Provider basics
NDIS provider registration process
The NDIS provider registration process is a 6–12 month sequence: application via the NDIS Commission portal, audit (verification or certification), corrective actions, and registration grant.
In plain English
The NDIS provider registration process is the formal sequence the NDIS Quality and Safeguards Commission uses to assess whether a business is fit to deliver NDIS-funded supports. It runs in seven discrete stages, takes most providers six to twelve months end-to-end, and ends with either a registration certificate or a decision letter setting out what needs to be fixed before re-applying.
The process is the same across Australia and is administered through the Commission's online Application Portal. The audit pathway, however, depends on the registration groups you choose: lower-risk groups go through verification (desk audit only); higher-risk groups (including SIL) go through certification (Stage 1 desk audit + Stage 2 site visit).
The seven stages and how long each really takes
- Pre-application setup - 2–4 weeks.
Get your ABN, decide on a legal entity, write the policies and procedures the Commission asks for, and set up your evidence management. The fastest providers we see do this in two weeks because they had documentation already; the slowest take months starting from a blank page.
- Application submission - 1–3 days of focused work.
Submit through the NDIS Commission Application Portal: business details, key personnel, registration groups, self-assessment against the NDIS Practice Standards. The Commission acknowledges receipt and assigns an application reference within a few business days.
- Auditor selection & scoping - 1–4 weeks.
You choose an approved quality auditor from the Commission's list, sign an audit agreement, and agree on scope and dates. This is the first real bottleneck - auditor capacity is tight in 2026 and getting tighter as the 1 July SIL deadline approaches.
- Stage 1 - desk (document) audit - 2–6 weeks.
The auditor requests a structured evidence pack: governance documents, policies, training records, sample participant files, risk registers, incident logs, complaint logs, continuous improvement records. They review off-site, then issue a Stage 1 report flagging gaps before the site visit. Most providers underestimate how long it takes to produce evidence the auditor can actually verify.
- Stage 2 - site visit (certification only) - 1–2 days on-site, plus 1–2 weeks for the report.
The auditor visits your office and at least one service location, interviews staff and participants, observes service delivery, and tests whether your written systems match what actually happens. Verification audits skip this stage; certification audits (including SIL) require it.
- Findings & corrective actions - 4–12 weeks.
The auditor issues a final report. Minor findings can be closed via written evidence within weeks; major findings can require policy or system changes that push the timeline by months. The Commission only sees the final cleared report - they don't re-audit, but they do review the auditor's recommendation.
- Registration decision - 2–8 weeks.
The Commission reviews the audit recommendation, may request more information, and issues a registration decision letter. If approved, you appear on the public NDIS provider register and receive a certificate listing your registration groups, validity period (typically three years), and any conditions.
Where the bottlenecks really happen
Talk to anyone who has been through it and you'll hear the same three answers. Audit booking is the first wall providers hit - Commission-approved auditors are oversubscribed and capacity tightens 4–6 months before any major reform deadline. Evidence preparation is the second: most providers have some documents but not all of them, and retrofitting six months of training records or back-dated risk assessments is the failure mode auditors see most often. Corrective actions is the third - a single structural finding (e.g., absent governance arrangements, missing policies on restrictive practices) can require months of remediation before the auditor can sign off.
How Checkbase helps
Checkbase is built for stages 1, 4, and 6 - the document-heavy stretches. Worker screening expiries, participant file completeness, policy acknowledgments, incident-report aging - all visible at a glance in one compliance score, not scattered across folders. The auditor portal exports the entire Stage 1 evidence pack as a single time-boxed link, so when the auditor asks for documents you ship them in minutes, not days.
Frequently asked questions
How long is the registration valid for once granted?
Three years for most providers, with a mid-cycle surveillance audit at 18 months for certification-tier providers. The Commission can shorten the cycle if conditions are imposed.
Does the Commission audit me directly?
No. All audits are conducted by independent Commission-approved quality auditors. The Commission reviews the auditor's recommendation but doesn't conduct the field work itself. This is why auditor selection matters: a stricter auditor will flag issues that a more lenient one might miss, and the difference shows up in your registration cycle.
Can I deliver supports while my application is under review?
You can already deliver to self-managed and plan-managed participants without registration. For agency-managed participants and for support types where registration becomes mandatory (e.g., SIL from 1 July 2026), you cannot start until your registration decision is granted. Plan accordingly - backdate your sprint from your earliest committed go-live date.
What happens if the auditor recommends against registration?
The Commission can refuse the application. You can re-apply once the underlying issues are addressed, but you don't get a refund on audit fees and you start the application clock again. This is why most experienced providers run a Stage 1 readiness dry-run before booking the auditor for real.
What does it cost?
Application is free. Audit fees vary by tier and scope: verification audits start around A$1,500–3,500; certification audits (Tier 1, including SIL) typically run A$8,000–15,000+. Add indirect cost: 200–400 staff-hours of evidence preparation, policy work, and audit response.
Where's the official guidance?
The NDIS Commission's Registered providers hub is the canonical source. For the SIL 2026 reform specifically, see our SIL mandatory registration page.
Related terms
- Provider basics
What is an NDIS provider?
Any individual or organisation delivering NDIS-funded supports - registered or unregistered - is an NDIS provider. Here's what the term actually covers.
Read - Provider basics
Registered vs unregistered NDIS provider
Both can deliver NDIS-funded supports, but registered providers are audited and can serve agency-managed participants. From 1 July 2026, SIL and platform providers must be registered.
Read - Provider basics
How to become an NDIS provider
An end-to-end walkthrough of the seven steps from ABN to registered provider, with realistic timelines, audit-tier guidance, and what to budget.
Read
Track every NDIS document in one place
Checkbase keeps your worker screening, participant files, governance, insurance, and audit evidence on one continuously-updated page. Built for Australian NDIS providers, 1–50 staff.