Company Secretary & Startup Compliance Firm in Delhi NCR & India | Bhavya Sharma and Associates
Startup Legal, Tax & Compliance – 150 FAQs for Indian Founders
.
1. Startup Incorporation & Structure (20 FAQs)
Q1. What is the best business structure for a startup in India?
For most scalable, investor-backed businesses in India, a Private Limited Company is the best structure because it offers limited liability, is investor friendly, and supports foreign investment (FDI). LLPs work well for lean, service-based or professional firms that do not plan to raise institutional VC.
Q2. How do I choose between Private Limited Company, LLP, and Partnership Firm?
Use this thumb rule: choose a Private Limited Company if you want to raise funding or issue ESOPs, an LLP if you are building a professional/services business with 2–5 partners, and avoid traditional Partnership Firms unless you want a purely small, local, low-compliance setup.
Q3. Can I start as a sole proprietor and later convert to Private Limited?
Yes, you can, but it adds friction and cost: you must incorporate a company, transfer business assets and contracts, handle tax / GST transitions and re-paper key customers. If you already know you are building something scalable, it is generally smarter to start as a Private Limited Company.
Q4. What is the minimum capital required to incorporate a Private Limited Company?
There is no statutory minimum paid-up capital now; technically you can start with as low as ₹1,000. In practice, most founders choose between ₹1 lakh and ₹10 lakh as initial capital to signal seriousness, cover early expenses and reduce future paperwork when raising funds.
Q5. How many founders or shareholders do I need to start a Private Limited Company?
You need a minimum of 2 shareholders and 2 directors, and at least one director must be a resident in India (staying 182+ days in a financial year). The same person can be both a director and a shareholder.
Q6. Can I incorporate a startup using my home address?
Yes, you can legally use a residential address as the registered office at incorporation, as long as you have proper proof and a No-Objection Certificate (NOC) from the owner. You can change the registered office later to a co-working or commercial office without much friction.
Q7. What documents are required to incorporate a Private Limited Company?
You typically need PAN, Aadhaar, photo and address proof of all directors/shareholders, proof of registered office (utility bill, rent agreement and owner NOC), and properly drafted Memorandum and Articles of Association. Digital signatures (DSC) for directors are mandatory for MCA filings.
Q8. How long does it take to incorporate a startup in India?
If documents are in order, incorporation through the SPICe+ form usually takes 3–7 working days from filing to Certificate of Incorporation, and another 3–7 days for bank account opening, GST (if applied) and basic operational readiness.
Q9. What is SPICe+ and why does it matter for founders?
SPICe+ is an integrated MCA form that lets you apply in one shot for company incorporation, PAN, TAN, DIN, EPFO, ESIC and optionally GST. This reduces multiple filings, but also means any missing document can delay several registrations together.
Q10. What is DIN and does every director need one?
DIN (Director Identification Number) is a unique number issued by the MCA to identify directors. Every person who wants to be a director must have a DIN, and it is valid for life; however, annual DIR-3 KYC filing is mandatory to keep it active.
Q11. Can foreign nationals be co-founders or directors in an Indian startup?
Yes, foreign nationals can be shareholders and directors in Indian companies, subject to FDI rules and, in some cases, security / Press Note 3 approvals. At least one director must still be a resident in India, and foreign directors must complete additional KYC and notarisation steps.
Q12. What is Press Note 3 and why should founders care?
Press Note 3 restricts investments from countries sharing land borders with India (like China, Pakistan, Bangladesh etc.) and requires government approval. Taking such funds without compliance can block future rounds and create serious FEMA and regulatory issues.
Q13. What is DPIIT-recognised startup status?
DPIIT recognition, granted via the Startup India portal, formally recognises you as a startup and unlocks benefits such as tax holidays, angel tax relief, faster IP processing, and labour law self-certification, provided you meet the age, turnover and innovation criteria.
Q14. Can an LLP get DPIIT startup recognition?
Yes, Private Limited Companies, LLPs and registered Partnership Firms can all apply for DPIIT recognition as startups, as long as they are under 10 years old, under the turnover limit and focused on innovation or scalable models.
Q15. What are the first legal steps after I get the Certificate of Incorporation?
Within 30 days you should hold your first board meeting, open a bank account, issue share certificates to founders, appoint an auditor, and file any necessary commencement and office verification forms. Ignoring these basics triggers penalties and makes due diligence harder later.
Q16. Do I need a company secretary from day one?
Most early-stage Private Limited Companies are not legally required to appoint a full-time CS; however, working with a CS firm from day one helps avoid common MCA mistakes, missed filings and cap table problems that later scare investors.
Q17. Can I run multiple businesses under one Private Limited Company?
You can run related or compatible activities if your objects clause in the Memorandum of Association allows it. For very different businesses (e.g., SaaS plus manufacturing), or if investors want a pure-play entity, it is usually better to create separate companies.
