POSH Compliance in India: Employer's Guide (2026)

POSH Compliance in India: Employer's Guide (2026)

POSH compliance is not optional, and it is not just a poster on the wall. The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act — universally shortened to the POSH Act — places clear, enforceable duties on almost every employer in India. Yet many organisations, especially small and growing companies, discover their obligations only after a complaint lands on someone's desk, by which point the gaps are expensive and hard to fix.

This guide walks HR managers, founders, and people teams through what POSH compliance actually requires, how to build a programme that protects employees and the organisation, and the practical steps to stay on the right side of the law. It is written for everyday HR practitioners who want a clear, expert-level understanding without wading through dense legal text. Treat it as a working map, and verify specific provisions and current rules with a qualified professional, because procedural details and thresholds matter and can change.

What Is the POSH Act?

The POSH Act is India's primary law for preventing and addressing sexual harassment of women at the workplace. It was enacted to give effect to the principle that every woman has the right to a safe working environment, and it grew out of earlier guidelines that the courts had laid down before a dedicated statute existed. The Act is accompanied by rules that flesh out procedures, timelines, and committee composition.

At its core, the law does three things. It prohibits sexual harassment at the workplace. It prevents harassment by requiring employers to take proactive measures such as policies, awareness, and a complaints mechanism. And it provides a structured process for the redressal of complaints through an internal committee with quasi-judicial powers. The combination of prevention and redressal is deliberate: the law expects employers not merely to react to incidents but to build an environment where harassment is less likely in the first place.

The Act applies broadly. It covers organised and unorganised sectors, public and private workplaces, and a wide definition of "workplace" that extends well beyond the traditional office. Understanding that scope is the first step to compliance, because many employers underestimate how far their responsibilities reach.

Who Must Comply?

The short answer is: almost every employer. The POSH Act applies to any "workplace," which the law defines expansively. This includes private companies, government bodies, NGOs, hospitals, educational institutions, sports facilities, and dwelling places or houses where domestic or other work is performed. It captures organisations of every size, from large enterprises to small startups and even households employing domestic workers in certain respects.

A crucial distinction in the law turns on the number of employees. Workplaces with ten or more employees are required to constitute an Internal Committee (often still referred to as the Internal Complaints Committee, or ICC). Workplaces with fewer than ten employees, or cases where the complaint is against the employer themselves, are served by a Local Committee constituted at the district level by the appropriate government, to which complaints can be made.

The definition of "workplace" also extends to places visited by an employee during the course of employment, including transport provided by the employer, client sites, conference venues, and work-related travel. In an era of remote and hybrid work, this raises real questions about virtual harassment and incidents that occur during video calls or over work communication tools, and prudent employers treat such conduct as within scope.

It is also important to note who is protected. The Act, as drafted, protects "aggrieved women," a category that includes not just permanent employees but also contractual workers, interns, trainees, probationers, and even women who are not employees but visit the workplace. The protection follows the workplace, not just the payroll. Many organisations choose to extend equivalent grievance protections to all genders as a matter of policy, even though the statute itself is framed around women, because a safe workplace standard should apply to everyone.

Key Definitions: What Counts as Sexual Harassment

To run a credible programme, your committee and your people need a shared, accurate understanding of what the law treats as sexual harassment. The Act defines it to include unwelcome acts or behaviour, whether direct or by implication. These commonly include physical contact and advances, a demand or request for sexual favours, sexually coloured remarks, showing pornography, and any other unwelcome physical, verbal, or non-verbal conduct of a sexual nature.

The law also recognises certain circumstances that, if connected to such conduct, may amount to harassment: an implied or explicit promise of preferential treatment in employment, a threat of detrimental treatment, a threat about present or future employment status, interference with work or creating an intimidating or hostile or offensive work environment, and humiliating treatment likely to affect health or safety.

