From Bare Minimum to Built Right — The Startup Playbook for PoSH Compliance

Most of the founders we have met often juggle through chaos, product, payroll, pitches and policies. So when someone mentions the PoSH Act, it often slips into the “let’s do the bare minimum” pile.

But here’s the catch: “minimum” was never meant to mean “optional.” Under the PoSH Act, doing just enough on paper often separates smooth operations from sudden chaos, turning business as usual into public embarrassment, investor red flags, or heavy penalties. 

What we see most isn’t apathy, but unpreparedness, teams grow faster than systems, and unseen risks pile up until one incident becomes everyone’s problem. PoSH compliance shouldn’t be just legal formality; it’s a business safeguard. Ignoring it threatens everything a founder has built. When founders treat PoSH as infrastructure instead of red tape, it becomes effective risk management and leadership, building trust, culture, and long-term stability.

Five Non-Negotiables Every Startup Must Have

Every startup must seriously lock down five non-negotiables to steer clear of legal trouble and build a culture of trust and safety.

Detailed PoSH Policy
A crystal-clear, legally aligned, and easily accessible PoSH policy is crucial. Weak communication and unclear complaint channels risk legal trouble and reputational damage. For instance, in 2023, the Delhi Court reprimanded Standard Chartered Bank for not just having a policy but also failing to create awareness and educate employees on sexual harassment, consent, and gender equality through training and campaigns. As a trusted partner in the space, we urge founders to go beyond meeting the legal minimum: tailor your PoSH policy to your unique workplace and back it up with regular, role-specific training and accessible complaint channels. This focused approach builds trust and truly protects your people and your business.

Internal Complaints Committee (ICC)
We have seen many founders still hide behind the reasoning that we are too small. But irrespective if your workplace has ten or more people, be it full-time employees, interns, or contractors, it’s mandatory to have an ICC to handle complaints. Even if there are fewer than 10 employees then the organizations must register themselves to the Local Complaints Committee (LCC). Law has been very strict , take the case of Medanta Hospital. They were fined by the High Court for ₹50,000 and ordered to pay ₹25 lakh compensation for failing to constitute an ICC. Despite these strict statutes, we still see many startups still juggle complaints through WhatsApp or emails. We remind founders, but these measures are risky. Because in addressing complaints, reaction alone is not enough; what truly matters is having a structured, timely, and transparent process that fosters trust and delivers fairness. Tools like Conduct provide a secure, centralized platform for safe, anonymous reporting and smooth case management, helping you meet compliance and build team trust.

Training and Awareness
The AIB sexual misconduct allegations offer a crucial lesson for founders on the importance of thorough and ongoing employee training. Multiple women accused an AIB writer of sending lewd direct messages, which surfaced publicly through social media screenshots. Though the co-founder acknowledged these complaints, the response failed to contain or address the issue effectively, allowing the problem to escalate and tarnish the company’s reputation.(Note these references pertain only to reported allegations and are cited for organisational learning, not for assigning judgment.)

This highlights a vital point: employee training must be continuous, comprehensive, and well documented. Many startups fall into the trap of recycling outdated or superficial training that neither engages employees nor provides credible proof of completion. Such gaps invite regulatory scrutiny, erode employee trust, and increase the risk of fines.

Maintaining Confidentiality
Confidential and accessible reporting channels are vital for timely complaint filing. The case of Terribly Tiny Tales highlights this vividly. When the founder faced sexual misconduct allegations on social media, the issue became public largely because complainants didn’t trust internal systems to handle their complaints safely or confidentially. (This mention refers only to the allegations for learning purposes and does not imply any judgment or conclusion.)This led to public outcry and reputational harm.

When employees don’t trust the reporting process, complaints often go unreported until they explode publicly, causing even greater damage.

Timely Compliance Reporting
Annual compliance reporting must be accurate and on time. Under Section 134 of the Companies Act, missing or incorrect filings lead to penalties and investor concerns. Transparency in PoSH compliance demonstrates good governance and builds confidence with regulators and stakeholders.

Where Startups Usually Slip

As mentioned earlier, there’s a big difference between just having a PoSH policy and truly making it work. Many founders try to save costs by downloading a generic PDF from Google. But this shortcut creates pitfalls rather than protections.

• Treating PoSH as a one-time check: Some startups treat compliance like a box-ticking exercise, drafting a basic policy and constituting an ICC once, then neglecting ongoing responsibilities. Building a safe culture isn’t like constructing an office; it requires consistent practice, training, and trust-building. Many founders find themselves wondering where they went wrong, but it’s often about the quality of ongoing practice, not intent.
• Copy-pasting generic policies: Using random PDFs or templates risks having invalid complaint mechanisms if legally challenged. Remember, you started your company to stand out. Why choose a generic policy for a unique business? Each startup differs; some have dark stores, others factories. Policies should be tailor-made to reflect these realities. Poor communication of policies causes reputational headaches, like startups facing backlash when contract workers lacked clear complaint channels.
• Having a paper ICC without function: Some startups only have an ICC on paper but fail to ensure it functions or that members receive proper training. Regulators have fined companies, including Ceeta Limited and its employers, a combined ₹1,80,000 for not having an active ICC.

These points underline that real PoSH compliance requires more than paperwork, it demands tailored policies, active committees, ongoing training, and transparent communication. This approach builds trust, protects your team, and safeguards your company’s reputation.

How Can Founders Get It Right?

From our experience working with companies, getting PoSH compliance right isn’t about completing a checklist or drafting a document once. It’s about creating a rhythm that keeps trust and accountability alive over time. We have observed that founders who manage this well see compliance as an ongoing practice woven into how their company operates, not a one-time obligation. 

Successful companies start by ensuring their PoSH policy is practical and relatable, something employees can easily understand and connect with, rather than a static file hidden in the HR folder. They also invest time in building ICCs that actually function, not just exist on paper. That means selecting members thoughtfully, helping them understand their responsibilities, and giving them the confidence and clarity to act when needed. 

And perhaps most importantly, they keep communication consistent. Awareness sessions, team discussions, and leadership touchpoints remind everyone that the system is active, fair, and accessible.

When these elements come together, PoSH compliance stops feeling like a legal demand and starts becoming part of how the organisation actually functions, a habit that grows with the business instead of sitting outside it. That’s where we come in. 

At Conduct, we turn these good intentions into a system that works effortlessly in the background. We help founders put the building blocks in place, policies that reflect how teams truly operate, ICCs that are trained and effective, awareness programs that keep everyone informed, and secure reporting channels that ensure trust and transparency. 

The result is a setup that stays consistent as the company scales, so founders don’t have to chase compliance; it simply stays built into the culture.  Founders after collaborating with us, they have seen how compliance becomes not a hiccup, but a part of culture.