Approved providers are responsible for ensuring that their service(s) comply with the Statement of Regulatory Expectations – National Model Code (SRE-NMC) at each of their Victorian approved education and care services by Friday 26 September 2025. Compliance monitoring will start immediately following this date.
This means that:
only service-issued devices are used to take images or videos of children
people working directly with children in centre based services can not have personal electronic devices with them except for limited essential purposes. Read about restricted devices and essential purposes
family day care educators can have personal electronic devices with them however they cannot use these devices to take images and videos of children
there must be strict controls in place for the storage of images and videos of children at every service
services must update the following policies and procedures:
services must ensure that staff and volunteers follow all these policies and procedures
families at the service are told about these changes.
Complying with all these requirements is a condition of meeting your service approval.
Notify the Regulatory Authority of compliance
The approved provider must submit a notification to the Regulatory Authority for each of their Victorian approved education and care services confirming compliance with the requirements of the SRE – NMC.
Until now it has been voluntary for NQF services educating and caring for children from birth to 5 years to comply.
The Victorian Regulatory Authority now requires all approved providers to comply.
The National Model Code states that:
Part 1: Only service-issued devices are used to take images or videos of children
Part 2: People working directly with children do not have personal electronic devices with them except for limited essential purposes.
Part 3: Approved providers can only authorise the use, and possession of personal electronic devices for limited essential purposes. Any exceptions to the restrictions on personal devices should:
be limited to essential purposes
be authorised in writing by the approved provider (or another means if not reasonably practical), and
only be authorised where access does not impede the active supervision of children.
Part 4: There must be strict controls in place for the storage and retention of images and videos of children at every service.
Read more about the National Model Code, watch a video and access additional resources at: National Model Code.
Statement of Regulatory Expectations – National Model Code
The Victorian Regulatory Authority has issued the ‘Statement of Regulatory Expectations – National Model Code’.
It sets out the obligations and requirements for approved providers to implement the National Model Code in all early childhood services in Victoria.
All approved providers must comply with the following requirements as conditions of their service approval:
operate the service(s) in a way that ensures the health, safety and wellbeing of children
have policies and procedures in place that align with the National Model Code, and take steps to make sure that staff and volunteers follow them
make sure that the service is operated in way that complies with the Child Safe Standards.
Centre-based services include:
long day care, kindergarten, and outside school hours care services approved to operate under the National Law; and
licensed children’s services, including occasional care and limited hours services, approved to operate under the CS Act.
The approved provider of a centre-based service must ensure that:
only service-issued devices are used to take images or videos of children
strict controls are in place for the storage and retention of images and videos of children at every service
people working directly with children do not have personal electronic devices with them when they are working directly with children, except for limited essential purposes approved by the provider. Read about restricted devices and essential purposes
each service updates the following policies and procedures:
regulation 168 of the National Regulations for centre-based services under the NQF
regulation 112 of the CS Regulations for occasional care or limited hours services.
The approved provider of a family day care service must ensure that:
only service-issued devices are used to take images or videos of children
there are strict controls in place for the storage and retention of images and videos of children at every family day care residence
people working directly with children can have their own personal devices with them however it must not impede the active supervision of children
every service updates the following policies and procedures under regulation 168 and 169 of the National Regulations for family day care services under the NQF.
Family day care educators can take images or videos of children however they must use a device that:
is only used for providing education and care – it cannot be used for personal use, and
is registered with the approved provider.
Once the device is registered with the approved provider it is considered a ‘service-issued’ device.
Complying with the Child Safe Standards
All services must comply with the Child Safe Standards, in particular Standard 9 and 11 in relation to the SRE-NMC.
Staff and volunteers identify and mitigate risks in the online and physical environments without compromising a child’s right to privacy, access to information, social connections and learning opportunities (9.1).
The online environment is used in accordance with the organisation’s Code of Conduct and Child Safety and Wellbeing Policy (Child Safe Environment Policy) and practices (9.2).
Risk management plans consider risks posed by organisational setting, activities and the physical environment (9.3).
What approved providers have to show
You could demonstrate your compliance by having the following documents:
Risk assessments that identify risks of child abuse and harm:
in both physical and online environments connected with the organisation
from the use of electronic devices for taking, sending and storing images or videos of children while they attend the service (Child Safe Standards 9.1, 9.3).