Q18. When should I think of creating a holding company (India or abroad)?
You start thinking about holding structures when you are planning cross-border expansion, multi-subsidiary operations, global ESOPs or complex investor participation. Getting this wrong early creates heavy tax and FEMA clean-up costs later, so this is a classic “speak to counsel first” area.
Q19. Is it possible to convert an LLP or Partnership Firm to a Private Limited Company later?
Yes, conversions are possible but involve ROC filings, asset and contract transfers, and sometimes tax events. It is doable, but more expensive than getting the structure right at the beginning.
Q20. What are the most common incorporation mistakes first-time founders make?
Typical mistakes include picking the wrong structure, issuing equity casually without proper agreements, ignoring founder vesting, not documenting loans and IP assignments, and treating MCA / tax compliance as an afterthought until the first funding round.
2. Tax & Financial Compliance (20 FAQs)
Q21. What are the key tax registrations a new startup must consider?
Most startups need a PAN, TAN, bank account, GST registration once they cross the threshold, and possibly Professional Tax and Shops & Establishment registrations depending on the state. DPIIT-recognised startups should also evaluate Section 80-IAC tax holiday eligibility early.
Q22. When is GST registration mandatory for a startup?
GST registration is mandatory once your annual aggregate turnover crosses the prescribed threshold (commonly ₹20 lakh for services, higher for goods), or if you are doing inter-state supplies, e‑commerce, or specific notified activities where registration is compulsory from rupee one.
Q23. Should I voluntarily take GST even before crossing the threshold?
Voluntary registration can make sense if you mainly serve GST-registered B2B clients (they expect GST invoices) or incur high GST on your inputs and want to claim input tax credit. The trade-off is monthly compliance even in low-revenue months.
Q24. What direct tax benefits do DPIIT-recognised startups get?
Recognised startups can apply for a 3-year 100% income-tax holiday under Section 80‑IAC (subject to approval and conditions), structured angel tax relief, and some capital gains and investment-related relaxations that significantly improve post-tax runway.
Q25. Does the removal / relaxation of angel tax help Indian startups?
Yes, rationalisation of so‑called “angel tax” for genuine, DPIIT-recognised startups reduces the risk that share premium in early rounds is treated as taxable income. This makes priced rounds and ESOPs more workable from a tax perspective.
Q26. What are my basic annual income tax obligations as a startup founder?
Your startup must file its corporate return on time, and you, as an individual, must file your personal ITR reporting salary, director fees, capital gains and any ESOP transactions. Late or incorrect filings affect your eligibility for exemptions and can complicate future scrutiny or exits.
Q27. How does TDS work for startups?
Whenever your company pays salaries, professional fees, rent and certain other specified amounts, it may need to deduct TDS at source, deposit it to the government within the prescribed timelines, and file TDS returns. Mishandling TDS is one of the most common early compliance failures.
Q28. Do early-stage loss-making startups still need to file returns?
Yes, filing is mandatory even if you have losses or zero revenue. Timely filing allows you to carry forward business losses, preserve eligibility for benefits, avoid penalties and demonstrate clean compliance history to future investors and acquirers.
Q29. What financial records and books must a startup maintain?
You should maintain proper books of account, invoices, bank reconciliations, payroll records, vendor contracts, board resolutions and statutory registers. In the digital era, clean, well-structured data in your accounting and compliance systems is a huge asset during diligence.
Q30. When does a startup need a statutory audit?
Companies generally need statutory audits once they cross prescribed turnover or borrowing thresholds, or in some cases right from incorporation depending on their structure. Even if not technically required, many funded startups maintain audited financials to satisfy investor expectations.
Q31. How does startup cash-burn planning interact with tax and compliance?
Your burn plan should include provisions for GST, TDS, ROC fees and professional costs, not just product and hiring. Many founders underestimate compliance cash-outs and face avoidable crunches around due dates or during fundraise.
Q32. Are ESOPs taxable for employees in India?
Yes, ESOPs typically trigger tax at exercise (as perquisite) and at sale (as capital gains). The exact structure, timing and scheme design can significantly alter the tax impact, which is why founders should design ESOP policies with both legal and tax advisors.
Q33. How can startups use tax planning without crossing into tax evasion?
Legitimate tax planning involves choosing the right entity, making use of available exemptions, timing income and expenses sensibly and documenting everything. Aggressive channel stuffing, sham contracts or circular transactions are clear red flags and will eventually unravel.
Q34. What should founders know about advance tax and self‑assessment tax?
Even if you have not been profitable historically, once you are heading towards profit in a year you may need to pay advance tax in instalments. Underpaying, or paying everything only at year-end, can attract interest and scrutiny.
Q35. How can I keep compliance costs lean in the first 12–18 months?
Focus on: right structure from day one, a good CS + tax advisor combination, a simple accounting stack, and a discipline of monthly closure. Cutting corners by ignoring compliance usually costs 5–10x more later in penalties and transaction clean-ups.