Two ideas are worth emphasising for training purposes. First, the test centres on whether the conduct was unwelcome from the perspective of the recipient, not on whether the person doing it intended harm. Second, harassment is not limited to overtly physical acts; a pattern of remarks, messages, or behaviour that creates a hostile environment can qualify. Helping employees understand these nuances through regular awareness sessions is itself part of compliance and is one of the most effective forms of prevention.

The Internal Committee (IC): Composition and Role

The Internal Committee is the centrepiece of workplace-level compliance. Every employer with ten or more employees must constitute an IC at each office or unit where that threshold is met. Getting its composition right is not a formality; a wrongly constituted committee can render its proceedings vulnerable to challenge.

The law prescribes a specific composition. The committee must be headed by a Presiding Officer who is a woman employed at a senior level at the workplace. It must include at least two members from among employees, preferably committed to the cause of women or who have relevant experience or legal knowledge. Critically, it must also include one external member from an NGO or association committed to the cause of women, or a person familiar with issues relating to sexual harassment. The external member exists to bring independence and subject-matter expertise, and to reduce the risk of internal bias.

The law also requires that at least half of the total members of the committee be women. Members are typically appointed for a defined term, and the employer must fill vacancies promptly so the committee is always able to function.

The IC's role goes beyond hearing complaints. It conducts inquiries in a manner consistent with principles of natural justice, maintains confidentiality, recommends action to the employer, and contributes to the organisation's broader prevention efforts. Because the committee exercises powers similar to those of a civil court for certain purposes — such as summoning witnesses and requiring documents — its members should be properly trained. Investing in IC training is one of the highest-return compliance steps an employer can take.

Employer Duties Under the POSH Act

The Act sets out specific duties for employers, and these are the items an auditor or court will look for. Meeting them is what separates a compliant organisation from one that is merely hoping nothing happens.

Employers must provide a safe working environment, which includes safety from persons coming into contact with the employee at the workplace. They must display conspicuously at the workplace the penal consequences of harassment and the order constituting the IC. They must organise awareness programmes and workshops at regular intervals to sensitise employees, and orientation programmes for IC members. They must provide the facilities necessary for the IC to deal with complaints and conduct inquiries.

Employers are also required to assist the aggrieved woman if she chooses to file a criminal complaint, and to treat sexual harassment as misconduct under the applicable service rules, initiating action accordingly. They must monitor the timely submission of reports by the IC and include the required information in the organisation's annual report or file it with the appropriate authority.

A formal anti-harassment policy ties these duties together. While the statute focuses on the committee and the process, a written policy that explains what harassment is, how to complain, what the process looks like, what protections exist against retaliation, and what the consequences are, is both good practice and effectively expected. The policy should be communicated to every employee, ideally as part of onboarding, and reaffirmed periodically.

The Complaint and Inquiry Process

Understanding the complaint process helps employers run it fairly and helps employees trust it. While the exact timelines and procedural details should be confirmed against the current Act and rules, the broad shape of the process is consistent.

An aggrieved woman may make a written complaint to the IC (or the Local Committee where applicable) within a defined period of the incident, with provision for extension in appropriate circumstances. Where she is unable to complain in writing, the committee should provide reasonable assistance to put the complaint in writing.

Before a formal inquiry, the committee may, at the request of the complainant, attempt conciliation to resolve the matter — but conciliation cannot be based on monetary settlement as a condition, and it is only available if the complainant wishes it. If conciliation is not pursued or does not resolve the matter, the IC proceeds to a formal inquiry.

During the inquiry, the committee follows principles of natural justice: both parties are heard, allowed to present evidence and witnesses, and given a fair opportunity to respond. The committee may recommend interim measures during the pendency of the inquiry, such as transferring the respondent or the complainant, or granting leave, to prevent further harm or pressure.

On completion, the IC prepares an inquiry report with its findings and recommendations within the prescribed period. If harassment is established, the committee recommends action against the respondent in accordance with service rules, which can range up to dismissal, and may recommend that compensation be paid to the aggrieved woman, determined with reference to factors set out in the law. If the allegation is not proven, the committee records that no action is required. The Act also addresses false or malicious complaints, allowing action where a complaint is proven to be malicious — though importantly, an inability to substantiate a complaint does not by itself mean it was malicious, a distinction that protects genuine complainants who simply lack corroborating evidence.

