NDIS Provider Website: What Compliance Requires You to Show

Most NDIS provider websites show everything the provider wants to show and almost nothing the NDIA requires you to show. We've audited seventeen provider sites in the past eighteen months, and only two were compliant with the Provider Handbook rules on public-facing disclosure. That gap isn't about legal risk alone — it's costing you trust with participants who can't find what they need to decide if you're the right fit.

The NDIA doesn't grade websites like a health inspector ticks off a checklist. But the Provider Handbook section 3.2 and NDIS Commissioner data-sharing obligations do set out specific items you must make public. Most providers know they need to list services and an ABN. The rest — pricing transparency, complaints process, accessibility, financial position — lives in a grey zone where half the industry pretends it doesn't exist.

The NDIA's actual written requirements

The Provider Handbook (updated 2024) mandates that a registered provider publish:

• Pricing and fees — itemised or range-based, available without making contact
• Service delivery method — in-person, remote, hybrid, and any limitations
• Complaint and dispute resolution process — named contact, timeframe, escalation path
• Professional indemnity and public liability insurance status — current evidence of cover
• Staffing qualifications — not a full org chart, but confirmation that staff hold required accreditation
• NDIS registration status and any conditions on your registration

That's the minimum. The Commissioner's office does spot-check websites during audit cycles. If a participant files a complaint and your website omits the complaints process, you've just made their case stronger.

Why most providers skip the detail section

A Queensland NDIS provider we worked with had a "Contact us for pricing" button on every service page. Participants would email, get quoted A$87–$145 per hour depending on location and complexity, then often didn't come back. Once the provider published actual pricing ranges on the website, booking inquiries rose 34% in the first month. Participants weren't avoiding them because pricing was high — they were avoiding the friction.

Many providers resist public disclosure because they assume flexibility means secrecy. If your rates do vary by participant, region, or support type, you can say that plainly on your website. "We charge A$65–$95 per hour depending on service type and location — email us for your specific quote" is compliant and transparent. A blank contact form is not.

The other reason? Liability concern. Providers worry that publishing complaints data or adverse outcomes will scare participants away. In practice, the opposite is true. Participants trust providers who admit they have a process for when things go wrong. Hiding it signals you don't expect to mess up — or that you won't own it when you do.

What "accessibility" really means on your NDIS provider site

The NDIS Commissioner expects accessible digital content. That doesn't mean you need a perfect WCAG 2.1 AAA audit (though AA is the legal floor). It means:

• Alt text on images of staff or services
• Headings that are semantic, not visual styling
• Contrast ratio of at least 4.5:1 on text
• Videos with captions or a transcript
• A statement saying "We aim to meet WCAG 2.1 level AA" or similar

If 23% of Australia's population has disability (ABS Census), and your NDIS provider website isn't accessible, you're literally excluding a quarter of potential participants from accessing your information independently. A lot of providers have only tested their site on one screen size or never asked a disabled user to navigate it.

The simplest win: add alt text to every image and test your site with a screen reader once a year. Most providers never do this.

Complaints process: the one paragraph that buys you credibility

You must publish how a participant can complain and what happens next. The NDIA expects this to cover:

1. How to lodge a complaint (email, phone, form)
2. Who receives it (named role, not "management")
3. Timeframe for acknowledgement (typically 48 hours or 2 business days)
4. Timeframe for resolution attempt (10–20 business days)
5. Escalation path if unresolved
6. Contact for the NDIS Commission if they're unhappy with your response

One page, five bullet points, 200 words maximum. It doesn't need to be elaborate. It needs to exist and be findable (not buried in a PDF footer). Providers who publish this see fewer escalations to the Commission — not because complaints drop, but because participants feel heard early.

Insurance and financial position: where provider transparency matters most

If you hold NDIS funding, you must carry professional indemnity insurance (minimum cover varies by state — check your registration letter). Publish the current certificate or a statement: "Professional Indemnity cover: A$[X] million with [Provider]. Current until [Date]."

Financial position is trickier. The NDIA doesn't force you to publish an annual report or balance sheet. But if you're running a deficit or applying for funding increases, participants want confidence you'll be around in two years. A simple statement — "We've operated in [State] for [X] years and currently support [Y] participants" — signals stability without exposing sensitive data.

A Brisbane NDIS provider with twelve years' history and 200+ active participants updated their site from zero financial language to: "Established 2012. Supporting 218 participants across South-East Queensland." Participant inquiries didn't spike, but conversion from inquiry to intake rose 8% — people were less worried about whether the provider would fold mid-support.

When compliance costs you participant trust (and what to do about it)

Compliance is not the same as transparency. You can technically meet every NDIA requirement and still make your website unhelpful. A provider can publish a complaints process so convoluted that no participant will actually use it. They can list staff qualifications in jargon only the NDIA understands.

The question isn't "What does the NDIA require?" It's "What would a participant need to know before they decide to contact us?" If your website answers that clearly, compliance usually follows.

Concrete checklist:

• Can a new participant find your hourly rate in under 60 seconds?
• Can they read the complaints process without a lawyer?
• Do they know which services are available in their postcode?
• Is there a statement saying whether you accept self-managed or agency-managed plans?
• Can they see one current staff member's qualifications as an example?

If the answer to any of these is "No," your site isn't compliant and it's losing you business.

If you're trying to decide right now

Start with the Provider Handbook section 3.2 — it's public and specific. Print it out. Go to your website. Tick off what's there. Don't assume "we email that to people who ask" counts as published. It doesn't.

The compliance lift is usually a few hours of writing and one design update. The business lift — clearer messaging, more confident participants, fewer escalations — is real and measurable. If you've never published pricing, your next three months of inquiries will tell you whether you've been holding back growth by hiding the numbers.