Code of Practice
A Code of Practice is a ministerially-approved document that provides practical guidance on how to comply with duties under Work Health and Safety legislation. While not strictly law, it holds special evidentiary status in court proceedings and establishes the benchmark for what is "reasonably practicable" in Australian workplaces.
What is a Code of Practice?
A Code of Practice bridges the gap between high-level legislative duties and on-the-ground operational reality. The WHS Acts and Regulations tell you what your duties are and who they apply to. The Code of Practice tells you how to meet those duties.
When a Code of Practice is approved by the relevant Minister and published in the Government Gazette, it becomes more than just guidance—it becomes the official interpretation of how to comply with the law. If you choose to deviate from a Code, you take on the burden of proving your alternative method achieves an equivalent or higher level of safety.
In practical terms, Codes of Practice define the "state of knowledge" for your industry. They codify known hazards and accepted control measures, establishing what a reasonable person conducting a business or undertaking (PCBU) should know and do. This makes them critical reference documents for safety professionals, duty holders, and legal teams.
How Codes of Practice fit the legislative framework
Australian WHS legislation operates as a cascading hierarchy where each tier adds specificity to the tier above. Understanding where Codes sit in this structure clarifies their authority and practical application.
The Act: primary duties
At the apex sits the Work Health and Safety Act (or in Victoria, the Occupational Health and Safety Act 2004). The Act establishes overarching principles and duties, including the primary duty of care under Section 19 requiring you to ensure, so far as is reasonably practicable, the health and safety of workers and others.
The Act is legally binding but generally lacks technical specificity. It tells you what outcomes you must achieve, not how to achieve them.
The Regulations: mandated specificity
Beneath the Act sit the Regulations—subordinate legislative instruments that provide detailed requirements for specific hazards and work types. Regulations might mandate the exact licensing required to operate plant, specific noise exposure limits (85dB(A)), or requirements to register certain equipment.
Regulations are legally binding. Failure to comply is a direct breach of the law.
Codes of Practice: the interpretive bridge
The third tier consists of approved Codes of Practice (or Compliance Codes in Victoria). These documents provide practical guidance on meeting duties in the Act and Regulations. They function as the regulator's official interpretation of the law.
If a Regulation says "manage the risk of falls," the Code of Practice says "here is how you do it: use guardrails, then safety nets, then harnesses, in this specific order using the hierarchy of controls."
Guidance material and standards
Below Codes of Practice are industry standards (such as Australian Standards), guidance notes, and safety alerts. These inform the state of knowledge but lack the special evidentiary status afforded to approved Codes under Section 275 of the WHS Act.
They're persuasive but not "privileged" in the same way within the courtroom.
Legal status: harmonised vs Victorian jurisdictions
While Australia aimed for WHS harmonisation, distinct differences remain between jurisdictions that adopted the Model WHS Laws and Victoria. If you operate nationally, understanding these differences is critical for compliance.
Model WHS jurisdictions (NSW, QLD, WA, ACT, NT, SA, TAS)
In harmonised jurisdictions, Codes of Practice gain authority through Sections 274 and 275 of the WHS Act. Section 274 grants the Minister power to approve a Code—importantly, a "Model Code" published by Safe Work Australia has no legal force until formally adopted by each state's Minister.
This creates a patchwork where some states may use different versions of the same code. Always verify which version applies in your jurisdiction.
Section 275 provides the enforcement mechanism. In any prosecution for an offence under the WHS Act, an approved Code of Practice is admissible as evidence of whether a duty has been complied with.
The court may rely on the Code as evidence of "what is known" about a hazard, risk, or control. This directly impacts the "knowledge" element of prosecution. You can't claim ignorance about how to guard machinery if the Managing Risks of Plant Code clearly illustrates the guarding requirements.
Victorian framework: "deemed to comply"
Victoria operates under the Occupational Health and Safety Act 2004 and uses "Compliance Codes" rather than "Codes of Practice" (though older codes are preserved). The legal mechanism offers a stronger compliance incentive.
Under Victorian law, if you comply with a Compliance Code, you're "deemed to comply" with the specific legislative duty that the code covers. This provides a statutory safe harbour. If you follow the code to the letter, the regulator can't prosecute you for breach of the specific regulations covered by that code.