Q36. What financial and tax documents do VCs look at during diligence?
Investors typically review audited financials, GST and TDS compliance, ROC filings, cap table and share allotment history, related-party transactions, major contracts, and any tax notices or ongoing disputes before wiring money.
Q37. Can unpaid founder salaries be documented as loans?
Yes, deferred founder compensation or capital infusions can be documented as loans, convertible notes or equity subscriptions, but the structure, interest (if any) and repayment rights need to be papered correctly to avoid later tax and related‑party issues.
Q38. Is it risky to mix personal and company expenses in one bank account?
Yes, commingling funds blurs the line between you and the company, weakens limited liability, complicates audits and can be fatal in disputes or insolvency. Open a proper company current account and strictly separate personal and business spends.
Q39. Do Indian startups need transfer pricing documentation?
If you transact with foreign group entities or certain related parties, you may fall under transfer pricing rules and need proper documentation to substantiate that pricing is at arm’s length. Ignoring this in cross‑border structures is a serious mistake.
Q40. When should I bring in a full‑time CFO or strong finance head?
You can often manage with a good CA + outsourced finance team initially, but by the time you reach late seed / Series A, having a strong internal finance lead or CFO becomes important for forecasting, fundraising support, board reporting and risk management.
3. Funding, Equity & Cap Table (18 FAQs)
Q41. How much equity should founders keep after the seed round?
As a rough benchmark, founding teams often try to retain 60–70% post‑seed so they still have meaningful skin in the game through Series A/B. The exact number depends on how much you raise, valuation, and whether there are multiple co-founders.
Q42. What is a SAFE and can Indian startups use it?
A SAFE (Simple Agreement for Future Equity) is a contract where investors put in money now in exchange for future equity at a trigger event. In India, SAFEs need to be carefully structured to comply with Companies Act, FEMA and pricing regulations; often, convertible preference shares or CCDs are safer equivalents.
Q43. What is founder vesting and why is it standard now?
Founder vesting means founders earn their shares over time (e.g., 4 years with a 1‑year cliff), rather than owning 100% on day one. This protects the company and remaining founders if someone leaves early and is now seen as basic hygiene by serious investors.
Q44. How big should my ESOP pool be before seed or Series A?
Typical early pools are 5–10% pre‑seed, 10–15% before Series A, and sometimes increased to 15–20% before later rounds, depending on hiring needs and how senior your target hires are. Pools must be factored into pre‑money vs post‑money calculations.
Q45. What is pre‑money vs post‑money valuation in practical terms?
Pre‑money is the value of your company before new money comes in; post‑money is pre‑money plus the new investment. If a startup at ₹20 crore pre‑money raises ₹5 crore, the post‑money is ₹25 crore and the new investor owns 20%.
Q46. How does dilution actually work across multiple rounds?
Each new round issues fresh shares, which reduces existing holders’ percentage even if their absolute number of shares stays the same. Good cap table tools or simple models help you simulate how today’s decisions affect your future ownership by Series B or C.
Q47. What are liquidation preferences and why do they matter?
Liquidation preferences define who gets paid first and how much in an exit or downside scenario. A standard 1x non‑participating preference is market‑normal; higher multiples or participating structures can heavily skew exit proceeds away from founders and employees.
Q48. Should founders sign personal guarantees for company debt?
In most high‑growth startup contexts, founders try to avoid personal guarantees for company obligations, especially for venture debt or working capital lines. If a lender insists, it is important to understand the risk in worst‑case failure scenarios.
Q49. What are common ESOP mistakes founders make?
Frequent mistakes include promising ESOPs informally without proper grants, ignoring valuation and tax at exercise, failing to create a formal plan approved by the board and shareholders, and not aligning vesting with performance and retention goals.
Q50. What happens to founder equity if a co‑founder leaves early?
If you have a proper vesting and reverse‑vesting structure, unvested shares can be clawed back or repurchased at nominal value, allowing you to reallocate equity to new key hires. If there is no such structure, you end up with large chunks of “dead equity” on the cap table.
Q51. Can investors force a founder out of the company?
Serious governance failures, fraud, repeated breach of obligations or deadlocks can, in some structures, trigger investor rights to replace founders as directors or key executives. Well-drafted shareholder and employment agreements help balance protection with fairness.
Q52. How should I structure advisory equity or sweat equity?
Advisors are usually given small grants (e.g., 0.25–1%) vesting over 1–2 years for specific, high‑value contributions. Sweat equity for early contributors must comply with Companies Act rules on pricing, approvals and disclosures.
Q53. What is a data room and what should go into it for fundraising?
A data room is an organised set of documents shared with serious investors: certificates, cap table, financials, major contracts, IP assignments, ESOP plan, compliance proofs, notices and litigations (if any). Clean data rooms reduce friction and build trust.
