Annual Legal and Financial Compliance Checklist for Indian Startups

1. Company Registration and Fillings

A. Entity Type

‍You must choose to operate under one of the recognised entity types. Founder(s) can choose between a one-person company (OPC), a private limited company, or a limited liability partnership (LLP). These compliances can vary according to the chosen entity type, company structure, and funding requirements. Where the Companies Act, 2013 governs OPC and Private Limited Company, 2013, a Partnership Firm is governed by the Partnership Act, 1932, and Limited Liability Partnership by the Limited Liability Partnership Act, 2008.

B. ROC Procedures

‍Registrar of Companies (ROC) procedures are essential to setting up a company. Within this, companies are supposed to do the following:

Annual Filings: Startups must submit different types of forms annually or as per specific conditions, including: 

1. E-Form INC-20A: To declare the initiation of business; it must be filed within eight days of incorporation. 
2. 3-Form AOC-4: To be filed within thirty days of the Annual General Meeting (AGM), companies are required to submit financial statements using the designated form formally. Attach financial reports like balance sheets, profit and loss statements and director’s reports with the form. 
3. E-Form DIR-12: A notification is sent to the ROC through this form regarding the appointment or resignation of directors within 30 days.‍

Annual General Meeting: As mandated by Section 101 of the Companies Act, 2013, startups must hold their first Annual General Meeting (AGM) within 9 months of the closure of their first financial year. Subsequent AGMs must be conducted within 6 months of each financial year's end. These meetings are crucial in maintaining transparency, reviewing performance, and making important business decisions. 

C. Director’s/Board Report

‍As per Section 134 of the Companies Act, 2013 company directors must prepare a comprehensive report sharing the following information;

1. Annual Return Extract (company share capital, debts, liabilities, directors, shareholders, and corporate governance disclosures). 
2. Details of board meetings. 
3. Directors’ responsibility statement
4. Details of loans, guarantees, or investments. 
5. State of company affairs
6. Details of monetary funds the company proposes to deposit into any reserve.

A directors’ report must also include company risk management policy, corporate social responsibility measures undertaken during the year under assessment, and foreign exchange earnings. 

2. Licensing and Renewal

Startups must obtain the necessary licences associated with the nature of their business within 40 days of incorporation. General licences for startups include;

A. Trade Licence

‍Trading licences are regulated by the respective state’s municipal corporations and are issued after consultation with different departments, including fire, health, engineering, and water, among others. Trade licence has a one-year validity, and renewal applications should be filed 30 days before the expiration of the existing one. 

B. Import and Export Code (IEC)

‍Issued by the Director General of Foreign Trade (DGFT), the IEC is required for startups that export or import goods and services. After an amendment made to the IEC regulations on 12th February 2021, the IEC renewal is mandatory as the validity of an existing licence is 12 months. 

3. Data Privacy and Cybersecurity

Safeguarding user data is not only a legal imperative in the contemporary era but is also crucial for upholding the company's reputation. As the Indian laws and regulations are regularly evolving in this area, hence staying informed about them is crucial. 

Key Laws

• Information Technology Act, 2000: The foundational IT law establishes the framework for electronic governance, recognising electronic records and digital signatures while defining what constitutes cyber crimes.

• Digital Personal Data Protection Act, 2023: India’s first cross-sectoral law facilitating data protection. It governs how businesses collect, store, use, and share personal data. ‍

Key Principles

• Consent: Entities must obtain consent from individuals to collect personal data. Consent must be specific, informed, and unambiguous. 
• Purpose Limitation: Data must be collected for specific, clearly defined, and lawful purposes. Only the minimum personal data necessary to satisfy the purpose should be collected. 
• Data Storage: Collected data must be stored on servers in the country unless specific permission is granted for overseas storage. Implementing technical (encryption, access control) and organisational (response plans) measures for personal data protection and preventing unauthorised access, disclosure, alteration, and erasure is necessary. 
• Data Usage: Data should be processed in a manner that is not detrimental to the individual or subject. Entities collecting data must recognise the individual’s right to access, rectify, erase, transfer, and restrict the processing of personal data. 

A thorough reading and expert guidance are required to fully understand the applicability of the act corresponding to the company’s work process, as non-compliance can result in fines of up to ₹250 crore. 

4. Intellectual Property Rights

New-age companies play a pivotal role in introducing products and services working on advanced technologies. Hence, they need to protect their technologies, processes, and solutions through IP protection measures. 

You can use non-disclosure agreements, copyrights, trademarks, and patents to establish a protective layer around your product offerings. The Indian government has launched Start-ups Intellectual Property Protection (SIPP), which is governed by the Trade Marks Act 1999, Patents Act 1970, Designs Act 2000, and Copyright Act 1957. 

