Preparing for Seed to Series A: Legal & Compliance Readiness Guide

Preparing for Seed to Series A: Legal & Compliance Readiness Guide

A Series A investor in India will commission a Comprehensive Due Diligence (CDD) report from a tier-1 law firm before they countersign a term sheet in FY 2026-27. That report examines every ROC filing, every prior-round document, every employment contract, and — for the first time as a standard item — every DPDP compliance artefact. If your legal house is in disorder when diligence begins, you do not lose the deal; you lose 60 to 90 days to remediation, negotiate weaker covenants, and hand the investor leverage to re-price. The 12-week programme below tells you exactly what to fix, in what order, before you open a data room.

How Diligence Has Changed in FY 2026-27

Three forces have made pre-Series A legal preparation materially harder than it was three years ago.

SEBI's AIF regulatory overlay. Most Series A funds are Category II Alternative Investment Funds under the SEBI (Alternative Investment Funds) Regulations, 2012. Their LPs — domestic family offices, institutional investors, and foreign fund-of-funds — now require portfolio-level compliance certifications at the time of investment. Fund managers pass that pressure straight to founders. Expect a formal legal opinion on cap table cleanliness, not a comfort letter.

The Digital Personal Data Protection Act 2023 (DPDP Act), rules notified in 2025-26. Any startup that processes personal data of Indian users is now a Data Fiduciary. The rules require implemented consent frameworks, data retention policies, a named Grievance Officer, and written contracts with every Data Processor. VCs run a DPDP audit memo as a standard diligence item in FY 2026-27. Non-compliance is no longer a "post-closing action item" — it is a closing condition.

MCA V3 reconciliation gaps. The migration to MCA V3 created a structural reconciliation gap between older XBRL filings, paper-form annual returns, and the new Straight-Through Processing (STP) system. A company that has not audited its MCA master data since the migration will typically find discrepancies in paid-up capital, director records, or charge status — all of which appear as qualifications in a diligence report.

The 12-Week Readiness Roadmap at a Glance

Assign each stream to a named responsible person — Company Secretary, CA, or external counsel — with a hard deadline. Do not run these streams sequentially; the first four overlap by design.

• Weeks 1–3: Corporate hygiene — ROC filings audit, MCA master data reconciliation, board meeting records
• Weeks 3–6: Cap table audit — dead equity elimination, founder vesting, ESOP reconciliation
• Weeks 4–6: Funding history — prior round documents, Rule 11UA valuations, DPIIT Form 2
• Weeks 5–8: Tax and statutory — ITR-6, GST, TDS, PF/ESIC, labour registrations
• Weeks 8–10: Contracts and IP — MSAs, employment documentation, trademark and patent status
• Weeks 10–11: DPDP 2026 compliance — consent flows, processor agreements, privacy policy
• Week 12: Data room assembly, index review, and legal sign-off

Corporate Hygiene: ROC Filings Cleanup (Weeks 1–3)

This is almost always where the most urgent remediation sits, because late filings on MCA V3 attract per-day additional fees and can trigger prosecution notices under Section 137 and Section 92 of the Companies Act 2013.

Audit the MCA Master Data First

Log into unknown node and download the company master data. Cross-verify five things:

1. Paid-up share capital — must match your cap table and the most recent Form SH-7 filed after every authorised capital increase and Form PAS-3 filed after every allotment.
2. Director DINs and designations — must match Form DIR-12 filings for every appointment, resignation, and change in designation.
3. Registered office address — must match Form INC-22 or INC-22A filings.
4. Charge status — outstanding charges must be reflected in your balance sheet; satisfied charges require Form CHG-4.
5. Authorised capital — confirm Form SH-7 was filed each time authorised capital was increased; a missing SH-7 means the allotment was technically invalid.

If the MCA master data shows a paid-up capital figure that differs from your cap table, your diligence report will carry a qualification that investor counsel cannot waive. It must be rectified before closing, not after.

