Go to top of page

Our approach to quality assurance and regulation

Group of people working in a modern office


The Tertiary Education Quality and Standards Agency Act 2011 (TEQSA Act) established us as Australia’s single national quality assurance and regulatory agency for higher education.

While the TEQSA Act identifies a significant number of objects, the core elements are to apply a standards and risk-based quality framework to protecting and promoting the interests of higher education students and the reputation of the higher education sector.

The standards that we are required to apply are set out in the Higher Education Standards Framework (Threshold Standards) 2021 (the HES Framework). These standards are determined by the Minister for Education on advice from an expert Higher Education Standards Panel, which consults widely with the higher education sector before providing its advice.

All institutions that wish to offer an Australian higher education course in or from Australia must apply to be registered by TEQSA and, after initial registration, they must apply to us for renewal of their registration at least once every seven years. The National Register of Higher Education Providers (the National Register) lists all providers that have we have registered—those that are currently registered as well as those that have been registered in the past.

To be registered by TEQSA and subsequently have their registration renewed, providers must demonstrate that they meet, and continue to meet, the requirements of the HES Framework.

Unless they have been granted self-accrediting authority for some or all of their courses of study, providers must also have their courses of study accredited by us before they are offered to students. Re-accreditation is required every seven years.

Application guides for provider registration, renewal of registration, course accreditation and renewal of accreditation, as well as other application types, are available from our Application guides and support section.

At present, universities have self-accrediting authority for all of their courses of study, and a small number of independent higher education providers have self-accrediting authority for some or all of their courses. The HES Framework sets out the requirements for gaining self-accrediting authority, the core of which is that a provider must have demonstrated that it has robust internal quality assurance mechanisms for developing and approving courses and for reviewing and updating them from time to time, as well as a history of at least five years of successful delivery of the courses for which self-accrediting authority is sought.

Provider categories

At the time of initial registration, TEQSA must decide which category the prospective provider should be registered in. The categories, set out in Part B1 (‘Classification of Higher Education Providers’) of the HES Framework, are:

  • Institute of Higher Education
  • University College
  • Australian University
  • Overseas University.

The criteria for registration in each of these categories are also set out in Part B1 of the HES Framework, and providers can apply for a change of category once registered. We must assess providers' applications against the criteria before granting a category change.

Provision of education to overseas students

The Education Services for Overseas Students Act 2000 (ESOS Act) identifies TEQSA as the agency responsible for regulating all providers delivering higher education—as well as some providers delivering ELICOS and Foundation Programs—to onshore international students. Providers in all categories that wish to offer higher education courses to overseas students must be registered on the Commonwealth Register of Institutions and Courses for Overseas Students (CRICOS). CRICOS identifies both the providers and the courses that have been registered.

The ESOS Act and associated National Code of Practice for Providers of Education and Training to Overseas Students 2018 (the National Code), National Standards for Foundation Programs and ELICOS Standards 2018, set out the obligations of providers offering courses to overseas students.

Our regulatory approach

Overarching regulatory philosophy

In keeping with contemporary trends in quality assurance and regulation, TEQSA’s approach:

  • is standards-based, risk-reflective and transparent
  • places a significant emphasis on promoting and facilitating a culture of effective self-assurance as an integral part of a provider’s ordinary operations (as required by the HES Framework)
  • uses ‘variable-touch’ regulation, in which regulatory intervention is no greater than is required to achieve a necessary regulatory purpose
  • is based on a preferred model of respectful regulatory partnerships, with individual providers and with the sector overall.

Standards-based approach

Aside from the TEQSA Act, the definitive reference point for our overarching regulatory approach is the HES Framework and the Threshold Standards it comprises, which providers are required to meet and continue to meet at all times.

As discussed below, TEQSA exercises discretion in its application of the HES Framework for individual providers according to:

  • the circumstances and regulatory standing of the provider
  • an analysis of risks
  • the maturity and effectiveness of the provider’s internal quality assurance and monitoring processes.

In doing so, we aim to promote efficient and effective approaches to assessment and monitoring, while minimising the regulatory burden it places on higher education providers.

Risk-based approach reflecting three principles in the TEQSA Act

TEQSA embraces the three basic principles of regulation that are enshrined in the TEQSA Act. These principles include:

  1. regulatory necessity (only taking regulatory action where there is no effective alternative for achieving compliance)
  2. reflecting risk (informing regulation through identification of risks to quality, reflecting the provider’s track record and regulatory history)
  3. proportionate regulation (the more serious the risk, the stronger the regulatory action).

The practical application of these principles can be viewed by clicking on the headings below.

Regulatory necessity

In exercising our powers and complying with the expectations of the TEQSA Act, ESOS Act and other legislative requirements, TEQSA minimises our regulatory requirements to only those that we see as necessary. We do not burden higher education providers any more than is reasonably necessary given risks to students, educational quality and/or sector reputation. Collection of information from providers is based on the principle of ‘collect once, use many times’ to minimise information gathering burdens on providers.

