POSH Act Compliance for Startups: Complete Founder’s Guide in 2026

Contributed by Adv. Manvee and Priya Dutt

Introduction: Why POSH Act Compliance Is Now a Startup-Critical Obligation

Regulatory scrutiny around workplace sexual harassment law in India has intensified sharply. POSH Act compliance, once treated as a large-enterprise concern, is now a core legal obligation for every Indian business, regardless of size, sector, or stage. Whether you are a two-person startup in a co-working space or a 500-person mid-market company, the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (“POSH Act”) applies to you.

Startups and small businesses operate on trust among founders, teams, investors, and customers. Nothing erodes that trust faster than a mishandled sexual harassment complaint. POSH compliance is now a standard checkpoint in investor due diligence, term sheet negotiations, and ESG audits. A single serious incident that exposes non-compliance can derail a funding round, damage an employer’s brand, and trigger regulatory penalties under Section 26 of the Act.

This guide answers the most critical POSH Act Compliance questions that founders and small-business owners ask, from whether the Act applies at all to how it covers remote workers, interns, gig workers, and co-founder conflicts with clear compliance guidance at every step.

POSH Act at a Glance: Key Thresholds for Startups and SMEs

1. What Is the POSH Act, 2013? Definition, Scope, and Core Obligations

The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (“POSH Act” or “the Act”), is India’s primary legislation addressing workplace sexual harassment. The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Rules, 2013 (“POSH Rules”) were notified under the Act. It was enacted to prevent and protect women from workplace harassment across sectors, including private companies, LLPs, partnerships, proprietorships, and startups, and to ensure effective redressal of sexual harassment complaints. Workplace sexual harassment is a form of gender discrimination that violates a woman’s fundamental right to equality and right to life, guaranteed under Articles 14,15, 19(1)(g), and 21 of the Indian Constitution. Vishaka and Others v. State of Rajasthan, (1997) 6 SCC 241 (“Vishaka”), which first held that workplace sexual harassment violates women’s fundamental rights and mandated institutional safeguards in the absence of legislation.

Key Definitions Under the POSH Act

For startups and businesses, the key concepts under the POSH Act Compliance are crucial, such as-

1. Sexual Harassment- Sexual Harassment [Section 2(n)]: “sexual harassment” includes any one or more of the following unwelcome acts or behaviour (whether directly or by implication):—

(i) physical contact and advances; or

(ii) a demand or request for sexual favours; or

(iii) making sexually coloured remarks; or

(iv) showing pornography; or

(v) any other unwelcome physical, verbal, or non-verbal conduct of a sexual nature;

•  aggrieved woman- Aggrieved Woman [Section 2(a)]: means –

(i) in relation to a workplace, a woman, of any age, whether employed or not, who alleges to have been subjected to any act of sexual harassment by the respondent;

(ii) in relation to a dwelling place or house, a woman of any age who is employed in such a dwelling place or house.

• Circumstances that amount to sexual harassment– Section 3 of the Act has some circumstances in which the act or behaviour may amount to sexual harassment-
• implied or explicit promise of preferential treatment in her employment; or
• implied or explicit threat of detrimental treatment in her employment; or
• implied or explicit threat about her present or future employment status; or
• interference with her work or creating an intimidating, offensive, or hostile work environment for her; or
• humiliating treatment likely to affect her health or safety.

• Employer – Employer [Section 2(g)]: The person or entity responsible for management, supervision, and control of the workplace and its employees, which in the startup context typically means the company, its founders, or senior management. Where a complaint is made against the employer directly, the Local Committee [Section 6] has jurisdiction.

• Employee- Employee [Section 2(f)]: Covers regular, temporary, ad hoc, and daily-wage workers, directly engaged or through an agency or contractor with or without the principal employer’s knowledge, whether for remuneration or not, including probationers, trainees, apprentices, interns, and volunteers.

From this flow, three core duties for startups and businesses emerge.