Q54. How important is a clean cap table for later rounds or exits?
Messy cap tables—with undocumented share transfers, side letters, stray promises and disputes—are one of the fastest ways to delay, discount or kill a deal. Many sophisticated investors simply walk away from structurally messy companies.
Q55. Can I give equity to freelancers or vendors instead of cash?
You can, but equity-for-service transactions must be carefully valued, documented and compliant with securities, tax and accounting rules. Over‑using equity as currency also risks unnecessary dilution and signalling issues.
Q56. What is an anti‑dilution clause and should I agree to one?
Anti‑dilution protects investors if you raise a future round at a lower valuation (“down round”) by adjusting their price or number of shares. Broad‑based weighted average anti‑dilution is relatively standard; full‑ratchet provisions can be very punitive and should be negotiated carefully.
Q57. How do I protect myself from abusive term sheets?
Work with an experienced startup counsel, understand each clause (especially liquidation preference, anti‑dilution, control rights and founder vesting), and resist over‑complicated structures for small cheques. A “wrong” investor or structure can be worse than no money.
Q58. When should I formalise a founders’ agreement or co‑founder agreement?
Ideally before incorporation or immediately after, when equity splits, roles, decision rights, vesting, non‑competes and dispute‑resolution mechanisms can be written down clearly, before there is serious money or ego on the table.
4. Employment, HR & Labour Compliance (20 FAQs)
Q59. What must be in a standard startup employment offer letter in India?
Key elements include role, location (including remote/hybrid terms), compensation split, variable components, probation period, notice period, confidentiality, IP assignment, non‑solicitation and termination conditions. Offer letters and employment contracts should align.
Q60. Do I need written employment contracts for all team members?
Legally, many terms can be implied, but from a risk and IP standpoint you should have clear, written employment contracts for all full‑time employees, especially anyone with access to code, customer data or strategy.
Q61. What is the difference between probation and confirmation?
Probation is the initial period where either side can terminate with shorter notice and performance is evaluated. On confirmation, employees generally get stronger protections, longer notice and eligibility for certain benefits, depending on your policy and local law.
Q62. When do EPF and ESIC become mandatory for a startup?
EPF and ESIC thresholds depend on employee count and wage levels. Once you cross those limits, you must register, contribute the prescribed percentages and file periodic returns; non‑compliance creates both monetary and potential criminal exposure for officers in default.
Q63. Can I treat full‑time workers as “freelancers” to avoid compliance?
Misclassifying full‑time employees as contractors or freelancers to dodge labour laws is a classic mistake. Authorities and courts look at substance over labels; if the relationship is one of control and integration, employment obligations may apply regardless of title.
Q64. What should a robust NDA and IP assignment clause cover?
It should clearly cover confidentiality, non‑use outside company work, assignment of all intellectual property created in the course of employment or engagement, moral rights waivers where permitted, and return / destruction of materials on exit.
Q65. Are non‑compete clauses enforceable in India?
Post‑employment non‑competes are difficult to enforce in India and are often struck down as restraints of trade. Reasonable non‑solicitation and confidentiality provisions, plus sensible vesting and good‑leaver / bad‑leaver structures, tend to be more practical.
Q66. Do Indian startups need POSH (sexual harassment) compliance from day one?
If you have 10 or more employees, you must constitute an Internal Committee and comply with the POSH Act. Even before that, it is good practice to have a clear policy, training and complaint-handling mechanism to protect your people and your brand.
Q67. How should I handle remote employees working from different states?
Different states have different Shops & Establishment, Professional Tax and local labour rules. Remote arrangements may still create state‑specific obligations, so you should map where your team is actually located and align compliance accordingly.
Q68. What are the legal requirements around working hours and overtime?
Applicable state Shops & Establishment and labour laws regulate maximum hours, overtime, weekly offs and night shifts. Startups often informally stretch workdays, but repeated, systemic violations can lead to inspections, penalties and reputational risk.
Q69. How do I legally terminate an underperforming employee?
You should follow the contractually agreed process—performance improvement plans, documentation, notice or notice pay, clear communication and final settlement. Unstructured, abrupt terminations can escalate into labour disputes or claims of unfair dismissal.
Q70. Do I need a written leave policy?
Yes. A documented leave policy covering earned leave, casual leave, sick leave, holidays and special leave (e.g., maternity, paternity) adds predictability for both sides and helps ensure alignment with statutory minimums.
Q71. Are interns covered under labour laws?
Paid interns and trainees can still trigger certain labour obligations, depending on the nature of engagement and duration. Clear intern agreements, stipends, working‑hours policies and basic protections are advisable, even for short‑term roles.
Q72. Can I pay early employees mostly in equity instead of cash?
You can combine modest salaries with ESOPs, but you must comply with minimum wage requirements, properly document grants and manage expectations. Pure “work for equity, no cash” arrangements are risky and often unsustainable.
