Prevention of Sexual Harassment (POSH) Policy

Prevention of Sexual Harassment (POSH) Policy: The Complete 2026 Compliance Guide

Every Indian employer with ten or more workers must have a written Prevention of Sexual Harassment (POSH) policy, a constituted Internal Complaints Committee (ICC), and documented annual reporting — regardless of whether a single complaint has ever been filed. In 2026, hybrid work, AI-enabled communication tools, and SEBI's Business Responsibility and Sustainability Report (BRSR) mandate have raised the stakes further. Non-compliance attracts a penalty of up to Rs. 50,000 under Section 26 of the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, and — far more damagingly — regulatory, reputational, and talent risk that no fine schedule can fully capture.

Who Must Comply — and What "10 Employees" Actually Means

Section 4 of the POSH Act, 2013 triggers the obligation once an "employer" has ten or more "employees" at a workplace. Both words are read broadly by courts and the Labour Department.

Who counts as an employee for the threshold?

• Permanent staff on payroll
• Contract labour engaged through a contractor (the principal employer remains liable)
• Interns, trainees, and apprentices
• Part-time and retainer-based consultants
• Gig workers engaged on a regular basis for the employer's benefit
• Probationers

A startup with eight engineers, three interns, and one on-call legal retainer crosses the threshold. The threshold is applied at the level of each office or branch, not just at the entity level. If your Pune office has twelve people and your Mumbai office has nine, the Pune office must have an ICC; the Mumbai office should document the fact that it shares the head-office ICC (which is permissible) or appoint one as a prudent step anyway.

Employers with fewer than ten employees are not exempt from the Act — complaints against them are handled by the Local Complaints Committee (LCC) constituted by the District Officer under Section 6.

Constituting a Legally Valid Internal Complaints Committee

An improperly constituted ICC is treated as no ICC at all. Get the composition right from day one.

Mandatory composition under Section 4(2):

1. Presiding Officer — a woman employed at a senior level in the organisation. If no senior woman is available at that office, the employer must nominate a woman from another office or branch.
2. Two or more employee members — committed to the cause of women, or who have experience in social work or legal knowledge.
3. One external member — from an NGO or association committed to the cause of women, or a person familiar with issues relating to sexual harassment. This member must not be an employee or have a conflict of interest.

Critical rule: At least one-half of the total members must be women. So in a four-member ICC — Presiding Officer + two internal members + one external member — at least two members must be women, which is satisfied by the Presiding Officer plus any one female internal member.

Tenure: Three years from the date of nomination. Mark calendar alerts. An ICC whose tenure has lapsed without reconstitution is non-existent in law — any inquiry conducted by an expired ICC is challengeable.

Practical step: Issue a formal order of constitution on company letterhead, signed by the authorised signatory, specifying names, designations, and the three-year term. Circulate this widely and keep it on the intranet.

What Your POSH Policy Document Must Contain

A POSH policy is not a template to be downloaded and filed away. It must reflect your actual organisation — its structure, its communication channels, and its complaint-handling reality. A regulator, a Labour Court, or an NCLT bench reviewing a Section 26 penalty will look at whether the document was operationally alive.

Mandatory elements:

• Leadership statement — zero-tolerance commitment, signed by the MD, CEO, or Managing Partner
• Statutory definition of sexual harassment — reproduce Section 2(n) verbatim, then supplement with workplace-specific examples
• Scope — employees, contractors, interns, vendors, clients, visitors, and explicitly, hybrid and remote work
• Complaint channels — written form to ICC, email address, physical complaint box, whether anonymous reports are accepted
• ICC details — names, contact information, office location, and instructions for reporting outside working hours
• Inquiry procedure — timelines, natural justice protections, confidentiality obligations, interim relief options
• Anti-retaliation clause — prohibiting adverse action against complainants, witnesses, or ICC members
• Consequences — range of disciplinary action including termination, and parallel criminal liability under IPC/BNS
• Training schedule — frequency, target audience, documentation requirements
• Annual report process — who prepares it, who receives it, when it is filed

The policy must be available in the language understood by employees at each location. A policy in English alone is insufficient for a factory workforce in Tamil Nadu or a site office in Rajasthan.

