Understand how the POSH Act and Companies Act, 2013 intersect on workplace safety. ICC, disclosures, annual report and 2026 best practices for every employer.
POSH and Companies Act Compliance
Every company that employs ten or more people must constitute an Internal Complaints Committee (ICC) under the POSH Act, 2013, and confirm that fact in its Board's Directors' Report under Section 134 of the Companies Act, 2013. A gap in either obligation exposes the company to a penalty of up to Rs. 50,000 per offence, adverse remarks in the directors' report, possible MCA scrutiny, and — for a repeat default — licence cancellation. This post gives you the exact steps, deadlines, disclosure language, and worked numbers to close both gaps before your FY 2026-27 annual report is signed.
Why POSH Has Become a Board-Level Governance Issue
For most of the last decade, the POSH Act lived inside the HR function. In 2026, that is no longer defensible. Three developments have moved it to the boardroom:
- MCA enforcement letters. The Ministry of Corporate Affairs has been issuing notices to companies whose directors' reports are silent on POSH compliance. A missing or generic one-liner in the directors' report is treated as a Rule 8(5)(x) deficiency.
- SEBI's BRSR framework. Listed companies in the top 1,000 by market capitalisation are required to disclose POSH metrics — complaints received, disposed of, and pending — in their Business Responsibility and Sustainability Report (BRSR). These disclosures are public and are read by institutional investors.
- District Officer portals. Several state governments, including Maharashtra, Karnataka, Telangana and Delhi, now run online portals where the ICC must upload its annual report. Non-filing generates an automated show-cause notice.
The result: a founder who says "we are POSH compliant" must mean three distinct things — a properly constituted ICC, a filed annual report, and a correctly worded directors' report. This article addresses all three.
Who Must Comply: Thresholds and Workplace Definitions
The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 ("POSH Act") applies to every workplace — public or private, organised or unorganised — where ten or more employees are engaged on any day. The word "day" is deliberate: headcount is tested on a single-day maximum, not as a monthly average.
What counts as a workplace? The definition in Section 2(o) is deliberately wide:
- Registered office, branch, regional office and project site
- Factories, warehouses and logistics hubs
- Client premises where your employee is seconded or deputed
- Remote and work-from-home arrangements (the Ministry of Women and Child Development clarified this during the pandemic, and the position has not changed)
- Vehicles used for work travel
- Residential homes employing domestic workers
Startup exception? There is none. A ten-person seed-stage startup in Bengaluru with all employees on ESOPs is as covered as a listed manufacturing conglomerate.
Below ten employees? Complaints go to the Local Complaints Committee (LCC) constituted by the District Officer under Section 6. The employer is not exempt from the substantive obligations — creating a safe workplace, conducting awareness sessions, displaying notices — even without an ICC.
Constituting the ICC: Exact Composition Rules
Section 4 of the POSH Act specifies the composition. Getting it wrong — even partially — means the ICC's proceedings are legally vulnerable and the company is exposed to the Section 26 penalty.
Mandatory Members
| Position | Eligibility |
|---|---|
| Presiding Officer | A senior woman employee at the workplace or at a higher office |
| Employee members (minimum 2) | Preferably with background in social work, law, or women's welfare |
| External member (minimum 1) | From an NGO or association committed to women's rights, or a person familiar with the cause |
Two rules that are frequently missed:
- At least half of all ICC members must be women — this includes the Presiding Officer. A five-member ICC must have at least three women.
- The external member must be genuinely external — a retired employee, a consultant on payroll or a group-company HR head does not qualify.
Term and Renewal
Each ICC member's term is three years from the date of nomination. There is no automatic renewal. Companies that constituted their ICC in 2022-23 must have already renewed nominations or they are technically operating without a validly constituted ICC from 2025-26 onwards.
Practical constitution steps
- Issue an official office order naming all members with their designations and the external member's credentials.
- Display the ICC members' names, designations and contact details on the notice board at every branch and on the company intranet.
- Send a welcome letter to the external member confirming the term and the prescribed honorarium (as notified by the Central Government — confirm the current rate with your District Officer).
- Calendar the renewal date three months before expiry so nominations are ready on time.
The Companies Act, Section 134 Disclosure Obligation
Section 134(3) of the Companies Act, 2013 requires the Board's Report to include, among other matters, such other statements as may be prescribed. Rule 8(5)(x) of the Companies (Accounts) Rules, 2014 prescribes a specific disclosure:
> "a statement that the company has complied with the provisions relating to the constitution of Internal Complaints Committee under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013."
