What Is a Code of Practice in Australia?

When you’re running a business in Australia, you’ll hear terms like “Act”, “Regulation”, “Standard” and “Code of Practice”. Knowing which ones you must follow (and how) can feel confusing when you’re focused on serving customers and growing your team.

Codes of Practice are designed to translate broad legal duties into clear, practical steps you can take day to day. In many industries, they’re the bridge between “what the law says” and “what you actually do at work”.

In this guide, we explain what a Code of Practice is in Australia, how codes sit alongside legislation and standards, when they’re enforceable, and how to implement them in a way that fits your business. We’ll also outline common codes you might encounter and the documents that make compliance easier.

What Is a Code of Practice?

A Code of Practice is a practical guide that sets out accepted ways to meet specific legal duties in a defined area (for example, work health and safety). Think of a code as the “how-to” for complying with a particular law or obligation.

Typically, codes are issued or approved by regulators (such as state and territory work health and safety regulators) and explain recommended steps, processes and examples. They’re presented in plain English, so you can see what good practice looks like and apply it to your operations.

Key points to understand about Codes of Practice in Australia:

• They translate legal duties into practical measures, checklists and examples you can implement.
• Some codes are formally approved under legislation (for example, many Work Health and Safety codes) and can be relied on by regulators and courts as evidence of what is “reasonably practicable”.
• For approved guidance codes (like WHS codes), following the code is not the only way to comply - you can choose another approach if it achieves an equal or better level of safety or compliance.
• Separate from guidance codes, some sectors have mandatory industry codes made by law (for example, the Franchising Code of Conduct). These are binding legal instruments - you must comply with them and you cannot substitute your own approach.

This distinction matters. Ignoring an approved guidance code can expose you to legal risk because it’s a widely accepted benchmark. But breaching a mandated industry code is a breach of the law itself.

How Do Codes of Practice Fit With Acts, Regulations and Standards?

Australia’s legal framework works in layers. At the top are Acts of Parliament. Regulations sit under Acts and provide detail. Codes of Practice sit beneath those to show practical ways of meeting your duties. Standards may be referenced by Acts, regulations or codes and can be highly technical.

Acts and Regulations: Your Binding Legal Obligations

Acts and regulations set the rules you must follow - for example, obligations to provide a safe workplace “so far as is reasonably practicable” under work health and safety laws, to avoid misleading or deceptive conduct under Australian Consumer Law (ACL), or to protect personal information under the Privacy Act.

If you have employees, that duty sits alongside your broader duty of care as an employer to take reasonable steps to keep people safe.

Codes of Practice: Practical Guidance (and Sometimes More)

Codes show recognised ways to meet the duties set by Acts and regulations. Approved WHS codes, for instance, cover topics such as managing risks, manual tasks, hazardous chemicals and consultation with workers. If you follow a relevant WHS code, you’re more likely to demonstrate that you’ve taken reasonably practicable steps to manage risks.

However, following a code is not a guarantee that you’ve fully complied with the law. Regulators and courts will consider your overall risk management - the code is a strong reference point, but the test is still whether you met the legal duty in your specific circumstances.

Standards and Guidance Materials

Sometimes a code refers to Australian Standards or regulator guidance. Standards can be very technical and, in some instances, are incorporated into law by reference. If a code points you to a standard, check whether it’s advisory or mandatory in your context.

Mandatory Industry Codes vs Guidance Codes

It’s important to distinguish between:

• Approved guidance codes (e.g. many WHS Codes of Practice): These explain recognised ways to comply. You can use alternative measures if they achieve an equal or better outcome.
• Mandated industry codes made by law (e.g. the Franchising Code of Conduct under the Competition and Consumer Regulations): These are binding legal obligations. You must comply with the code itself - alternatives don’t replace legal requirements.

In short: guidance codes are influential and often the easiest way to show you’ve met your duties. Mandated industry codes are part of the law and must be followed.

Do You Have to Comply With a Code of Practice?

It depends on the type of code and the law that underpins it.

Approved WHS Codes (Guidance With Legal Status)

Approved WHS codes have legal status - regulators and courts can use them as evidence of what is reasonably practicable. You don’t have to follow them word-for-word if you achieve an equivalent or better level of safety, but if you ignore a relevant code without an equally effective alternative, you’ll face difficult questions in an audit or investigation.

Mandated Industry Codes (Binding Law)

Mandatory industry codes made by regulation (for example, franchising) are binding. There’s no “equivalent alternative” to compliance - they operate like any other enforceable rule. Breaches can lead to penalties, infringement notices and court orders.

Voluntary Industry Codes (Good Practice Benchmarks)

Many industries adopt voluntary codes (such as advertising standards). These aren’t laws, but they can be a membership requirement and are often treated by regulators and the courts as evidence of good practice. Breaching a voluntary code can harm your brand and customer trust, even if it doesn’t immediately trigger legal penalties.

In practice, aligning with relevant codes is smart risk management. It also streamlines training and internal communication because you can point your team to a clear, accepted benchmark for “how we do things here”.

Common Codes of Practice Businesses Encounter

You won’t deal with every code - it depends on your industry, activities and size. These are some of the most common areas where codes show up for small and medium businesses in Australia.

Work Health and Safety (WHS)

Every state and territory has WHS Codes of Practice. Topics include managing risks, consultation with workers, hazardous chemicals, noise, plant and equipment, and manual tasks.

Codes help you implement practical controls like risk assessments, safe work procedures and worker training, which ties back to your wider employer duty of care.