TEQSA also works with other regulatory bodies and government agencies to reduce unnecessary or duplicative requirements imposed on higher education providers.

Reflecting risk

TEQSA’s need for and level of regulatory action or intervention, and the evidence required of a provider, all reflect the assessed risk of the provider’s likely non-compliance with the HES Framework. This is based on annual risk assessments using the TEQSA Risk Assessment Framework as well as other relevant factors, such as the provider’s record of compliance with relevant legislative requirements, and matters relating to the level of risk of potential non-compliance in the future.

In determining the level of risk, we have particular regard to the provider's regulatory history, its history of scholarship, teaching, research and student experiences, as well as to its financial status, its maturity of development as a provider, and its financial sustainability.

Proportionate regulation

TEQSA’s regulatory actions are proportionate to the nature, severity and extent of any identified non-compliance or risk of non-compliance that needs to be addressed. Regulatory action taken is stronger, the greater the risks to students and/or risks of reputational damage to the sector. Proportionate, differentiated approaches enable providers of different sizes, business models and operational histories to operate in Australia’s diverse higher education system, provided they meet, and continue to meet, regulatory requirements.

Our approach begins with an emphasis on providing information and guidance to support providers to meet their regulatory obligations.

Risk analyses

When TEQSA talks about risk we primarily mean the risk of current or future provider non-compliance with the legislation we administer, and associated risks to quality, students, and the reputation of the Australian higher education sector. We cannot know everything about all of the higher education providers in the sector. On the basis of information we do have, we make judgements about risk to inform the way we approach evidence collection and assessments.

This meaning of risk—understood as the risk that a provider does not, or will not meet its legislative obligations (that is, compliance risk)—is different from the meaning of risk associated with innovation and change. TEQSA acknowledges that innovation often involves a degree of risk taking and, while the HES Framework requires that risks to a provider’s operations are understood and mitigated, we do not expect that all such risks can or should be eliminated.

TEQSA applies a systematic, structured and consistent approach to assessing compliance risk across all providers, using a standard set of risk indicators corresponding to primary areas of institutional practice and performance. This approach, outlined in TEQSA’s Risk Assessment Framework, is critical for us in delivering efficient and effective risk-based quality assurance and regulatory activities. The Risk Assessment Framework outlines the key steps and components of our risk assessment process, and provides detailed supporting information on the risk indicators used.

While we apply our Risk Assessment Framework consistently, we nonetheless recognise the diversity—in terms of sizes, missions and student cohorts—in the sector, and the importance of a provider’s context in assessing potential risks. To support this view in practice, our risk assessment process takes account of a provider’s history, sector context and the provider’s own risk management practices.

Individual risk analyses are augmented by continued monitoring of risks to individual providers, to courses and to the overall integrity of Australia’s higher education sector. Ongoing monitoring is further facilitated through the sharing of intelligence with other agencies, as well as through other channels of information such as complaints and media coverage of significant issues. TEQSA’s understanding of a provider’s prevailing risks of non-compliance is also enhanced as the provider establishes its track record and regulatory history by completing on-going cycles of re-registration and re-accreditation.

Risk-based assessments and the 'Core Plus' model

TEQSA’s approach to cyclical assessments of providers and courses of study is varied and tailored to the circumstances of the provider. The amount of evidence required, and the likely pathway that will be experienced by a provider through an assessment, are influenced  by the status of the provider in the registration cycle. Factors taken into account can include whether the provider is a prospective provider seeking initial registration, or an established provider seeking re-registration or course (re)accreditation. 

Initial registration applications are assessed against all Standards in the HES Framework—so that TEQSA can ensure that new providers will be able to meet the Standards, notwithstanding the new provider’s absence of a higher education track record and a regulatory history with TEQSA at the time of its initial application.

For established providers, application of TEQSA’s Core Plus model of assessment is a major practical manifestation of our risk-based approach, which aims to reduce administrative costs to providers in meeting our evidence requirements. Under this model, all applicants are required to submit a minimum set of evidence relating to an identified set of core Standards in the HES Framework (i.e. core evidence). These relate principally to governance, internal quality assurance, student performance and student experience. Some providers will be required to submit additional evidence against other selected standards (i.e. core plus) on a case-by-case basis, as determined by the provider’s risk profile, track record and demonstrated capacity for self-assurance. 

Maintaining relationships with providers

TEQSA seeks to establish constructive, positive relationships with providers and the sector, based on mutual respect. This is undertaken as part of our commitment to a preferred partnership model of regulation, and consistent with our organisational values. This approach is enabled by developing a close working relationship between providers and their case managers as well as broader interactions between the sector, other stakeholders and the TEQSA Commissioners, Chief Executive Officer and senior staff.

