How To Become An NDIS Registered Provider: Legal Steps For Businesses

Becoming an NDIS registered provider lets you deliver much-needed supports to people with disability while building a sustainable, values-driven business. It’s a meaningful way to grow, but it also comes with strict quality and legal requirements you’ll need to meet from day one.

If you’re starting a new venture or expanding existing services into the NDIS, a clear plan and the right legal setup will save you time, money and stress. In this guide, we’ll walk through what registration really means, when you must register, the step-by-step process, the key laws that apply in Australia, and the core documents you’ll need to operate with confidence.

With the right preparation (and a little expert help), you can navigate NDIS registration smoothly and set your business up on solid ground.

What Is An NDIS Registered Provider?

An NDIS registered provider is a business or sole trader that has completed the NDIS Quality and Safeguards Commission’s registration process and met the NDIS Practice Standards for the supports they offer. Registration gives you access to participants whose funding is managed by the National Disability Insurance Agency (NDIA), and it often signals greater trust and credibility in the market.

Registration is not mandatory for every provider. Many supports can legally be delivered by unregistered providers to participants who self-manage or use plan managers. However, registration is required for some high-risk registration groups and for any provider delivering supports to NDIA-managed participants.

Once registered, you’ll be listed on the NDIS Provider Register, and you’ll need to maintain ongoing compliance with the Practice Standards, the Code of Conduct and other Australian laws that apply to your business.

Do You Need To Register With The NDIS?

Whether you must register depends on who you plan to support and which services you’ll provide.

When Registration Is Required

• Delivering supports to NDIA-managed participants: If a participant’s plan is agency-managed, providers must be registered to claim payments.
• Providing certain high-risk supports: Examples include Specialist Disability Accommodation (SDA), High Intensity Daily Personal Activities and some other higher-risk registration groups.
• Behaviour support and restrictive practices: Behaviour support providers and any implementing providers using regulated restrictive practices need appropriate registration and must follow strict authorisation requirements set by each state or territory.

When Registration Is Optional

• Serving self-managed or plan-managed participants for lower-risk supports: Many therapy, community access and daily living supports can be delivered by unregistered providers to these participants.
• Support categories like transport or support coordination (outside of agency-managed plans): These are often provided by unregistered providers to self-managed and plan-managed participants. If your clients are NDIA-managed, registration is needed.

If you’re unsure where your services sit, it’s worth getting tailored advice from an NDIS lawyer before you invest time in a registration pathway that doesn’t fit your model.

Step-By-Step: How To Become An NDIS Registered Provider

There’s a clear sequence to follow. Breaking it into steps makes the process manageable and keeps you audit-ready.

1) Choose Your Business Structure

Decide whether you’ll operate as a sole trader, partnership or company (Pty Ltd). This affects liability, tax and compliance obligations.

• Sole trader: Simple and low-cost to set up. You’ll use an ABN and be personally liable for debts and claims.
• Partnership: Two or more people share profits and responsibilities. A written partnership agreement is strongly recommended.
• Company: A separate legal entity with limited liability. This is common for providers aiming to scale. You’ll register with ASIC and usually adopt a Company Constitution.

If you’re planning multiple founders or investment, consider a Shareholders Agreement early to lock in roles, ownership and decision-making.

2) Secure Your ABN, Business Name And Insurance

Apply for or confirm your ABN, register your business name if needed, and arrange baseline insurance before you apply. Most providers carry public liability, professional indemnity and, if you have staff, workers compensation in line with state or territory law.

3) Map Your Supports And Registration Groups

List the support categories you will deliver and the NDIS registration groups that match them. Your registration scope drives the assessment you’ll undergo and the evidence you must provide.

At this stage, start preparing your core policies and procedures (complaints, incident management, risk, governance, privacy, worker screening and more). If you’d like a structured way to build your compliance, Sprintlaw’s NDIS service provider package can help you align your documents to the Practice Standards.

4) Submit Your Application To The NDIS Commission

Apply via the NDIS Commission’s provider portal. You’ll provide details about your business, your responsible persons (directors or owners), the supports you intend to deliver, your insurances and your policies.

The Commission will issue an assessment pathway-either verification or certification-based on your registration groups and risk profile.

5) Complete Your Independent Audit

All registration pathways involve an audit by an approved quality auditor-either verification or certification. Both are independent audits (verification is not limited to sole traders).

• Verification audit: Generally for lower-risk supports and often for sole practitioners and small providers. Auditors confirm you hold the right qualifications, insurances and baseline policies, and that you meet relevant Practice Standards.
• Certification audit: For higher-risk supports and larger or more complex organisations. Auditors assess your systems, interview staff and participants (where relevant) and review evidence against the core and any supplementary modules of the Practice Standards.

Your auditor prepares a report for the Commission. Address any non-conformities quickly-minor shortfalls can often be rectified with targeted updates to your documents or processes.

6) Assessment, Outcome And Registration

The NDIS Commission reviews your application, audit report and any additional information requested. If approved, you’ll receive a Certificate of Registration detailing your approved registration groups and conditions. You’ll then appear on the public register.

Keep a copy of your scope handy-your internal policies, staff training and service agreements should all match the supports you’re registered to deliver.

What Laws And Compliance Obligations Apply In Australia?

NDIS registration sits within a broader Australian legal framework. Even if you’re an experienced care provider, it’s important to make sure your general business compliance is covered.