Consumer Protection, Marketing and Advertising

Advertising and marketing often intersect with industry codes (including rules for alcohol, health claims or advertising to children) and the ACL’s general prohibitions on misleading conduct. Keeping your promotions in line with accepted codes supports your obligations under Section 18 of the Australian Consumer Law.

If you run email campaigns or SMS marketing, ensure your practices also align with email marketing laws on consent and unsubscribes.

Privacy, Data and Digital

As data use grows, businesses increasingly rely on frameworks and best-practice guidance that complement privacy law. Your approach should align with your written Privacy Policy and cover how you collect, use, store and destroy personal information. If you retain data for longer periods, check that your practices reflect relevant data retention laws and any sector guidelines.

Industry-Specific Codes

Some sectors, such as franchising, financial services, not-for-profits, health, building and construction, and transport, have specific codes or guidelines. If you’re expanding or moving into a regulated sector, factor code compliance into your planning early.

How Do You Implement a Code of Practice in Your Business?

You don’t need to reinvent the wheel. Implementing a code is about mapping the code’s requirements to your risks and processes, then making it real for your team.

1) Confirm Which Codes Apply

• List the laws that apply to your activities (WHS, ACL, Privacy Act, and any industry-specific rules).
• Identify the relevant codes (approved WHS codes, mandatory industry codes, and any voluntary codes you choose to adopt).
• Prioritise by risk - focus first on areas that could cause serious harm, consumer risk or regulatory scrutiny.

2) Gap-Check Your Current Practices

• Compare your existing processes against code recommendations.
• Record gaps in risk assessments, training, incident response, record-keeping and controls.
• Decide where you’ll follow the code exactly versus where you’ll use different measures that achieve the same or better outcomes (document your rationale).

3) Update Policies, Procedures and Contracts

• Develop or refresh internal policies and procedures to bring the code to life - for example, a WHS procedure, incident reporting, and risk management steps. A tailored Workplace Policy suite is a practical way to roll this out across your team.
• Make sure customer-facing documents support your compliance approach, such as your Terms of Trade and Website Terms and Conditions.
• Align your data and marketing practices with your written Privacy Policy and any relevant marketing or privacy code you follow.

4) Train Your Team

• Run short, role-based training that explains how the code applies in daily tasks.
• Keep it bite-sized and recurring - a quick refresher after policy changes works better than one long session a year.

5) Monitor, Record and Improve

• Keep simple evidence: risk assessments, induction logs, toolbox talks, incident reports and supplier checks. These show you’re following the code and help you spot patterns.
• Review regularly (for example, quarterly) and whenever things change - new products, new sites, new systems or a growth spurt.

6) Prepare for Incidents and Complaints

• Set a clear escalation path for safety incidents, privacy breaches or consumer complaints.
• Nominate who can contact regulators, insurers or affected customers and keep a short checklist for those situations.

What Legal Documents Support Code Compliance?

Codes are far easier to follow when your documents match your practices. The exact list depends on your industry, but most Australian businesses benefit from the following.

• Workplace Policy (with WHS procedures): Sets expectations for safety, conduct, risk assessments, consultation and reporting. A tailored Workplace Policy helps embed code requirements in everyday work.
• Privacy Policy: Explains how you collect, use and protect personal information. Ensures your privacy practices and any data-related codes are aligned - keep your Privacy Policy accurate and up to date.
• Website Terms and Conditions: Sets rules for using your site or app and supports compliance with consumer and marketing standards. See Website Terms and Conditions.
• Terms of Trade or Customer Contract: Clear terms around pricing, delivery, refunds and warranties support ACL compliance and any relevant industry codes. Tailored Terms of Trade reduce disputes.
• Training and Induction Materials: Not a contract, but essential to demonstrate you’ve implemented the code in daily operations.
• Incident Response Checklists: Short playbooks for safety incidents, privacy breaches or product issues help you respond consistently under pressure.

Depending on your sector, you may also need supplier agreements, distribution terms, franchise documents, or specialist procedures (for example, hazardous chemicals). Whatever you put in place, aim for a single “source of truth” so your team knows exactly how you comply.

Practical Tips to Make Codes Work for Your Business

• Keep it proportionate: Adapt code guidance to your risks and scale. A small team benefits from clear, one-page procedures more than a sprawling manual.
• Tailor, don’t copy-paste: Generic policies that don’t reflect your tools, premises or workflows can backfire. Tailor your procedures and customer-facing terms to your real-world operations.
• Connect to core laws: Cross-check code requirements against key obligations like misleading conduct rules in Section 18, email marketing laws, WHS duties and privacy requirements.
• Mind your data lifecycle: If a code touches on records or logs, align your retention and disposal practices with relevant data retention laws.
• Show your work: Regulators value evidence. Keep concise records of risk assessments, training, consultation and follow-ups.
• Review on change: New sites, systems or product lines are triggers to revisit how you align with codes and update your documents.

Key Takeaways

• A Code of Practice is a practical guide that helps you meet legal duties; some are approved guidance (like WHS codes), while others are mandated industry codes that are binding law.
• Approved guidance codes are influential and often the easiest way to show you’ve taken reasonably practicable steps, but you can use alternative measures if they achieve an equal or better outcome.
• Mandated industry codes (such as franchising) are legal requirements - there’s no substitute for compliance with the code itself.
• Implement codes by mapping them to your risks, closing gaps, updating policies and contracts, training your team and keeping simple evidence.
• Documents like a tailored Workplace Policy, Privacy Policy, Website Terms and Conditions and Terms of Trade make compliance practical and consistent.
• Keep your approach proportionate, documented and regularly reviewed so you can show how you comply in an audit or investigation.

If you’d like a consultation on Codes of Practice and how to implement them in your Australian business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.