Conversely, if you don't comply with the Code, you lose this protection. You must then prove your alternative method satisfied the regulations. In practice, the Compliance Code becomes the de facto standard against which your actions are measured during prosecution.
| Feature | Model WHS Jurisdictions | Victoria |
|---|---|---|
| Terminology | Code of Practice | Compliance Code |
| Statutory Basis | s274 / s275 WHS Act | OHS Act 2004 (Part 2, Div 2) |
| Primary Legal Effect | Admissible evidence of what is reasonably practicable | "Deemed to comply" with Act/Regs if followed |
| Burden of Proof | You must show alternative method is equivalent/higher | You must show alternative method complies with the Act |
| Harmonisation Status | Generally aligned with Safe Work Australia models | Distinct, often bespoke codes |
Build compliance into workflows with integrated checklists, prompts, and verification that match Code of Practice requirements.
Defining "reasonably practicable"
The concept of "reasonably practicable" is the fulcrum of Australian WHS law. It requires you to weigh the likelihood and severity of harm against the availability, suitability, and cost of control measures.
Codes of Practice are the primary mechanism by which "reasonably practicable" is defined in practice. When a Code is approved, it signals that government and industry agree the control measures within it are reasonably practicable.
If a control is in the Code, it's deemed available and suitable for the described hazard. Implicit in the approval is the judgment that costs aren't grossly disproportionate to the risk.
This creates a powerful evidentiary position. If you choose to ignore a Code of Practice, you essentially argue against the collective wisdom of the regulator and industry. If an incident occurs and you haven't followed the Code, the court will likely view this as evidence you failed to do what was reasonably practicable.
How Codes are used in court
The language within a Code of Practice is carefully drafted to signal legal weight. Courts pay close attention to these distinctions when assessing compliance.
"Must" or "mandatory"
When a Code uses these words, it's citing a direct requirement from the Act or Regulations. For example, "You must prepare a Safe Work Method Statement for high-risk construction work." Failure to do this breaches the Regulation itself, not just the Code.
"Should"
This indicates a recommended course of action to achieve compliance. While not strictly mandatory, the evidentiary weight of Section 275 means ignoring a "should" is legally perilous. Courts ask: "The Code said you should use a spotter for the reversing truck. You didn't. Why?"
If your answer is cost or convenience, the court will likely find you failed to do what was reasonably practicable.
"May"
Indicates a permissive option, often allowing various methods to achieve the same outcome. This provides flexibility in how you meet the underlying duty.
Case study: SafeWork NSW v Maluko Pty Ltd
On 12 June 2020, a 64-year-old worker at an industrial complex in Berkeley, NSW, was fatally injured attempting to manually open a large metal sliding gate that had been damaged and derailed. The gate fell on him.
SafeWork NSW charged Maluko Pty Ltd with breaching Section 19(1) of the WHS Act. The prosecution relied heavily on the SafeWork NSW Code of Practice: Managing the Risks of Plant in the Workplace, which mandates that damaged plant posing risk must be withdrawn from service until the risk is controlled.
The court found the risk foreseeable and likelihood of serious injury high. The control measures—tagging the gate out of service or locking it—were simple, low-cost, and explicitly recommended by the Code. Failure to follow these basic steps was a primary factor in the finding of culpability.
Maluko Pty Ltd was convicted and fined $375,000 (reduced from $500,000 for early guilty plea). The significant fine reflected the objective gravity of ignoring known risks and established codes.
Case study: SafeWork NSW v The Owners – Strata Plan No 93899
Arising from the same fatality, this prosecution targeted the Owners Corporation responsible for the common property. The legal question was whether a Strata Body could be held to the standards of a commercial PCBU.
The court applied the Managing the Work Environment and Facilities Code of Practice, clarifying that the duty to maintain a safe workplace extends to those with management or control of fixtures and fittings like the gate.
The Owners Corporation was convicted and fined $225,000. This reinforces that Codes of Practice apply to all duty holders defined in the Act, not just traditional "employers." It highlights the expansive reach of the "state of knowledge" established by these codes.
Operational implementation
For safety professionals and operations managers, the legal status of a Code matters less than its practical utility. Codes are effectively operational manuals for safety. Implementing them requires a structured approach integrated into your Work Health and Safety Management System.
The risk management cycle
Virtually every Code of Practice is structured around the four-step risk management process: identify hazards, assess risks, control risks, and review controls. Implementing a specific code starts with applying this generic cycle to the specific hazard.
Identify hazards: The Code lists typical hazards. For Hazardous Manual Tasks, it lists "repetitive movement," "sustained force," and "vibration." Your implementation step is walking the floor and looking for these specific indicators.
Assess risks: The Code provides assessment criteria. For Noise, it references the exposure standard (85dB). Implementation involves measurement and comparison against this standard.
Control risks: This is where the Code is most prescriptive, detailing specific controls required. Implementation means physically installing these controls—barriers, lifting aids, guarding—following the hierarchy of controls.
