10 Compliance Mistakes Startups Make in Their First Year and How to Avoid Them

10 Compliance Mistakes Startups Make in Their First Year and How to Avoid Them

Most Indian startups do not fail from bad ideas — they accumulate avoidable compliance deficits that surface during due diligence, funding rounds, or routine government scrutiny. In FY 2026-27, MCA V3 automation, the Faceless Assessment Scheme under the Income Tax Act 1961, and AI-driven GST analytics have made these mistakes simultaneously more expensive and less forgiving. This article walks through the ten most common first-year compliance failures, explains the real cost of each in rupee terms, and gives you the exact steps to prevent or fix them.

1. Not Filing INC-20A Within 180 Days of Incorporation

Under Section 10A of the Companies Act 2013, every company incorporated on or after 2 November 2018 must file Form INC-20A — the Declaration of Commencement of Business — within 180 days of its date of incorporation. You attach a bank statement confirming that each subscriber has paid their portion of subscribed capital into the company's bank account. That is it. Simple form, hard deadline.

What goes wrong: The founding team is deep in product-building and investor conversations. The CA who handled incorporation moves on. No one owns the calendar. Day 180 passes without the filing.

The penalty under Section 10A(2):

• The company faces a flat penalty of Rs. 50,000
• Each officer in default — typically both directors — faces Rs. 1,000 per day of continuing default, capped at Rs. 1,00,000 per officer

If a company incorporated in June 2025 finally files INC-20A 40 days past the deadline, the arithmetic is: Rs. 50,000 (company) + Rs. 40,000 (Director A) + Rs. 40,000 (Director B) = Rs. 1,30,000 before any professional fees. Worse, the Registrar of Companies can initiate strike-off proceedings under Section 248 if INC-20A is never filed. A struck-off company cannot open a bank account, receive funding, or operate legally.

How to avoid it:

1. Set calendar reminders at Day 90 and Day 150 after the date on your incorporation certificate
2. Open the company's current account within 30 days of incorporation — do not let it sit
3. Transfer subscription money from founders' personal accounts promptly; the bank statement is your evidence
4. File on the MCA V3 portal (mca.gov.in) — use the company's registered credential, not a director's individual login

2. Letting DIR-3 KYC Lapse and Freezing Your DINs

Every individual holding a Director Identification Number (DIN) must file Form DIR-3 KYC (or the web-based DIR-3 KYC Web for OTP-confirmed renewals) by 30 September of each financial year. This is an annual obligation, not a one-time formality.

What goes wrong: A co-founder misses the 30 September deadline. The MCA system automatically marks the DIN as deactivated. A deactivated DIN cannot sign any MCA e-form — not a Form DIR-8, not a Form MGT-7, not a Form AOC-4. The company cannot complete any ROC filing until the DIN is reactivated.

Reactivation requires filing DIR-3 KYC after the deadline with a late fee of Rs. 5,000 per DIN. That fee is small in isolation, but the cascade it triggers is not: blocked annual filings accumulate late fees of Rs. 100 per day per form for a Small Company (Section 403, Companies Act). A company that misses its MGT-7 and AOC-4 filings by 90 days while waiting for a DIN to be reactivated pays Rs. 100 × 90 × 2 forms = Rs. 18,000 in late fees, on top of the reactivation cost and professional fees.

How to avoid it:

• Put DIR-3 KYC in your compliance calendar every year before 30 September — for every director, independently
• Verify DIN status on MCA V3 under MCA Services → DIN Services → Verify DIN PAN
• If your company has three co-founder directors, all three must file; it is not a once-per-company task

3. Missing GST Registration or Picking the Wrong Scheme

Two distinct errors occur at the GST registration stage, and they have different consequences.

Error A: Missing the Turnover Threshold

Under the CGST Act 2017, registration is mandatory once aggregate turnover in a financial year crosses:

• Rs. 40 lakh for suppliers of goods in normal-category states
• Rs. 20 lakh for suppliers of services in normal-category states
• Rs. 10 lakh for suppliers in special-category states (Mizoram, Tripura, Manipur, Nagaland, Sikkim, Arunachal Pradesh, Meghalaya, Uttarakhand)

Registration must happen within 30 days of becoming liable. Founders sometimes discover they crossed the threshold two or three months ago when a corporate customer requests a GST invoice. At that point, you owe GST on all taxable supplies from the liability date, plus interest at 18% per annum on the amount of tax not paid.

