Codes Of Practice In Australia: Why They Matter

If you run a business in Australia, you’ll hear “codes of practice” come up in conversations about safety, privacy, advertising and workplace behaviour.

They can feel a bit abstract. Are they laws? Are they guidelines? And what actually happens if you don’t follow them?

In this guide, we’ll unpack what codes of practice are, how they work alongside Australian laws, which ones are most relevant to small businesses, and how to use them to stay compliant, manage risk and build trust with your customers and team.

What Is A Code Of Practice?

A code of practice is a practical guide that explains how to meet your legal duties in a specific area. It translates legal obligations into day-to-day steps, with examples, procedures and checklists you can implement in your operations.

You’ll generally see three types in Australia:

• Work health and safety (WHS) codes and compliance codes: Model WHS codes are developed by Safe Work Australia and adopted (with variations) by most states and territories. Victoria has a separate OHS regime with WorkSafe Victoria’s approved Compliance Codes. These guides cover topics like risk management, hazardous chemicals, manual tasks and incident notification.
• Industry codes (mandatory or voluntary): Some codes are made under legislation (for example, the Franchising Code of Conduct) and are mandatory. Others are voluntary standards developed by industry bodies (such as advertising standards) that reflect what “good practice” looks like.
• Internal codes and policies: Your business may implement its own codes of conduct and policies (for example, bullying and harassment, consultation, incident reporting) to put legal duties into action day-to-day.

The idea is simple: laws set duties, and codes show recognised ways to meet them in practice.

How Do Codes Of Practice Work With Australian Laws?

Codes sit alongside Acts and Regulations. The law sets the duty (what you must achieve). A code shows one accepted way to achieve that duty (how you can meet it).

A few important points to keep in mind:

• Codes are not usually legislation themselves. Most codes don’t carry the force of law on their own. However, they’re commonly admissible in evidence in investigations or court proceedings. Regulators and courts can compare what you did to what a relevant code recommends.
• Following a code is strong evidence of compliance, not a guarantee. If you follow an approved code (or compliance code in Victoria), that’s persuasive evidence you’ve met what’s reasonably practicable. If you choose a different approach, you need to show it delivers an equivalent or better standard of health, safety or compliance.
• Some codes are mandatory. Where a code is prescribed by legislation for your industry or activity, compliance isn’t optional.
• There are jurisdictional differences. Most jurisdictions have adopted the model WHS framework and codes, often with local variations. Victoria operates under the Occupational Health and Safety Act 2004 (Vic) and WorkSafe Victoria’s Compliance Codes, which play a similar “how-to” role under a different legislative scheme.

For example, WHS/OHS laws require you to identify hazards, assess risks and implement controls. The relevant code or compliance code provides accepted methods for doing that in common scenarios. If an incident occurs, investigators will typically review your risk assessments, procedures and training records and compare them with the guidance in the applicable code.

Which Codes Of Practice Affect Small Businesses?

Even if you’re a small team, codes touch many parts of your operations. These are the areas most businesses should consider.

WHS/OHS Codes And Compliance Codes

Every business has safety duties. Depending on your jurisdiction, model WHS codes or Victorian Compliance Codes provide practical guidance on topics such as:

• Managing risks and consulting with workers
• Manual tasks and ergonomics
• Hazardous chemicals, asbestos and noise
• Workplace facilities, first aid and incident notification

Regulators expect you to identify the codes relevant to your activities and implement appropriate controls. In practice, your internal Workplace Policy suite is where these controls live day-to-day.

Consumer Law And Advertising Standards

If you sell goods or services, the Australian Consumer Law (ACL) applies. Misleading or deceptive conduct is prohibited under section 18 of the ACL. Industry codes and guidelines (including advertising standards) help translate these rules into practical “do’s and don’ts” for marketing claims, testimonials, pricing and promotions.

For email and SMS campaigns, the Spam Act 2003 sets rules around consent, sender identification and functional unsubscribe. Alongside those rules, it’s important that your promotions also comply with broader email marketing laws and the ACL’s requirements for truthful representations.

Privacy And Data Handling

Many businesses collect personal information through websites, bookings and CRMs. The Privacy Act sets the legal framework, and guidance from the privacy regulator and industry bodies explains good practice for data minimisation, security and retention.

Externally, a clear Privacy Policy explains what you collect, why and how you use it. Internally, procedures and staff training help you apply those rules consistently. It’s also worth understanding any sector-specific cybersecurity expectations and your obligations under data retention laws.

Industry-Specific Codes

Depending on your sector, you may face additional mandatory or voluntary codes. Common examples include franchising, financial services, telecommunications, healthcare and alcohol marketing. Even where participation is voluntary, these codes often reflect what a diligent operator is expected to do.

Workplace Behaviour And Governance

Codes and guidance around bullying, harassment and psychosocial risks help businesses meet WHS/OHS duties and Fair Work expectations. Employment agreements should link to your policies and set clear expectations for conduct, complaints and discipline - your Employment Contract is a good place to make that connection.