Risk management plans that:
list the actions the organisation will take to prevent or reduce each of the risks of child abuse and harm
address the use of electronic devices for taking, sending and storing images or videos of children while they attend the service (Child Safe Standard 9.3).
The Code of Conduct and Child Safety and Wellbeing Policy (Child Safe Environment Policy) that identify how the organisation will keep children safe:
in physical and online environments
in higher-risk activities, including staff using electronic devices for taking, sending and storing images or videos of children while they attend the service (Child Safe Standards 9.2, 9.3).
Policies and procedures address all Child Safe Standards (11.1)
Policies and procedures are documented and easy to understand (11.2)
Best practice models and stakeholder consultation inform the development of policies and procedures (11.3)
Leaders champion and model compliance with policies and procedures (11.4)
Staff and volunteers understand and implement policies and procedures (11.5)
What approved providers have to show
Child Safety and Wellbeing Policy (Child Safe Environment Policy) and Safe Use of Digital Technologies and Online Environments Policy
You could demonstrate your compliance by having the following documents:
a Child Safety and Wellbeing Policy (Child Safe Environment Policy)
a Safe Use of Digital Technologies and Online Environments Policy.
This should also include information about the service’s expectations and approach to the use of electronic devices for:
taking
sending, and
storing images and videos of children.
ACECQA has developed updated policy and procedure guidelines for:
Providing a Child Safe Environment
Safe Use of Digital Technologies and Online Environments Policy
These documents relate to Child Safe Standards 11.1, 11.2 and links to 2.3. They are also required under:
regulation 168 of the National Regulations for NQF services, or
regulation 112 of the CS Regulations for occasional care or limited hours services.
Code of Conduct
Providers must also update their Code of Conduct for staff that sits within the service staffing policies and procedures. It sets the service’s expectations for behaviour and responsibilities of staff and volunteers in relation to:
the use of personal devices in services
the approach to taking, sending and storing images or videos of children while they attend the service.
This document relates to:
the National Model Code
Child Safe Standards 11.1, 11.2 and links to 2.4
regulation 168 of the National Regulations, or regulation 112 of the CS Regulations.
How the personal device restrictions apply in Victoria
Read about which devices are restricted, who the restrictions apply to, about exceptions and the authorisations required.
The SRE-NMC applies to the following services:
long day care
kindergarten
outside hours care including Vacation Care
family day care
occasional care
limited hours.
The restricted devices under the SRE-NMC are:
personal devices that can take images or videos, and
personal storage and file transfer media.
For example:
phones
tablets
digital cameras
smart watches with camera/recording functionality
wearables, such as camera glasses
SD cards
USB drive
hard drives.
These restrictions apply to any person working in :
long day care
kindergarten
Outside School Hours Care
Family Day Care
occasional care
limited hours services, who is:
providing education and care; and
working directly with children.
Examples include:
teachers and educators, including casual and agency staff
students attending the service as part of a practicum
representatives of tertiary providers who attend the service to assess students
volunteers, including parent volunteers
anyone delivering programs or incursion activities to children in a service. This can be either on a paid or unpaid basis
allied health and inclusion professionals attending a service to observe, assess or work with a child
mentors or coaches attending the service to support teachers or educators, who are working with children
preschool field officers
primary school teachers attending a service as part of a school transition program.
Where a professional attends a service to work with a child, they must use a device that is:
issued by their business or institution, and
used only for work purposes (and not personal use).
The service’s child safe policies and procedures will apply in these situations. Child Safe Standard 9 is particularly relevant.
Services may consider providing a service-issued device where:
a student attending the service as part of a practicum, or
a visiting allied health or inclusion professional needs to take images or videos but doesn't have a business or institution-issued device.
Services should include information about this process in their policies and procedures.
When working directly with children, teachers and educators cannot use personal devices to receive multi-factor authentication (MFA) messages.
Staff using Arrival for mandatory kindergarten data reporting or other administrative activities should only be doing so when they are not providing education and care and working directly with children.
Services using Arrival to record attendance have received further advice from the department on how to access and use Arrival without MFA to sign children in and out of the service.
officers of other regulators, such as environmental health officers
people who attend the service but are not working with children or providing education or care. For example: gardeners, maintenance staff, IT technicians or others.