Error B: Choosing the Wrong Scheme Without Understanding the Trade-offs

The QRMP scheme (Quarterly Return, Monthly Payment) is available to taxpayers with aggregate turnover up to Rs. 5 crore in the previous FY. You file GSTR-1 and GSTR-3B quarterly, but make monthly tax payments via Form PMT-06 in the first two months of the quarter. Startups with irregular cash flows sometimes opt in thinking it reduces work, and then find monthly PMT-06 computations create as much friction as monthly returns.

How to avoid both errors:

• Track monthly revenue in a simple spreadsheet from month one and compare against the applicable threshold
• Register on gst.gov.in the moment projections suggest you will cross the threshold — do not wait for the month you actually cross it
• Discuss scheme selection with your CA before registration, since switching from regular to QRMP or Composition Scheme mid-year has eligibility restrictions

4. Filing Nothing When Revenue Is Zero

Once you hold a GST registration, you must file every return period — even if your turnover for that period was zero. There are no exceptions for pre-revenue startups.

Under Section 29(2)(c) of the CGST Act, if a regular taxpayer fails to file returns for six consecutive months, the proper officer can cancel the registration suo motu — without any request from you. For a QRMP filer, the trigger is two consecutive tax periods of non-filing.

Late-filing fees apply even for NIL returns:

• Rs. 20 per day (Rs. 10 CGST + Rs. 10 SGST), subject to a maximum of Rs. 500 per return

For returns where tax is payable, the late fee rises to Rs. 50 per day. A startup that misses four consecutive monthly NIL filings by an average of 45 days each accumulates Rs. 20 × 45 × 4 = Rs. 3,600 in fees — not catastrophic on its own, but the compounding risk is revocation of registration, which then requires a fresh application and potential loss of input tax credit.

Fix: File GSTR-3B and GSTR-1 every period, even in months with zero transactions. If your CA manages GST filings, confirm with them explicitly that NIL returns have been filed — do not assume.

5. TDS: The Silent Cash Flow Killer

Tax Deducted at Source (TDS) is the compliance area where the penalty for getting it wrong most commonly exceeds the underlying tax. Many startup founders do not realise they are a "deductor" from the first professional fee or rent payment they make.

What Startups Typically Miss

• Salaries above Rs. 2,50,000 per annum — TDS under Section 192 at applicable slab rates
• Professional or technical service fees above Rs. 30,000 per payment or Rs. 1,00,000 per annum — TDS under Section 194J at 10% (professional services) or 2% (technical services)
• Rent above Rs. 50,000 per month — TDS under Section 194-IB at 5% if landlord is an individual/HUF, or Section 194-I at 10% if landlord is a company or firm
• Contractor and freelancer payments above Rs. 30,000 per contract or Rs. 1,00,000 in aggregate — TDS under Section 194C at 1% (individuals) or 2% (companies)

The Penalty Stack

• Late deduction: Interest at 1% per month from the date TDS was deductible to the date of actual deduction (Section 201(1A))
• Late deposit after deduction: Interest at 1.5% per month from date of deduction to date of deposit
• Non-deduction penalty: Under Section 271C, penalty up to the amount of TDS not deducted
• Expense disallowance: 30% of the expenditure is disallowed under Section 40(a)(ia) when computing business income, increasing your taxable income and therefore your tax payable

Worked TDS Example

Your startup pays a UI/UX agency Rs. 8,00,000 in professional fees during FY 2026-27 without deducting TDS.

• TDS applicable at 10%: Rs. 80,000
• Interest for 6 months of non-deduction (1% × 6 × Rs. 80,000): Rs. 4,800
• Minimum penalty under Section 271C: Rs. 80,000
• 30% disallowance of Rs. 8,00,000 = Rs. 2,40,000 added to taxable income → additional tax at 25% base corporate rate: Rs. 60,000

Total exposure from one oversight: Rs. 1,44,800 — nearly double the original TDS amount, for a payment that should have taken 10 minutes to process correctly.