Some companies are also required to have a whistleblower policy (for example, public companies and most large proprietary companies). Even when not mandatory, a documented Whistleblower Policy supports a speak-up culture and early issue detection.

Do I Have To Comply With Codes Of Practice?

You must comply with the law, and codes are often the accepted benchmark for how to do that.

If a code is mandatory for your industry or activity, you must comply. If a code is not mandatory, you can choose an alternative approach, but it needs to deliver an equivalent or better level of safety or compliance. If something goes wrong, regulators will often assess your actions against the code as the benchmark for what’s reasonable.

In practice, we recommend implementing the relevant code (or carefully documenting why your alternative meets or exceeds the same standard). Codes also save time - they offer tried-and-tested templates for controls, training and records.

Practical Steps To Use Codes Of Practice In Your Business

Here’s a simple, repeatable way to put codes into practice.

1) Identify The Codes That Apply

• Start with WHS/OHS topics relevant to your activities (for example, manual tasks, hazardous chemicals, first aid, consultation).
• List industry codes or guidelines for your sector, product category or marketing channels.
• Note privacy and data guidance if you collect personal information or run email/SMS campaigns.

2) Map Codes To Your Risks And Processes

• For each code, highlight the recommended controls, training and records.
• Compare them to your current practices and identify gaps.
• Decide whether you’ll follow the code as written or adopt an equivalent alternative - and record your reasoning.

3) Update Policies, Training And Contracts

• Translate requirements into practical procedures inside your Workplace Policy suite (for example, risk assessments, consultation, incident reporting, privacy, marketing approvals).
• Make sure each Employment Contract links staff obligations to your policies and codes of conduct.
• Schedule onboarding and refresher training that’s tailored to roles and risks.

4) Keep The Right Records

• Maintain risk assessments, consultation notes, training logs, incident reports and review outcomes in line with your records plan and any applicable data retention laws.
• For marketing and consumer law, keep substantiation for claims, approvals, disclaimers and unsubscribe logs to show compliance with the ACL and the Spam Act.

5) Review Regularly

• Codes evolve. Set a review calendar (for example, annually, or after an incident or major change).
• Consult workers on what’s working, update your policies and training, and capture changes in your document control.

What Legal Documents Help Put Codes Into Action?

Codes work best when your contracts and policies embed them into daily operations. These documents form a strong foundation for most Australian businesses.

• Privacy Policy: Explains what personal information you collect, why and how you store, use and disclose it. A clear, compliant Privacy Policy is essential if you collect customer or employee data.
• Workplace Policies: Centralise WHS/OHS procedures, bullying and harassment, consultation, incident reporting and grievance processes in a single Workplace Policy suite.
• Employment Contracts: Set expectations and link to your policies, codes of conduct, confidentiality and IP obligations in each Employment Contract.
• Marketing And Communications Procedures: Internal guidelines for advertising claims, pricing, competitions, testimonials and email/SMS campaigns that align with the ACL (including section 18) and your obligations under email marketing laws.
• Incident And Complaints Procedures: Practical steps for safety incidents, near misses, privacy breaches and consumer complaints, with escalation paths and record-keeping requirements.
• Whistleblower Policy: Mandatory for many corporate entities (such as public companies and most large proprietary companies). A documented Whistleblower Policy also promotes a healthy speak-up culture.

These documents make it easier to demonstrate that you have systems to meet your legal duties and follow accepted codes of practice.

Common Pitfalls (And How To Avoid Them)

Most compliance gaps come from good intentions but weak systems. Here are pitfalls we often see - and how to avoid them.

• “Set and forget” policies: Codes and expectations change. Review your policies regularly and retrain staff after updates or incidents.
• Unclear ownership: Nominate who signs off on safety controls, privacy issues and marketing approvals so nothing falls through the cracks.
• Missing records: If it isn’t recorded, it’s hard to prove. Keep simple, consistent records for training, incidents, approvals and reviews.
• Informal ad claims: Social posts and stories count as advertising. Build a quick sign-off process that checks claims against the ACL.
• Over-collecting data: Only collect what you need and secure it appropriately. Align day-to-day practices with your Privacy Policy and security protocols.
• Assuming national uniformity: Remember that WHS/OHS frameworks differ between jurisdictions. Check whether a model WHS code, a state variation or a Victorian Compliance Code applies to your workplace.

Key Takeaways

• Codes of practice turn legal duties into practical steps you can follow in your business.
• Following a relevant code is strong evidence you’ve met your obligations, but it’s not a guarantee; alternative approaches must deliver an equivalent or better standard.
• There are jurisdictional differences - most states and territories use model WHS codes (with local variations), while Victoria uses separate Compliance Codes under its OHS regime.
• Small businesses are most affected by codes relating to WHS/OHS, consumer law and advertising (including the Spam Act), privacy and data handling, and sector-specific standards.
• Map codes to your risks, embed them in policies and contracts, train your team, keep records and review regularly to stay compliant.
• Core documents like your Privacy Policy, Workplace Policies and Employment Contracts help operationalise codes and demonstrate compliance.

If you’d like a consultation on applying codes of practice to your Australian business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.