This is not a narrative paragraph about your culture or values. It is a legal declaration. The MCA treats omission of this declaration as a deficiency under Rule 8(5)(x) read with Section 134.
What the disclosure must say (minimum)
A compliant paragraph looks like this:
> "The Company has duly constituted an Internal Complaints Committee (ICC) as required under Section 4 of the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013. During the financial year ended 31 March 2027, [X] complaint(s) were received, [Y] were disposed of, and [Z] are pending as at the date of this report. The ICC annual report for the year ended 31 December 2026 has been submitted to the District Officer as required under Section 21 of the Act."
Fill in the blanks with real numbers. Do not write "Nil complaints" unless you have positively confirmed that no complaints were filed or informally raised.
Due Date
The Directors' Report accompanies the financial statements and must be adopted at the Annual General Meeting (AGM). For a company with a 31 March year-end, the AGM must be held by 30 September 2027 for FY 2026-27. The directors' report is signed before the AGM is convened — typically four to six weeks prior — so your POSH compliance must be confirmable by mid-August 2027 at the latest. That means the ICC must have delivered its annual report to management, and all pending complaints for the period must have a documented status, well before the directors sit down to sign.
BRSR Disclosure for Listed Companies
The Business Responsibility and Sustainability Report (BRSR) is mandatory for the top 1,000 listed companies by market capitalisation (as at 31 March of the preceding FY) from FY 2022-23. For FY 2026-27, the universe of companies required to file is notified by SEBI — check the SEBI circular issued in the first quarter of each year.
The BRSR contains a Social pillar that specifically requires disclosure of:
- Number of POSH complaints filed during the year
- Number of complaints disposed of
- Number of complaints pending for more than 90 days
- Whether the company conducted awareness programmes on sexual harassment
- Whether ICC members have been trained
BRSR Core (applicable to the top 150 listed entities from FY 2023-24, with mandatory third-party assurance) requires these Social disclosures to be third-party verified. If your company falls in this bracket, ensure the ICC maintains documented evidence — signed attendance sheets for awareness sessions, completion certificates for member training, timestamped complaint registers — because the assurance provider will ask for it.
Institutional investors, proxy advisory firms and ESG rating agencies read BRSR disclosures. A company showing "0 awareness programmes" or "2 complaints pending beyond 90 days" will face questions from investor relations teams.
The ICC Annual Report: What It Must Contain and Where to File
Section 21 of the POSH Act requires the ICC to prepare and submit an annual report to both the employer and the District Officer. Rule 14 of the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Rules, 2013 prescribes the contents:
- Number of complaints received during the year
- Number of complaints disposed of
- Number of cases pending for more than 90 days
- Number of workshops and awareness programmes conducted
- Nature of action taken by the employer
Due Date
The statute says "at the end of every year." Most District Officers interpret this as the calendar year (1 January to 31 December), with the report due by 31 January of the following year. For the year ended 31 December 2026, file by 31 January 2027. Where a District Officer's portal specifies a different date, that portal date governs — check the portal for your district annually.
Practical filing steps
- Compile data from the confidential complaints register. Even if there are zero complaints, the report must be filed — "Nil" is a valid entry but silence is not.
- Prepare the annual report in the format specified by your state's District Officer or use the Central Government's model format if no state format is prescribed.
- Employer countersign. The report should be signed by the Presiding Officer and countersigned by the company's authorised signatory (typically the HR head or Company Secretary).
- File with the District Officer — by post with acknowledgement, in person at the District Women and Child Development office, or through the online portal if available.
- Retain proof of filing for at least five years. In case of MCA or investor queries, you must be able to produce the filed copy with the acknowledgement or portal confirmation number.
Penalties for Non-Compliance: The Real Numbers
Section 26 of the POSH Act is specific. First offence: fine which may extend to Rs. 50,000. Repeat offence: twice the penalty plus possible cancellation or revocation of the business licence or registration.
Additional financial exposure comes from Section 15, under which the ICC can direct the employer to pay compensation to the complainant, computed on the basis of mental trauma, career loss, medical expenses and the respondent's financial capacity. These compensation orders are recoverable as arrears of land revenue — in practical terms, as if they were government dues.