Review controls: The Code mandates review triggers like "after an incident" or "when a process changes." Implementation requires scheduling these reviews in your maintenance calendar.
Developing Safe Work Method Statements
For high-risk construction work, Regulations mandate a SWMS. The content should be directly derived from the relevant Code of Practice.
Bad practice is a SWMS that says "Assess the risk of falling." Good practice is a SWMS that says "Install edge protection compliant with AS 1657 as per Section 4 of the Prevention of Falls Code of Practice."
Using the specific language and methodologies of the Code in SWMS and procedures demonstrates "state of knowledge" compliance and links daily work directly to the legislative framework.
Consultation and training
Implementation isn't a desk exercise. The Work Health and Safety Consultation, Cooperation and Coordination Code of Practice mandates that you consult workers when making decisions about risk controls.
This involves Health and Safety Representatives and Health and Safety Committees. Minutes of toolbox talks where the Code was discussed, or training records showing workers were trained in specific Code procedures, are essential evidence of compliance.
Monitor adherence to Code requirements with automated audits, gap analysis, and corrective action workflows.
Common challenges
The "tick and flick" culture
A significant limitation of the Code-based system is the tendency to treat compliance as paperwork. "Tick and flick" refers to generating compliant documents—SWMS, policies—without implementing controls in practice.
An investigator might find a perfect SWMS in the site office referencing the Excavation Code, while outside in the trench, workers are unsupported and without shoring. Courts are increasingly critical of "paper safety." In SafeWork NSW v Maluko, the presence of policies was irrelevant because the physical reality contradicted them.
Your compliance is measured by the physical state of the workplace, not the weight of your safety manual.
Psychosocial hazards: the new frontier
The most significant shift in recent WHS history is the elevation of psychosocial hazards (mental health risks) to the same status as physical hazards.
Physical hazards are visible; psychosocial hazards like bullying, high job demand, and low control are invisible and subjective. The new Model Code of Practice: Managing psychosocial hazards at work and Victoria's Psychological Health Compliance Code require you to apply the hierarchy of control to management practices.
"Eliminating" a physical hazard involves removing a trip hazard. "Eliminating" a psychosocial hazard might involve restructuring a department or changing a roster system. This requires organisational change that many businesses find difficult to implement, leading to high risk of non-compliance.
Technological lag
Codes of Practice are static documents, often updated only once per decade. Technology evolves much faster. The Managing Risks of Plant Code may not explicitly cover AI-driven autonomous vehicles or collaborative robots.
If you follow a 2018 Code but miss risks associated with 2024 technology, you can still breach your duty. In these cases, the "state of knowledge" extends beyond the Code to include manufacturer manuals, international standards (ISO), and academic research.
Blind adherence to an outdated Code can still result in breach if the rest of the industry has moved on.
Navigating multiple jurisdictions
For national companies, lack of total harmonisation creates logistical and legal complexity. A company with depots in Melbourne and Sydney operates under two different legal regimes. A "Compliance Code" in Victoria has a "deemed to comply" effect, while a "Code of Practice" in NSW is "admissible evidence."
Most national organisations adopt the highest standard (usually the Model WHS Laws or stricter Victorian regulations) and apply it nationally. However, specific administrative differences like incident notification triggers must be managed locally.
Auditing and assurance
To ensure you're actually meeting the standards set by Codes of Practice, you need rigorous auditing. This goes beyond a simple checklist—it requires a legislative gap analysis.
Conducting a legislative gap analysis
A gap analysis involves systematically comparing your current procedures and physical reality against the specific requirements of relevant Codes.
Step 1: Scope identification. Identify every Code of Practice relevant to your business operations. Construction might include Falls, Excavation, Demolition, Plant, Noise, Hazardous Chemicals. Office/corporate might include Work Environment, Ergonomics, Psychosocial Hazards, First Aid.
Step 2: Line-by-line mapping. Create an audit tool that breaks each Code into constituent clauses. For each clause, create an audit question. Clause 3.1: "Duty to consult" → Audit question: "Is there evidence of consultation on this specific hazard?"
Step 3: Verification (the "Gemba" walk). Physically inspect the workplace. If the Chemicals Code requires labelling of decanted substances, walk into the cleaning cupboard and check the spray bottles. Relying on the "Chemical Register" document alone is insufficient.
The audit checklist
A robust audit checklist derived from a Code of Practice distinguishes between "Must" and "Should" requirements.