Defining Sexual Harassment: Getting the Language Right

Section 2(n) of the POSH Act defines sexual harassment as any one or more of the following unwelcome acts or behaviour, whether directly or by implication:

• Physical contact and advances
• A demand or request for sexual favours
• Making sexually coloured remarks
• Showing pornography
• Any other unwelcome physical, verbal, or non-verbal conduct of a sexual nature

Your policy must go further than reproducing this list. Add context-specific examples your employees will recognise:

• Persistent personal DMs or messages on work chat platforms after the person has indicated discomfort
• Sharing unsolicited explicit images via WhatsApp or Slack
• Comments about appearance, body, or personal life during video calls
• Jokes of a sexual nature in a team meeting (in-person or virtual)
• A manager conditioning a positive appraisal on personal favours — the classic quid pro quo
• Creating a hostile environment by repeatedly using gendered slurs or sexual innuendo

The phrase "unwelcome" is important. The complainant's subjective perception matters, not whether the respondent "meant any harm." Train your ICC and managers on this legal standard explicitly.

The Complaint and Inquiry Process, Step by Step

Many organisations draft the policy but leave the inquiry procedure vague. That vagueness becomes chaos when an actual complaint arrives. The following sequence maps directly to Sections 9–13 of the Act.

Step 1 — Complaint filing (Section 9) The aggrieved woman submits a written complaint to the ICC within three months of the incident. If the incident is part of a series, the clock runs from the last incident. The ICC may extend this by a further three months if circumstances prevented timely filing.

If the woman is unable to write the complaint due to physical or mental incapacity, a relative, friend, co-worker, or officer of the National Commission for Women may file on her behalf.

Step 2 — Conciliation (Section 10) Before initiating an inquiry, the ICC may (at the complainant's request) attempt conciliation. Conciliation cannot be sought in cases involving monetary settlement. If conciliation succeeds, no further inquiry is needed, and the settlement is documented.

Step 3 — Inquiry initiation If conciliation fails or is not requested, the ICC provides a copy of the complaint to the respondent, who must reply within ten working days.

Step 4 — Inquiry process (Section 11) The ICC has the powers of a civil court for summoning and examining witnesses, requiring discovery and production of documents, and receiving evidence on affidavits. The inquiry must follow principles of natural justice: both parties have the right to present their case, examine witnesses through the ICC, and be heard before any finding is recorded.

The inquiry must be completed within 90 days.

Step 5 — Report submission (Section 13) Within ten days of completing the inquiry, the ICC submits its report of findings to the employer and, if directed, to the District Officer.

Step 6 — Employer action (Section 13(3) and (4)) The employer must act on the ICC's recommendations within 60 days. Recommended action may include written apology, warning, reprimand, censure, withholding of promotion or increments, termination, or directing payment of compensation to the aggrieved woman.

Interim measures during inquiry (Section 12): The ICC may recommend that the employer transfer the complainant or respondent, grant special leave to the complainant, or restrain the respondent from supervising the complainant pending inquiry.

Hybrid and Digital Workplaces: Closing the Coverage Gaps

The POSH Act defines "workplace" in Section 2(o) to include any location visited by an employee arising out of or during the course of employment. In 2026, this reaches clearly into:

• Video calls conducted from home offices
• Work-related WhatsApp groups, Slack channels, and MS Teams threads
• LinkedIn and other professional social media when used for work communication
• AI-enabled meeting tools (e.g., Microsoft Copilot summaries, Zoom AI notes) where comments are recorded
• Off-site client meetings, field visits, conferences, and team offsites

Your policy must explicitly list these channels and settings and confirm that the ICC's jurisdiction extends to them. Add the following practical clauses:

• Recording consent: No one records a video call involving colleagues without the knowledge of all participants.
• After-hours communication norms: Work messages after a stated cut-off time should be work-related only; employees are not expected to engage with personal commentary.
• Third-party platforms: Harassment via personal social media accounts — when directed at a colleague in a work capacity — falls within the ICC's scope if there is a nexus to employment.

Many organisations in 2026 also now include clauses on AI-generated content — deepfakes, AI voice clones, and synthetically produced images of colleagues — as a form of harassment covered under "any other unwelcome conduct of a sexual nature."

Worked Example: What Non-Compliance Actually Costs

Consider a 45-person technology firm headquartered in Bengaluru, with a branch in Hyderabad employing 14 people.

Scenario: The Hyderabad branch has never constituted a separate ICC, has no written POSH policy displayed at the branch, and has conducted no POSH training in FY 2025-26.

A contractual employee at the Hyderabad branch files a complaint with the Karnataka Labour Department about harassment by her reporting manager during a client visit in Hyderabad. The Department investigates.

