Codes Of Practice In Australia: What Businesses Need To Know

“Codes of practice” pop up in many industries in Australia - from work health and safety to franchising, retail, privacy and beyond.

If you’re running a small business, understanding how codes of practice work (and how they interact with laws and your own internal policies) is a smart way to stay compliant, manage risk and build trust with your customers and staff.

In this guide, we’ll break down what a code of practice is, when it’s legally relevant, how to comply in day-to-day operations, and what to put in your contracts and policies so your business is covered.

What Is A Code Of Practice?

A code of practice is a practical guide that sets out minimum expectations for how businesses should meet their legal obligations in a particular area.

Some codes are developed by regulators (for example, model Work Health and Safety (WHS) codes), while others are industry-developed or mandated by the government (like certain industry codes under the Competition and Consumer Act).

Think of a code of practice as a “how-to” for complying with the law. It turns broad legal duties into practical standards you can implement - procedures, training, systems and records.

How Codes Differ From Laws And Standards

• Laws: Set the legal duties (e.g. keep workers safe, don’t mislead consumers). Breaching a law can lead to penalties.
• Codes of Practice: Explain how to meet those duties in practical terms. They are often admissible in court or tribunal proceedings as evidence of what is reasonably practicable.
• Standards (e.g. Australian Standards): Technical benchmarks that may be referenced by laws or codes. Adopting a relevant standard is often a good way to demonstrate compliance.

Are Codes Of Practice Legally Enforceable?

It depends on the code and how it’s been adopted.

For WHS in most Australian jurisdictions, approved codes of practice don’t create new legal duties, but they’re powerful. Regulators and courts use them to assess whether you’ve done what’s “reasonably practicable” to manage risks. If you follow a WHS code (or an equivalent method that achieves the same or a better outcome), you’re on the right track.

Some industry codes are mandatory, meaning compliance is legally required. A clear example is the Franchising Code of Conduct under the Competition and Consumer Act - if you operate a franchise, that code is binding.

There are also voluntary codes (often run by industry bodies). While you’re not legally bound to join, once you sign up you’re expected to comply. Breaches can still have consequences - think regulator scrutiny, complaints, reputational damage and potential consumer law risks if your conduct misleads the public about your compliance.

Codes And The Australian Consumer Law (ACL)

Even if a code is not strictly “law”, ignoring it can trigger issues under the Australian Consumer Law. For instance, claiming compliance with an industry code and then failing to meet it can amount to misleading or deceptive conduct under section 18 ACL. Similarly, statements in your advertising or on your website about quality, safety or accreditation must be accurate to avoid risks under section 29 ACL.

Which Codes Might Apply To Small Businesses?

The codes relevant to you depend on your industry, where you operate and how you sell your products or services. Common examples include:

Work Health And Safety (WHS) Codes

Model WHS codes cover hazard management, risk assessment, manual tasks, facilities, first aid, consultation and more. If you employ staff or contractors, regulators expect you to apply these practical measures to keep people safe at work.

Industry-Specific Codes

• Franchising: The Franchising Code of Conduct is mandatory for franchisors and franchisees. It governs disclosure, good faith, dispute resolution and certain contract terms.
• Retail and Services: Codes may address refunds, repairs, advertising, product safety or complaints handling, often aligning with ACL requirements. Your pricing and promotions should be consistent with advertised price laws and general consumer guarantees.
• Privacy and Marketing: While the Privacy Act has its own rules, many sectors adopt privacy or data handling “codes” or guidelines (e.g. for notifiable data breaches, direct marketing, consent). If you send newsletters or promotions, make sure practices align with email marketing laws and your published Privacy Policy.

Digital Platforms And Online Marketplaces

Platforms sometimes set codes or policies that businesses must follow to sell online (content standards, refund processes, review handling). These may sit alongside legal duties under the ACL and privacy law. Treat platform requirements as binding terms of use for your store.

How Do I Comply With A Code Of Practice In Day-To-Day Operations?

Whether a code is mandatory or best practice, the goal is the same: turn the code’s guidance into practical systems that people actually use. A simple approach is to embed the code into your “business-as-usual”.

1) Identify The Codes That Apply

• List your activities (e.g. warehouse operations, retail sales, online marketing, franchising, finance functions).
• Map each activity to relevant codes or guidelines (WHS, industry, platform, privacy, consumer law).
• Note whether a code is mandatory or voluntary, and what “must”, “should” and “could” look like in practice.

2) Set Clear Internal Policies And Procedures

Translate the code into steps your team can follow: checklists, training, approval workflows and forms. For employment-related conduct, house these rules in a central Workplace Policy or staff handbook so expectations are clear.

3) Align Your Contracts

• Staff: Use a tailored Employment Contract that supports your policies (confidentiality, safety, conduct, device use, training requirements).
• Customers: Ensure your customer terms or website terms reflect the code’s promises (refunds, safety information, complaints handling). If you give “warranties against defects”, have a compliant policy and wording.
• Suppliers and Partners: Build code requirements into your supply, service or franchise agreements (standards, audits, reporting, rectification, termination rights for non-compliance).