The Act imposes three categories of enforceable duties on every employer:

1. Prevention [Section 19]- The employer must provide a safe working environment, adopt a written POSH policy and display it at conspicuous places in the workplace, and conduct regular workshops and awareness programmes for employees and Internal committee members.
2. Redressal [Section 4&6]- Organisation with 10 or more workers must constitute an Internal Committee and support it with facilities to receive complaints and conduct fair inquiries; smaller setups must facilitate access to the Local Committee.
3. Consequences [Section 26]- Organisation failing to meet these duties can attract fines up to Rs 50,000, doubled for repeat offences, and even suspension or cancellation of business licences, along with serious reputational damage.

2. Does the POSH Act Apply to Startups? Yes, Here Is Why No Startup Is Exempt

POSH Act compliance is not optional; it applies to every workplace in India, regardless of headcount, sector, or funding stage. The Act covers micro-enterprises, early-stage startups, private sector organisations, NGOs, and the unorganised sector alike. The 10-employee threshold under Section 4 only determines when an Internal Committee (“IC”) must be formally constituted. It does not exempt smaller startups from the Act’s core obligations.

To summarise the applicable rule:

• 10 or more employees: IC constitution is mandatory under Section 4(1). Written order of the constitution required.
  • Fewer than 10 employees: Formal complaints are handled by the district-level Local Committee (LC) under Section 6. The LC also receives complaints directly against the employer.
  • All workplaces, regardless of size: Section 19 employer duties apply to a safe environment, a written policy, display of penal consequences, and regular awareness programmes.

Common Founder Misconception

Treating the 10-employee threshold as a compliance-free zone. It is not. Section 19 obligations apply from day one, regardless of team size. Failure to meet these obligations can attract penalties under Section 26 even for sub-10-employee startups.

3. Is POSH Act Compliance Mandatory for Small Businesses? What Changes by Size

Yes, the POSH Act compliance is mandatory for all small businesses. What changes with size is how a business complies, not whether it must. For early-stage setups below the 10-employee threshold, compliance focuses on lean but real safeguards rather than a formal committee structure. The Section 19 employer duties remain fully enforceable.

Where no IC exists, formal complaints are handled by the Local Committee (LC) constituted under Section 6 by the District Officer of every district. Small-business employers must: (a) identify the LC with jurisdiction over their district; (b) display the LC’s contact details at the workplace; and (c) actively facilitate access for any aggrieved woman who needs to approach the LC.

4. From When Does the POSH Act Apply? Effective Date and Startup Trigger Point

POSH is not a “new” or optional regime that startups can wait to adopt. The Act received assent and came into force in 2013, and has applied to all kinds of workplaces since its commencement. From this point onwards, any organisation that qualifies as a workplace with an identifiable employer is expected to comply.

For a newly formed startup or small business, POSH Act Compliance being a continuing obligation is triggered by its real-world operation rather than a funding milestone. Implementation will coincide with the moment you start hiring or engaging women in any capacity, even if the team is very small or working from a co-working space.

5. What Counts as a “Workplace” Under the POSH Act? Extended and Virtual Coverage [Section 2(o)]

Under Section 2(o) of the POSH Act, “workplace” is deliberately framed as a wide, functional concept rather than a single office address. It covers any department, organisation, office, branch, unit, or establishment substantially funded by the government directly or indirectly, or an establishment in the private sector.  It recognises the concept of an extended workplace, which includes places visited by employees during the course of their employment and transportation provided by the employer. Judicial interpretation of this concept employs the doctrine of ‘notional extension’ to ensure coverage for workplace-connected conduct even outside physical office premises.