Q73. What HR and employment documents go into investor due diligence?
Investors typically ask for sample employment contracts, ESOP plan and grant register, HR policies (POSH, leave, code of conduct), contractor agreements, and any ongoing or threatened disputes with employees or ex‑employees.
Q74. How can I build HR compliance into my monthly routine without massive overhead?
Treat HR compliance like bookkeeping: maintain a simple calendar of obligations (payroll, EPF/ESIC, PT, TDS, filings, policy reviews), assign clear internal ownership, and partner with an advisor who can run quarterly health checks and catch issues early.
Q75. When should a startup create a formal employee handbook?
Once you have 10–15 employees and multiple functional teams, an employee handbook that consolidates policies on conduct, leave, benefits, IT usage, confidentiality and grievance processes becomes very helpful and reduces ad‑hoc exceptions.
Q76. How do I handle employee data privacy and access control?
Limit access to “need to know”, define clear admin privileges, log access to sensitive systems, use NDAs and policy acknowledgements, and align with India’s data protection framework and any foreign regulations relevant to your user base.
Q77. What should an exit checklist for departing employees include?
Collect company devices, revoke access, settle dues, obtain formal acknowledgements on handover, remind them of continuing confidentiality obligations, document ESOP or equity position, and update your org and access charts.
Q78. Should I allow moonlighting or side gigs for employees?
You can permit or restrict outside work through policy and contracts. Total bans may be impractical, but you should at least prohibit conflicting work, client poaching and use of company time or resources for outside business.
5. Intellectual Property & Brand Protection (18 FAQs)
Q79. When should I register my startup’s brand name and logo?
Ideally as soon as you are serious about the brand and before large marketing spends. Early trademark applications reduce the risk of costly rebranding and provide leverage if copycats emerge as you grow.
Q80. Can I operate on an unregistered brand or logo initially?
Yes, common law rights exist, but they are weaker and harder to enforce. Registration gives you statutory rights, nationwide protection in your class, and makes enforcement and takedowns significantly easier.
Q81. What is the difference between trademark, copyright and patent for startups?
Trademarks protect brand identifiers (names, logos, slogans), copyrights protect original creative works and software code, and patents protect novel, inventive and industrially applicable technical solutions. Many tech startups leverage a combination of all three.
Q82. Who owns the IP created by employees or contractors?
By default, employees often create IP for the employer within the scope of employment, but this should be explicitly confirmed in contracts. For contractors and freelancers, ownership does not automatically transfer—you must obtain a written assignment.
Q83. How can I protect source code and algorithms without filing patents?
Robust NDAs, access‑control, internal policies, clear employment and contractor IP clauses, and disciplined version control and logging reduce leakage risk. For some core inventions, you may still want to consider patent filings.
Q84. Should a small startup invest in patents early?
Patents are expensive and slow. They make most sense where you have truly novel, defensible tech and a strategy to commercialise or license it. For many early-stage startups, focusing first on product‑market fit, trade secrets and trademarks is more efficient.
Q85. What is IP due diligence in a funding or M&A deal?
Investors and acquirers check whether key IP is actually owned by the company (not founders personally), confirm registrations and assignments, look for third‑party claims, and assess whether open‑source or third‑party code has been used compliantly.
Q86. How do I handle open‑source licenses in my product?
You must respect license terms (MIT, Apache, GPL etc.) and track what libraries you use. Some licences require attribution; others require you to open‑source your own modifications. Mishandling open‑source can create hidden obligations that derail diligence.
Q87. Can two startups use the same brand name in different sectors?
Sometimes yes, if they operate in clearly distinct classes and there is minimal risk of confusion. However, as digital boundaries blur, disputes become more likely, so distinct, protectable branding is safer.
Q88. What should I do if I receive a trademark infringement notice?
Do not ignore it. Analyse whether the claim has merit, compare classes, geographies and prior use, and take counsel before responding. Knee‑jerk, emotional responses or admissions can hurt you later.
Q89. How do I protect my brand online (domains, social handles, marketplaces)?
Register core domains and key variants early, secure main social handles, and use platform takedown procedures for obvious impersonation or cybersquatting. Trade mark registration dramatically strengthens your position in such disputes.
Q90. Is it necessary to register copyrights for my website or app UI?
In many cases, copyright arises automatically on creation, but registration provides evidentiary weight and can make enforcement easier. For critical assets (e.g., flagship UI, original content), registration is often worth the minimal extra effort.
Q91. How should I license my IP to channel partners or resellers?
Use well‑drafted license or distribution agreements that define scope, territory, term, fees, restrictions, confidentiality, improvement ownership, audit rights and exit consequences. Vague or handshake licensing deals often lead to disputes.
Q92. What is “work for hire” and does it apply in India?