Direct penalty exposure:

• First offence under Section 26(1): up to Rs. 50,000
• If the company has previously been penalised or warned: Rs. 1,00,000 (doubled) + possible cancellation of licence or registration

Indirect costs (which often dwarf the fine):

• Internal investigation cost: 60–80 hours of senior HR and legal counsel time at market rates
• External legal counsel for the inquiry and any tribunal proceedings: Rs. 1,50,000 to Rs. 4,00,000+ depending on duration
• Talent attrition: if the incident becomes known internally, turnover risk among women employees increases — replacing one mid-level engineer costs Rs. 2,00,000–3,00,000 in recruitment and lost productivity
• BRSR disclosure obligation (if listed): "complaints pending" must be reported, triggering analyst and investor questions

For comparison: A one-day POSH training session for 14 employees (external trainer, certified) costs approximately Rs. 15,000–25,000. ICC external member annual retainer: Rs. 12,000–18,000. The compliance cost is a fraction of the non-compliance cost.

Annual Report and BRSR Disclosure: What, When, and to Whom

Section 21 Annual Report

At the end of each calendar year (January to December), the ICC must prepare an annual report and submit it to:

1. The employer, and
2. The District Officer of the relevant district

The report must include:

• Number of complaints of sexual harassment received
• Number of complaints disposed of
• Number of cases pending for more than 90 days
• Number of workshops or awareness programmes conducted
• Nature of action taken by the employer

The employer is not exempt from submitting this report to the District Officer simply because no complaints were received. A nil-complaint report is still a mandatory submission.

BRSR Disclosure (SEBI Mandate)

SEBI mandates Business Responsibility and Sustainability Report (BRSR) filing as part of the Annual Report for the top 1,000 listed companies by market capitalisation (with phased applicability cascading to supply chains). Under the Social pillar of BRSR:

• Total number of complaints on sexual harassment during the financial year
• Number filed, number resolved, number pending
• Percentage of women in leadership
• POSH training coverage (percentage of employees trained)

For FY 2026-27, listed companies must ensure their BRSR disclosures reflect accurate data — including whether all offices have a constituted ICC, whether the annual Section 21 report was filed, and training completion rates. Auditors reviewing BRSR assurance engagements increasingly flag gaps here.

Corporate Governance angle: The Board's report under Section 134 of the Companies Act, 2013 should reference POSH compliance as part of the company's statutory disclosures. MCA's corporate governance rules and stock exchange listing obligations both expect this.

Common Mistakes and Pitfalls to Avoid

These are the errors that appear most frequently in practice — during Labour Department audits, in employment tribunal proceedings, and in BRSR assurance reviews.

1. Treating the ICC as a formality Nominating members without training them is the most common failure. ICC members must know inquiry procedure, rules of natural justice, and confidentiality obligations. An untrained ICC conducting an inquiry creates grounds for legal challenge of the entire process.

2. Not reconstituting the ICC after three years Tenure lapses quietly. Build a three-year reminder into your governance calendar. Document reconstitution formally.

3. Policy in English only at multi-location companies A policy that employees cannot read is not a policy. Translate to regional languages where needed.

4. Omitting contractors and gig workers from scope Section 2(e) defines "employee" to include workers hired through contractors. Principal employers cannot disclaim liability by pointing to the staffing agency.

5. No interim relief mechanism in the policy The policy must state how an employee can seek interim transfer or leave while an inquiry is in progress. Omitting this exposes the employer to a charge of failing to protect the complainant.

6. Keeping the complaint channel opaque If the Presiding Officer is the only contact and she is the respondent in a complaint, there must be an alternative channel. Design the complaint mechanism so that no single person can block access.

7. Filing no Section 21 report because "there were no complaints" Non-filing is itself a violation. Send a nil-incident report to the District Officer and retain proof of submission.

8. Ignoring hybrid incidents If a manager sends harassing messages via WhatsApp at 11 pm, that falls within the POSH Act's scope. Policies that only reference "the office" leave digital and after-hours conduct in a grey zone — which courts are resolving against employers.

Key Takeaways

• Every employer with 10+ workers must have a written POSH policy and a constituted ICC — the obligation is unconditional and does not depend on whether complaints have been received.
• ICC composition is non-negotiable: Presiding Officer must be a senior woman; at least half of members must be women; one external member from civil society; three-year renewable tenure.
• Inquiry timelines are statutory: 90 days for inquiry completion, 10 days for the report, 60 days for the employer to act on recommendations.
• "Workplace" in 2026 includes all digital channels, hybrid work locations, client sites, and off-site events where the employment nexus exists.
• Section 26 penalty reaches Rs. 50,000 for a first offence and doubles for repeat violations, with potential cancellation of business registration — but the indirect costs of non-compliance are consistently higher.
• Section 21 annual report must be submitted to both the employer and the District Officer for each calendar year, including nil-complaint years.
• BRSR-filing listed companies must disclose POSH complaint data, ICC status, and training coverage in their Annual Report — treat this as a board-level governance item, not an HR afterthought.