NDIS Commission to Launch AI-Driven Risk Engine by August Under $160M Transformation Program

The NDIS Quality and Safeguards Commission is set to roll out the core capabilities of a new intelligence-driven risk engine by August, as part of its broader effort to strengthen oversight of the $50 billion National Disability Insurance Scheme (NDIS).

The system—described as a “decision-support capability”—will enable the Commission to identify providers, workers, participants, and networks that pose the highest risk in terms of harm, poor service quality, fraud, or regulatory non-compliance.

Advancing Risk-Based Regulation

The initiative forms a central component of the Commission’s four-year, $160 million Data and Regulatory Transformation (DART) program. According to Deputy Commissioner Laura Sham, the program is designed to modernize ICT systems and enhance the use of analytics to support more targeted and effective regulation.

The new risk engine will generate automated, explainable risk scores and classifications, providing regulators with improved visibility into the NDIS ecosystem. This will allow for earlier detection of emerging risks, more consistent decision-making, and faster, more targeted responses to complaints and incidents.

Importantly, the system will not function as an automated enforcement tool. Instead, it will support human decision-making by surfacing insights, trends, and patterns across the scheme.

Addressing Growing Scrutiny

The development comes amid increasing scrutiny of the NDIS, which is projected to exceed $50 billion annually and continue rising. Concerns around fraud, misuse of funds, and whether support is reaching intended recipients have placed greater pressure on regulators to enhance oversight capabilities.

The risk engine is expected to play a key role in identifying systemic and network-level risks, enabling the Commission to move toward a more intelligence-led regulatory model.

Leveraging Existing Infrastructure

Rather than procuring entirely new software, the Commission is seeking external expertise to integrate existing and new risk indicators into a unified analytics platform. This includes building data pipelines, visualization tools, and a cohesive framework for risk assessment.

An initial production-ready version is expected within months, with essential functionality delivered between May and August. Further enhancements will be rolled out over a nine-month period, with full completion targeted for May 2027. The system will be deployed incrementally, allowing for early operational use and continuous improvement.

Parallel Upgrade to Records Management

Alongside the risk engine, the Commission is also planning to replace its existing electronic document and records management system (EDRMS), currently based on OpenText.

The current system has faced configuration issues, including unreliable indexing and limited integration with a Salesforce-based CRM platform. It is also operated through shared services with the Department of Social Services and Services Australia, limiting direct control.

The new EDRMS is expected to be cloud-based, highly available, and capable of managing approximately 8TB of records. The upgrade aims to improve compliance oversight, data security, and document management, while providing a more flexible platform for future system evolution.

A Step Toward Smarter Regulation

Together, these initiatives mark a significant step in the Commission’s transition toward data-driven regulation. By combining advanced analytics with improved information management, the NDIS regulator aims to enhance its ability to detect risk, protect participants, and ensure the integrity of one of Australia’s largest social programs.