The “work for hire” concept broadly aligns to employer ownership of employee‑created works in the course of employment, but Indian law has nuances; never rely solely on assumptions—use express IP assignment clauses to eliminate doubt.
Q93. How often should I review my IP portfolio?
At least annually, or before major events (fundraise, launch in new markets, M&A). IP portfolios can quickly get outdated as products evolve and new brands, domains and content are created.
Q94. How do I monetise IP beyond my core product?
Options include licensing, white‑labelling, franchising, spin‑offs, data monetisation, and strategic partnerships. Strong documentation and clear ownership make these conversations credible.
Q95. Can I file international trademarks and patents from India?
Yes, frameworks like Madrid Protocol (for trademarks) and PCT (for patents) support international protection, but they involve separate costs, timelines and local counsel in target countries. Decisions should align with your go‑to‑market roadmap.
Q96. What are common IP red flags for investors?
Founders personally owning core IP instead of the company, missing assignment deeds from ex‑employees or agencies, serious conflicting trademarks, and heavy, non‑compliant open‑source dependence are classic red flags.
6. Data Protection, Cyber & Third-Party Risk (12 FAQs)
Q97. Do Indian startups need a formal privacy policy on day one?
Yes, if you collect any personal data from users, you should have a clear, accessible privacy policy explaining what you collect, why, how long you store it and with whom you share it. Many platforms and partners now make this a precondition to integration.
Q98. How does India’s evolving data protection framework impact startups?
Even before full enforcement of new data protection laws, regulators and partners expect basic principles: purpose limitation, consent, security safeguards, breach notification and user rights. Ignoring this can cost you enterprise deals and reputational damage.
Q99. What should a basic data processing and security framework include?
Founders should define what data is collected, where it is stored, who can access it, how it is encrypted or protected, and what happens in case of incidents. For B2B vendors, strong DPAs and security posture often become competitive differentiators.
Q100. Do I need DPAs (data processing agreements) with vendors and processors?
Yes, vendors who handle your customer or employee data should sign DPAs clarifying roles, responsibilities, security expectations and breach notice requirements. In many global deals, you will see standard DPA templates as part of the MSA.
Q101. What is third‑party risk management (TPRM) in a startup context?
TPRM is the discipline of assessing and managing risks posed by your vendors, partners and outsourced providers—cloud, payment gateways, KYC providers, analytics, etc. As soon as you deal with enterprises, they will expect you to have credible TPRM answers.
Q102. When does cyber insurance make sense for a startup?
Once you handle significant user data, run critical SaaS infrastructure or deal with regulated industries, cyber insurance can help transfer part of the financial risk of breaches or downtime. Its relevance grows as your scale and exposure grow.
Q103. What should I do if my startup suffers a data breach?
You should quickly investigate and contain the issue, log evidence, notify affected parties and regulators where required, and coordinate with legal and security advisors. Attempting to hide or downplay breaches tends to backfire.
Q104. How can I demonstrate security maturity to enterprise customers?
Having written policies, access controls, basic certifications (where appropriate), incident response playbooks and transparent documentation about your architecture goes a long way. Many large customers now run formal security questionnaires and audits.
Q105. Do I need consent banners or cookie notices on my site?
If you use cookies for analytics, tracking or advertising, clear disclosures and, in some jurisdictions, consent mechanisms are expected. Many privacy regulations internationally explicitly require it; using best practice keeps you future‑proof.
Q106. How can startups integrate security and compliance without slowing product speed?
The trick is to embed lightweight reviews into your development process, not bolt them on at the end: standard checklists for new features, vetted third‑party components, and a simple risk‑based framework for prioritising fixes.
Q107. Are there specific cyber obligations for fintech and healthtech startups?
Yes, sectoral regulators (RBI, IRDAI, health authorities) often have additional security, data localisation and reporting requirements. Operating in these verticals without understanding regulator expectations is extremely risky.
Q108. What is a whistle‑blower or ethics hotline and does a startup need one?
A whistle‑blower mechanism allows employees and partners to report misconduct or ethical concerns safely. While not always mandatory in early stages, having a simple, trusted channel is a strong governance signal and can prevent issues from exploding later.
7. Governance, ROC & Ongoing Compliance (15 FAQs)
Q109. What are the key annual ROC compliances for a Private Limited startup?
Typical annual requirements include filing financial statements, annual returns, director KYC, maintaining statutory registers, holding board and shareholder meetings as required, and reflecting any share issuances, transfers or major decisions through proper filings.
Q110. How often must a startup hold board meetings?
Companies generally must hold a minimum number of board meetings each year with proper notice, quorum and minutes. Beyond the legal minimum, regular, disciplined board meetings give structure to strategy, oversight and founder‑investor alignment.
Q111. What decisions must be taken through board or shareholder resolutions?
Issuing shares, approving funding rounds, appointing or removing directors, adopting ESOP schemes, entering into major contracts and changing key policies typically require formal resolutions and, in some cases, shareholder approval.