4) Train, Supervise And Resource Your Team

Codes of practice expect more than a policy sitting on a shelf. Provide role-specific training, toolbox talks, and refresher sessions. Appoint champions or supervisors to monitor critical processes (e.g. safety checks, privacy requests, pricing updates).

5) Keep Good Records

If a regulator calls, records prove what you did and when - risk assessments, induction logs, incident registers, customer complaint files, pricing approvals, data breach logs and audit results. It’s also sensible to align records with your obligations under data retention laws and privacy requirements.

6) Monitor, Audit And Improve

Schedule periodic checks to test whether your processes still meet the code and the underlying law. Fix gaps quickly and document the changes. Continuous improvement is often expressly required in WHS contexts and is good governance everywhere else.

How Codes Interact With Other Laws, Policies And Contracts

Codes don’t exist in a vacuum. The safest approach is to make sure your legal documents and operational practices all pull in the same direction.

Consumer Law And Marketing

Any code-based claims in your ads or website (like “code compliant”, “safety assured”, “accredited”) must be accurate and substantiated to avoid issues under the ACL. Take extra care with comparative statements, testimonials and promotional pricing to stay clear of misleading conduct under sections like 29 ACL and general prohibitions on misleading conduct.

Privacy And Data

If the code touches data (for example, how to handle complaints, consent or security), reflect this in your Privacy Policy and internal data handling procedures. Make sure marketing tools, email platforms and consent capture align with email marketing laws.

Employment And WHS

Codes often expect specific WHS controls (PPE, risk assessments, supervision) and behaviour standards. Your Workplace Policy, site rules and training materials should reflect those expectations, and your Employment Contract should support enforcement where needed.

Franchising And Supplier Networks

If a code is mandatory (like the Franchising Code), your franchise, distribution or supplier contracts need to be consistent with the code’s disclosure, conduct and dispute processes. Build in clear obligations, audit rights and remedies if standards are not met.

Common Mistakes (And How To Avoid Them)

“We Have A Policy, So We’re Covered”

Having a written policy is only step one. Regulators expect real implementation - training, supervision, resources and evidence. Treat your policy as a living document supported by day-to-day practices.

Copy-Paste Policies That Don’t Fit Your Operations

Generic templates rarely match a specific code or your risk profile. Tailor your internal rules and contracts to your actual workflows, risk levels and equipment - especially for WHS.

Making Big Marketing Claims Without Proof

Bold claims like “100% compliant” or “industry-leading” can invite scrutiny. Make sure your statements can be substantiated to avoid ACL risks around misleading conduct under section 18 and related provisions.

Forgetting Pricing And Promotions

Even if your product meets a code, pricing and discounts must be accurate, current and clearly presented to comply with advertised price laws. Maintain sign-off processes and records for all customer-facing offers.

One-Off Training With No Refreshers

Staff change roles, processes evolve and risks shift. Schedule periodic refreshers and update your materials whenever codes or laws change.

Step-By-Step: Embedding A Code Of Practice In Your Business

Step 1: Do A Gap Analysis

Compare the code’s requirements to your current processes. Mark each item as “met”, “partly met” or “not met” and prioritise fixes by risk level.

Step 2: Update Your Documents

• Policies: Update or create WHS, privacy, complaints and marketing policies that reflect the code’s expectations.
• Contracts: Align customer terms, supplier agreements and staff documentation so you can enforce standards when needed.
• Public Statements: Adjust website, product pages and ads to ensure claims match what you actually do (and can prove).

Step 3: Roll Out Training And Tools

Provide role-based training, quick-reference guides and templates (checklists, forms, induction packs). Make it easy for people to do the right thing.

Step 4: Set Up Oversight

Appoint responsible persons, set KPIs for compliance tasks and schedule internal audits. Capture incidents and complaints, and act quickly on lessons learned.

Step 5: Keep It Current

Codes and laws evolve. Put someone in charge of monitoring regulatory updates and reviewing your policies and contracts at least annually.

Key Takeaways

• Codes of practice turn legal duties into practical steps - they’re not always “law”, but regulators use them to judge whether your business has done what’s reasonably practicable.
• Work out which codes apply to your operations (WHS, industry, privacy, franchising) and embed them into policies, training, contracts and day-to-day processes.
• Back up your internal rules with the right documents - a clear Workplace Policy, tailored Employment Contract, customer terms and a compliant Privacy Policy.
• Be careful with marketing and pricing claims - accuracy matters under the ACL, including rules on misleading conduct and advertised pricing.
• Keep good records, audit regularly and update your materials when codes or laws change - continuous improvement is part of compliance.
• Getting early legal input can help you turn a code’s guidance into clear, workable documents and systems that protect your business.

If you’d like a consultation about applying codes of practice to your Australian business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.