We will respectfully seek outcomes in accordance with the objects of the TEQSA Act, particularly in the interests of achieving quality student experiences and maintaining and enhancing the reputation of higher education in Australia. Where we are required to exercise our regulatory powers, we will do so consistently and with account to principles of procedural fairness.

Resources and support

As part of its commitment to partnerships with individual providers and the sector more broadly, TEQSA offers guidance and support to providers including:

Further detail on our resources and support are elaborated below.

Guidance and advice

TEQSA’s primary means for providing advice is our publication of guidance notes. The purpose of our guidance notes is to provide greater clarity for providers on our interpretation and application of selected areas of the HES Framework. Guidance notes are regularly updated and cover a range of topics. A full list of guidance notes is available from our Guidance notes page.

Case managers

Case managers build relationships with providers to assist them in making applications, tailoring evidence requirements (e.g. for Core Plus), and related matters such as interpreting and refining TEQSA’s risk analyses and providing specific assistance in clarifying and resolving issues (e.g. in identifying what is seen as a material change to the provider’s operations). More broadly, case managers establish and maintain ongoing engagement with providers.

Data collection, analysis and dissemination

TEQSA collects key information about providers from a range of sources including from higher education providers themselves, from the Commonwealth Department of Education and Training and from other relevant state and Commonwealth agencies.

TEQSA collects this key information and uses it to improve policy and program development and outcomes by:

  • monitoring and assessing the performance of individual providers
  • identifying trends, risks or issues across the sector
  • developing and reporting on analyses of the sector.

Find out more from our How we use data page.


TEQSA maintains a program of consultations with the sector to raise issues, explain new directions or policies and gather feedback to improve our quality assurance and regulatory activities. Find out more from our Consultations page.

Provider Portal

The Provider Portal allows providers to build, revise and store applications (with the assistance of templates) through a transparent and consistent process that is subject to continuing refinement. Find out more from our Provider Portal page.

National Register of Higher Education Providers

TEQSA maintains a free and searchable online public register (‘the National Register’) of all higher education providers, which includes information about our decisions on the registration and accreditation status of providers and their courses. It also includes information on decisions arising from compliance monitoring and other enforcement action. Find out more from our About the National Register page.

Exercise of powers and decision making

TEQSA uses a graduated scale of actions, starting with the least burdensome option that is likely to facilitate compliance with the HES Framework. In most cases, this will mean beginning at lower levels of a pyramid of sanctions (Figure 1.) and moving upwards only when circumstances require it.

Our approach to compliance and enforcement can be found in the publication, TEQSA’s Approach to Compliance and Enforcement.

Regulatory action commonly ranges (escalates) from TEQSA:

  1. providing education and support, to
  2. communication of concerns in writing, to
  3. requesting information and reporting, to
  4. imposing conditions on provider’s registration and/or conditions on course accreditation, to
  5. approving registration or accreditation for a period less than the full seven years, to 
  6. cancelling registration (in extreme cases).

The most common conditions TEQSA applies include requiring the provider to undertake specific actions to ensure compliance, or to undertake analysis and reporting on student outcomes and staff profiles, or requiring the provider to conduct an internal or external review of an aspect of its operations—most often in relation to corporate or academic governance or internal quality assurance—and detailing its actions in response to the review.

Where TEQSA is still not satisfied with a provider’s capacity to meet the necessary standards, we may resort to action near the top of the pyramid—including rejection of an application or deregistering a provider. This only occurs where it is considered to be the only way of protecting the interests of students and the reputation or the sector.

Figure 1. TEQSA's graduated approach to exercising formal powers
Four levels of sanctions taken by TEQSA when exercising formal powers

NOTE: The pyramid of sanctions is based on a model developed by Ian Ayres and John Braithwaite, Responsive Regulation: Transcending the Deregulation Debate, Oxford University Press, 1992, p.35.

Review of TEQSA decisions

From time to time a provider may disagree with a decision taken by TEQSA and seek to have it reviewed. A review of a decision is a formal process, and reviewable decisions are specified under the TEQSA Act. There are three broad options for review:

  1. internal review of decisions, where a delegated (not the full TEQSA Commission) has made the initial decision
  2. merits review of decisions made by TEQSA, by the Administrative Appeals Tribunal (AAT)
  3. judicial review of administrative decisions.

Find out more from our Review of TEQSA decisions page.

Monitoring and improvement of regulatory performance

In addition to its internal performance monitoring and annual reports to Parliament, TEQSA is required to report to the Commonwealth on its regulatory performance against the Australian Government’s Regulator Performance Framework. Find out more, or view our regulator performance framework report, from our Corporate plan and performance reporting page.

TEQSA also obtains feedback directly from providers, from our various consultative processes with peak bodies and other stakeholders and from staff. All of which contributes to our internal continuous improvement processes. This has resulted in several significant improvements such as the development of the Core Plus assessment process, streamlining information gathering, an improved online Provider Portal, and streamlined regulation under the ESOS Act.