Q112. What are statutory registers and do I really need them?
Yes, registers of members, directors, charges, contracts and others are legally required records. Investors and regulators expect them to be up to date; reconstructing them from scratch during a round is painful and avoidable.
Q113. What is a Significant Beneficial Owner (SBO) and when must I report?
SBO rules require disclosure of individuals who ultimately own or control significant stakes through layers of entities. If you have such structures, you must make and file proper declarations; ignoring SBO rules is a red flag in compliance reviews.
Q114. How do I correctly record related‑party transactions?
Transactions with founders, directors, their relatives or their entities must generally be disclosed and sometimes pre‑approved by the board or shareholders. Keeping them at arm’s length and properly documented is critical for governance and tax.
Q115. Can my company be struck off for non‑compliance?
Yes, repeated failure to file returns or operate legitimately can lead to your company being struck off the register. Restoring a struck‑off company is possible but slow, expensive and reputationally damaging.
Q116. What is the process to voluntarily close a dormant or failed startup?
Orderly closure typically involves clearing dues, obtaining stakeholder consents, filing closure documents with ROC and, where relevant, following voluntary liquidation or fast‑track schemes. Walking away informally leaves lingering legal and tax risks.
Q117. How do I prepare for a legal or financial due diligence?
Maintain a clean document repository with incorporation papers, ROC filings, board minutes, contracts, HR documents, IP assignments, tax filings and notices. The more organised you are, the faster and less painful the diligence.
Q118. Do I need independent directors at an early stage?
Legally, early‑stage private companies are often not obliged to appoint independent directors, but adding at least one experienced, non‑executive advisor to your board can improve governance, investor confidence and decision‑making quality.
Q119. Should I create board committees (audit, compensation) early?
Formal committees are usually mandatory only beyond certain size thresholds, but creating lightweight audit or compensation committees even earlier can structure oversight of finance and equity decisions, especially post‑Series A.
Q120. How do I handle notices from ROC, tax or other authorities?
Never ignore a notice. Read it carefully, understand what is being asked, gather required documents and respond within time, ideally with professional support. Silence or sloppy replies can escalate routine queries into serious proceedings.
Q121. What are common ROC and compliance red flags for investors?
Frequent red flags include missing filings, back‑dated resolutions, unexplained gaps in registers, undocumented share issuances or transfers, and multiple, unresolved notices. Cleaning these up early can materially improve your fundraising odds.
Q122. How should I store and back up legal and compliance documents?
Use a secure digital repository with logical folder structures, role‑based access and regular backups. Avoid storing everything only in scattered email threads or on a single individual’s laptop.
Q123. What is the biggest compliance mindset shift founders must make?
Treat compliance as infrastructure, not a cost centre. Good legal, tax and governance hygiene compounds over time, increases valuation, reduces transaction friction and lets you focus on what really matters: building and scaling the business.
8. Founder Issues, Disputes & Exits (18 FAQs)
Q124. When should founders sign a formal founders’ agreement?
The ideal time is before or at incorporation, when you can rationally discuss equity splits, roles, vesting, decision‑rights, non‑competes, IP and exit mechanisms, instead of negotiating under stress during a conflict or funding round.
Q125. How do we decide a “fair” equity split between co‑founders?
There is no magic formula, but you should consider contribution (past and future), risk taken, opportunity cost, irreplaceability and planned roles. Slightly asymmetric splits with vesting are often healthier than artificial 50‑50s that lead to deadlocks.
Q126. What is a good‑leaver / bad‑leaver concept?
These clauses define what happens to a founder’s equity if they leave: good‑leavers (e.g., health, family reasons) may retain more vested equity, while bad‑leavers (e.g., misconduct) may be forced to give up part or all of their unvested or even vested holdings on predefined terms.
Q127. What happens if founders fundamentally disagree on direction?
Without clear decision‑making rules, such deadlocks can paralyse the business. Well‑drafted founder agreements, defined CEO authority, board oversight and pre‑agreed dispute mechanisms (mediation, buy‑sell clauses) help resolve or at least manage such situations.
Q128. Can a founder start a competing business after leaving?
This depends on the contracts they signed, local non‑compete enforceability and the facts. Strong confidentiality and IP covenants, coupled with fair vesting and exit economics, reduce the temptation and legal risks of direct competition.
Q129. How should founders think about personal asset protection?
Incorporation itself separates personal and company assets, but personal guarantees, co‑borrowing, informal mix of personal and company money and unpaid tax or TDS obligations can pierce that shield. Doing things “properly” protects both you and your family.
Q130. How are founders taxed on a successful exit?
Tax treatment depends on holding period, nature of shares, residency, double‑tax treaties and structuring. Many founders plan their exit tax footprint years in advance across jurisdictions, often with specialist tax and private‑wealth advisors.
Q131. What if a founder wants to leave before product‑market fit?