How to fix it: Every payment above the applicable threshold must pass a TDS check before the bank transfer is initiated. Deposit collected TDS by the 7th of the following month (for deductions in April through February) and by 30 April for March deductions. File quarterly TDS returns — Form 24Q for salary, Form 26Q for all other payments — within the prescribed deadlines.

6. No Board Meetings, No Minutes — Until Due Diligence Hits

Section 173 of the Companies Act 2013 requires every Private Limited Company to hold at least four board meetings in a year, with not more than 120 days between two consecutive meetings. The first board meeting must take place within 30 days of incorporation. Section 118 requires that minutes be prepared and signed within 30 days of each meeting and preserved permanently in the Minutes Book.

Early-stage founders routinely treat this as large-company bureaucracy. Decisions happen over WhatsApp threads, Notion docs, and corridor conversations. When a Series A investor's legal counsel runs a standard diligence checklist and asks for board meeting minutes for the past 18 months, the founders have nothing to produce. Retroactively reconstructing minutes is both technically improper and visually obvious to any experienced M&A lawyer — it creates a negotiating disadvantage at precisely the wrong moment.

What to do instead:

• Schedule four board meetings on Day 1 — first week of April, July, October, and January work well for most companies
• Keep agendas short: accounts update, business update, approvals for contracts above a defined threshold, any equity or ESOP actions
• Sign minutes within 30 days and store them in a structured folder accessible to both directors and your CA

7. Cap Table Chaos: Shares Issued Without Paperwork

Every allotment of shares — founding shares, angel round, ESOP exercises — requires a proper paper trail. This is not optional even for a company with two founders and zero external investors.

The required steps for each allotment:

1. Board resolution approving the allotment
2. Shareholders' special resolution where required (e.g., private placement under Section 42, or exceeding the authorised capital)
3. Form PAS-3 filed with the ROC within 15 days of allotment
4. Update the Register of Members and issue share certificates within 60 days of allotment

For special resolutions passed in general meetings, Form MGT-14 must be filed within 30 days.

The ESOP problem: Many startups grant options informally — "we'll fix the paperwork when you exercise." When the employee resigns or the company approaches a Series B, neither the pool size, vesting schedule, nor exercise price is documented in any ROC-filed instrument. Investor lawyers flag this as a material issue, demand corrective filings, and the process involves potential compounding applications, delays, and renegotiated economics.

How to avoid it: Every share-related action is a transaction. Document it at the time it happens — not "later." Confirm with your CA that PAS-3 and MGT-14 have been filed before taking the next equity action.

8. Statutory Registers That Exist Only on Paper — or Not at All

The Companies Act mandates several registers be maintained from the date of incorporation and kept at the registered office:

• Register of Members (Section 88) — names, addresses, folios, shares held
• Register of Directors and KMP (Section 170) — directorships, shareholding, changes
• Register of Charges (Section 85) — loans secured against company assets
• Register of Contracts in Which Directors Are Interested (Section 189)
• Register of Significant Beneficial Owners (Section 90) — with supporting Form BEN-2 filings for individuals holding more than 10% beneficial interest

Founders discover these obligations when a diligence request lists them by name. The Register of Significant Beneficial Owners is particularly often overlooked — and its reconstruction, which involves BEN-1 declarations from beneficial owners and BEN-2 filings with the ROC, triggers compliance queries if done belatedly.

Fix: Ask your CA at the time of incorporation to hand you a populated set of all statutory registers. Update them on every material event: new director appointment, share allotment, creation of a charge on assets, change in beneficial ownership.

9. POSH Compliance: The 10-Employee Trigger Most Founders Miss

The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 — commonly called the POSH Act — becomes mandatory the moment your total headcount reaches 10 employees. There is no grace period. Most early-stage founders discover this obligation for the first time during an HR audit or investor legal review.

What the law requires once you cross 10 employees:

• Constitute an Internal Complaints Committee (ICC) with a presiding officer (a senior woman employee), at least two other employees as members, and one external member from an NGO or with legal expertise
• Draft and distribute a written sexual harassment policy to all employees
• Conduct at least one awareness or training session per year
• Submit an annual report to the District Officer by 31 January each year, covering the number of cases received and their disposal status

Penalties under Section 26:

• First offence: Fine up to Rs. 50,000
• Repeat offence within five years: Double the fine, plus the possibility of cancellation of business registration or licence

How to avoid it: Maintain a headcount tracker. When you make your tenth hire, set a 30-day internal deadline to constitute the ICC, draft the policy, and circulate it. A templated POSH policy setup typically takes one working day to complete with proper professional guidance.

