Every organization operating in India, regardless of size or sector, carries a legal responsibility to protect employees from sexual harassment at the workplace. This obligation is not optional or a matter of internal discretion. It is codified under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013, commonly referred to as the POSH Act. For HR leaders, founders, and business owners, understanding what POSH compliance actually requires is fundamental to running a workplace that is both legally sound and genuinely safe.
Many organizations still treat POSH compliance as a checkbox exercise, limited to appointing a committee and filing a document once a year. This narrow approach exposes companies to legal risk and undermines the very purpose of the law. A well-implemented POSH framework does more than satisfy a statutory requirement. It signals to employees, clients, and prospective talent that the organization takes workplace dignity seriously.
This guide walks through what POSH compliance involves in practice, the obligations employers must meet, the risks of falling short, and how organizations of every size can build a system that actually works rather than one that merely exists on paper.
Understanding the POSH Act and Why It Exists
The POSH Act was enacted in 2013, though its foundations go back further. Before this law existed, there was no dedicated statutory mechanism to address sexual harassment specifically within a workplace context in India. Women facing harassment had to rely on general provisions of the Indian Penal Code, which were not designed for workplace-specific grievances and often discouraged victims due to lengthy criminal procedures.
The legal groundwork for the Act came from the Vishaka Guidelines, laid down by the Supreme Court of India in 1997 in the case of Vishaka versus State of Rajasthan. The judgment arose from the case of Bhanwari Devi, a social worker in Rajasthan who was assaulted while working to prevent child marriages. The Supreme Court recognized that the absence of any workplace mechanism for addressing sexual harassment violated the fundamental rights of women, particularly the right to equality and the right to practice any profession without fear.
The POSH Act formalized these guidelines into binding law and introduced a structured redressal mechanism through Internal Committees and Local Committees, along with specific employer obligations, timelines, and penalties.
Who Needs to Comply and What the Law Covers
The Act applies to virtually every workplace in India, whether in the public or private sector, and regardless of the size or nature of the business. This includes offices, factories, hospitals, educational institutions, and even unorganized sectors such as domestic work. The definition of workplace itself is broad. It extends beyond the physical office to include client sites, business travel, work-related social events, and increasingly, virtual and remote work environments.
Since the shift toward hybrid and remote work models across Indian workplaces, courts have clarified that a home can qualify as a workplace when an employee is working remotely and an incident occurs in the course of employment. This has meaningful implications for how organizations across Tier 1 cities like Bengaluru, Mumbai, and Delhi NCR, as well as growing Tier 2 hubs such as Pune, Jaipur, and Coimbatore, need to think about coverage for remote and hybrid teams.
The core compliance obligation kicks in once an organization has ten or more employees. At this threshold, the employer must constitute an Internal Committee. Organizations with fewer than ten employees are still governed by the Act, but complaints from their employees, along with complaints from workers in the unorganized sector, are handled by the Local Committee set up by the District Officer.
Core Employer Responsibilities Under the Act
Employer obligations under the POSH Act are specific and detailed, not left to interpretation. At a foundational level, employers must provide a safe working environment and communicate a clear anti-sexual harassment policy that outlines both organizational commitment and employee rights.
Beyond policy documentation, employers are expected to constitute the Internal Committee correctly, with proper representation, and ensure its composition and contact details are displayed prominently at the workplace. Regular training and awareness sessions form another central pillar. This is not limited to a single onboarding session. Employees need periodic refreshers, and Internal Committee members require dedicated training on handling complaints, conducting inquiries, and maintaining procedural fairness.
Employers must also extend full cooperation to the Internal Committee during any investigation, which includes providing access to relevant records, ensuring both parties are available for hearings, and implementing whatever interim measures the Committee recommends, such as granting leave to the aggrieved employee or reassigning reporting lines during the inquiry period.
A few responsibilities are often overlooked by smaller organizations:
- Treating sexual harassment explicitly as misconduct under service rules, so that disciplinary action has a clear internal basis.
- Assisting an employee who wishes to file a police complaint, and forwarding the matter to law enforcement where the respondent is not part of the organization.
- Ensuring the Internal Committee submits its annual report to both management and the District Officer, and reflecting POSH compliance status in the Director's Report where applicable under the Companies Act.
Building the Internal Committee Correctly
The Internal Committee is the operational core of POSH compliance, and getting its composition right matters as much as forming it at all. The committee should have a minimum of four members, with at least half being women. It requires a Presiding Officer who is a woman employed at a senior level, at least two internal members with relevant experience or sensitivity toward gender issues, and one external member, typically drawn from a non-governmental organization or someone with relevant legal or subject matter familiarity.
The external member requirement is one that many organizations, particularly smaller or newer companies, struggle to fulfil. Recent governance guidance has also opened the door for a practising professional such as a Company Secretary to serve in this external capacity, bringing a governance and compliance lens to the committee's functioning alongside its core role of handling complaints sensitively.
Committee members typically serve for a term of three years, and organizations are expected to reconstitute the committee once that period lapses. Where offices exist across multiple locations, an Internal Committee needs to be constituted at each administrative unit rather than centralizing everything at the head office.
The Complaint and Inquiry Process
A well-drafted policy is only as good as the process behind it. When a complaint is filed, it generally must be submitted in writing within three months of the incident, although the Internal Committee retains discretion to extend this timeline where genuine circumstances, such as physical or mental incapacity, prevented timely filing.
Once a complaint is received, the Committee must share it with the respondent within a set number of working days, and the respondent is given an opportunity to reply along with supporting evidence and witness details. The Committee is expected to complete its inquiry within ninety days and submit its findings to the employer within ten days of concluding the process. Throughout this period, principles of natural justice apply, meaning both parties are heard, allowed to present evidence, and given a fair opportunity to respond to allegations.
