NDIS Amendment (Integrity and Safeguarding) Bill 2025: What Every Provider Needs to Know Right Now

On 31 March 2026, the Australian Parliament passed the National Disability Insurance Scheme Amendment (Integrity and Safeguarding) Bill 2025. This is the second major tranche of legislative reform to the NDIS since the scheme began — and it carries significant consequences for every registered provider in Australia, as well as anyone considering NDIS registration for the first time.

This is not a future concern. These changes are law. And if you are an NDIS provider, you need to understand exactly what has changed and what you need to do about it.

WHAT THE BILL IS AND WHY IT WAS INTRODUCED

The Integrity and Safeguarding Bill was introduced in response to well-documented fraud, exploitation, and non-compliance within the NDIS. The ANAO had previously estimated that 6–10% of claims outlays could be non-compliant, fraudulent, or incorrect, on a scheme that paid $41.85 billion in claims in 2023–24, representing billions of dollars in potential leakage. The Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability identified systemic failures that demanded legislative action.

The bill is designed to give the NDIS Quality and Safeguards Commission (the Commission) stronger tools to take action against providers, auditors, consultants, and other participants in the scheme who exploit participants or undermine the scheme's integrity.

TOUGHER PENALTIES — WHAT HAS CHANGED

The penalty regime has changed substantially, and every NDIS provider needs to understand the new exposure.

Criminal offences for unregistered provision. Delivering NDIS supports that require registration without being registered is now a criminal offence carrying a maximum penalty of 5 years imprisonment. This applies to providers operating outside their registered scope as well as those delivering regulated supports entirely unregistered. If your registration has lapsed, or if you have expanded your services into support types not covered by your current registration, this is a direct and immediate risk.

Criminal offences for banning order breaches. Failure to comply with a banning order is now a criminal offence with a maximum penalty of 5 years imprisonment. Previously, this was a civil matter. The criminal threshold signals a fundamental shift in how seriously Parliament is treating non-compliance.

Dramatically increased civil penalties. Civil fines for serious code-of-conduct breaches that result in death or serious injury have increased from $412,500 to over $15 million. This is not a marginal increase, it is a 35-fold uplift. Providers whose quality and safety systems are weak, whose incident management is poor, or whose governance frameworks are inadequate are now operating in a genuinely high-stakes environment.

NEW ENFORCEMENT POWERS — WHAT THE COMMISSION CAN NOW DO

The bill significantly expands what the Commission can do and who it can act against.

Anti-promotion orders. The Commission can now restrict providers from advertising or marketing supports in ways that undermine the scheme's integrity or mislead participants. This includes misleading claims about what the NDIS funds, predatory SDA marketing, and any promotion that exploits participants' vulnerability. Providers should review their marketing materials, website content, and social media immediately to ensure they are accurate, compliant, and do not make unsupported claims about NDIS funding eligibility.

Expanded banning powers. This is a significant change that many in the sector have overlooked. Banning orders can now be issued not just against providers, but against auditors, business advisors, and consultants. This is a direct response to cases in which consultants and advisors have assisted providers in engaging in fraudulent or non-compliant behaviour. If you engage external consultants, ensure they are reputable, transparent, and free from conflicts of interest.

Mandatory electronic claims. The bill mandates the use of electronic claim forms to modernise the claims process and reduce fraud. Providers relying on paper-based or manual claims processes will need to transition to compliant electronic systems.

NDIA evidence requests before payment. The NDIA now has the power to request evidence before claims are paid. This is a material change for providers, it means that documentation quality, claim accuracy, and support delivery records are no longer just an audit concern. They are a prerequisite for getting paid.

WHAT THIS MEANS FOR NEW NDIS PROVIDERS

If you are in the process of registering as an NDIS provider, the message from this legislation is clear: the bar has been raised, and it is not coming down.

Registration is no longer just about having the right documents. The Commission now has stronger powers to assess who should and should not be registered, stronger tools to remove providers who breach standards, and a significantly higher penalty regime for those who deliver supports without appropriate registration.

For new providers, this means your compliance systems, policies, procedures, and governance frameworks need to be genuinely audit-ready from day one, not assembled in a hurry when an audit notification arrives. The cost of getting it wrong has increased substantially.

DHD Consultancy supports new NDIS providers through the complete registration process, from scope mapping and evidence pack development to policy suites and audit preparation. We also provide 100% free NDIS policies and procedures to all providers, covering every Practice Standard and module.

WHAT THIS MEANS FOR EXISTING NDIS PROVIDERS

For established providers, this legislation is a prompt to review your systems with fresh eyes and a higher standard.

Review your registration scope. Are you delivering supports that fall outside your current registration? Under the new legislation, that is a criminal offence. Conduct an immediate scope review and ensure that every type of support you deliver is covered by your registration.

Review your marketing and promotion. Does your website, social media, or sales collateral make any claims about NDIS funding that could be considered misleading or that undermine the scheme's integrity? The Commission now has the power to restrict such promotion.

Strengthen your incident management and documentation. The NDIA can now request evidence before paying claims. If your progress notes, support records, and incident documentation are incomplete, inconsistent, or not readily accessible, you are at risk — not just at audit, but in your day-to-day operations.

Review the consultants and advisors you engage. Banning orders now apply to consultants. Ensure anyone advising your organisation is independent, qualified, and free from conflicts of interest.

Governance and risk management. The scale of civil penalties, now exceeding $15 million for the most serious breaches, means that governance failures are no longer just a compliance risk. They are an existential business risk. Your board or leadership team should be actively reviewing risk frameworks, incident management systems, and quality assurance processes now.

THE BOTTOM LINE

The NDIS Amendment (Integrity and Safeguarding) Bill 2025 represents the most significant strengthening of the NDIS regulatory framework since the scheme's inception. The rules have changed. The penalties are serious. And the Commission now has the tools to act decisively against providers, consultants, and auditors who fall short.

For providers doing the right thing, running genuine, participant-centred services with strong compliance systems, this legislation is welcome. It levels the playing field and removes the competitive advantage that fraudulent and non-compliant providers have exploited.

For providers whose systems are not where they should be, the time to act is now.

DHD Consultancy can help you assess your current compliance position, identify gaps, and build systems that meet the new standard. Book a free 30-minute discovery consultation at dhdconsultancy.com.au.

Julian De Maria is the Director of DHD Consultancy, an Australia-wide compliance and governance consultancy specialising in NDIS, Aged Care, Human Services, and Hospital accreditation. Julian is a Registered Nurse and former General Manager of a national NDIS audit body, having conducted 300+ audits across NDIS, HSQF, and NSQHS standards.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Providers should seek independent legal advice regarding the application of these legislative changes to their specific circumstances.