Just launched your startup? Don’t let penalties or messy paperwork kill your funding. Discover the must-follow post-incorporation compliances in India—and how to turn them into a founder advantage.
 |
| AI Generated Image |
Key Post-Incorporation Compliances Every Startup Must Follow (And How They Actually Help You Win)
Imagine this: a VC is excited about your startup, you’ve nailed the pitch, the numbers look great—and then their due diligence report flags missed ROC filings and sloppy cap table records. The term sheet quietly dies, and nothing “officially” goes wrong—but you know what did.
That’s what non-compliance looks like in real life. Not always raids and court notices. Often just missed opportunities.
Compliance is not just about “avoiding penalties”. It is about three big things every Indian startup cares about:
- Staying fundable
- Staying founder-controlled
- Staying future-ready for exits or IPOs
Let’s break down the key post-incorporation compliances every Indian startup must follow—and how to turn them into unfair advantages.
1. The First 180 Days: Turning a Paper Company into a Real Business
Right after incorporation, your startup is technically born—but not yet “alive” in the eyes of the law and banks.
a) INC-20A: Your Official “We’re Open” Signal
Form INC-20A (Declaration of Commencement of Business) tells the government you’ve received the initial capital and are ready to operate.
Why it matters:
- Banks may refuse loans/credit lines if INC-20A is pending.
- The ROC can slap penalties (₹50,000 on the company plus ₹1,000 per day on officers) and even move towards striking off in extreme cases.
Practical tip: As soon as your bank account is opened and founders deposit capital, ask your CA/CS to file INC-20A with a bank statement and board resolution.
b) Issuing Share Certificates: Protecting the Cap Table
Many founders think, “We already know who owns how much—why rush share certificates?” Investors think very differently.
Issuing share certificates within 60 days of allotment and paying stamp duty does three things:
- Legally confirms ownership
- Prevents messy disputes between co-founders later
- Impresses investors during due diligence—clean cap table, clean story
Pro tip: Maintain a proper Register of Members and Share Allotment from day one. This becomes gold during ESOPs and funding rounds.
c) First Auditor Appointment: Your Financial Co-Pilot
Every private limited company must appoint its first statutory auditor within 30 days of incorporation (through the board), and then re-appoint in AGM via ADT-1.
A good auditor does more than sign balance sheets:
- Pre-warns you about cash flow issues, tax exposures, and messy bookkeeping
- Helps structure founder salaries and reimbursements smartly
- Prepares you for the tax audit and investor scrutiny
Think of your auditor as a long-term partner, not a checkbox.
2. Annual MCA/ROC Compliances: Keeping Your Company “Visible” and Investable
If MCA records are a public “report card” of your company, ROC filings are the annual exams you cannot skip.
a) AOC-4 & MGT-7: Your Official Story to the World
Two annual filings matter the most:
- AOC-4: Financial statements (balance sheet, profit & loss, notes, auditor report)
- MGT-7/MGT-7A: Annual return (shareholding, directors, meetings, etc.)
Why they’re powerful when done right:
- Investors and lenders often review MCA data as a quick hygiene check. Consistent, timely filings = professional, reliable team.
- Non-filing leads to ₹100 per day per form and can run into lakhs over a few years.
Hidden upside:
If you’re a “small company” under the relaxed 2025 MCA definition (higher thresholds for paid-up capital and turnover), you enjoy simpler compliance and lower penalties—worth checking with your CA.
b) Board Meetings and AGM: Not Boring if You Use Them Well
Legally, you must:
- Hold at least 4 board meetings a year (max 120 days gap)
- Conduct an AGM once a year, usually by September 30
But here’s the twist:
Use board meetings as a discipline tool:
- Review runway, burn, hiring plan, and KPIs
- Record key decisions (fund-raise, ESOP grants, major contracts) in minutes
Future acquirers and VCs love founders who can show a clear decision trail.
c) DIR-3 KYC & DPT-3: Small Forms, Big Risks
- DIR-3 KYC: Each director verifies their KYC annually. Miss it, and the DIN is deactivated, and restoring it costs ₹5,000 per director.
- DPT-3: Discloses loans, advances, and any “deemed deposits” by June 30 each year.
This is especially important if you’ve taken:
- Founder loans to the company
- Money from friends/family without clear documentation
Keeping these clean avoids your loans being misread as illegal deposits.
3. Tax, Cash, and Runway: Compliances That Directly Impact Your Bank Balance
Tax compliances are where laziness directly costs money.
a) Income Tax Return & Tax Audit: Telling the Truth with Strategy
- File ITR-6 annually for companies, typically by October/November 31 (depending on audit).
- Tax audit kicks in when turnover crosses prescribed thresholds (often ₹10 crore, with non-cash transaction conditions).
Done right, these help you:
- Claim legitimate business expenses (software, co-working, marketing, founder salaries)
- Use startup-friendly benefits like Section 80-IAC tax holiday for eligible DPIIT-recognised startups
Done wrong, you face:
- Interest, penalty, and notices
- Messy financials that scare serious investors
b) TDS and Payroll: Where Most Early-Stage Mistakes Happen
Hiring early employees without understanding TDS is like driving without seatbelts.
Key points:
- Deduct TDS on salaries (Form 24Q), contractors and professionals (Form 26Q), and rent where applicable.