10. Not Tracking Notices Until They Become Demands

Under the Faceless Assessment Scheme (Section 144B of the Income Tax Act 1961), income tax notices are issued electronically through the e-filing portal (incometax.gov.in) via the National Faceless Assessment Centre. No physical letter arrives at your door. If the email address and mobile number registered with the portal are not actively monitored, notice deadlines pass without response.

On the GST side, non-filers receive Form GSTR-3A — a system-generated notice to file. If you do not respond, the officer can complete a best-judgment assessment under Section 62 of the CGST Act. This assessment order can only be withdrawn if you file all pending returns within 30 days of receiving it; miss that window and the assessed demand becomes final.

What goes wrong in practice: The company's PAN and GST registrations were set up with a personal email address the founder now rarely checks. A scrutiny notice about an Annual Information Statement (AIS) / Tax Information Statement (TIS) mismatch goes unread for four months. A clarification-level query becomes a confirmed demand with interest and a penalty.

How to build a notice-tracking system:

1. Designate one compliance email address — [email protected] — for all tax portal registrations, and ensure it is monitored daily
2. Check the e-filing portal inbox at least every two weeks; set a recurring calendar event
3. On the GST portal, navigate to Services → User Services → View Notices and Orders each month before filing
4. Log every notice in a shared tracker with columns for: portal, notice date, deadline date, status, and responsible person
5. Respond to every notice within its deadline — even if the response is simply a one-paragraph clarification

Pitfalls That Compound Each Other

Compliance failures rarely stay contained. The deactivated-DIN cascade illustrates this clearly: Director A misses DIR-3 KYC on 30 September. By early November their DIN is deactivated. The company's annual filing deadlines — Form MGT-7 (annual return) and Form AOC-4 (financial statements) — fall in October and November for most companies. With a deactivated DIN, Director A cannot digitally sign either form. The company now misses both MCA deadlines. Late fees under Section 403 for a Small Company: Rs. 100 per day per form. A 90-day delay on two forms = Rs. 18,000 in statutory late fees — triggered entirely by a Rs. 5,000 DIR-3 KYC oversight.

The same compounding logic applies to TDS non-compliance: the disallowance increases taxable income, which increases the advance tax liability, which — if underpaid — attracts interest under Sections 234B and 234C. One missed TDS deduction can generate three separate interest computations.

Worked Example: The Cumulative Cost of Five Mistakes in One Year

A Bengaluru SaaS startup is incorporated on 1 May 2025. By 31 March 2026, five compliance failures have occurred:

Add professional fees for compounding applications, notice responses, and retroactive filings, and the total realistically exceeds Rs. 4,00,000 — in a year when the company may not yet have turned profitable. Every line item in this table was preventable with a shared compliance calendar and disciplined follow-through.

Key Takeaways

• INC-20A within 180 days is non-negotiable — the Rs. 50,000 company penalty plus officer penalties of Rs. 1,000/day, combined with the risk of strike-off, make this the single most consequential first-year deadline
• DIR-3 KYC by 30 September every year for every director — a deactivated DIN cascades into blocked filings and late fees that multiply quickly
• GST registration is time-sensitive — track turnover monthly, register within 30 days of crossing the threshold, and file every period (including NIL) to avoid suo-motu cancellation under Section 29(2)
• TDS non-compliance is disproportionately expensive — the 30% disallowance under Section 40(a)(ia) can make the tax cost of a missed deduction far exceed the original TDS amount
• Board minutes are legal evidence — hold four meetings a year with up to 120 days between consecutive meetings, sign minutes within 30 days, and store them properly; retroactive reconstruction signals governance failure to investors
• POSH compliance triggers at employee number 10 — constitute the ICC, issue a written policy, and train the team in the same month you make that hire
• Notices live in portals, not in your letterbox — designate a compliance email address, check the e-filing and GST portals fortnightly, and respond to every notice before its deadline; silence converts queries into confirmed demands