The National Higher Education Code on Gender-Based Violence is imminent: What universities must do next

The obligations on universities to prevent and respond to gender-based violence (GBV) will shortly be significantly expanded. From 1 January 2026, the National Higher Education Code to Prevent and Respond to Gender-based Violence is expected to take effect for all Table A and Table B providers, with the prospect of civil penalties, compliance notices and injunctions for failing to comply kicking in six months later. All other registered higher education providers join the regime on 1 January 2027. Universities should be working now to embed compliance with the Code, from governing bodies down.

Why the Code was created and the legislation that gives it force

At the heart of the Code is a clear and public goal: to reduce the incidence of GBV in higher education and to create safer, more respectful and inclusive environments for all students and staff.

In July 2023, the Australian Universities Accord Interim Report urged immediate action to improve student and staff safety in university communities. In February 2024, Education Ministers endorsed an Action Plan calling for (among other measures) a binding national code to address GBV in higher education.

To give effect to the Code, Parliament has passed two key statutes in August 2025:

• Universities Accord (National Higher Education Code to Prevent and Respond to Gender-based Violence) Act 2025 (Cth), which empowers the Minister for Education to make the Code as a legislative instrument, binding all registered higher-education providers. It also equips the Department of Education with monitoring, investigation and enforcement powers.

• Universities Accord (National Higher Education Code to Prevent and Respond to Gender-based Violence) (Consequential Amendments) Act 2025 (Cth), which links Code compliance to approval as a higher education provider under the Higher Education Support Act 2003 (Cth), meaning persistent breaches may jeopardise access to Commonwealth Grant Schemes and HELP funding.

The two Acts transform what was once “best practice” guidance into hard-edged legal obligations.

Accountability for compliance

Accountability for compliance with the Code sits at the highest level – the Vice-Chancellor, Chief Executive Officer or the equivalent leader.

Why compliance matters – obligations and consequences

Positive duty to act

The Code is designed to drive cultural and systemic change, requiring higher education providers to move beyond reactive or ad hoc responses and take proactive, organisation-wide action to prevent GBV before it occurs and to respond effectively and swiftly if it does.

The Code sits alongside existing legislative obligations, including those under work health & safety legislation and the Sex Discrimination Act 1984 (Cth) and does not replace the duty of care that higher education providers have at law to ensure that campuses are a safe place for staff and students. Instead, the Code introduces a range of more specific obligations focused on addressing GBV. The expectation is that universities will not only respond to incidents of GBV, but will actively take steps to prevent incidences of GBV and intervene early if such incidents do occur.

Enforcement architecture

Failing to comply with the Code may result in:

• Civil penalties – up to 1,000 penalty units (currently A$330,000) per breach.

• Compliance notices, infringement notices and enforceable undertakings.

• Action by the Minister in relation to approval as a higher education provider or regulatory action by the Tertiary Education Quality Standards Agency.

• Public naming: the Secretary can publish details of enforcement outcomes, and the National Student Ombudsman’s recommendations must be implemented.

How to comply – the seven standards and practical action

To meet the new legal obligations, universities must take practical, organisation-wide steps across seven key standards set out in the Code.

Universities should now be developing and applying an implementation checklist for the 1 January 2026 commencement with clear internal responsibility for ensuring that the various functions across the university are working together to implement the seven standards. Code-compliance should be built into business-as-usual processes once the baseline implementation has occurred.

Standard 1 – Accountable leadership & governance

• Ensure your Council/Board includes members with student/staff safety expertise.

• Ensure the Vice-Chancellor and the university's leadership team is sufficiently briefed and equipped to lead the preparation and implementation of the Code, including the publishing of a “Prevention and Response Plan". This Plan must comply with the Code's requirements and be developed in collaboration with students and staff. The Plan must be evidence-based, informed by relevant data and (among other requirements) include a whole-of-organisation assessment of systemic risks, enablers and barriers to preventing GBV .

Tip: Start by mapping your current governance structures and identifying any gaps in expertise. Map and adapt existing WHS/OHS and Respect@Work frameworks and use this to prepare your Plan.

Standard 2 – Safe environments & systems

• Implement mandatory pre-employment declarations of any GBV investigations or findings for personnel, including employees, contractors, governing body members.

• Establish alternative teaching/supervision or housing arrangements upon any allegation to protect disclosers.

• Establish and implement a policy on preventing and responding to GBV.

