Skip to main content
    Astris Law S IconAstris Law
    ← Back to Articles|Regulatory & Compliance →
    Insights6 July 20266 min read

    38 Compliance Actions in a Month: What to Do When the NDIS Commission Is Looking at You

    Summary

    The NDIS Commission issued 38 compliance actions against providers in June, all listed on a public register that participants, competitors and insurers can search. If you are on the list, fear you are next or are buying a provider that might be, the sequence of what you do now matters more than the notice itself.

    Last reviewed ·Reviewed by Jamie Nuich, Legal Practitioner Director

    Key Takeaways

    • The NDIS Commission issued 38 compliance actions against providers in June, published on its searchable public register.
    • The enforcement toolkit runs from compliance notices and enforceable undertakings through to banning orders and revocation of registration, and every rung is public.
    • Enforcement tempo is rising as mandatory registration commences, penalties become criminal and the Commission's banning powers extend to auditors and consultants.
    • A compliance action is usually the tail end of a setup problem that was cheap to fix at the start and is expensive to fix now, but still cheaper than losing the registration.
    • What you say and lodge in the first response shapes everything after it, and advice protected by legal professional privilege is the safe place to work out what that response should be.
    Compliance documents under review, illustrating NDIS Commission enforcement action against providers

    The NDIS Commission issued 38 compliance actions against providers in June. Every one of them sits on a public register that anyone can search, including your participants, your referrers, your competitors, your bank and your insurer. If you are on that list, fear you are about to be, or are buying a business that might be, this article is about the position you are actually in and the order in which to fix it.

    In Brief

    • The Commission issued 38 compliance actions against NDIS providers in June and publishes its actions on a searchable public register.
    • The toolkit escalates from compliance notices and enforceable undertakings to infringement notices, suspension, revocation of registration and banning orders.
    • Enforcement tempo is rising as mandatory registration commences, penalties for unregistered operation become criminal and banning powers extend to auditors and consultants.
    • Most compliance actions are the visible tail end of a setup problem: governance, screening, incident management or claims practices that were never built properly.
    • The first response to the Commission is the highest leverage moment in the whole process.

    What a Compliance Action Actually Is

    A compliance action is not one thing. The Commission works up a ladder. Education and warnings sit at the bottom. Compliance notices direct you to fix identified failures by a deadline. Enforceable undertakings are negotiated promises with legal teeth. Above them sit infringement notices, suspension and revocation of registration, banning orders against providers and individuals and civil penalty proceedings.

    Where you land on that ladder is not fixed by what happened. It is heavily influenced by how you respond, how quickly the underlying problem is genuinely fixed and how the story is told to the regulator. Providers in materially similar positions end up on very different rungs, and the difference is usually the quality of the response, not the quality of the conduct that started it.

    And every rung is public. The register entry does not just talk to the Commission. It talks to every plan manager and support coordinator deciding where to refer, every participant's family searching your name and every acquirer pricing your business.

    Why the Tempo Is Rising

    June's 38 actions did not happen in a vacuum. On 1 July 2026, mandatory registration commenced for supported independent living providers and NDIS digital platforms, the first step in an expansion that reaches personal care and daily living supports from July 2027. The reformed framework carries criminal penalties for unregistered operation where registration is required, civil penalties reaching into eight figures and banning powers that now extend to auditors and consultants.

    A regulator does not receive powers like that in order to leave them in the drawer. The compliance actions register is what the new posture looks like in practice, and the sensible working assumption for any provider is that scrutiny will keep increasing through the transition years.

    The Four Positions You Might Be In

    You have received a compliance action. The clock that matters most is the response clock. What you lodge, admit, promise and fix in the first response frames the entire matter. This is not a form filling exercise and it is not a conversation to have with the Commission off the cuff.

    You have not been contacted, but you know something is wrong. An audit finding you quietly disagreed with, a complaint that went away, an incident that was never notified properly. This is the cheapest position to act from, because remediation done before the regulator arrives reads very differently from remediation done under a notice. What to fix first, and what your notification obligations actually are, is a legal question worth answering precisely.

    You are an unregistered SIL provider in the transition window. Your registration application and your compliance history are about to meet each other. How you deal with the rough chapters before lodgement decides how the application goes. We have written about the four scenarios in detail in our guide to the 1 October SIL deadline.

    You are acquiring a provider. The register is the start of due diligence, not the end of it. The compliance history you inherit, and the structure of the deal that determines whether you inherit it, are exactly the kind of thing that is cheap to get right at term sheet stage and expensive after completion.

    The Economics of Fixing It

    Almost every compliance action we see is the tail end of a setup decision: a governance structure copied from somewhere else, worker screening that was never systematised, incident and complaints processes that exist on paper only, claims practices nobody checked against the rules. Fixing those properly costs real money, and it costs noticeably more once a regulator is watching. But it costs a fraction of a revocation, a banning order or a civil penalty, and unlike those, it ends with a business that is stronger than it started.

    The providers who come through enforcement intact tend to share one habit: they treated the first contact from the Commission as a legal matter, worked out their position in privileged advice where they could be completely frank and then engaged with the regulator deliberately rather than defensively.

    Frequently Asked Questions

    Is the compliance actions register really public?

    Yes. The Commission maintains a searchable register of compliance and enforcement actions, including banning orders. Anyone can search it and referrers, insurers and acquirers routinely do.

    Does a compliance notice mean I will lose my registration?

    Not by itself. The ladder exists precisely because most matters resolve below revocation. Where a matter lands depends heavily on the response, which is why the response deserves more care than the conduct usually received.

    Can I just respond to the Commission myself?

    You can, and many providers do, and some of those responses are the reason a fixable matter escalated. What you admit, promise and lodge is evidence. Working out your position first, in advice protected by legal professional privilege, costs little compared to what an unconsidered response can set in motion.

    We think a competitor reported us. Does that matter?

    Rarely, and chasing the source is usually wasted energy. The Commission acts on what it finds, not on who pointed. The productive question is whether what it would find is defensible.

    On the register, expecting to be, or buying someone who is? Contact Astris Law for a privileged review or call (07) 3519 5616.

    Sources and References

    Share

    This article is for general information purposes only and does not constitute legal advice and should not be relied on as such. While we take reasonable care to ensure the accuracy of the information provided, we make no representations or warranties as to its completeness, currency or reliability. We accept no liability for any loss or damage arising directly or indirectly from the use of, or reliance on, this website's content. You should always seek professional advice tailored to your specific circumstances before acting on any information in this article. Liability limited by a scheme approved under Professional Standards Legislation.

    Related Practice Area

    Regulatory & Compliance

    Related Articles