FAQs – Data and Reporting

The GBV Regulator is an outcomes-based regulator, focused on whether providers’ systems and approaches are effectively preventing and responding to gender-based violence, rather than on technical compliance with individual data points in isolation.  

We will use reported data to understand risk, trends and maturity over time, and to guide proportionate, supportive regulatory engagement rather than taking punitive action based on single indicators.

There are two key ways we will use annual reporting data:

To monitor provider compliance with the National Code:

• We will use certain elements in annual data reporting data, alongside other sources of information, to assess provider compliance with the National Code and inform its compliance monitoring priorities.
• This does not mean a concerning data point will automatically or immediately result in deeming a provider non-compliant. Given the quantitative nature of the data requested it is most likely to be used to flag areas where we may want to request further information to undertake further regulatory action, including requesting additional information from a provider.
• For example, if data indicates that a provider is consistently not meeting the 45-day timeframe for resolving formal reports of gender-based violence, we may seek more information to determine whether there may be underlying issues with that provider’s systems and processes.  This could identify that there are valid reasons for the length of time taken to complete these processes and therefore no further compliance action is required.

To support identification of sector wide risks, trends, and systemic issues:

• Data plays a critical role in understanding the nature and prevalence of gender-based violence, identifying the needs of diverse groups, measuring progress and informing policy and program design for continuous improvement.
• Reported data will help us as a regulator to analyse patterns in gender-based violence incidents across the sector- this is why the data is being requested at the ‘incident’ level rather than in an aggregated form.
• This analysis of sector wide risks, trends, and systemic issues will inform guidance, capacity building, and continuous improvement across the sector.

Bystander reporting can play an important role in identifying risks and enabling timely, effective responses.

In line with the intent of the National Code, providers can promote bystander reporting so that individual members of their community are aware of behaviours that may constitute gender based violence and can take appropriate action and report it if they witness it. This will support providers having a fuller picture of the gender-based violence that is occurring in their community.

Bystanders should also be encouraged to seek support from their provider where needed, consistent with trauma informed and person centred approaches to preventing and responding to gender based violence.

The GBV Regulator acknowledges that gender-based violence is rarely a single, isolated event and we were aware the term ‘incident’ may cause some confusion.

We use the term ‘incident’ to refer to occurrences of gender-based violence, in alignment with the wording of the National Code, however we recognise that this terminology can unintentionally reinforce individualised responses and obscure the systemic and structural nature of gender-based violence.

Yes, although the primary focus is on collecting data about the discloser and respondent.

The Data Elements table in Appendix A of the Guidance on Collecting Annual Reporting Data includes all data elements providers will be required to collect. These are broken into four categories:

• Elements relating to the disclosure/formal report and incident details, including who made the disclosure or formal report? (Page 19, Data element No. 4)
• Elements relating to the Discloser
• Elements relating to the Respondent
• Elements relating to the provider/student accommodation provider’s response.

The Guidance on Collecting Annual Reporting Data only relates to annual data reporting requirements under Standards 6.12-6.14 of the National Code. This is a prescribed reporting requirement that providers must comply with on an annual basis.

Standard 6 of the National Code also sets out a range of other data that the Regulator may request from a provider. Specific examples of the types of data that may be requested are outlined at Standards 6.8 – 6.11 and includes things like process data on implementation of policies, procedures, plans and related activities, like prevention and training initiatives.

Providers must ensure they have familiarised themselves with these requirements to ensure compliance with any future requests for data. Requests for this kind of data will likely be made on an ad hoc basis or through other mechanisms, such as progress reporting.

Providers should also be tracking data on broader initiatives and actions to prevent and respond to gender-based violence to support progress reporting against their whole of organisation plan which is due 6 monthly to the governing body and each 2 years to us as the Regulator.

Under the National Code, providers are required to begin collecting data on the incidences of gender-based violence:

• From 1 January 2026 for Table A and B providers
• From 1 January 2027 for all other providers registered under the Tertiary Education Quality and Standards Agency Act 2011

Data must be collected each calendar year and reported to the GBV Regulator by 30 June of the following year.