Services should include information about how these situations will be managed in their:
child safe policies and procedures, and
supervision requirements.
The National Model Code lists ‘essential purposes’ when services can authorise:
the possession of personal devices, and
the use of personal devices.
The following are a list of these ‘essential purposes’:
communication in an emergency situation to ensure safety
involving a lost child, injury to child or staff member, or other serious incident
in the case of a lockdown or evacuation of the service premises
personal health requirements
for example, heart or blood sugar level monitoring
disability
for example, where a staff member needs a personal electronic device to communicate
family necessity
for example, an early childhood staff member with an ill family member
technology failure
for example, when there is a temporary outage of service-issued electronic devices
during a local emergency event to receive emergency notifications
this could include government warning systems such as a bushfire evacuation text notification.
The use of personal devices must not impede the active supervision of children.
Personal electronic devices are only allowed in the following emergency situations:
during excursions and regular outings. For example, when groups of children and educators get split up
when children are transported or travel on transport arranged by the service.
Staff cannot use personal devices for routine communications during bush kinder, beach kinder or other nature programs. Personal devices are only permitted for authorised ‘essential purposes’.
Approved providers must provide enough service-issued devices for when programs are delivered away from the service.
All authorisations must be documented by the approved provider, in advance wherever possible.
Authorisations must be:
recorded in writing, and
kept in suitable logs or registered and stored securely.
If written authorisation is not possible (such as in emergencies) then there must be a record kept in another format.
All documentation should be available at the service for authorised officers to inspect.
Teachers, educators and other staff can use their personal devices:
when they are not providing education and care, or
working directly with children.
Examples could include:
while taking a scheduled break from work, such as a lunch or tea break
during planning time
during administrative activities.
Services can authorise staff to use personal devices for essential purposes (see ‘Exceptions under the National Model Code – essential purposes’ above).
Staff can also carry and use personal electronic devices that are:
not capable of taking images or videos, and
not storage and file transfer media.
Smart watches that have inbuilt or remote camera or recording functions are not permitted under the regulations.
The only exception is where smart watches do not have a camera or recording function.
Services can ask staff who wear a smart watch without a camera or recording function to make a written declaration that their watch does not have this functionality.
Staff can use service-issued devices to document and record routine activities. Staff can use service-issued devices to communicate with families about their child’s learning and participation at the service.
Services must have policies and procedures on the safe use of digital technologies. This must include obtaining authorisation from parents and guardians to take, use and store images and videos of children at the service.
Parents/guardians can carry their own personal devices when dropping off or picking up their child at a service.
Parents/guardians should never take photographs on their own device at a service.
The approved provider must inform families of the service’s digital devices procedures and policies.
The personal device restrictions apply to all centre-based services including long day care, kindergarten, and outside school hours care services approved to operate under the National Law.
All services are required to have a policy and procedures on the safe use of digital technologies and online environments that includes the use of digital devices by children being educated and cared for by the service.
In line with policies in Victorian government schools, services can require that children’s devices are switched off and stored securely away, while children are attending outside school hours care.
The NQF Child Safety Guides contain resources to support services to keep children safe while meeting their responsibilitiesunder the NQF and other legislation:NQF Child Safety Guides
Services must have policies for the safe use of digital technologies. This includes a clear set of guidelines that address the safe use of digital technologies and online environments at the service, including the following:
The taking, use, storage and destruction of images and videos of children being educated and cared for by the service.
Obtaining authorisation from parents to take, use and store images and videos of children being educated and cared for by the service.
The use of any optical surveillance device at the service (e.g. closed-circuit television).
The use of any digital device issued by the service.
The use of digital devices by children being educated and cared for by the service.
As part of this, services must consider when developing their policies and procedures, the use of digital devices by visitors while at the service, including families at special events.
In developing this, services need to meet their obligations under the National Law and National Regulations, and other applicable requirements such as the Child Safe Standards and the National Quality Standard.
Services may decide to not allow parents and guardians to take photographs during special events. Photographs could instead be taken on a service-issued device and shared with families after the event.
Visiting professionals and students should contact services before arriving to understand the service’s policies and procedures for the safe use of digital technologies and online environments
Policies and procedures can vary between services to reflect each service’s operations and unique context.
Services should have processes to record when visiting professionals and students use a business or institution-issued device at their service. For example, a sign-in process to record when an external device is being used.