Throughout, confidentiality is paramount. The identity of the parties and witnesses, and the contents of the proceedings, are not to be published or disclosed, and breaches of confidentiality can themselves attract penalties.

Protection Against Retaliation

A complaints process is worthless if employees fear punishment for using it. The Act and good practice both demand robust protection against retaliation. An employee who makes a complaint, or who participates as a witness, must not suffer adverse consequences as a result. Retaliation can take subtle forms — a sudden poor appraisal, exclusion from projects, a transfer dressed up as routine — and HR should be alert to all of them.

Building anti-retaliation language into the policy, monitoring the treatment of complainants and witnesses after a case closes, and acting decisively if retaliation is suspected, are what give a POSH programme credibility. Employees talk to each other; if the first complainant is seen to be punished, no one else will come forward, and the organisation loses its early-warning system precisely when it needs it.

Annual Reporting and Record-Keeping

Compliance is not only about handling complaints well; it is also about documentation. The IC is required to prepare an annual report summarising the number of complaints received, the number disposed of, cases pending beyond the prescribed period, and the nature of actions taken and workshops conducted. This report is submitted to the employer and to the relevant district officer.

Beyond the statutory report, employers should maintain careful records of policy acknowledgements, training sessions and attendance, committee constitution and any changes, and the handling of each complaint with strict confidentiality controls. Good record-keeping serves two purposes: it demonstrates compliance if the organisation is ever questioned, and it provides the data to improve the programme over time. Many organisations also reference their POSH compliance status in their broader corporate disclosures, and certain company-law filings expect a statement on compliance with the Act.

Penalties for Non-Compliance

Non-compliance carries real consequences. An employer who fails to constitute an IC, fails to act on the committee's recommendations, or otherwise contravenes the Act can face monetary penalties. Repeated violations can lead to higher penalties and, significantly, can affect the business — including the potential cancellation or non-renewal of licences or registrations required to operate. Beyond the statutory penalties, there is reputational damage, the cost of litigation, and the erosion of employee trust, all of which can dwarf the formal fine.

The lesson is that POSH compliance is cheaper to do properly upfront than to retrofit under pressure. Constituting a valid committee, training it, publishing a policy, running awareness sessions, and keeping records is a modest investment compared with the cost of a botched inquiry or a penalty for non-compliance.

Building a POSH Compliance Programme: A Practical Checklist

Bringing it together, here is a practical sequence for an employer building or refreshing its POSH programme. Treat it as a starting framework and adapt it to your size and structure.

Begin by constituting a valid Internal Committee at each qualifying location, with a senior woman as Presiding Officer, the required employee members, an external member, and at least half women. Confirm the composition against the current rules.

Next, draft and publish an anti-harassment policy in clear language, covering definitions, the complaint process, confidentiality, anti-retaliation protections, and consequences. Have employees acknowledge it, ideally during onboarding.

Then train the committee on the law, the inquiry process, evidence handling, natural justice, and confidentiality, and refresh this training periodically. Separately, run awareness sessions for all employees so they understand what harassment is, how to raise concerns, and what to expect.

Display the required notices about penal consequences and the IC order conspicuously at the workplace, and ensure remote employees can access the same information digitally.

Set up a confidential intake channel for complaints and make sure employees know how to use it. Establish record-keeping for acknowledgements, training, committee details, and case files, with tight access controls.

Finally, prepare the annual report, file it as required, and review the programme each year to close gaps. Where you operate across multiple states or have fewer than ten employees at some locations, map which sites need an IC and which rely on the Local Committee, and document that analysis.

POSH in Remote and Hybrid Workplaces

The rise of remote and hybrid work has stretched the traditional idea of "workplace," and POSH programmes have had to keep pace. Harassment can occur over video calls, chat tools, email, and social platforms used for work, and the broad statutory definition of workplace generally supports treating such conduct as within scope when it is connected to employment.

