting standards tend to have better organisational processes, training and participant outcomes. This strengthens your reputation in the sector and often leads to more efficient operations and improved client satisfaction.

Staying compliant and audit-ready at all times is both a protective measure and a quality strategy for any NDIS provider determined to thrive in the Australian disability services sector. This article will step you through the NDIS Registration Renewal process, and outline what providers can do to be audit-ready at all times.

NDIS Registration Renewal: The Essentials

NDIS provider registrations are valid for three years. Existing providers should begin their registration renewal processes within the 6 months before their expiry date. If you initiate renewal before expiry, your current registration remains valid until the NDIS Commission makes their determination on your registration renewal application.

Missing your renewal deadline is risky business. If your registration lapses, you will need to start the registration application process again, and will be required to operate as an unregistered provider. You will no longer be able to support any agency managed participants, which means you cannot claim NDIA payments or present yourself as a registered provider while lapsed, which could significantly disrupt your business operations and income and will significantly disadvantage any agency managed participants you were previously supporting.

The Renewal Process

The renewal process follows similar steps to initial registration:

1. Complete your Renewal Application in the NDIS Commission's Registered Providers Portal: The Commission typically sends a reminder email around six months before expiry, but don't rely solely on this. Track your registration dates independently to ensure you don't miss critical deadlines.
   On your renewal application, you can update organisational details like key personnel or outlets, and modify your scope of registration by adding or removing registration groups. Keep in mind that changing your scope could affect the type or depth of audit required – for example, adding higher-risk services might move you from a verification to a certification audit.
2. Self-Assessment: Complete a self-assessment against applicable NDIS Practice Standards and answer suitability questions. This is similar to the initial assessment you did when first registering. Be honest and thorough – the self-assessment will guide the auditor on what to examine during the audit and will inform the NDIS Commission that you are suitable for renewal.
3. Supporting Documentation: Provide updated evidence and documents including policies, procedures and proof of qualifications that reflect current practice and any new standards. Ensure all documents are up-to-date and align with any new or updated NDIS Practice Standards introduced since your last audit.
4. Engage an Approved Quality Auditor (AQA): Once your application is submitted, the Commission will issue a Renewal Scope of Audit document. Provide this to an AQA of your choice to obtain a quote and schedule your audit. You’re not obliged to use the same auditor you used previously – feel free to choose any approved quality auditor from the Commission’s list. For lower-risk services, a desktop audit may be conducted as part of the audit process.
5. Undergo the Audit: The auditor will conduct a renewal audit (re-certification or re-verification) to assess your compliance with NDIS Practice Standards for your registration groups. The audit will rate your performance against each required standard.
6. NDIS Commission Review: The Commission reviews your application, audit findings and compliance history (including complaints and reportable incidents) before deciding whether to renew your registration for another 3-year period.
7. Outcome: If successful, you’ll receive a new certificate of registration with a new expiry date. The Commission may impose specific conditions if needed. If you submitted your renewal on time, your prior registration remains active during this whole period, preventing service interruption.

If your registration lapses (either by missing renewal or by being deregistered), you’ll need to submit a fresh application and undergo a full audit again to regain registration. The portal will still allow you to apply using your existing ABN, but the process will be more time-consuming and costly than a timely renewal. Be prepared to provide further information as requested by the NDIS Commission to assist in the final decision-making process.

Practical Tip: Create a compliance calendar that includes your registration expiry date and back-dates all the tasks you need to complete beforehand (policy updates, engaging an auditor, etc.). Starting the renewal process six months out gives you ample time to book an auditor and fix any issues before your expiry date. Treat registration renewal as a major project every three years and plan for it well in advance.