- File quarterly TDS returns; issue Form 16 to employees by June 15.
Delays attract ₹200 per day per return plus interest, and employees get unhappy if their Form 16s are late.
Pro tip:
Use cloud payroll tools integrated with TDS and PF/ESI to keep everything in one dashboard.
4. Labor Laws, People, and Culture: Compliance as a Trust Signal
The way a startup treats compliance around people is often how it treats people themselves.
a) EPF & ESI: Signals That You’re Building for the Long Term
- PF becomes mandatory when you hit 20+ employees.
- ESI applies when you have 10+ employees with wages up to the prescribed limit (commonly ₹21,000).
Why it’s more than just law:
- Helps you attract talent that values stability and benefits.
- Shows investors you know how to scale teams responsibly.
Skipping PF/ESI and paying “all in-hand” might look easy today but becomes a nightmare during due diligence and labor inspections.
b) POSH Compliance: Non-Negotiable for Modern Teams
If you have 10 or more employees, you must:
- Constitute an Internal Committee (IC)
- Conduct awareness sessions
- File annual POSH reports with relevant authorities where applicable
For remote/hybrid teams, this still applies—you can have a virtual committee and online training. This isn’t just legal; it shapes culture.
c) GST: When Revenue Starts to Get Real
You must register for GST once turnover crosses the threshold (commonly ₹20 lakh for services in many states; higher for goods), or earlier if you fall under mandatory categories.
Benefits of timely GST registration:
- You can claim input tax credit on expenses like AWS, SaaS tools, rent, and marketing.
- Bigger clients often prefer vendors with GST for their own credit claims.
Delay = interest, penalties, and painful reconciliations later.
5. Event-Based Compliances: Every “Big Move” Has a Paper Trail
Think of these as triggers: whenever you make a structural move, a form gets triggered.
Common events:
- New funding or share allotment: PAS-3 within 15 days of allotment.
- Director appointment or resignation: DIR-12 within 30 days.
- Registered office change: INC-22 within 15–30 days, depending on where you’re shifting.
Why this matters in real life:
- A director who resigned unofficially but remains on MCA records can still be dragged into litigation.
- Undisclosed share allotments or ESOPs can derail future funding or exits because cap tables don’t match MCA data.
Golden rule: Every “big decision” should be followed by a board resolution + MCA filing + updated registers.
6. New-Age Compliances: Data, Sector Rules, and IP
As Indian startups go deeper into tech and regulated sectors, new compliance themes are emerging.
a) Data Protection and Privacy
With the DPDP Act, 2023–24 framework, data handling is becoming a serious compliance area.
Practical steps:
- Put a clear privacy policy and T&Cs on your website/app.
- Maintain consent records and breach protocols if you store sensitive personal data.
- For data-heavy products (fintech, healthtech, edtech), conduct at least an annual internal data compliance check.
A single data breach can trigger huge penalties and reputational damage.
b) Sector-Specific Rules
Depending on your space, you may need extra registrations:
- Fintech: RBI norms, NBFC or PPI licences, KYC standards
- EdTech: Education regulators if issuing formal degrees/diplomas
- E-commerce: Consumer Protection (E-commerce) Rules, FDI caps, and marketplace vs inventory rules
Founders often discover these “too late”—usually when they try to raise from serious institutional investors. Make a habit of checking sector regulations once a year.
c) IP and Brand Protection
Compliance is also about protecting what you build:
- Register your brand name and logo as trademarks.
- Use NDAs and solid founder/employee contracts assigning IP to the company.
This ensures that investors are funding a business that actually owns its product.
7. Turning Compliance into a Simple, Repeatable System
The best founders don’t memorize forms. They build systems.
Here’s a simple way to operationalize compliance in your startup:
1. Create a Compliance Calendar
- Map ROC, tax, labor, and sector-specific dates in one shared document or tool.
- Use reminders in project tools like Notion, Asana, or ClickUp.
2. Assign an Internal Owner (Even if Outsourced)
- Even with a CA/CS firm, assign one founder or senior team member as the “compliance owner”.
- They don’t have to file forms—but they must track that they are filed.
3. Standardise Documentation
- Templates for board minutes, resolutions, offer letters, NDAs, vendor contracts.
- Central cloud folder for all filings (MCA, GST, TDS, PF, etc.) organised by year.
4. Quarterly “Mini Due Diligence”
Once a quarter, quickly review:
- Are ROC filings updated?
- Are all director KYC and DINs active?
- Are TDS/PF/ESI/GST up to date?
Treat this like a rehearsal for an investor DD.
5. Review with Your CA/CS Annually
- Ask one question: “If a VC or acquirer starts due diligence tomorrow, what will they likely flag?”
- Fix those gaps proactively.
When you run compliance like this, your company starts to feel “bigger than its size” during investor and partner conversations.
In short: Key post-incorporation compliances become a superpower when founders stop seeing them as “paperwork” and start treating them as a growth habit that protects every future fundraise, hire, and exit. When your ROC filings, tax returns, labor compliances, and governance records are consistently clean, you signal seriousness, stability, and trust to investors, employees, and regulators—often before you say a single word in a pitch deck. Build a simple, repeatable compliance system today, and your startup will not just be legally safe; it will be structurally ready for the big opportunities most non-compliant competitors never even get to see.