In over three years of working with Indian employers across sectors — from early-stage startups to mid-size manufacturing firms — the POSH360 team has observed a consistent pattern: the violations that attract district authority attention are rarely deliberate. They are structural. They stem from how compliance is organised (or not organised) inside a company, not from bad intent.
"Most violations aren't intentional — they're structural."
Here are the five violations we see most frequently, with their legal risk and the specific steps to fix each one.
Section 4 of the PoSH Act makes constitution of an IC mandatory for any employer with 10 or more employees. Operating without one — or with an IC that lacks a qualified External Member — is a direct Section 26 violation, attracting fines up to ₹1,00,000 and potential licence cancellation.
Issue a formal IC constitution order signed by the employer or authorised signatory. The External Member must be from an NGO or must have documented experience with women's causes — not just anyone from outside the company. Retain a copy of their appointment letter and credentials. POSH360's External IC Member network makes this sourcing step fast and verifiable.
Section 21 requires the IC to prepare an annual report and submit it to the employer, who must in turn send it to the district officer. The majority of companies POSH360 audits have never filed a single annual report — even those with well-drafted policies and trained committees. This creates immediate exposure: a district officer's audit will flag missing filings for every year since the company crossed the 10-employee threshold.
File for the current year immediately, then retrospectively audit which prior years required a report. The report format is specified under the rules: number of complaints received, disposed of, pending, and cases forwarded to police. Establish a calendar reminder for annual filing — ideally by 31 January each year for the prior calendar year.
Section 19(c) and 19(d) require employers to organise workshops and awareness programmes for employees. More critically, Rule 13 specifies that sensitisation programmes must be conducted for IC members. Training without records is legally indistinguishable from no training at all: if you cannot produce attendance sheets, session content outlines, and sign-off documentation, a district officer will treat the training as having not occurred.
Conduct training if it hasn't been done. If training has been conducted without documentation, reconstruct records from calendar invites, presentation decks, email confirmations, and follow up with a signed attendance register at the next session. From this point forward, treat every training session as a legal event: agenda, attendance, facilitator sign-off, and digital storage of all materials.
Section 4(1) is explicit: the IC must be chaired by a woman employed at a senior level. Companies that have constituted ICs with male chairs — often a senior HR or legal head — are non-compliant regardless of how the rest of the committee is structured. This is a foundational error and cannot be patched by adding additional female members.
Reconstitute the IC with a woman Presiding Officer. If no suitable senior woman employee exists, the Act does not provide an exception — you must either promote someone to the required level or designate a senior woman from a different function. Reconstitution requires a new formal order. Prior IC activities conducted under the incorrectly constituted committee should be reviewed for procedural validity.
Section 19(b) requires employers to display information about the PoSH policy and IC constitution at a conspicuous place in the workplace. Section 19(e) requires that the policy be communicated to employees. A policy that lives in a shared drive no one accesses, or in an onboarding document no one reads, does not meet this standard. More practically, employees who don't know the policy exists cannot use it — which defeats the purpose of the Act entirely.
Distribute the policy to all current employees via email with read-receipts or acknowledgement signatures. Display the IC contact information and complaint procedure in physical or digital common areas. For remote teams, this means a pinned message in your primary communication channel. At every new hire onboarding, include policy review and acknowledgement as a formal step with documentation.
Run a quick self-audit against these five dimensions before a district authority does it for you. POSH360's free compliance audit will assess all five in a 45-minute call — with a written gap report you can act on immediately.