Being Audit-Ready: What to Expect

As an existing provider, you may encounter several types of audits:

• Renewal Audits (Re-certification or Re-verification): Occur every three years for registration renewal. A re-certification audit applies if you’re registered for higher-risk services, whereas a re-verification audit applies if you only provide lower-risk supports. Both confirm you meet all relevant standards for another registration period. Auditors will not only check that you meet standards on paper but also examine how effectively your services have been implemented over time. NDIS auditors play a crucial role in this process, employing specific guidelines and sampling methods to assess compliance.
• Mid-Term Audits: Required at 18 months into your 3-year cycle if you underwent a certification audit for complex supports. This smaller-scale audit focuses on key governance and management standards and any areas where you previously needed a corrective action plan. Mid-term audits don’t apply to providers who only needed verification, or specific cases like sole traders providing Early Childhood supports, or those providers only registered for SDA.
• Special or “Out-of-Cycle” Audits: The Commission may impose a condition audit if there are concerns about your service (such as complaints), previous minor non-conformities that need checking, or if you initially had a provisional audit. You can also request an audit to expand your scope mid-registration. While not common, the Commission has the power to audit providers to ensure ongoing compliance.

To ensure a successful audit, it is essential to maintain thorough compliance and record-keeping practices. Utilising appropriate software and seeking guidance can help providers be audit-ready, meeting the necessary standards for a seamless audit process.

What Happens During an Audit?

Most audits begin with a document review (Stage 1), where auditors examine your policies, procedures, and other documents to ensure your system meets the requirements of the NDIS Practice Standards and Quality Indicators. For verification audits (small scope providers), this document review will cover the entire audit.

For certification audits, this is followed by an on-site assessment (Stage 2), typically within 3 months of Stage 1. During this visit, auditors verify how you implement your system in practice through observations, file reviews and interviews with staff and participants. This will include an in-depth review of staff records, incident logs, feedback/complaints register, service agreements, support plans, risk assessments. Site visits are an integral part of the stage 2 audit, ensuring compliance through direct assessment of your service delivery environment.

Once the audit is completed, the AQA will submit their audit recommendation to the NDIS Commission for their review and determination. The NDIS Commission will then inform you of their determination. Current wait times for approval of initial registration and renewal have significantly reduced over the previous 12 months, so this process should occur relatively quickly.

Audit Findings and Ratings

Each area of the Practice Standards will receive a rating:

• 3: Conformity with elements of best practice
• 2: Conformity (fully meets requirements)
• 1: Minor non-conformity
• 0: Major non-conformity

The audit report will detail these ratings and their implications. AQA's are not able to make a recommendation for your registration if there is a Major Non-Conformance. It is not uncommon to have a few minor non-conformities (1’s) – these represent areas that require improvement that may create risk, but not severe enough to halt your registration. Minor non-conformities require a corrective action plan with resolution to occur within 18 months, but you can still pass the audit pending those corrections.

A major non-conformity (0) is more serious – it means a standard is not met in a way that poses high risk or indicates a significant failure. If you receive any 0 ratings, you will be given up to 3 months to address the issue, the auditor must then verify the corrective action to close/downgrade the Major Non-Conformance. The AQA is not able to submit their audit recommendation to the NDIS Commission, until all Major Non-Conformances have been resolved.

Being audited is a crucial process as it ensures compliance with NDIS Practice Standards and quality and safety standards.

Common Audit Focus Areas

Auditors particularly examine:

• Governance and operational management (effective management systems, internal audits, insurance, financial management)
• Risk management practices
• Incident management and reportable incidents
• Complaints handling
• Participants rights, choice and control (including service agreements, support plans and consent processes)
• Worker screening and qualifications
• Specific service delivery processes (like medication management)

Auditors also focus on NDIS supports, especially for providers offering higher risk or complex supports, ensuring that certification audits are thorough and comprehensive.

Restrictive practices (if used) receive significant focus – auditors will check that any use is properly authorised under relevant state/territory laws and reported to the Commission. They will also review worker training in restrictive practices and specific participant behaviour support plans.