File or Rectify Delayed Filings

These are the most commonly outstanding filings at pre-Series A stage:

• Form AOC-4 (financial statements) — due 30 October each year for most companies
• Form MGT-7 / MGT-7A (annual return) — due 60 days from AGM; MGT-7A applies to small companies
• Form PAS-3 (return of allotment) — must be filed within 30 days of every allotment; routinely missed on seed and bridge rounds
• Form MGT-14 (resolutions) — required for every special resolution: capital increases, ESOP scheme approval, changes to objects
• Form SH-7 (increase in authorised capital) — a separate filing is required for each increase

For a small company, the additional fee under the Companies (Registration Offices and Fees) Rules is Rs. 100 per day after the due date. A company that misses the 30 October deadline on both Form AOC-4 and Form MGT-7A and files on 30 April — a 182-day delay — pays Rs. 18,200 on each form, or Rs. 36,400 combined for a single filing year. Three consecutive years of such delays generates over Rs. 1,09,200 in avoidable fees, before any legal cost. Non-small companies face higher per-day rates as notified.

Board and Shareholders' Meeting Records

Investors will request all board meeting minutes from incorporation. Ensure:

• Every allotment, ESOP grant, key commercial contract, and borrowing was approved by a properly convened board meeting with quorum, and the minutes were signed within 30 days of the meeting (as required under Section 118 of the Companies Act 2013).
• Every special resolution was passed at an EGM or AGM with a circulated explanatory statement under Section 102.
• Statutory registers — Register of Members (Form MGT-1), Register of Directors and KMP (Form MBP-1), Register of Charges — are current and signed.

Unsigned or undated minutes are a diligence red flag. They are not a deal-killer, but they consume significant remediation time and give investor counsel grounds to seek additional indemnities.

Cap Table Cleanup and Equity Architecture (Weeks 3–6)

Eliminating Dead Equity

Dead equity means shares held by departed founders, early employees, or advisers who contributed nothing after their exit. Investors price it as a governance risk. Your three options:

• Buyback under Section 68 of the Companies Act 2013: viable if the company has distributable profits or adequate free reserves; requires board and shareholder approval.
• Gift or surrender: structurally simpler but has gift tax implications and requires a registered deed; gift of shares to the company triggers Section 56(2)(x) in the hands of the transferor unless specifically exempted.
• Accelerated vesting lapse + buyback: if a vesting agreement is in place, unvested shares lapse contractually on departure and can be cancelled through a buyback or surrender. Document the board resolution specifically.

Whatever route you take, file Form PAS-3 after any cancellation or reissue and update the Register of Members on the same day.

Founder Vesting and Reverse Vesting

A Series A investor's standard ask is a 4-year vesting schedule with a 1-year cliff and monthly vesting thereafter, coupled with reverse vesting — meaning the company holds a right to repurchase unvested shares at face value if a founder exits. If your founders issued themselves fully-vested shares at incorporation and no vesting agreement exists, implement one before the data room opens. The mechanism under Indian law is:

1. A board resolution approving a founders' vesting deed or amendment to the SHA
2. Contractual restrictions on transfer of unvested shares (not a Companies Act concept; enforced through the SHA and founders' agreement)
3. A buyback right in favour of the company or the investor SPV

Disclose any back-vesting already negotiated in prior rounds — investors will find it in the SHA and will want to understand why.

ESOP Reconciliation

Map every ESOP grant, exercise, lapse, and cancellation against the scheme approved under Section 62(1)(b) of the Companies Act 2013. Specifically verify:

• The scheme was approved by a special resolution at an EGM; Form MGT-14 was filed.
• Each grant letter states the exercise price, vesting schedule, vesting conditions, and exercise window post-separation.
• Exercised options resulted in a Form PAS-3 filing and share certificate or demat credit.
• Outstanding options are reflected in your fully-diluted cap table — the number investors evaluate for ownership percentage.

A discrepancy between your cap table software and MCA records on ESOP-issued shares is among the most common and most time-consuming findings at Series A.

