Introduction: due diligence is a funding readiness test, not a paperwork ritual

For an Indian startup, investor due diligence answers one direct question: can the investor safely put capital into this company without discovering hidden legal, regulatory or governance risk after signing? The answer depends less on pitch-deck polish and more on whether the startup’s filings, approvals, contracts, ownership records, tax trails and board papers tell one consistent story.

In 2026, investors are moving faster on good companies but slower on messy documentation. A founder may have revenue, product traction and a committed lead investor, yet still lose time if the company cannot explain share issuances, FEMA filings, ESOP grants, vendor contracts, founder IP assignment, statutory registers or related-party transactions.

This checklist is written for founders who want to prepare before the investor asks. It is also the reason BSA positions due diligence as a board-level readiness exercise, not a panic task after the term sheet.

1. Start with the corporate spine: incorporation, objects and statutory records

The first diligence layer is the company’s legal identity. Investors will check whether the entity is correctly incorporated, active on MCA records, governed by a consistent Memorandum and Articles of Association, and able to legally carry on the business it claims to operate.

Founders should keep these documents ready:

• Certificate of incorporation.
• Memorandum and Articles of Association with all amendments.
• Latest master data and active company status.
• PAN, TAN, GST and other registrations relevant to the business.
• Statutory registers, including members, directors, charges, transfers and securities allotments.
• Board and shareholder meeting minutes.
• Share certificates and proof of stamp duty where applicable.

The most common risk is not absence of incorporation. It is inconsistency: the cap table says one thing, the register of members says another, the return of allotment says a third, and the investment agreement assumes all of them match.

2. ROC filings: make the MCA record match the company’s story

ROC compliance is the evidence layer for Indian company law. Before a funding round, a startup should verify that annual filings, event-based filings and corporate action filings are complete.

A clean diligence file should not merely upload forms. It should include the board resolution, shareholder approval, valuation report, bank credit proof, form challan and final MCA approval or SRN status for each material action.

3. FEMA readiness: foreign money needs a clean reporting trail

If the startup has foreign investors, foreign holding entities, overseas subsidiaries, convertible instruments or non-resident founders, FEMA becomes central. RBI’s Foreign Investment in India Master Direction states that foreign investment in an Indian company is governed by FEMA, the Non-Debt Instruments Rules and related mode of payment and reporting regulations.

For funding diligence, founders should check:

1. Whether foreign investment came through permitted banking channels.
2. Whether the company filed FC-GPR for equity or compulsorily convertible instruments within the required reporting framework.
3. Whether downstream investment, transfer pricing, sectoral caps or prohibited sector checks are relevant.
4. Whether convertible notes meet startup eligibility and documentation conditions.
5. Whether FLA return obligations apply because the company has foreign assets or liabilities.
6. Whether past delays need compounding or regularisation strategy before a new round.

FEMA diligence is unforgiving because small reporting delays can become transaction blockers. If a foreign investor is entering the cap table, the company should not discover a missed FC-GPR or unclear valuation only after legal counsel begins closing.

4. Cap table and securities: every share must have a legal trail

The cap table is the founder’s ownership map, but investors read it as a legal instrument. A cap table is diligence-ready only when every line can be matched to legal documents.

Keep a securities folder with:

• Incorporation subscription details.
• Share allotment resolutions.
• PAS-3 and proof of filing.
• Share certificates and stamp duty evidence.
• Share transfer instruments, if any.
• Valuation reports for preferential allotments.
• Investment agreements, SHA, SSA, SAFE or convertible note documents.
• Updated fully diluted cap table.

Founders should also reconcile promised equity, advisory equity and verbal commitments. A casual promise made to an early consultant can become a serious diligence issue if it is not documented, waived or properly approved.

5. ESOP diligence: option grants need board discipline

ESOPs are attractive to investors when they help retention. They become a red flag when grants are informal, vesting is unclear, exercise price is unsupported or the ESOP pool has not been approved correctly.