Audit Logistics

Plan for the audit like an important event. Arrange a quiet space for auditors to work when on-site. Ensure all requested documents are organised and easily accessible. Inform your staff about the audit schedule so they’re prepared to answer questions. Let participants know in advance that an audit is happening and they might be invited to participate. Additionally, some audits, such as desktop audits and verification audits, can be conducted off-site, which is particularly relevant for lower risk Registrations Groups.

Clear your schedule or have key managers available throughout the audit. Auditors are generally collaborative – they will communicate findings to you and often provide a closing meeting to summarise results. Use this opportunity to ask questions and clarify any findings.

Remember that NDIS audits are meant to be a learning and quality improvement opportunity, not just an inspection. Many providers find value in the auditor’s feedback, which can highlight areas for enhancement. Being “audit-ready” at all times through good record-keeping and internal reviews will make the formal audit process much smoother.

Common Audit Pitfalls and How to Avoid Them

Even well-prepared providers encounter pitfalls during audits. Here are common issues and how to address them:

Documentation

One of the most common issues in NDIS audits is incomplete documentation. Missing or inconsistent records—such as unsigned service agreements, absent progress notes, or incomplete incident reports—can result in non-conformities. Auditors rely on clear, accurate, and complete documentation to verify that providers are meeting the NDIS Practice Standards. Poor record-keeping not only jeopardises audit outcomes but also compromises participant safety, service continuity, and organisational accountability.

Incomplete documentation can be avoided through a combination of clear documentation procedures, staff training, and regular internal reviews. Or implementation of electronic systems of a CRM.

Incomplete Risk Management

Many providers lack a comprehensive risk register or simply don't maintain their existing register. According to the NDIS Practice Standards, providers must identify, analyse, prioritise, and treat risks across the organisation – covering participants, workers, incident management, complaints management and resolution, financial management, governance and operational management, human resource management, information management, work health and safety, emergency and disaster management, prevention and control of infection and outbreaks.

Providers delivering lower complexity supports often find the verification audit process more straightforward, as they are typically already meeting certain professional regulatory standards. This makes the verification audit a simpler desktop review rather than a more intensive certification process.

To avoid non-conformity, maintain an up-to-date risk register documenting all identified risks and mitigation strategies. Review it regularly and whenever a new risk emerges, such as a pandemic or a new high-needs participant requiring special care.

Lack of Internal Audits

Another common pitfall is not having a system of internal audit or self-review. The NDIS Practice Standards explicitly require a “documented program of internal audits” appropriate to the size and complexity of the provider. This means periodically checking your own compliance, such as reviewing a sample of participant files for completeness or auditing medication administration records. For providers delivering higher risk and more complex supports, it is crucial to undergo thorough internal audits to ensure compliance and quality of service.

Set up an internal audit schedule (at least annually, or more frequently for critical processes) and maintain records of these audits and follow-up actions. Even for very small operations, you can conduct a simple self-audit using a checklist or have a peer or external consultant do it. The key is to show a cycle of continuous monitoring and improvement. Internal audits should also consider the specific requirements of NDIS registration groups to ensure that all aspects of compliance are thoroughly assessed and maintained.

Insufficient Evidence of Worker Screening

Auditors commonly find gaps in worker files. Every worker in risk-assessed roles must have a current NDIS Worker Screening Check clearance, and if working with children, a current Working With Children check as required by state law.

A common mistake is failing to keep copies or evidence of these clearances, or letting them expire. Similarly, required qualifications or training should be on file. Maintain a worker compliance register tracking each worker’s screening check number and expiry date, WWWC clearance, professional registrations, and mandatory training completion dates. Auditors will sample worker files to verify these, so ensure everything is up to date.

Outdated or Generic Policies

Some providers use template policies that aren’t tailored to their operations, or fail to update policies to reflect changes. Auditors can tell if your incident management policy references old legislation or isn’t actually implemented in practice.