Funding History: Every Prior Round Must Stack Up (Weeks 4–6)

Document Every Round End-to-End

For each prior round — friends-and-family, angel, seed, convertible note, SAFE, or redeemable preference share issuance — compile:

1. Signed term sheet
2. SHA and SSA (Share Subscription Agreement) with all amendments
3. Board and shareholder resolutions approving the allotment
4. Form PAS-3 filed within 30 days of allotment
5. Share certificates or demat credit confirmation
6. FC-GPR on the FIRMS portal (RBI's Foreign Investment Reporting and Management System) filed within 30 days of allotment for any foreign investor — this is a FEMA compliance requirement, not optional
7. Rule 11UA valuation report

A missing FC-GPR requires a compounding application to RBI, which typically takes 3–6 months to process. If discovered during diligence, it becomes a deal-stopper — the investor's counsel cannot issue a clean legal opinion on the round.

Rule 11UA Valuations and Angel Tax Exposure

Under Section 56(2)(viib) of the Income-tax Act 1961, if shares are issued at a premium to any investor — resident or non-resident — and the issue price exceeds the FMV computed under Rule 11UA of the Income-tax Rules 1962, the excess is treated as income in the hands of the company. For AY 2027-28, the rate applicable to a domestic company at the basic rate is 25% (plus surcharge and cess as applicable).

For each prior allotment, you need a valuation report dated on or before the allotment date. A report dated after allotment does not protect against a Section 56(2)(viib) demand. The Rule 11UA FMV for unlisted equity is the higher of:

• NAV method: (book value of assets − book value of liabilities) ÷ total shares outstanding
• DCF method: valued by a SEBI-registered Merchant Banker or a CA in practice, using cash flow projections

DPIIT Recognition and Form 2

A DPIIT-recognised startup can claim the Section 56(2)(viib) angel tax exemption by filing Form 2 (a declaration and undertaking) on the DPIIT Startup India portal, before the allotment for which the exemption is sought. Verify:

• DPIIT recognition certificate is valid (certificate is valid for 10 years from incorporation, subject to eligibility conditions)
• Form 2 was filed prior to each allotment in respect of which the exemption is claimed
• The company satisfies the capital condition: aggregate paid-up capital plus share premium from the exempted allotments does not exceed the ceiling currently notified

If Form 2 was not filed for an earlier round, the exemption cannot be claimed retroactively for that round. You can, however, file Form 2 prospectively for all future allotments, including the Series A.

Tax and Statutory Compliance (Weeks 5–8)

Income Tax Filings and Audit Reports

Prepare the last three years of the following for the data room:

• ITR-6 (corporate income tax return) — due 31 October for companies subject to tax audit; confirm returns are filed for AY 2025-26, AY 2026-27, and the current year AY 2027-28 when it falls due
• Form 3CD (tax audit report under Section 44AB) — applicable if turnover exceeds the prescribed threshold notified by CBDT
• Form 3CEB (transfer pricing report under Section 92E) — mandatory for any international transaction with associated enterprises, including payments to group entities or founders' foreign holding companies

Download Form 26AS and the AIS/TIS (Annual Information Statement / Tax Information Summary) from the income tax e-filing portal and reconcile both against your books. An unexplained credit or high-value transaction in AIS that does not appear in your return is a diligence trigger and a potential Section 68/69 notice risk.

GST Reconciliation

For registered companies, ensure:

• GSTR-9 (annual return) is filed for FY 2024-25 and FY 2025-26
• GSTR-9C (reconciliation statement, mandatory above Rs. 5 crore turnover as currently notified by CBIC) is filed and certified
• GSTR-2A/2B is reconciled with purchase ledgers; Input Tax Credit (ITC) claims must be supportable
• All GST portal Show Cause Notices (SCNs) and demand orders are disclosed; these become representations in the Series A SHA

For multi-state operations, every state GSTIN must be active and returns filed — investors' counsel will verify state by state.