Early exits are common. You should have a calm conversation, refer to the founder agreement and vesting schedule, adjust responsibilities and, where necessary, re‑paper share transfers or buybacks to keep the cap table clean and fair.
Q132. How should we handle founder mental health and burnout?
Legal and tax structures help little if founders burn out. Setting realistic expectations, sharing load, using proper governance (so everything is not on one person) and consciously designing rest and recovery into the journey is as important as compliance.
Q133. Are founders personally liable for company debts?
Generally, liability is limited, but personal guarantees, wilful defaults, fraud, mis‑statements, unpaid statutory dues (like TDS or employee contributions) and certain regulatory offences can create personal exposures. Knowing where the lines are is critical.
Q134. What is “founder lock‑in” and is it negotiable?
Investors often require founders to commit to stay for a minimum period or until certain milestones, sometimes with equity and vesting linked. The exact terms are negotiable, but some level of lock‑in is standard for meaningful rounds.
Q135. How can we avoid co‑founder disputes spilling into the team and market?
Keep internal communication honest but measured, use agreed processes for resolving disputes, avoid public mud‑slinging, and where possible, settle quietly with clear documentation. Messy public fights materially hurt hiring, funding and customer trust.
Q136. When should a founder get independent legal advice separate from the company’s counsel?
In highly personal matters—such as exit negotiations, allegations against them, or significant changes to their equity or role—it is often prudent for founders to have their own independent counsel, distinct from the company’s or investors’ lawyers.
Q137. What if a founder’s personal conduct threatens the company’s reputation?
Good governance frameworks allow for investigation, temporary suspension or even removal from leadership roles in extreme cases. Balancing due process, fairness and brand protection becomes critical.
Q138. How can founders design their own succession plan?
Succession planning includes grooming internal leaders, defining when and how a professional CEO or CFO may be brought in, and ensuring the company is not dependent on one person’s presence for basic functioning.
Q139. How should a founder prepare legally for a second or third startup?
Close or clean up prior entities properly, honour or clearly terminate prior non‑competes and obligations, and structure new ventures with learnings from past cap table, compliance and governance mistakes baked in.
Q140. What is the single biggest founder legal mistake across all stages?
Treating legal, tax and compliance as reactive, deal‑by‑deal hygiene instead of as strategic infrastructure. The best founders use law to create leverage, trust and speed, not just to “tick boxes” for investors.
9. Government Schemes & Ecosystem (12 FAQs)
Q141. What are the main benefits of the Startup India initiative?
Key benefits include DPIIT recognition, tax holidays, faster IP processing with subsidised fees, relaxed norms in certain tenders, and access to curated programs, incubators and funding schemes for recognised startups.
Q142. What is the Startup India Seed Fund Scheme (SISFS)?
SISFS provides financial assistance to eligible early‑stage startups via selected incubators, primarily for proof‑of‑concept, prototype development, product trials, market entry and commercialisation. Each call has specificeligibility and application processes.
Q143. Are there state‑specific startup policies I should care about?
Yes, many states like Karnataka, Maharashtra, Delhi‑NCR and others have their own startup policies, incubator networks and fiscal incentives such as reimbursements, subsidies and credits. Aligning your footprint with supportive states can be very valuable.
Q144. Can recognised startups really bypass prior experience criteria in tenders?
In many government tenders, DPIIT‑recognised startups get relaxations on prior turnover and experience criteria, though they must still meet quality and technical conditions. This allows younger companies to compete for large contracts they would otherwise be locked out of.
Q145. Are there any export or import benefits for tech and product startups?
Certain export‑oriented units and technology companies can access schemes that support foreign market entry, reduced duties or special zones. The exact fit depends on your sector, product and markets.
Q146. How can startups engage with government incubators and acceleration programs?
Most government‑backed incubators and accelerators publish calls for applications with sector focus, stage, and selection criteria. Participating can provide not just money but also credibility, networks and policy visibility.
Q147. Do government grants come with equity dilution?
True grants are non‑dilutive, but many schemes are hybrids or linked to equity, convertible instruments or revenue‑sharing. Reading the fine print is essential before committing your cap table.
Q148. How do I avoid becoming over‑dependent on grants and schemes?
Treat schemes as accelerators, not lifelines: your core business model must stand on real customer value. Grants can distort focus if they become your primary fuel instead of a booster.
Q149. How can I track relevant schemes and policy changes for my startup?
Following official portals, startup cells, professional advisors and focused communities helps you stay updated. Many founders also delegate “policy radar” to an internal owner so you do not miss time‑bound opportunities.
Q150. Can Bhavya Sharma & Associates help me select and apply for the right schemes?
Yes. Our team regularly supports founders in assessing eligibility, structuring entities to qualify, and preparing robust, compliant applications for central and state‑level schemes, while ensuring long‑term tax and legal alignment with your growth plan