Ensure your documents are specific to your organisation and reflect current NDIS rules. By now, your policies should incorporate newer requirements like the Emergency and Disaster Management Standard (effective January 2022). Regularly review and modify policies (at least annually) and maintain version control. If your policies are verbatim copies of purchased templates and staff are unaware of their contents, this can result in a non-conformance finding.

Incident Management and Reporting Gaps

The NDIS Commission places heavy emphasis on incident management. Common pitfalls include failing to notify the Commission of reportable incidents within required timeframes, not conducting investigations or follow-up on incidents, or not analysing incidents for systemic improvements.

Develop a clear incident management system and train workers on it. Ensure that any incident meeting the reportable incident criteria (serious injury, abuse allegations, death, etc.) is reported to the Commission within the specified timeframe. Maintain internal records of all incidents and actions taken. Auditors will review your incident register and may ask staff to describe how they would handle various incident scenarios.

Upholding Participant Rights, Choice and Control

A common gap identified by auditors is the lack of clear evidence demonstrating participant-centred care—particularly around how participants are informed, involved, and respected in decision-making. This includes failures to show that service agreements were explained in accessible formats, that informed consent was obtained for the use of media or implementation of restrictive practices, or that participants’ voices were meaningfully considered in support planning.

Under the NDIS, participants have the right to be actively involved in all aspects of their support—ensuring that services are tailored to their individual goals, preferences, and needs. Providers must go beyond compliance and genuinely embed participant choice and control in everyday practice.

To meet these requirements, it’s essential to actively engage participants in support planning, regularly seek their input, and clearly document the process. This includes maintaining evidence such as signed consent forms, notes from planning meetings, accessible service agreements, and outcomes from feedback surveys. Respecting and promoting participant rights is not only best practice—it is a core expectation under the NDIS Practice Standards.

Addressing Previous Audit Findings

If you’ve been through an audit before, it’s critical to resolve any issues before your next audit. Auditors will review the history of your last audit, and there are requirements for auditors to assess any standard that previously required a corrective action plan. Additionally, ensure you meet all registration requirements, addressing any gaps identified in previous audits.

For each non-conformity from your last audit, implement the corrective action plan by the deadline (typically 3 months for majors, and before the next audit for minors). Document what you did – for example, if the auditor found your privacy policy insufficient, note when you updated the policy and trained staff on it.

Maintain a continuous improvement log tracking issues identified from audits, complaints, or incidents and their resolution. This shows auditors you take findings seriously and systematically improve. Verify that fixes are working – if a previous audit noted staff weren’t aware of the Code of Conduct and you conducted training, check that staff now understand the Code of Conduct.

Make it a goal that any issue found once will not be a finding again. Repeat non-conformities are viewed negatively. Before your next audit, specifically double-check areas flagged previously to ensure compliance.

Benefits of Second-Party Compliance Reviews

Engaging an independent expert to review your operations before an official audit can provide significant benefits:

• Fresh Eyes: An external reviewer can spot issues that internal staff might overlook due to familiarity or bias. They bring an objective lens similar to an actual NDIS auditor. For example, you might think your incident logs are fine, but a third party might notice missing details or concerning trends.
• Expert Knowledge: Compliance professionals stay updated with the latest requirements and common audit findings across many providers. Their expertise ensures you’re interpreting standards correctly, including current interpretations auditors use. This is especially valuable when standards evolve, such as new modules on emergency preparedness or mealtime management.
• Finding Blind Spots: External reviews reveal “unknown” gaps – areas you might not realise are non-compliant. Perhaps your team is focused on participant outcomes but hasn’t kept up with administrative requirements like worker screening renewals or proper record-keeping for complaints. These blind spots often lead to audit non-conformities because providers didn’t think to check them.
• Practice for the Real Audit: A mock audit helps staff become accustomed to answering questions and presenting evidence, and any nervousness can be worked through. You can treat it as a “fire drill” for the real thing, so when actual auditors arrive, everyone is more confident.
• Building a Continuous Improvement Culture: Regular third-party reviews reinforce that compliance and quality are ongoing priorities, not just something to scramble for every time there is an audit. This aligns with the NDIS Practice Standards’ expectation that providers have systems for continuous improvement and regular internal audits.
• Avoiding Costly Failures: Identifying compliance issues early saves money and hassle. For instance, discovering missing documents in worker files is a quick fix if caught early, but if an NDIS auditor finds it, you might incur extra audit costs for a follow-up or face temporary suspension. Think of third-party reviews as preventive maintenance on your compliance “engine.”