TDS, PF/ESIC, and Labour Registrations

• TDS returns — Form 24Q (salary deductions) and Form 26Q (non-salary deductions) must be filed for every quarter. Download the Justification Report from the TRACES portal and close all outstanding short-deduction or short-payment defaults before diligence begins.
• PF (EPFO) — ECR (Electronic Challan cum Return) must be filed and paid for every month. A single missed month creates a recoverable liability with interest at 12% per annum plus damages of up to 25% of arrears under the Employees' Provident Funds and Miscellaneous Provisions Act 1952.
• ESIC, professional tax, labour welfare fund, shops and establishment registrations must be current and renewed in every state where you have employees. Investor counsel checks this state-by-state, and a lapsed registration in a remote state creates the same diligence note as a lapsed registration in your headquarters state.

Contracts, Employment and IP Audit (Weeks 8–10)

Customer and Vendor Agreements

Review your top 10 revenue contracts for:

• Assignment clause: does the contract require counterparty consent for assignment to a new holding company or SPV? If yes, you need written waivers before closing.
• Change of control clause: a Series A (typically a >50% equity shift on a fully-diluted basis) can trigger termination rights. Identify and negotiate waivers from material customers.
• Limitation of liability: uncapped indemnities in your vendor or SaaS agreements become your investor's uncapped exposure. Cap them at a defined multiple of contract value before diligence.
• IP ownership: all work product created by vendors, agencies, or contractors must vest exclusively in your company. "Work for hire" language is not sufficient in all jurisdictions — use an express assignment clause.

Employment Documentation

For every current employee, verify:

1. Signed offer letter on your current template (not a 2020-era template)
2. Signed IP assignment and confidentiality agreement as a standalone document, not buried in the offer letter
3. A non-solicitation clause — enforceable post-employment in India only if reasonable in scope (typically 6–12 months, limited to your active customers and employees)
4. Documented background verification

For employee-founders drawing a salary, a board resolution should record the basis of remuneration and any related-party transaction disclosures under Section 188 of the Companies Act 2013.

Trademark and Patent Strategy

At minimum, ensure:

• Class 42 (technology and software services) and Class 35 (business services) trademark applications are filed at the Trade Marks Registry under Form TM-A for the brand name and key product names
• Any mark in opposition or examination has an attorney response timeline ready for disclosure
• Copyright in material proprietary code or design is documented through timestamped version-control commits, or by a notarised affidavit of first authorship
• Provisional patent applications are filed at the Indian Patent Office for genuinely novel technology; official fees for a startup are approximately Rs. 8,000–Rs. 15,000 per application and secure priority date for 12 months

DPDP 2026: The New Diligence Battleground (Weeks 10–11)

The Digital Personal Data Protection Act 2023 and its rules, notified in 2025-26, create binding obligations for every startup that collects or processes personal data of Indian users — which means virtually every B2C company and most B2B SaaS companies with user-level data.

Investors now ask for a DPDP audit memo as standard. To prepare one, you need the following operationally implemented — not just drafted:

1. Notice and consent at every collection point: sign-up flows, checkout pages, app onboarding screens, and marketing opt-ins must each present an itemised notice in plain language. Consent must be freely given, specific, informed, and revocable. Pre-ticked checkboxes and bundled consents do not qualify.
2. Records of Processing Activities (RoPA): a table mapping each data category (name, email, location, UPI ID, health data, etc.) to its stated purpose, legal basis, retention period, and processor.
3. Data Principal rights mechanism: users must be able to access, correct, and erase their data. You need a functioning rights-request workflow with a defined and monitored response window.
4. Grievance Officer designation: a named, reachable individual — not a generic email alias — must be designated, with name and contact details published in your privacy policy.
5. Data Processing Agreements (DPAs): every third-party vendor, SaaS tool, or cloud provider that touches personal data on your behalf must have a written DPA consistent with the Act.
6. Privacy policy rewrite: if your policy was drafted before the rules were notified, it is non-compliant. Rewrite it against the Act's framework before you share it in a data room.