The GBV Regulator acknowledges the National Code introduces significant requirements for the collection of data related to instances of gender-based violence, and it may take time to implement mature data collection processes and systems which align with these requirements.
 
As the National Code establishes legal requirements, all data reporting obligations are required by law. However, we are adopting a phased approach to data collection.

In recognition of this, the data elements table outlined at Appendix A of the Guidance on Collecting Annual Reporting Data indicates whether a data element is:

• Required from year one – these data elements must be included in all reporting from the commencement of the National Code. These elements relate to basic information about incidents, disclosers and respondents, as well as the provider’s response to the incident and it is expected providers will already be collecting this information.
• Required once mature – these data elements may be listed as ‘unknown’ or ‘N/A’ in the first 1-2 years of reporting to the GBV Regulator, recognising that these elements may not have previously been collected by the provider and will require time to collect safely and effectively. These elements relate to more detailed information about incidents, disclosers and respondents.

For each reported incident, all data element fields must contain a value (as per the accepted values column in Appendix A of the Guidance on Collecting Annual Reporting Data.

This means that where a field is not applicable, or the provider does not have the data, it must be marked ‘N/A’ rather than being left blank. This ensures that data integrity and quality is maintained when the data is uploaded into the GBV Regulator’s system.

All incidents of gender-based violence disclosed or reported to the provider within a reporting period must be included in annual data reporting, regardless of when the incident occurred, and including where the matter is still ongoing (for example, where investigations or appeals are still underway).

For example, if someone discloses or formally reports an incident that occurred prior to the reporting period, this should still be included in annual data reporting for that period. In reporting the incident, you will need to include the date of the incident, which will demonstrate if, for example, it is a historical or recent incident.

If an incident is ongoing at the end of the reporting period, it must still be included in the data reporting for that period. The provider will be able to report the incident as ‘ongoing’ as per Appendix A of the Guidance on Collecting Annual Reporting Data.

The GBV Regulator may separately follow-up with providers to seek information regarding the outcomes of incidents which were reported as ongoing to ensure compliance with the National Code, as appropriate.

Where a discloser or respondent is a student, the current data elements capture whether the student is a domestic or overseas student, where the student was born, and their primary spoken language.

All of these are detailed in the accepted values column on pages 22 to 32 of the Guidance on Collecting Annual Reporting Data and are intended to support consistent and comparable reporting across the sector.

In line with the National Code, all data collection processes must be trauma‑informed and person‑centred, and providers need to prioritise safety, privacy and security when engaging with students and staff.

We recognise that some providers may not yet have the systems or processes in place to capture sensitive information safely and effectively, and this is why these elements are currently identified as ‘required when mature’ (see Pages 14-15 of the Guidance on Collecting Annual Reporting Data).

Providers are not required to collect data elements if doing so would compromise a trauma‑informed approach. Providers should use their judgement in how and when sensitive questions are asked to ensure individuals feel safe and supported.

Where it is possible to collect data in a safe and trauma informed way, all data fields should be completed but where this is not possible, providers can mark these elements as unknown.

No. Where an incident was reported to the provider prior to 1 January 2026 it must not be included in the annual reporting for 2026. The same approach will apply for non-university higher education providers in 2027.

Providers should still seek to align their approach to managing any outstanding disclosures in line with the Standards of the National Code to ensure an effective and safe response for disclosers and respondents.

Appendix A of the Guidance on Collecting Annual Reporting Data outlines required data elements and accepted values for each element.

Data element 15 specifically requires a provider to report the location/s that the incident/s took place, and provides a list of locations as accepted values.

Accepted values include multiple off-campus settings, as well as other which should allow for reporting the location of an incident at a third-party organisation’s property.