Worked Example: A Manufacturing Company with Two State Branches
Facts: ABC Automotives Pvt. Ltd. has three establishments — a registered office in Pune, a manufacturing plant in Aurangabad, and a sales branch in Nashik. Each has more than ten employees. The company failed to constitute an ICC at the Aurangabad plant and did not file the annual report for 2024 or 2025 from any location.
Penalty exposure:
| Violation | Per Offence | Number of Violations | Total Exposure |
|---|---|---|---|
| Failure to constitute ICC (Aurangabad) | Rs. 50,000 | 1 | Rs. 50,000 |
| Failure to file annual report — 2024 (all 3 units) | Rs. 50,000 each | 3 | Rs. 1,50,000 |
| Failure to file annual report — 2025 (all 3 units) | Rs. 50,000 × 2 (repeat) | 3 | Rs. 3,00,000 |
| Total | |||
| Rs. 5,00,000 |
This ignores directors' report deficiencies under the Companies Act, which attract separate penalties under Section 134(8): Rs. 3,00,000 on the company and Rs. 50,000 on every officer in default.
Common Mistakes and How to Fix Them
Mistake 1: Single ICC for a multi-location company
The POSH Act requires an ICC at each workplace that employs ten or more people. One ICC at the registered office does not cover a factory 300 km away.
Fix: Issue separate office orders for each location. If a branch has fewer than ten employees, route complaints to the nearest LCC and document that routing policy in writing.
Mistake 2: External member is a group company employee
An HR manager from a wholly owned subsidiary or a retired employee who still consults does not qualify as an "external" member.
Fix: Engage an accredited trainer, a practising lawyer specialising in employment law, or a verified NGO representative. Ask for their credentials in writing and retain them on file.
Mistake 3: Directors' report uses vague language
Phrases like "the company is committed to maintaining a safe workplace" or "POSH policy is in place" do not satisfy Rule 8(5)(x). The declaration must use the statutory language: "complied with the provisions relating to the constitution of Internal Complaints Committee."
Fix: Replace narrative language with the precise statutory declaration, supplemented by complaint numbers.
Mistake 4: ICC term has silently expired
Three-year terms nominated in 2021-22 or 2022-23 expired in 2024-25 or 2025-26. Many companies have not renewed nominations and are operating with technically defunct ICCs.
Fix: Pull the original office order today. Check the nomination dates. If expired, issue fresh nominations immediately — the company has been non-compliant from the day the term lapsed.
Mistake 5: Annual report filed with wrong authority
Some HR teams file the ICC report with the local Labour Commissioner or Factory Inspector. The correct authority is the District Officer designated under Section 5 of the POSH Act — typically the District Collector or District Women and Child Development Officer.
Fix: Confirm the designated authority for every district where you have a covered workplace. If in doubt, address the filing to the District Collector with a covering letter requesting forwarding to the correct authority.
POSH Compliance Calendar for FY 2026-27
Use this as a working checklist, not a formality:
| Action | Deadline |
|---|---|
| Verify ICC composition at each location; renew if term expired | April 2026 |
| Conduct awareness session (minimum one per year, in local language) | Before 30 June 2026 |
| Send ICC members for certified training (new members within 6 months of nomination) | Before 30 September 2026 |
| Compile ICC annual report for calendar year 2026 | January 2027 |
| File annual report with District Officer | 31 January 2027 |
| Collate complaint data for directors' report | By 31 March 2027 |
| Include statutory POSH declaration in draft directors' report | Before AGM notice goes out |
| Listed companies: include complaint data in BRSR | With Annual Report, before AGM |
Key Takeaways
- Every employer with ten or more employees must constitute an ICC — no startup, NGO or remote-only team is exempt once the threshold is crossed.
- ICC composition is rigid: at least half the members must be women, and the external member must be genuinely independent of the organisation.
- Terms expire in three years. Audit your original office order today and calendar the renewal with a 90-day buffer.
- Rule 8(5)(x) compliance is a legal declaration, not a paragraph about culture. The directors' report must state, in statutory language, that the ICC has been constituted.
- The ICC annual report is separate from the directors' report. It goes to both the employer and the District Officer by 31 January, and must state real complaint numbers — including zero.
- Listed companies face dual disclosure — Companies Act directors' report and SEBI BRSR — with third-party assurance required for BRSR Core entities.
- Penalty exposure compounds across locations and across years. A three-location company with two years of filing defaults can face Rs. 5,00,000 or more in statutory fines, entirely apart from the Companies Act's own Rs. 3,00,000 per-company penalty for a deficient directors' report.