A DPDP non-compliance finding does not automatically kill a deal, but it converts to a closing condition — the investor will require a compliance certificate before funds flow, extending your closing timeline by two to four weeks at minimum.

Worked Example: The True Cost of Ignoring Compliance

Consider TechCo Private Limited, a B2C SaaS startup that raised Rs. 18 lakh from three angel investors in FY 2022-23 at Rs. 120 per share on an NAV-based FMV of Rs. 55 per share at that date. The company did not obtain DPIIT recognition until FY 2024-25 and never filed Form 2 for the angel round. It also missed Form PAS-3 by 90 days on the seed round, filed Form MGT-7A 150 days late for two consecutive years, and had three TDS short-deduction defaults on contractor payments. When it approached a Series A investor in Q2 FY 2026-27, the diligence report surfaced the following:

The aggregate financial exposure of approximately Rs. 1,09,750 was manageable. The 3-week closing delay was not — it pushed TechCo past the fund's quarter-end deployment deadline, requiring re-approval by the investment committee. The investor's counsel inserted an additional Rs. 75 lakh indemnity cover for pre-closing tax liabilities and extended founder lock-in by six months. The real cost of non-compliance was not the penalty register — it was priced permanently into the deal structure.

Common Mistakes That Derail Series A Closings

• Opening the data room before the internal audit. A data room with visible gaps signals to investor counsel that you have not reviewed your own company. Spend two weeks on internal audit before the first document is shared.
• Treating the cap table as a spreadsheet, not a legal document. Every line must be backed by a board resolution, an allotment letter, a Form PAS-3, and a share certificate or demat credit. If it is not, you do not legally own what the spreadsheet shows.
• Skipping Rule 11UA on convertible note conversions. Convertible notes and SAFEs that convert to equity also trigger Section 56(2)(viib) at the conversion date. Obtain a fresh Rule 11UA valuation at each conversion event, dated before conversion.
• Issuing shares before filing FC-GPR. This is a FEMA violation under the Foreign Exchange Management (Non-Debt Instruments) Rules, 2019. A late FC-GPR requires RBI compounding, which takes 3–6 months and is a deal-stopper during diligence.
• Relying on oral board approvals or WhatsApp resolutions. Under the Companies Act 2013, resolutions must be recorded in signed minutes within 30 days of the meeting. A WhatsApp approval chain does not constitute a board resolution.
• Updating the privacy policy text without updating consent flows. Investors test your app's consent mechanism. A beautifully drafted privacy policy that sits behind a pre-ticked checkbox does not constitute DPDP compliance.
• Confusing ESOP pool size with outstanding grants. The fully-diluted cap table must reflect only granted, unexercised options — not the entire authorised pool. Showing the full pool as dilutive inflates your investor's apparent ownership percentage at entry.

Key Takeaways

• Start 12 weeks before your first investor meeting, not after the term sheet. Remediating compliance gaps during exclusivity is your weakest negotiating position.
• MCA V3 master data is the legal ground truth for your corporate structure. If it does not match your cap table, fix it at MCA first — not in a side letter.
• Every allotment requires a Rule 11UA valuation report dated before the allotment date. A retroactive report does not protect against a Section 56(2)(viib) demand in AY 2027-28.
• DPDP compliance is a closing condition, not a post-closing covenant in FY 2026-27 diligence. Build consent flows, processor agreements, and a functional rights-request mechanism before you open the data room.
• ROC late filing fees compound fast: a small company facing a 150-day delay on two annual filings pays Rs. 30,000 in additional fees for that year alone — and creates a prosecution risk that investor counsel prices as an indemnity.
• Missing FC-GPR filings for foreign angel rounds require RBI compounding and typically take 3–6 months — enough to kill a deal that is otherwise ready to close.
• A Series A closing that takes 60 days instead of 120 is entirely achievable when your legal house is in order before the first NDA is signed. That 60-day saving translates directly into better covenant terms, lower indemnity exposure, and a stronger negotiating posture on valuation.