Critical non-conformance: Failure to meet a "Must" requirement (e.g., lack of a confined space permit) is a breach of law. Observation/improvement: Failure to meet a "Should" requirement without a valid alternative represents legal vulnerability.
| Code Section | Requirement | Evidence Sought | Compliance Status |
|---|---|---|---|
| s4.1 | Entry Permit must be completed in writing | Sighted completed permits for Tank A entry on 12/06/2024 | Compliant |
| s4.2 | Stand-by person must be assigned | Interviewed stand-by person; they were performing other cleaning duties while monitoring | Non-Compliant (Critical) |
| s5.1 | Signage must be erected | Photos show no signage at entry point | Non-Compliant |
Closing the gap
When gaps are identified, generate a Corrective Action Plan prioritising "Must" breaches for immediate rectification. For "Should" gaps, you have a choice: adopt the Code by changing procedures to match, or justify the alternative with rigorous documentation explaining why the Code wasn't followed and how your current method achieves equivalent safety.
This justification should be signed off by a competent person and kept as a legal record.
Best practices for duty holders
Subscribe and monitor
Subscribe to alerts from Safe Work Australia and local regulators (SafeWork NSW, WorkSafe Victoria) to receive notifications when Codes are updated or new Codes approved. The regulatory landscape changes regularly.
Integration, not juxtaposition
Don't keep Codes as separate reference documents. Integrate their specific requirements directly into Standard Operating Procedures and SWMS. Workers should be following the Code by virtue of following the SOP.
Competence training
Train managers and supervisors specifically on the content of relevant Codes. A site supervisor should know the "Falls" code intimately, not just vaguely know it exists. Competence means understanding not just what the Code requires, but why.
Evidence retention
Keep records of how the Code was considered. If you decide not to use a control recommended in a Code, document the risk assessment that led to that decision. This "decision trail" is your primary defence in court.
Your documentation should demonstrate you understood the Code's recommendation, assessed it against your specific circumstances, and made a reasoned decision with appropriate expertise.
Frequently Asked Questions
Are Codes of Practice legally binding?
Codes aren't law in the same way as Acts or Regulations—you generally can't be prosecuted solely for failing to follow a Code if you've achieved the same safety outcome by other means. However, they're admissible as evidence in court (Section 275 WHS Act), and deviation from a Code shifts the burden to you to prove your alternative method was equivalent or better. In Victoria, following a Compliance Code gives you "deemed to comply" status.
Which Codes of Practice apply to my business?
This depends on the hazards and work types in your operations. Review the complete list of approved Codes for your jurisdiction on your regulator's website (SafeWork NSW, WorkSafe Victoria, etc.). Common Codes include How to Manage Work Health and Safety Risks (universal), Managing Risks of Plant, Hazardous Manual Tasks, Confined Spaces, and industry-specific codes for construction, manufacturing, or other sectors.
What if a Code of Practice conflicts with an Australian Standard?
Codes of Practice have stronger evidentiary status than Australian Standards under WHS law. If there's a conflict, the Code takes precedence for compliance purposes. However, Standards often provide the technical detail that Codes reference. If you're genuinely uncertain, seek advice from your regulator or a competent WHS professional before making a decision.
How often are Codes updated?
Update frequency varies. Some Codes remain unchanged for years; others are revised to reflect emerging risks, new technology, or lessons from incidents. Recent examples include the introduction of psychosocial hazards codes and updates to silica exposure guidance. Subscribe to regulator alerts to stay informed of changes.
References and Further Reading
Safe Work Australia: Codes of Practice provides the complete list of Model Codes and jurisdiction-specific adoption status.
WorkSafe Victoria: Summary of the OHS Act 2004: Compliance codes explains Victoria's distinct "deemed to comply" framework.
Safe Work Australia: Model WHS laws details the harmonised legislative framework and how Codes fit within it.
Model Work Health and Safety Act (Safe Work Australia, November 2023), particularly Sections 274 and 275, establishes the statutory basis for Code approval and evidentiary status.
Code of Practice: How to Manage Work Health and Safety Risks (SafeWork NSW) is the foundational Code explaining the four-step risk management process that underpins all other Codes.
SafeWork NSW: July 2023 Prosecutions includes case summaries such as SafeWork NSW v Maluko Pty Ltd demonstrating how Codes are used in court proceedings.
Bannermans Lawyers: Important WHS Case Update for the Strata Industry provides legal analysis of SafeWork NSW v The Owners – Strata Plan No 93899.
WorkSafe Victoria: The hierarchy of control explains the fundamental risk control framework referenced throughout Codes of Practice.
Safe Work Australia: Australian Work Health and Safety Strategy 2023-2033 – Persistent Challenges discusses emerging regulatory priorities including psychosocial hazards.
Australian Workplace Safety: How to Conduct a Workplace Safety Gap Analysis provides practical guidance on auditing Code compliance.