If a visiting professional doesn’t have a business-issued device, and needs a device to deliver their program (for example, a music program), they can:
ask to use a service-issued device
use an electronic device that cannot take or record images of children.
Allied health and inclusion professionals and Preschool Field Officers (PSFOs) can use business or institution-issued devices that are only used for work purposes, not personal use.
If a third-party professional brings a device issued by their business or institution, it’s recommended the device is clearly branded, for example, with a company logo on a custom case and/or lock screen.
Services should have policies and procedures for using professional photographers.
The policies must include obtaining authorisation from parents and guardians to take, use and store images and videos of children at the service.
Professional photographers must use business-issued devices or devices only used for business.
When hiring a professional photographer, services need to have procurement policies that ensure the safety of children and young people.
The restrictions do not apply to third-party contractors who do not have direct contact with children, for example, maintenance people and gardeners who attend a service for a purpose other than to work with or provide education and care to, children.
Services should inform them of the digital devices policies and procedures, as well as other child safe and supervision policies.
Third party contractors should never take photos or videos of children at a service.
There is no specific funding to support compliance with the Code. Eligible not-for-profit and government-funded kindergarten providers can apply for up to $2,000 through the Building Blocks grants program.
The program supports the purchase of IT equipment for administration or learning programs. Items funded include laptops and tablet computers such as iPads.
The purchase of mobile phones is not included in the Building Blocks grants program.
Compliance checklist for approved providers
Approved providers can use this list of actions to make sure their service(s) comply with the SRE-NMC.
Update your policies and procedures for providing a Child Safety and Wellbeing Policy(Child Safe Environment Policy):
Make sure educators, staff, volunteers and families are aware of the service's expectations, practices and approach.
Confirm that you have appropriate consents for any general purpose photography or filming, and respect a family's decision to withhold their consent.
Put systems in place to make sure your service only uses or discloses personal information for the purpose for which it was collected, unless the family has specifically consented, or disclosure is needed for enforcement purposes.
Review your service policies and procedures to make sure they cover the use of personal electronic devices for taking, sending and storing images or videos of children taken while they attend the service in accordance with the National Mode Code.
ACECQA has developed updated policy and procedure guideline for Providing a Child Safe Environment. It can be downloaded at: Preparing NQF Policies and Procedures.
Update your staffing policies and procedures to make sure all service staff and volunteers are:
aware of their obligations, and
the consequences of using personal electronic devices for taking, sending and storing images or videos of children while they attend the service in accordance with the National Model Code.
Share new or updated policies and procedures about safe environments for children and staff with:
all staff and volunteers, and
families of children attending the service.
Undertake regular risk assessments of the taking, use, storage and destruction of images and videos of children being educated and cared for by the service.
Implement a risk management plan to make sure you successfully implement the SRE-NMC at your service.
Make sure all service-issued devices:
have an identification code
are distinctly branded
are easily identifiable from a distance.
Create and maintain suitable logs or registers for recording:
how service-issued devices are issued and returned
authorisations for the possession and use of personal devices for essential purposes, including:
authorisations given in writing in advance, and
authorisations made through other means (for example, in an emergency situation).
Create a place to securely store service-issued devices when not in use. Consider how you will control your devices if staff are moving between locations.
Install lockable storage for staff to store their personal devices securely and access them when not working with children. Make sure this storage is conveniently located.
Purchase a sufficient number of service-issued devices for all needs. Create a place to store these devices securely when not in use.
Make sure each staff member has:
individual account credentials
passwords to any online platforms used by the service.
Create processes for permanently deleting or destroying photos and videos of children that no longer need to be retained.
Check your processes are working as intended. Undertake regular:
audits
risk assessments
reviews.
Review all your policies, procedures, systems and devices regularly.
National Regulation changes – NQF services only
From 1 September 2025, approved providers under the National Law must ensure their services have policies and procedures for the safe use of digital technologies and online environments.
This includes policies and procedures for:
the taking, use, storage and destruction of images and videos of children
obtaining authorisation from parents to take, use and store images and videos of children
the use of any optical surveillance device (e.g. CCTV)
the use of any digital device issued by the service.
ACECQA has developed updated policy and procedure guidelines for:
Providing a Child Safe Environment
Safe Use of Digital Technologies and Online Environments Policy