For startups and small businesses, the POSH Act’s definition of workplace covers:

• Head office, branch offices, and satellite offices
  • Co-working spaces where the team regularly operates, even if the startup is a sub-tenant or licensee
  • Client premises, investor offices, and venues for business meetings, conferences, and networking events if the visit is work-related
  • Employer-arranged or employer-provided transport: cab services, shuttles, vehicles arranged for client visits or late-night drops
  • Remote or home offices where official work is performed

[1]

6. Does the POSH Act Apply to Remote Work, Work-from-Home (WFH), and Hybrid Teams? Digital Workplace Coverage?

Yes, the POSH Act clearly extends to work-from-home, remote, and hybrid workplaces. Section 2(o)’s reference to “a dwelling place or a house” and any place visited in the course of employment logically includes home offices and other remote locations where official work is performed. Courts and leading commentaries treat WFH as an extension of the workplace, not an exception to it.  While the Act does not use the term “virtual workplace”, High Courts have applied a purposive interpretation to extend POSH Act Compiance coverage to digital environments. In Sanjeev Mishra v. Disciplinary Authority and General Manager, Bank of Baroda & Ors. (S.B. Civil Writ Petition No. 3832/2017), The Rajasthan High Court held that separate geographical locations do not automatically constitute different workplaces, particularly where the employment relationship and the employment nexus span those locations. The Court’s reasoning supports coverage of digital and cross-location harassment where the employment connection is established.[2]

For remote-heavy startups, POSH Act Compliance coverage operates across two layers:

1. Physical layer: The location from which the employee works, i.e., her home, company-leased accommodation, or any residence, is treated as a workplace when she is performing official duties.
2. Digital layer: Communication channels through which work is conducted i.e., official email, WhatsApp groups, Slack, Microsoft Teams, video conferencing platforms, and project management tools are part of the virtual workplace. Unwelcome sexual messages, explicit images on work chats, inappropriate comments during video calls, and persistent late-night messages with a sexual undertone connected to employment all constitute workplace sexual harassment under the POSH Act.

In Saurabh Kumar Mallick v. Comptroller & Auditor General of India, W.P.(C) 5773/2008 (Delhi HC) it was held that messages sent after office hours and across state postings were held to constitute workplace harassment because the employment relationship created the required nexus.

Remote-first compliance checklist for startups:

• POSH policy must explicitly state that WFH and digital interactions are covered.
  • IC must be equipped to receive complaints and electronic evidence (screenshots, chat logs, emails).
  • All remote workers must know how to access the IC (or LC, where applicable).
  • Training sessions must include virtual harassment scenarios and digital conduct norms.
  • POSH policy should specify that ‘online’ misconduct is legally on par with physical office misconduct.

7. Does the POSH Act Cover Interns, Consultants, and Freelancers? [Section 2(f)]?

Yes, interns, consultants, and freelancers are within the POSH framework in the startup and SME context. The Act’s definition of “employee” under Section 2(f) is deliberately expansive. It covers persons working for any work on a regular, temporary, ad hoc, or daily-wage basis, directly or through a contractor or agent, with or without the principal employer’s knowledge, whether for remuneration or not, including co-workers, probationers, trainees, and apprentices or by any other name.

In practical terms, for startups:

• Paid and unpaid interns: Both are covered. A woman intern, whether in the office, at a co-working space, client premises, or remote, can file a complaint before the IC.
  • Trainees and apprentices: Covered by name in Section 2(f).
  • Consultants and advisors: Covered where they work under supervision, within the startup’s physical or virtual workspace, using its official tools or communication channels.

•             Gig workers and platform workers: Covered where functional control and workplace connection exist

Best Practices for Startups

Explicitly reference interns, consultants, and freelancers in your POSH policy; do not limit the policy to ’employees’. Include onboarding POSH communication for all non-payroll workers engaging with your team. Ensure IC contact details are shared with all categories of workers, not just permanent staff.

8. Does the POSH Act Protect Male Employees? Scope and Limitations? 

No, the POSH Act, 2013, is gender-specific in its protective scope. The Act defines the “aggrieved” person as a woman [Section 2(a)] and limits its complaint mechanism to women alleging sexual harassment. Male employees and non-binary individuals cannot file POSH complaints. However, men can be named as respondents in complaints filed by women.

That said, many organisations extend equivalent protections to all employees through internal grievance policies or codes of conduct. This is good practice and strongly recommended from an inclusivity and ESG governance standpoint, but such protections operate outside the POSH Act’s statutory mandate and must be structured as a separate internal framework.