To avoid compromising the integrity of data, Higher Education providers must ensure they have arrangements in place with student accommodation providers to avoid duplication of data wherever possible. For example, where an incident may have been reported to both the student accommodation provider and the higher education provider, this should only be recorded as a single incident.

Providers must consider privacy and security implications and determine appropriate arrangements for data sharing between student accommodation providers and the provider.

Each disclosure made to the provider within the reporting period should be reported separately, even where the same respondent is involved across multiple disclosures or incidents over time.

The GBV Regulator does not expect providers to aggregate disclosures into a single record or formally identify patterns of behaviour when reporting to us.

Under Standard 4.4 providers are required to undertake a risk assessment in response to all disclosures and formal reports of gender based violence, and to manage and monitor any identified risks on an ongoing basis. This may mean analysing records and identifying trends in order to minimise risks and improve prevention and response efforts.

The data elements table provided at Appendix A of the Guidance on Collecting Annual Reporting Data requires a provider to record how an incident was initially reported (data element 13), and where it was initially reported as a disclosure, if it progressed to a formal report (data element 14).

This enables the GBV Regulator to capture the individual number of disclosures and formal reports as per Standard 6.13.

To comply with the National Higher Education Code to Prevent and Respond to Gender based Violence, providers are required to begin collecting data on the incidence of gender-based violence:

• From 1 January 2026 for Table A and B providers
• From 1 January 2027 for other providers registered under the Tertiary Education Quality and Standards Agency Act 2011

This data is required to be collected under Standards 6.13 and 6.14 for each calendar year, and then reported to the GBV Regulator by 30 June the following year.

Data reporting will be uploaded using a mandatory Microsoft Excel template via the National Code Web Portal – this is an online facility which will enable providers to securely provide data, reporting and other information as required to the GBV Regulator.

The web portal will verify uploaded data to ensure it complies with all formatting requirements and, where errors are identified, providers will be required to re-submit.

Further information regarding the web portal, including detailed user guides will be provided in due course.

Providers will be required to use the Microsoft Excel Reporting Template that we issue, noting it will include important validations required for uploading to our system. No other submission format will be accepted.

This is to ensure consistent collection of information for analysis purposes and to ensure high quality data.

Providers must adhere to the accepted values required in the template – these values will match those outlined in Section 3.2 of the Guidance on Collecting Annual Reporting Data – data elements.

The GBV Regulator is aware that many providers have existing data collection systems and have commenced data collection. The data elements outlined in the Guidance on Collecting Annual Reporting Data will be those required by the template. 

Providers will need to ensure they can extract data to facilitate reporting by the required due date in the mandated template. There may be a need to manually export data in the first reporting year.

We recognise that different providers will have different internal reporting systems and processes. The National Code does not prescribe a single model for how internal data should be collected or managed internally.

For annual reporting to the GBV Regulator, providers must be able to supply the level of detail set out in the Guidance on Collecting Annual Reporting Data and required under the National Code. This means that, regardless of how a provider’s internal systems operate, they will need to ensure they can extract and report all data elements specified in the Guidance on Collecting Annual Reporting Data.

The data reporting template will not allow any additional fields of data to be added. For National Code compliance, the key requirement is that all ‘Required for Year One’ elements, and, over time, all ‘Required at maturity’ elements, can be accurately reported to the GBV Regulator.

Providers may choose to collect additional information internally if it supports their broader prevention and response work. Providers should ensure privacy and security is considered as part of any internal reporting.

The Universities Accord (National Higher Education Code to Prevent and Respond to Gender-based Violence) Act 2025 includes several information gathering provisions that are necessary for the performance of the GBV Regulator’s functions and exercise of its powers under the National Code.

In line with Standard 6.3(c) of the National Code, all data must be de-identified before it is provided to the GBV Regulator. The mandatory annual data reporting template will be designed to specifically prevent accidental uploading of identifiable information such as names, addresses, or student/staff ID numbers.

Once received by the GBV Regulator, data will be stored and handled securely in line with the Department of Education’s Complete Privacy Policy.