You are currently viewing Your Startup Doesn’t Get a Compliance Grace Period

Your Startup Doesn’t Get a Compliance Grace Period

Your Startup Doesn’t Get a Compliance Grace Period

Most founders we speak to believe the same thing: HR compliance starts once you cross 20 employees. That’s when Provident Fund registration kicks in, so that must be the starting line.

It isn’t. HR compliance for startups in India begins well before you hire your twentieth person — in some cases, before you hire your first. The 20-employee figure is one threshold among several, and treating it as the gate has left a lot of otherwise well-run companies exposed during their first funding round or their first employee dispute.

Here’s what actually applies, and when.

The thresholds nobody explains properly

There is no single “compliance switch.” Different obligations activate at different headcounts, and a few apply regardless of size.

From your first hire

Written employment documentation. Indian labour law doesn’t mandate a single contract format, but the absence of a properly drafted appointment letter makes it very hard to enforce a notice period, defend a termination, or explain your position to an investor’s diligence team. Offer letters, appointment letters, and a basic code of conduct aren’t paperwork — they’re the record you’ll rely on when something goes wrong.

At 10 employees

Employee State Insurance (ESI) becomes applicable in notified areas. And, more importantly for most founders: the requirement to constitute an Internal Committee (IC) under the POSH Act.

At 20 employees

Provident Fund registration under the EPF Act. This is the threshold everyone knows — and the one that creates the false impression that nothing preceded it.

The POSH misunderstanding that catches most startups

This one deserves its own section, because it’s the single most common gap we see.

Founders often read “10 or more employees” and conclude that a nine-person startup has no POSH obligation at all. That reading is wrong, and the distinction matters.

The POSH Act — the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 — applies to every workplace in India, regardless of size. The 10-employee threshold doesn’t determine whether the law applies to you. It determines which committee handles a complaint:

  • 10 or more employees: you must constitute an Internal Committee within your organisation.
  • Fewer than 10: complaints route to the district-level Local Committee. But you still need a written policy, you still need to run awareness sessions, and if an employee wants to file, you are obliged to help her reach that committee.

“We’re too small for all that” is not a position the law recognises.

Penalties begin at ₹50,000 for a first offence, and repeat non-compliance can escalate to cancellation or non-renewal of business licences. But the fine is rarely the real cost. The real cost tends to surface in due diligence, when an investor asks for your POSH policy, your IC constitution order, and your training records — and there’s nothing to hand over.

A committee on paper is not a committee

Here’s a situation we’ve seen, and it’s more common than the obvious failure.

A startup did the right thing. They constituted their Internal Committee properly — presiding officer, employee members, an external member — passed the written order, put up the notices. Compliance box ticked. Everyone moved on and got back to building the company.

Then people left. Not unusual at an early-stage company. Over the following year, the internal members who sat on that committee resigned one by one. Nobody thought to replace them, because nobody was thinking about the IC at all — it had been set up, and setting it up had felt like the finish line.

What remained was the external member. A committee of one.

Then a complaint came in.

At that point the company had a real problem, and it wasn’t the complaint. It was that they had no validly constituted committee to hear it. An inquiry conducted by an improperly constituted IC is open to challenge on that basis alone — which means the process itself becomes a second legal exposure sitting on top of the first. Everything that followed was harder, slower, and more expensive than it needed to be, and the complainant was poorly served by it too.

The lesson is not “constitute an IC.” They did that. The lesson is that an IC is a standing obligation, not a one-time task. Members hold office for a fixed term. Departures require replacement by resolution. The displayed names and contact details have to actually be the current names and contact details.

If you constituted your committee eighteen months ago and haven’t looked at it since, there’s a reasonable chance it isn’t valid today.

Where startups actually get caught

In practice, compliance gaps rarely announce themselves. They surface at three moments:

An inspection. Enforcement has become more digital and more systematic. The era of assuming nobody’s looking is closing.

An employee dispute. A contested exit, a withheld notice period, a harassment complaint. This is when the absence of documentation becomes expensive — not because you were in the wrong, but because you can’t prove you were in the right.

Due diligence. An investor, an acquirer, or a large enterprise client runs a compliance check before signing. This is the most common trigger we see for startups in Chandigarh, Mohali, and across Delhi NCR, and it’s the worst possible time to discover a two-year backlog.

At that point, founders often want to fix everything retroactively. Some things can be. A POSH policy dated last week doesn’t retroactively cover an incident from last year.

The workable version of this

You don’t need a full HR department at eight employees. You need a foundation that scales without breaking:

  1. Employment documentation — offer letters, appointment letters, and a code of conduct, drafted and vetted properly once rather than copied from the internet.
  2. A POSH policy and Internal Committee — constituted correctly, with a qualified external member, before you need it.
  3. Statutory registers — maintained from the start, in the prescribed formats. Spreadsheets stop being defensible fairly quickly.
  4. A compliance calendar — PF, ESI, professional tax, TDS, annual POSH returns. Assign one owner internally.
  5. A periodic review — quarterly is enough at early stage. The point is to catch drift before it compounds.

Built gradually, this is a modest overhead. Reconstructed under pressure, it’s an expensive, distracting scramble at exactly the moment your attention is needed elsewhere.

Where we come in

Pratham HR & Legal Solutions works with startups and SMEs across Chandigarh, Mohali, Delhi NCR, Noida, and Bengaluru to put this foundation in place — POSH policy and IC constitution, external IC membership, employee handbooks and HR policy design, contract drafting and vetting, and HR compliance audits.

If you’re not sure where your gaps are, that’s usually the first thing worth finding out.

Talk to us about an HR compliance audit →

Leave a Reply