When conducting a second-party review, ensure the reviewer provides a report or action list of findings. Treat those findings like audit results: make a plan to address each item. This is a chance to fix things in a low-stakes environment.

For small providers with budget concerns, consider a peer review arrangement (swap audits with another provider in your network) or utilise resources from industry bodies. The key is getting someone with compliance expertise to critically examine your operations.

Don’t wait for the auditor to reveal your weaknesses. Being audit-ready should be embedded into the everyday operations of your organisation. Proactively identifying gaps through regular, independent compliance reviews allows providers to uncover blind spots before they become non-conformities. This not only leads to stronger audit outcomes but also reflects a genuine commitment to continuous improvement, as required under the Quality Management indicator of the NDIS Practice Standards.

Staying prepared also means maintaining an up-to-date and well-documented system that reflects current legislative requirements and operational practices. By consistently aligning policies, procedures, and records with evolving NDIS Commission guidance, providers not only reduce risk but also build trust with auditors, participants, and regulators. A proactive, informed, and well-maintained compliance framework is key to long-term sustainability and quality service delivery in the NDIS environment.

Keeping Up with Evolving NDIS Requirements

The NDIS environment continually evolves, and providers must stay updated with changes to remain compliant.

Changes in NDIS Practice Standards

The Commission periodically introduces new standards or updates existing ones. For example, in late 2021, three new Practice Standards were introduced:

• Emergency and Disaster Management (effective January 2022) – requiring providers to incorporate emergency planning into their processes
• Mealtime Management for providers supporting participants with swallowing difficulties
• Severe Dysphagia practice standards for those delivering high-intensity daily personal activities

The NDIS Commission is currently drafting new Practice Standards for Supported Independent Living (SIL) providers, to ensure SIL supports are participant-centred, focused on human rights, respectful, understanding of privacy concerns, and delivered by workers who have the right training. 

If you don't have processes in place for monitoring updates to the NDIS Practice Standards, you might inadvertently risk non-compliance. Watch for announcements of updated Practice Standards or modules – the Commission usually releases fact sheets or guidance when new standards come into force or are being developed.

Legislative and Rule Changes

The NDIS Act and Rules may be updated to strengthen quality and safeguards. Recent years have seen amendments aimed at improving quality and safeguards.

The Commission periodically updates its Compliance and Enforcement priorities. For 2024-25, these include a focus on quality of supports in regional/remote areas and better regulation of supported accommodation. Such priorities signal areas you should pay extra attention to, especially if you operate in those spaces. The NDIS Commission has recently announced that Supported Independent Living (SIL)Practice Standards are currently being drafted for SIL providers.

Additionally, broader reforms – such as recommendations from the 2023 NDIS Review – could lead to future changes in provider responsibilities, including mandatory registration and new Practice Standards.

To remain compliant in an evolving regulatory landscape, it is essential that providers actively monitor updates from the NDIS Commission. Staying informed of legislative changes, new practice standards, and compliance expectations ensures providers can adapt their systems and practices accordingly—reducing risk, maintaining registration, and continuing to deliver safe, high-quality supports to participants.

NDIA Operational Updates

Although the NDIS Commission handles registration and compliance, the NDIA issues updates regarding funding and service delivery. Pricing updates occur annually and sometimes more frequently – providers must keep up to date with the latest NDIS Pricing Arrangements and Price Limits to ensure billing aligns with current rules.