NDIS Practice Standards And Code Of Conduct

The Practice Standards and Code of Conduct focus on participant rights, safety, governance, risk management, worker competence and continuous improvement. Your policies, training and record-keeping must reflect these requirements for the supports you deliver.

Employment Law And Workplace Safety

If you employ staff or engage contractors, you must comply with Fair Work obligations, minimum entitlements, workplace health and safety and accurate record-keeping. Put a compliant Employment Contract in place for each employee and use clear role descriptions and rosters that reflect award requirements where applicable.

When using contractors, ensure your Contractors Agreement clearly sets out scope, invoicing, IP and confidentiality so responsibilities are understood and disputes are reduced.

Australian Consumer Law (ACL)

The ACL applies to your advertising, pricing, service quality and complaints handling. Don’t make representations you can’t support, ensure your pricing is transparent, and use plain-English participant documents that avoid unfair terms.

Privacy And Data Protection

NDIS providers handle sensitive health information, so the Privacy Act and Australian Privacy Principles are critical. Publish and follow a compliant Privacy Policy, train staff on privacy practices, and only collect, use and store data that’s necessary for your services.

It’s also wise to prepare a Data Breach Response Plan so you can respond quickly to incidents and meet notification requirements where they apply.

Insurance

Hold (and maintain) appropriate cover for your operations-typically public liability, professional indemnity and workers compensation. The Commission can request evidence at assessment and during monitoring.

Governance And Fit And Proper Persons

Directors and managers must be suitable to run an NDIS business. Strong governance policies, conflict of interest management and clear responsibilities help demonstrate that your organisation is well led and risk-aware.

Essential Legal Documents For NDIS Providers

Your contracts and policies are central to registration, audit success and day-to-day risk management. The exact suite depends on your services and size, but most providers should consider the following.

• NDIS Service Agreement: Sets out scope of supports, fees, scheduling, cancellations, variations, participant responsibilities and termination. Make sure your NDIS Service Agreement aligns with the Price Guides and your registration scope.
• Privacy Policy: Explains how you collect, use, store and disclose personal and sensitive information, including access and correction rights and complaints pathways. Link this to your consent forms and onboarding processes using a clear Privacy Policy.
• Complaints And Incident Management Policies: Required under the Practice Standards. Outline reporting timeframes, responsibilities and escalation steps for reportable incidents.
• Risk And Governance Policies: Include risk registers, continuous improvement, conflict of interest and worker screening procedures.
• Employment Contract: Covers duties, hours, classification/award, confidentiality, IP and termination. Use a tailored Employment Contract for each role level.
• Contractors Agreement: Defines scope, service standards, insurance, safety obligations and confidentiality for contractors. A clear Contractors Agreement helps ensure you maintain quality and compliance across your workforce.
• Workplace Policies: Code of conduct, bullying and harassment, safety, leave and grievance procedures-often consolidated in a staff handbook and reinforced at induction and refresher training.
• Information Security And Data Breach Processes: Even small providers benefit from an internal protocol for secure storage, access controls, MFA and a tested Data Breach Response Plan.

Most providers also add service-specific forms (e.g. transport policies, medication administration procedures, behaviour support protocols) as required by their registration groups.

If you’d like a guided bundle aligned with your scope and size, our team can set up the right mix via our NDIS service provider package.

Alternatives, Ongoing Compliance And Staying Registered

Not every NDIS business starts from scratch. And once you’re registered, you’ll have ongoing obligations to keep your status current.

Buying An Existing NDIS Provider

Purchasing a registered provider can speed up market entry, but it requires careful due diligence. Review the sale agreement, check that the registration scope fits your intended services, confirm staff entitlements and verify the quality of existing compliance systems and records. If the business relies on contractors or allied health professionals, examine each Contractors Agreement and insurance status closely.

Operating As An Unregistered Provider

If your clients are self-managed or plan-managed and your supports are lower risk, you may choose to remain unregistered and still operate lawfully. You’ll still need strong contracts, privacy compliance and appropriate insurance, and you won’t be able to serve NDIA-managed participants. Many businesses start this way, then register later to expand their services and client base.

Your Ongoing Responsibilities

• Maintain policies, training and records that match your current registration groups and any updated Practice Standards.
• Renew and monitor insurances, worker screening clearances and professional registrations.
• Notify the Commission about material business changes (e.g. responsible persons, structure, locations, serious incidents).
• Participate in scheduled audits and respond promptly to any non-conformities.
• Monitor pricing compliance and keep participant documents up to date (including your NDIS Service Agreement).

If you hit a complex issue-such as expanding to new registration groups, implementing restrictive practices or managing a reportable incident-speaking with an NDIS lawyer early can help you navigate it with confidence.

Key Takeaways

• Registration is mandatory if you support NDIA-managed participants or deliver certain higher-risk registration groups; otherwise, many supports can be provided unregistered to self-managed and plan-managed participants.
• The pathway involves choosing a structure, preparing core policies, lodging your application and completing an independent audit-verification or certification depending on your risk and scope.
• Australian laws apply alongside the NDIS Standards, including employment law, the Australian Consumer Law and privacy law-use a clear Privacy Policy, fair contracts and robust governance.
• Core documents include an aligned NDIS Service Agreement, complaints and incident policies, Employment Contracts and a strong Contractors Agreement.
• Ongoing compliance is essential: maintain training, worker screening, insurances and records, and be ready for re-registration audits.
• You can start unregistered for certain supports, buy an existing provider or go straight to registration-whichever route you choose, getting your legal foundations right will set you up for success.

If you would like a consultation on starting your NDIS provider business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.