Confidentiality is a legal requirement throughout this process, not merely good practice. Details of the complaint, the identities of those involved, and the committee's recommendations cannot be disclosed to the public, press, or even within the organization beyond those who genuinely need to know. This protects everyone involved, including the respondent, until the matter is resolved.
Organizations should also be prepared to handle malicious or false complaints appropriately. The law is clear that an inability to prove a complaint does not automatically amount to a false complaint, and committees need to exercise careful judgment before recommending action against a complainant.
Training, Awareness, and Annual Reporting
Training cannot be a one-time formality completed during onboarding and forgotten. Effective POSH training programs cover the definition of harassment, the organization's zero-tolerance stance, reporting channels, and the rights available to complainants, respondents, and witnesses. Committee members need a separate and more detailed orientation, covering investigative techniques, documentation standards, and sensitivity in handling cases involving colleagues across different levels of seniority.
Annual reporting is a recurring obligation that many organizations underestimate. The Internal Committee must prepare and submit an annual report to the employer and the District Officer, typically by the end of January each year, covering the number of complaints received, disposed of, and pending, along with details of awareness programs conducted. Companies registered under the Companies Act are further required to disclose POSH compliance status in their Director's Report, a requirement introduced through amendments to the Companies (Accounts) Rules.
The Cost of Getting This Wrong
Non-compliance carries real financial and reputational consequences. A first violation can attract a penalty of up to fifty thousand rupees, and repeated violations can result in double the penalty or even suspension of a business license in serious cases. Beyond statutory fines, courts have shown willingness to award substantial compensation directly to complainants in cases where organizations failed to maintain a functioning Internal Committee or mishandled the redressal process.
These cases underline a point HR leaders often need to make to business leadership: POSH compliance is not a paperwork exercise that can be deprioritized during busy quarters. The financial exposure from a poorly handled case, combined with the damage to employer reputation in a market where employees increasingly research workplace culture before joining, makes proactive compliance a sound business decision rather than a purely legal one.
Practical Steps for Building a Stronger POSH Framework
Organizations serious about compliance, rather than simply avoiding penalties, tend to approach this holistically. This means treating the POSH policy as a living document reviewed annually, ensuring the Internal Committee has genuine authority and resources rather than existing only on paper, and building a culture where employees feel safe reporting concerns without fear of retaliation.
It also means recognizing that POSH compliance intersects with broader people practices. How an organization handles a sensitive complaint reflects directly on its employer brand, its ability to retain talent, and the trust employees place in leadership. This is precisely the kind of workplace governance conversation that platforms like HRSays aim to surface for HR professionals and business leaders working to build more accountable, people-first organizations.
Conclusion
POSH compliance is a legal necessity, but it is also an opportunity for organizations to demonstrate genuine commitment to employee safety and dignity. Meeting the requirements around Internal Committee formation, policy drafting, training, and reporting protects organizations from legal and financial risk. More importantly, when implemented with real intent rather than as a formality, it builds the kind of workplace culture that retains talent and earns trust. Employers who treat this as an ongoing responsibility, rather than an annual filing task, are the ones best positioned to navigate both compliance and culture successfully.
Frequently Asked Questions
Q1: Is every organization in India required to comply with the POSH Act?
Any organization with ten or more employees must constitute an Internal Committee and comply with the POSH Act. Organizations with fewer than ten employees still fall under the law, but complaints from their employees are handled by the Local Committee constituted at the district level.
Q2: What happens if an employer does not set up an Internal Committee?
Failure to constitute an Internal Committee is treated as non-compliance and can attract a monetary penalty of up to fifty thousand rupees for a first violation, with higher penalties or business license consequences for repeated violations.
Q3: Can a POSH policy be gender neutral?
Organizations may choose to extend their internal policy to employees of all genders, but the statutory protections and powers under the POSH Act itself apply specifically to women. Complaints from other genders are typically handled under separate grievance or conduct policies.
Q4: How long does an Internal Committee have to complete an inquiry?
The Internal Committee is expected to complete its inquiry within ninety days from the date the complaint is received, and submit its report to the employer within ten days of completing the inquiry.
Q5: What should an employer include in the Director's Report regarding POSH?
Companies registered under the Companies Act are expected to make a disclosure confirming POSH compliance in their Director's Report, along with details of complaints received and resolved during the year, except for certain small companies and one person companies.
Resources
- Ministry of Women and Child Development, Government of India: Official portal for the POSH Act text, rules, and related notifications.
- Institute of Company Secretaries of India (ICSI): Governance and Compliance Standard on Prevention, Prohibition and Redressal of Sexual Harassment at Workplace, offering detailed procedural guidance for Internal Committees.
- SHe-Box Portal, Ministry of Women and Child Development: Centralized government platform for registering and monitoring workplace sexual harassment complaints.
- Supreme Court of India Judgment, Vishaka versus State of Rajasthan (1997): The foundational judgment that led to the enactment of the POSH Act.
- Ministry of Corporate Affairs: Companies (Accounts) Rules amendments relating to POSH disclosure in the Director's Report.
Interlinking Keywords
POSH policy drafting, Internal Committee formation, workplace compliance framework, HR compliance training, employee grievance redressal, workplace governance, annual compliance reporting, gender sensitization at work
Disclaimer
This article is intended for general informational purposes only and does not constitute legal advice. POSH compliance requirements may be subject to amendments, judicial interpretation, and state-specific notifications. Organizations are strongly advised to consult a qualified legal professional or compliance expert before drafting policies, constituting committees, or making decisions related to specific cases of workplace sexual harassment
This article explains POSH compliance requirements for Indian employers, covering Internal Committee formation, policy drafting, employee training, complaint inquiry timelines, annual reporting, and penalties for non-compliance under the 2013 Act.