NDIA operational updates may also include changes related to NDIS registration groups, which are crucial for the supports that you provide to participants.

There may also be new NDIA operational guidelines or initiatives that indirectly affect how you operate. Ensure someone in your team monitors the NDIA to maintain compliance and service quality.

State/Territory Specific Requirements

Some requirements vary by state or territory and can evolve over time. For example, NDIS Worker Screening processes were harmonised nationally in 2021, but you are still required to follow any state-specific Working With Children Check laws in addition to the NDIS Check.

Another area is obtaining restrictive practice authorisation: each jurisdiction maintains its own process and legislation. If those laws change, you must comply with the new process.

Additionally, some states have introduced broad Child Safety Standards (e.g., Victoria’s Child Safe Standards) that apply to organisations serving children – ensure you meet these alongside NDIS child safe requirements.

How to Stay Updated

Adopt a multi-pronged approach:

1. Subscribe to Official Newsletters: Both the NDIS Commission and NDIA offer newsletters or email alerts. The Commission provides “Newsletters and alerts” for providers, and the NDIA has a regular e-newsletter. Ensure these updates are read and shared within your organisation.
2. Monitor Websites: Regularly check the Commission’s “News and Events” section for announcements. Set a schedule (e.g., monthly) to browse for new announcements or policy changes.
3. Join Industry Associations: Engage with peak bodies like National Disability Services (NDS) that digest and share changes in simpler terms and may host webinars or information sessions. Even LinkedIn groups or forums for NDIS providers can provide useful information (though always verify from official sources).
4. Complete Available Training: The Commission offers free online training modules for workers and providers. When new modules are released, complete them and encourage your staff to do so.
5. Schedule Regular Policy Reviews: Set a policy that all procedures and documents are reviewed at least annually against current NDIS requirements. Use the NDIS Legislation, Rules and Policies page as a reference to ensure you have the latest versions.

Unregistered providers should also stay updated with these resources to ensure they meet compliance requirements and maintain service quality, and for those unregistered providers delivering support coordination, supported independent living and platform providers, it is critical to ensure your systems are ready and compliant for upcoming mandatory registration.

In a rapidly evolving space like the NDIS, complacency is not an option. Providers who don’t stay up to date with changes , or neglect existing systems, are at risk of non-compliance, placing both their registration and participants at risk. This not only undermines the intent of the Scheme but also compromises the safety and quality of supports delivered to participants. Providers who remain proactive, informed, and adaptable are better positioned to meet evolving requirements, maintain trust with regulators, and continue delivering high-quality, participant-centred services.

References

NDIS Provider Compliance Responsibilities - NDIS website (2024)

Glanville, L. (NDIS Quality and Safeguards Commissioner). “NDIS Commission cuts registration waiting times.” NDIS Commission News (Feb 2025)

NDIS Quality and Safeguards Commission - “Renew Your Registration” (Web Page, 2024)

NDIS Quality and Safeguards Commission - “The Quality Audit Process” (2024)

Walter Tran. “NDIS Audit Outcomes: How you can prevent 3 common non-conformities.” LinkedIn Article (2021)

NDIS Quality and Safeguards Commission - “New NDIS Practice Standards and Quality Indicators” (Fact Sheet, Nov 2021)

NDIS Quality and Safeguards Commission - “Apply for Registration: Using Consultants or Purchased Policies” (2024)

NDIS Commission & National Disability Services - “NDIS Regulatory Burden Consultation Insights Report” (July 2023)

NDIA - “Provider Compliance (Improving integrity and preventing fraud)” (2024)

Government of Western Australia - “Differences between NDIS Worker Screening Check and Working with Children Check” (2023)

National Disability Services - “Factsheet: Audit reports” (2023)

NDIS Quality and Safeguards Commission - “NDIS Code of Conduct: Ensuring Compliance for All Providers” (2024)