Why Your PoSH ACR Now Goes Beyond the District Officer to SheBox

As the calendar year draws to a close, one PoSH obligation that is frequently pushed to the last minute is the Annual Compliance Report (ACR). While most organisations are aware of the requirement, uncertainty around who is responsible for filing, what information must be included, and where the report is to be submitted often results in hurried, incomplete, or, in some cases, missed filings altogether.

With the statutory deadline of 31 January, the ACR serves as a critical compliance checkpoint under the PoSH Act, 2013. It is essential for organisations to not only track this deadline but also stay updated on evolving statutory requirements and procedural clarifications to ensure timely and accurate compliance.

The She-Box Update Most Organisations Are Overlooking

While working on ACR compliance, we observed that the Annual Compliance Report is no longer merely a document submitted to the designated officer as a one-time formality. It also needs to find its way onto the SheBox portal. 

The SheBox portal, launched by the Ministry of Women and Child Development, serves as a centralized digital platform for registering sexual harassment complaints, tracking their resolution, and enabling organizations to register their Internal Committees for better oversight and reporting.​

In practice, it has also begun to function as a reporting touchpoint for Annual Compliance Reports, linking ACR submission with digital compliance workflows. This connection between the ACR and SheBox has emerged from hands-on support provided to organizations navigating the portal. As of now, and to the best of our knowledge, there is no specific notification that spells this out. That is precisely what makes this insight important: it sits in the gap between what the law formally says and how compliance is actually playing out on the ground.​

Therefore, along with submission to the District Officer, organisations are also required to:

• register their Internal Committee on the She-Box portal, and
• submit the Annual Compliance Report on the portal.​

If organisations face any challenges while navigating the SheBox portal or completing the ACR submission, we can assist in ensuring the process is carried out accurately and in line with current compliance expectations.

Statutory Basis of the Annual Compliance Report

As mandated under Section 21 of the PoSH Act, 2013, every Internal Committee is required to prepare an annual report and submit the same to the employer. In turn, every organisation employing 10 or more employees is required to file the Annual Compliance Report with the appropriate authority within the prescribed timeline.

The Annual Compliance Report is not a procedural add-on or a routine administrative exercise. It is the primary statutory instrument through which an organisation demonstrates substantive compliance with the PoSH Act. Through the ACR, an organisation evidences that it has:

• a duly constituted and functioning Internal Committee;
  
• received, examined, and addressed complaints in accordance with prescribed due process;
  
• undertaken preventive measures, including awareness programmes and training initiatives; and
  
• complied with its disclosure obligations under applicable labour and company law frameworks.
  

From a regulatory standpoint, failure to file the Annual Compliance Report is treated as non-compliance with the PoSH Act itself, even where an Internal Committee exists on paper. In this sense, the ACR functions as a compliance mirror, reflecting not merely intent, but actual implementation.

What the ACR Must Practically Contain

From a compliance standpoint, an ACR should clearly document:

• Complaints Snapshot:
  The Annual Compliance Report must clearly state the total number of sexual harassment complaints received during the reporting year, the number of complaints disposed of, and the number of complaints that remained pending beyond 90 days. Where no complaints were received, the organisation must expressly disclose this as zero complaints, since a NIL report is mandatory and cannot be assumed or implied.
• Action Taken:
  The report should briefly summarise the outcomes of complaints handled during the year, including whether they were resolved, dismissed, withdrawn, or resulted in findings against the respondent. It should also indicate any disciplinary or corrective measures that were recommended or implemented, wherever applicable, while ensuring that all information remains anonymised and non-identifying.
• Internal Committee Status:
  The ACR must confirm that the Internal Committee was duly constituted in accordance with the requirements of the PoSH Act during the reporting period. It should list the names, designations, and roles of the IC members and disclose any changes in the committee’s composition that occurred during the year.
• Preventive Measures:
  The report should specify the number of awareness or sensitisation programmes conducted for employees during the year and outline the training or orientation programmes organised for Internal Committee members to ensure effective implementation of the Act.
• Declaration of Compliance:
  Finally, the ACR must contain a formal declaration affirming that the organisation complied with its obligations under the PoSH Act throughout the reporting year, while strictly avoiding the inclusion of any personal details of complainants, respondents, or witnesses, as such disclosure would itself constitute a compliance breach.

The report must never include personal details of complainants or respondents.

Where the Report Is Filed

The ACR  must be submitted to the District Officer of the district in which the workplace is located. In the case of companies, the ACR should also be placed before the Board of Directors as part of the organisation’s annual disclosures under the Companies Act. Additionally, the relevant details must be duly updated on the She-Box portal, wherever applicable.

For organisations operating across multiple districts, compliance requires that separate ACRs be filed for each district-specific workplace. A single consolidated report does not satisfy the statutory requirements under the PoSH framework and may be treated as non-compliance.

Common Practical Mistakes Organisations Make

As the filing deadline approaches, organisations often make avoidable mistakes, including:

• Assuming that the HR team can file the ACR independently, even though legal responsibility remains with the employer
  
• Filing one consolidated ACR for multiple locations, instead of submitting location-specific reports where required
  
• Skipping the ACR when no complaints were received, despite NIL reporting being mandatory
  
• Failing to make mandatory Board-level disclosures, where applicable
  
• Submitting a template-filled ACR without a meaningful review of Internal Committee functioning or yearly PoSH compliance
  

In addition, many companies sometime overstate compliance by reporting planned activities or paper-only processes as completed. This weakens regulatory credibility, as gaps tend to surface over time.

Under Section 26 of the PoSH Act, these lapses can attract penalties of up to ₹50,000 per violation, with repeated non-compliance leading to higher fines, licence cancellation, or loss of government benefits. A well-prepared ACR should present a truthful snapshot of the year, where transparency reflects accountability and a genuine commitment to compliance.

Why Timely Filing Matters

Beyond penalties, delayed or incorrect ACR filing weakens an organisation’s defence in the event of complaints, undermines credibility with employees and regulators, and signals ineffective PoSH governance. A timely and accurate ACR, by contrast, reflects accountability and preparedness, qualities regulators increasingly expect.

The PoSH Annual Compliance Report is not merely about meeting a deadline; it is a clear indicator of how seriously an organisation approaches workplace safety. With 31 January approaching, the emphasis must be on accuracy and completeness rather than last-minute submissions. Organisations that treat the ACR as a meaningful compliance checkpoint are better positioned to manage risk, build trust, and demonstrate a genuine commitment to a harassment-free workplace.

To support organisations in navigating this process, Ungender is hosting a practical workshop on ACR preparation and submission, led by Hiya Prakash, focusing on real-world compliance challenges and common pitfalls.The workshop will be held on 17 January from 11:00 AM to 12:00 PM, you can register to ensure your organisation is fully prepared and compliant before the deadline. If you require any support with ACR filing, SHEBox registration, or related PoSH compliance, feel free to reach out to us at Ungender for end-to-end assistance.