• Cease use of non-disclosure agreements (NDAs) unless the discloser requests one; even then, no clause can require the discloser to keep their experience of GBV confidential.

Tip: Review and update all recruitment, onboarding, and settlement processes to ensure compliance with the new declaration and NDA requirements. Develop/modify clear internal use procedures for making alternative arrangements (e.g. teaching and supervision arrangements) for disclosers and respondents when allegations arise.

Standard 3 – Knowledge & capability

• Develop and deliver ongoing GBV prevention education for all students, staff and leaders. This should be evidence-informed, trauma-aware, culturally appropriate and accessible.

• Annual specialised training for anyone likely to receive a disclosure (eg. supervisors, residential advisers).

• Promote and disseminate evidence-informed prevention communications and key messages across study, work, living and social environments.

• Monitor and evaluate training and education effectiveness and use findings to inform future education and training.

Tip: Collaborate with subject-matter experts and student representatives to ensure training is relevant, engaging, and tailored to your community, in particular to address evidence-based areas of risk relevant to the organisation.

Standard 4 – Safety & support

• Ensure responses, practices and support services are safe, person-centred and consistent with a trauma-informed approach and best practice.

• Conduct risk assessments for every disclosure/formal report.

• Develop tailored support plans for both discloser and respondent (in accommodation settings, this is required within 48 hours).

• Monitor support service effectiveness at least every three years and adapt.

Tip: Regularly promote available support services and ensure all staff and students know how to access them quickly and confidentially.

Standard 5 – Safe processes

• Offer multiple reporting channels, including anonymous online options.

• Investigate every formal report of GBV where the respondent is a staff member or student, regardless of the context in which the GBV has occurred. Consider whether an investigation is required for disclosures of GBV that are not formal reports where it is necessary for the safety and wellbeing of students.

• Where there is no connection to the university other than the respondent being a staff member or student, consider the safety and wellbeing of staff and students in determining the scope of the investigation.

• Ensure procedures are designed to complete investigations and any disciplinary process within 45 business days (and appeals within 20 days).

• Provide written outcomes to disclosers unless they opt out.

Tip: Review investigation policies and procedures. Your enterprise agreement clauses regarding disciplinary matters might not be consistent with the requirements of the Code – seek advice if required. In addition, the line between formal and informal reporting is grey. Ensuring matters are escalated and investigated as appropriate regardless of formal reporting remains important.

Standard 6 – Data, evidence & impact

• Establish systems and processes to facilitate reporting in accordance with the Code and the collection of de-identified data on incidents of GBV and other key data sets as outlined in the Code.

• Use data to inform the Plan and the university's whole-of-organisation approach to preventing and responding to GBV, including training development.

• Ensure all data is collected in a safe, trauma-informed and person-centred manner and handled securely and in accordance with relevant privacy laws.

• Establish a data governance framework with controls to safeguard against the re-identification of staff and students from de-identified data-sets.

Tip: Review and upgrade systems and processes (including IT systems) as needed to ensure accurate, timely and privacy-compliant data collection, handing and reporting. Many of the standards refer to and require an 'evidence-based' approach. Your data will be key to demonstrating compliance. Work with your privacy officer and legal team to ensure that your university is able to collect and process data relating to staff and students in a privacy-focused manner.

Standard 7 – Safe student accommodation

• Extends all Code obligations to accommodation owned, controlled or affiliated with the university, noting that to be "affiliated" does not require that there is a formal arrangement in place between the university and the accommodation provider. An accommodation provider is affiliated if it is authorised to use the university's intellectual property in its recruitment or marketing materials or if it is listed as "student accommodation" on the university's website.

• Require accommodation providers to adopt equivalent policies, training, declarations and rapid risk-response protocols – or cease affiliation/branding arrangements.

Tip: Establish regular communication and compliance checks with all affiliated and controlled accommodation providers to ensure ongoing alignment with Code requirements. These Code obligations create additional safety risks for the university as principal for the management of its on-site accommodation providers. An assessment of risk and a balancing of these obligations will be essential to not overstep the mark.

Key takeaways

The Code is comprehensive and introduces a raft of new obligations on higher education providers. Universities should familiarise themselves with the Code requirements, brief their Vice-Chancellor on the Code's requirements and develop and use an implementation checklist to support implementation of the Code ahead of its upcoming commencement.

If you have any questions about the Code's requirements and what they mean for your university, please contact a member of our team.