Practically, this means your policy should explicitly address virtual conduct, your awareness training should cover online behaviour and communication norms, and your committee should be comfortable handling digital evidence such as messages and call records while preserving confidentiality. It also means remote employees must be able to access the policy, the complaint channel, and the displayed information digitally, not just on an office noticeboard they may never visit. Organisations that updated their POSH approach for distributed work have found that clear norms for online conduct benefit the whole culture, not only formal compliance.

Conducting a Fair Inquiry: Guidance for IC Members

The quality of an inquiry determines whether the outcome will hold up to scrutiny and whether both parties will accept it as just. Internal Committee members are not expected to be judges, but they are expected to apply basic principles of fairness consistently. A few practical habits make the difference.

Treat the inquiry as confidential from the first moment, and remind everyone involved — parties, witnesses, and committee members — of their confidentiality obligations in writing. Give both the complainant and the respondent a genuine opportunity to state their case, present evidence, and respond to what the other side has said; natural justice requires that no one is condemned unheard. Keep meticulous, contemporaneous notes of every session, and have parties confirm key statements, because memory fades and clean records protect the integrity of the process.

Approach evidence with an open mind. Sexual harassment frequently occurs without witnesses, so the absence of corroboration does not mean the complaint is false, nor does its presence automatically prove the case. The committee weighs the credibility and probability of the accounts as a whole. Avoid intrusive or victim-blaming questioning about a complainant's character or past, which is both unfair and irrelevant to whether the specific conduct occurred. Where interim measures are needed to prevent pressure or further harm during the inquiry, recommend them promptly.

Finally, write the inquiry report carefully: state the allegations, the evidence considered, the reasoning, and the conclusion clearly enough that an outsider could follow how the committee reached its finding. A well-reasoned report is the best protection against a later challenge, and it signals to the whole organisation that the process is serious and fair.

What Awareness Training Should Cover

Awareness training is where prevention actually happens, and yet it is often reduced to a slide deck no one remembers. Effective sessions are interactive, scenario-based, and refreshed regularly rather than treated as a one-time onboarding box to tick.

Good training helps employees recognise the full range of conduct that can amount to harassment, including verbal remarks, messages, and behaviour that creates a hostile environment, not just overt physical acts. It explains the concept of "unwelcome" conduct and why intent is not the test. It walks people through exactly how to raise a concern, who sits on the committee, what confidentiality protections exist, and what happens after a complaint is filed, so that the process feels accessible rather than intimidating. For managers, training should add a layer on how to respond when someone confides in them, how to avoid retaliation, and how to model respectful behaviour.

Separate, deeper orientation for IC members is essential and is, in fact, expected of employers. Committee members need to understand the law, the inquiry process, evidence handling, and their quasi-judicial responsibilities. Tracking who has attended which session — and following up with those who have not — is part of demonstrating that the employer met its duty to sensitise the workforce.

Common Mistakes in POSH Compliance

Several recurring mistakes undermine otherwise well-intentioned programmes. The most common is constituting the Internal Committee incorrectly — omitting the external member, failing to meet the requirement that at least half the members be women, or appointing a Presiding Officer who is not a senior woman. A defective committee can taint the entire proceeding.

Another frequent error is treating the policy as a document to be filed rather than communicated. A policy that employees have never read, acknowledged, or understood does little to prevent harassment and offers weak evidence of compliance. Equally common is neglecting awareness training after the first year, allowing the programme to go stale.

Some employers mishandle confidentiality, discussing cases informally or allowing details to leak, which both breaches the law and deters future complainants. Others fail to protect complainants and witnesses from subtle retaliation, destroying trust in the process. And many simply forget the annual report and record-keeping obligations until an audit or filing deadline forces a scramble. Each of these mistakes is avoidable with a little structure and discipline, which is precisely where a system that organises policies, acknowledgements, training, and records earns its keep.