9. Does the POSH Act Apply to Gig Workers and Platform-Based Freelancers?

Yes, in many cases. The startup ecosystem relies heavily on gig worker platform-based delivery partners, independent developers, designers, and content creators. The POSH Act’s broad definition of “employee” under Section 2(f) captures individuals working on an ad hoc, temporary, or contractual basis, whether directly or via a platform or agent, including those going by any other name. Legal commentators broadly apply this to cover many gig workers and freelancers contracted through a platform or agency.

The operative test is functional control and workplace connection:

• If a woman gig worker operates within the startup’s physical or digital workspace, uses its official communication tools, or works on an assignment under its supervision, harassment connected to that work falls within the startup’s POSH framework.
  • Where an IC exists: she must be permitted to approach it.
  • Where no IC exists: she may approach the Local Committee (LC), and the startup must cooperate with LC proceedings.

Given the evolving case law on platform workers, founders should take a conservative, protective approach:

• Explicitly reference freelancers, platform partners, and non-payroll workers in your POSH policy
  • Communicate to all non-payroll workers how to raise a complaint with the IC or LC
  • Do not rely on platform agreements to transfer POSH liability entirely to the aggregator platform

10. How Does a Small Startup Constitute an Internal Committee (IC) With Limited Staff? [Section 4]?

For early-stage startups, constituting an IC with limited staff can be a logistical challenge but it is a non-negotiable statutory requirement once you reach 10 employees. The IC is also now a primary check in investor legal due diligence. Note: The POSH Act imposes strict timelines; inquiries must be completed within 90 days [Section 11(4)], so the IC must be functional, not merely constituted on paper.

Required Composition & Solutions:

Section 4(2) mandates the following composition deviations invalidate the IC and may vitiate any inquiry conducted:

1. Presiding officer: Must be a senior woman employee.

Startup Solution– If you don’t have a senior woman in the team, then you can nominate a senior woman from other offices or administrative units. Alternatively, engage a qualified senior woman consultant, but structure the appointment carefully to comply with Section 4(2)(a) requirements.

• External Member: Mandatory appointment of one member from an NGO or association committed to the cause of women, or a person familiar with issues relating to sexual harassment. The external member must be genuinely independent not a retainer counsel or regular advisor of the organisation. This is particularly critical in startups where the accused may be a founder or key stakeholder the external member is the primary safeguard against institutional bias.
• Employee Members: At least two employee members, preferably committed to women’s causes or with legal or social work experience. At least half of all IC members must be women [Section 4(2) proviso].

11. Can a POSH Complaint Destroy a Startup’s Reputation? How the Confidentiality Shield Works [Sections 16 & 17]?

Startups are acutely vulnerable to reputational harm from harassment allegations, particularly in the age of social media. A single leak can derail hiring, unsettle investor confidence, and damage client relationships. The POSH Act provides a statutory confidentiality framework that, when properly implemented, protects both parties and the organisation from ‘trial by media’.

The Section 16 Confidentiality Framework

Section 16 of the POSH Act creates a mandatory confidentiality obligation: the contents of the complaint, details of the inquiry proceedings, identity of the complainant, respondent, and witnesses, and the IC’s report are all prohibited from publication or disclosure. Section 17 prescribes a penalty for breach of this confidentiality obligation.

The confidentiality obligation extends to:

• Founders and Senior Management: No discussion in WhatsApp groups, Slack channels, Twitter/X, or any semi-public forum.
• Employees: Leaking details of an ongoing inquiry, including to damage the company’s or respondent’s reputation, is a punishable offence under Section 17.
• HR and Legal Teams: Leaking details of an ongoing inquiry, including to damage the company’s or respondent’s reputation, is a punishable offence under Section 17.

RTI Protection:

Private companies and startups are generally not subject to RTI obligations (which apply to public authorities). However, for organisations that are, Section 16 creates a statutory exemption from disclosure of complaint contents and proceedings an RTI request for harassment case details can be rejected on this basis.