Due diligence by new-age companies for IP protection and establishment can help mitigate the risks of other entities mirroring their ideas, technologies, and solutions while protecting trade secrets. 

5. Environmental Compliance

The Environment (Protection) Act, 1986 is the source for environmental compliance in India. The other two applicable laws include the Water (Prevention and Control of Pollution) Act, 1974, and the Air (Prevention and Control of Pollution) Act, 1981. Companies need to self-certify under these acts for the first five years after incorporation. 

From March 2016, “White industries” or non-polluting companies don’t need the permit or consent of the respective State Pollution Control Board to operate. Other categories include “Red, " “Orange, " and “Green, " each with a set Pollution Index (PI) score. 

Startups in the latter three categories need consent or permission from the State Pollution Control Board. The initial Consent to Establish certificate is valid for one year and must be renewed. 

6. Financial Compliance

Adhering to financial compliance helps companies build trust, promote transparency, and safeguard market integrity. By delineating how companies operate, such laws simultaneously serve to safeguard the interests of customers, investors, and society at large. 

A. Appointment of Auditor

According to the Companies Act 2013, companies are required to appoint a statutory auditor within 30 days of incorporation. 

Regardless of company size or revenue, regular audits ensure accurate financial records.. The appointment of the auditor shall be approved at the first Annual General Meeting (AGM) and by filing the form ADT-1. 

Independent auditors review annual accounts, guaranteeing accuracy and transparency for stakeholders and authorities.

B. GST Registration

Goods and Services Tax replaces VAT, excise tax, service tax, etc. Startups can begin a simple GST registration process and start working while enjoying some exemptions. 

Startups with a turnover of less than ₹40 Lakhs (₹20 Lakhs for Service-based businesses) per year need not obtain GST registration. 

Businesses exceeding specified turnover thresholds need to navigate GST regulations outlined in CGST, IGST, UTGST, Compensation Act, and Constitution Amendment Act.

Outsource GST compliance to Mysa CA and access dedicated professionals to ensure timely filing and avoid penalties. We keep your books clean and updated with Zoho Books and send updated reports weekly or monthly. 

C. Tax Filings

Understanding and complying with central, state, and local taxes is crucial for smooth business operations in India. Tax-related financial compliance for startups, includes central tax, state tax, and local taxes. 

In addition to these, some sector-specific taxes are also applicable to the companies. For instance, separate laws exist for operations in agriculture, aviation, food, manufacturing, banking, etc.  

Among the major tax filings, companies are required to file income tax returns and financial statements. These include;

• E-Form MGT 7: Through this form, companies are expected to file their annual returns within 60 days of the AGM. 
• E-Form DPT 3: Submit details of deposits and receipts pertaining to loans other than business-related deposits. 

Your personal Mysa CA provides professional guidance regarding taxation while simplifying financial and legal compliance for startups in India. 

7. Foreign Investment Compliance

The Foreign Exchange Management Act, 2000 regulates foreign direct investment into Indian companies. However, there are caps and limitations on funds inflow. 

Under the automatic route, the foreign investor does not need approval from the Reserve Bank of India (RBI). However, under the government route, authorisation is required from the government authorities or ministries through the Foreign Investment Facilitation Portal (FIFB). 

The government has designated some sectors, like agriculture, healthcare, eCommerce, manufacturing, etc., to receive investments through automatic routes. The sectors under the government route are banks, multi-brand retail, retail food, and core investment companies. 

Tips to Ensure Effective Financial and Regulatory Compliance

Navigating the world of legal and financial compliance for startups in India can be overwhelming. Especially when the founders should be focused on growing the company, struggling to maintain compliance is counterproductive. Do the following instead;

Expert Guidance: Hiring a qualified and experienced legal counsel will help you understand, implement, and maintain compliance. An expert can advise you to follow the best practices and avoid costly mistakes. 

Build a Culture of Compliance: Conduct compliance training sessions delivered by ad-hoc or permanent policy experts. Document the standard practices and assign responsibilities while building communication channels for knowledge sharing. Conduct regular compliance audits and gather feedback from the team. Compliance regulations ought to change at any time, so stay updated and actively monitor the changes. To stay updated, regularly visit official government websites. 

Partner with Mysa: Streamline financial compliance with Mysa as we automate bookkeeping, taxation, and statutory compliances, freeing up valuable time that startup founders can utilise to grow the business. 

• Mysa takes care of tax deductions, GST, TDS, and PF calculations on your behalf, automating tax payments, filings, and reporting. 
• Dedicated experts are available to help you with statutory audit and secretarial compliances. This includes a broad investigation of the company’s compliance with the applicable laws like the Companies Act, ROC, FEMA, etc. 
• Mysa CA takes care of annual income tax and GST returns, ensuring compliance with financial reporting and annual returns. 

Ensure effective and prompt compliance with Mysa and experience frictionless growth.