How CozyHR Supports POSH Compliance

Much of POSH compliance is, at bottom, a documentation and workflow discipline: the right committee on record, policies acknowledged by every employee, training delivered and tracked, complaints handled confidentially, and an annual report assembled from clean data. These are exactly the things that slip when they live in scattered spreadsheets and email folders.

CozyHR helps by keeping your anti-harassment policy in one place where every employee can read and acknowledge it during onboarding and beyond, by tracking awareness training and attendance, and by maintaining the records you need for your annual report and any audit. Committee details, policy versions, and acknowledgements stay organised and retrievable, so demonstrating compliance becomes a matter of a few clicks rather than a frantic search. While the human judgement of an inquiry will always belong to your trained committee, the surrounding administration — policies, acknowledgements, training records, and reporting — is something a good HRMS can take off your plate.

If your POSH compliance currently relies on memory and goodwill, consider moving the administrative backbone into a structured system. You can see how CozyHR organises policies, acknowledgements, and compliance records with a short walkthrough.

Frequently Asked Questions

Which companies must comply with the POSH Act?

Effectively all workplaces fall within the Act's scope. Any workplace with ten or more employees must constitute an Internal Committee. Workplaces with fewer than ten employees, or complaints against the employer, are served by a district-level Local Committee. The definition of workplace is broad and covers private companies, government bodies, NGOs, and many other settings.

Who can file a complaint under the POSH Act?

The Act protects "aggrieved women," which includes regular employees as well as contractual workers, interns, trainees, probationers, and women who visit the workplace. Many employers extend equivalent grievance protections to all genders as a matter of policy, even though the statute is framed around women.

How many members must the Internal Committee have?

The committee must have a senior woman as Presiding Officer, at least two employee members, and one external member from an NGO or with relevant expertise, with at least half of the members being women. Confirm the exact requirements against the current Act and rules when constituting your committee.

What is the time limit to file a POSH complaint?

A complaint must generally be made in writing within a defined period from the incident, with provision for the committee to extend the time in appropriate circumstances. Because the specific timelines are set out in the Act and rules and procedural details matter, verify the current limits when handling a complaint.

What penalties apply for non-compliance?

Employers who fail to constitute an IC or comply with the Act can face monetary penalties, with higher penalties for repeat violations and the potential cancellation or non-renewal of business licences or registrations. Reputational and litigation costs often exceed the statutory penalty.

Does POSH apply to remote and virtual workplaces?

The broad definition of workplace generally supports treating work-related harassment that occurs over video calls, chat, or email as within scope. Update your policy and training to address online conduct and ensure remote employees can access the policy and complaint channel digitally.

Is the employer required to maintain records or file reports?

Yes. The Internal Committee prepares an annual report summarising complaints and actions, which is submitted to the employer and the relevant district officer. Employers should also keep records of policy acknowledgements, training, and committee details to demonstrate compliance.

What protections exist against retaliation?

Employees who complain or act as witnesses must not face adverse consequences for doing so. Anti-retaliation protection should be built into the policy and actively monitored, because a process that punishes complainants quickly loses all credibility.

Conclusion

POSH compliance is one of those areas where doing the basics well, consistently, matters more than any clever shortcut. Constitute a valid Internal Committee, publish a clear policy, train your committee and your people, handle complaints with fairness and confidentiality, protect those who come forward, and keep clean records. None of these steps is exotic, but together they create a workplace that is genuinely safer and an organisation that is genuinely protected.

The cost of getting it wrong — penalties, litigation, lost trust, and harm to real people — is far higher than the modest effort of building the programme properly. If you want the administrative side of POSH compliance to run smoothly, with policies acknowledged, training tracked, and records audit-ready, that is the kind of structure a modern HRMS like CozyHR is built to provide. Set the foundation now, and you will not be scrambling when it matters most.

This guide is general information for HR teams, not legal advice. The POSH Act and its rules contain specific procedural requirements, timelines, and thresholds that can change. Verify current provisions and consult a qualified professional for the handling of any specific complaint or compliance question.