When implemented correctly, Section 16 creates a legal firewall enabling organisations to resolve complaints internally and confidentially, provided the IC process is procedurally sound and compliant.

12. Why Do Investors Demand POSH Annual Reports in Due Diligence? [Section 21]?

Many founders scramble to prepare POSH documents only after a term sheet is on the table. The problem: it is the annual report, not a newly created policy, that demonstrates active, historical compliance. A policy created on the eve of due diligence signals governance weakness, not strength.

The Annual Reporting Obligation [Section 21]:

Section 21 of the POSH Act requires the IC to prepare and submit an annual report to the employer and to the District Officer on or before 31 January each year. The report must include the number of complaints received, the number disposed of, and the number pending.

Investor due diligence standard: Venture capital and private equity investors routinely request copies of the IC’s annual reports for the past 2–3 financial years. This is now a standard item in legal due diligence checklists for Series A and above funding rounds.

The Nil Report Obligation: Even if your organisation had zero complaints in a given year, which is typical for small teams, you are required to submit a Nil Report to the District Officer by 31 January. Absence of past annual reports (including nil reports) is treated as a governance failure in due diligence and can reduce valuation or kill a funding deal.

Corporate Filing Obligation: Under the Companies Act, 2013, read with MCA notifications, the Board’s Report of every company is required to disclose whether the IC has been constituted and to confirm POSH compliance. This disclosure is reviewed by statutory auditors and company secretaries and forms part of the annual financial filing.

13. How Should Startups Handle Office Romances and Co-Founder Relationship Conflicts Under the POSH Act?

Startups with young teams, long hours, and blurred personal-professional boundaries present a specific risk in consensual-relationship-turned-hostile situations. This is one of the most underestimated POSH liability areas for founders.

The “Breakup” Risk: The POSH Act’s Approach

The POSH Act defines harassment by reference to whether conduct is “unwelcome” [Section 2(n)] not whether it was previously consensual. Consider the following scenario:

• Two co-founders, or a manager and subordinate, are in a consensual relationship.
  • The relationship ends. The manager continues to send personal messages.
  • Those continued advances, now unwelcome, constitute sexual harassment under the POSH Act.
  • Past consent is not a defence once conduct becomes unwelcome. This position has been confirmed in judicial decisions interpreting Section 2(n).

The Compliance Solution (Consensual Relationship Policy/Dating Policy):

To manage this risk, startups should adopt a written Consensual Relationship Policy (CRP) as a supplement to their POSH policy. Key elements:

• Mandatory disclosure: Employees must disclose relationships involving a direct reporting line.
  • Performance review segregation: Where a founder is in a relationship with an employee, the founder must not conduct, approve, or influence that employee’s performance review, compensation, or promotion decisions.
  • Quid pro quo prevention: The CRP should explicitly prohibit conditioning employment benefits (salary, promotion, continued engagement) on relationship consent — this is the statutory definition of quid pro quo harassment under Section 3 of the Act.
  • IC notification: Where a relationship involves IC members or senior management, the IC should be notified for recusal purposes.

Conclusion: POSH Compliance as a Governance Investment, Not a Compliance Tax

POSH Act compliance for startups and small businesses is not a bureaucratic checkbox; it is a governance investment with measurable returns: lower litigation risk, stronger investor confidence, a safer work environment, and a more defensible culture in an era of heightened accountability.

The POSH Act asks founders to do three things consistently: prevent harassment through policy and training, ensure credible mechanisms for redressal through a properly constituted IC or LC access, and respond to complaints fairly and promptly. Done well, this is not burdensome; it is the minimum standard of a well-run organisation.

The legal risks of non-compliance, regulatory penalties, investor due diligence failures, reputational harm, and employee litigation far outweigh the cost of compliance. For startups navigating rapid growth, building POSH compliance into your governance infrastructure from day one is not just good law. It is good business.

[1] https://www.ungender.in/workplace-under-posh-act/

[2] https://indiankanoon.org/doc/49655315/