For a private company, the diligence file should include:

1. ESOP scheme.
2. Board and shareholder approvals.
3. Grant letters.
4. Vesting schedules.
5. Exercise records.
6. Lapsed and cancelled option records.
7. Updated ESOP pool in the fully diluted cap table.
8. Tax and payroll treatment where options are exercised.

The practical rule is simple: no employee, advisor or founder should have equity expectations that are not visible in the data room.

6. Contracts, IP and founder obligations

Legal diligence is not limited to company filings. Investors will check whether the startup owns what it sells. This is especially important for SaaS, AI, fintech, healthtech, D2C and deeptech companies.

At minimum, founders should review:

• Founder employment or service agreements.
• IP assignment from founders, employees, consultants and agencies.
• Customer contracts and revenue terms.
• Vendor contracts and critical dependencies.
• Data processing and privacy terms.
• Open-source software usage where relevant.
• Trademark, copyright, patent or design filings.
• Litigation notices, disputes and threatened claims.

Many startups fail this layer because code, brand assets, product designs or customer databases were created before incorporation and never formally assigned to the company.

7. Tax, labour and operational compliance

Investors do not expect a young startup to have enterprise-scale systems. They do expect basic discipline. GST, TDS, payroll, PF/ESI applicability, professional tax, shops and establishments registrations, contractor payments and related-party dealings should be explainable.

Founders should prepare a compliance tracker with due dates, filings, challans, notices, pending disputes and remediation status. The goal is not to hide issues. The goal is to show control.

8. Board governance and founder risk

Good diligence also checks decision quality. A startup should maintain minutes that show board awareness of major actions: borrowing, fundraising, ESOP grants, related-party contracts, bank account authority, major customers, regulatory licenses and litigation.

Founders should also ensure that founder agreements, vesting provisions, non-compete clauses where enforceable, confidentiality obligations, deadlock provisions and exit mechanics are documented. An investor can price commercial risk. It is harder to price founder dispute risk.

9. A 30-day pre-fundraise cleanup plan

Use this sequence before opening a serious data room:

1. Reconcile MCA master data, filings and statutory registers.
2. Rebuild the cap table from legal documents, not spreadsheets alone.
3. Check all allotments, transfers and instruments against ROC filings.
4. Review FEMA filings for all non-resident investments.
5. Update ESOP scheme, grants and fully diluted calculation.
6. Collect all customer, vendor, founder, employee and IP assignment contracts.
7. Prepare a tax and labour compliance summary.
8. List open issues honestly with proposed fixes and timelines.
9. Hold a board meeting to approve the cleanup roadmap where required.

Sources and regulatory references

• RBI Master Direction – Foreign Investment in India: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=11200
• Startup India scheme portal: https://www.startupindia.gov.in/content/sih/en/startup-scheme.html
• MCA portal and Companies Act framework: https://www.mca.gov.in/
• BSA fundraise due diligence service: https://www.bhavyasharmaandassociates.com/services/fund-raise-due-diligence-service-for-startups-delhi-bangalore-gurgaon-2025/

FAQ Section

Founder / Business Takeaway

The strongest founders treat diligence as a trust-building exercise. A clean data room tells investors that the company is not only growing, but governable. If a startup wants institutional capital, it must make ROC, FEMA, ESOP, IP, tax and board records investor-ready before negotiation pressure begins.

Related BSA Resources

• Fund Raise Due Diligence: https://www.bhavyasharmaandassociates.com/services/fund-raise-due-diligence-service-for-startups-delhi-bangalore-gurgaon-2025/
• FEMA Compliance: https://www.bhavyasharmaandassociates.com/services/fema-compliance-foreign-investment-startups-2025-delhi/
• ESOP Setup and Equity Management: https://www.bhavyasharmaandassociates.com/services/esop-setup-equity-management-startups-2025-delhi/
• Founder Agreement and Cap Table Management: https://www.bhavyasharmaandassociates.com/services/founders-agreement-cap-table-management-startups-2025-delhi/
• ROC Compliance: https://www.bhavyasharmaandassociates.com/services/roc-compliance-service-for-startups-delhi-bangalore-gurgaon-2025/