India’s Prevention of Sexual Harassment framework, known as POSH, is one of the clearest statutory workplace compliance obligations in India. Rather than operating as a general workplace conduct policy, POSH creates a structured legal framework for how employers must prevent and respond to sexual harassment. It requires organisations to build awareness, train staff and Internal Committee members, provide clear reporting channels, investigate complaints fairly, keep proper records, and ensure that complaints are addressed through a legally compliant redressal process.
For Indian employers, POSH compliance should be treated as a standing governance obligation that they must take seriously. For foreign companies, including UK businesses with Indian offices, call centres, captive service centres, contractors or outsourced operations, a global anti-harassment policy may not, by itself, satisfy Indian legal requirements.
What is the POSH Act?
The Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 was enacted to protect women from sexual harassment at work and to provide a statutory mechanism for complaints. It gives effect to principles developed in the landmark Vishaka judgment, which recognised workplace sexual harassment as a violation of equality, dignity and the right to work in a safe environment.
The Act has three core functions.
- It prohibits sexual harassment of women at the workplace.
- It requires employers to take preventive steps, including policies, awareness programmes and safe working conditions.
- It creates a formal redressal mechanism through Internal Committees and Local Committees.
The statutory POSH framework is specifically designed to protect women from sexual harassment at work. However, employers often go further by adopting gender-neutral anti-harassment policies that extend comparable protections to all employees, while still maintaining the specific POSH procedures required for complaints brought by women.
That distinction is important to get right from a compliance perspective. Employers can and often should extend internal policies to all genders, contractors and third parties, but they still need to comply with the specific statutory POSH framework for complaints brought by women.
What conduct does POSH cover?
The Act defines sexual harassment against women broadly. It includes unwelcome physical contact or advances, demands or requests for sexual favours, sexually coloured remarks, showing pornography, and any other unwelcome verbal, non-verbal or physical conduct of a sexual nature.
It also recognises workplace circumstances that can turn conduct into sexual harassment, including implied or explicit promises of preferential treatment, threats of detrimental treatment, threats about employment status, interference with work, an intimidating or hostile working environment, and humiliating treatment likely to affect health or safety.
This is wider than obvious physical misconduct. Comments, messages, gestures, online behaviour, inappropriate video-call conduct, suggestive communications, coercive requests, retaliation and hostile work environments can all fall within the risk area.
The workplace is defined broadly
One of the most important features of POSH is the breadth of the term “workplace”. It includes private sector organisations, public bodies, hospitals, educational institutions, sports facilities, NGOs, service providers, offices, branches, units and places visited by an employee in the course of employment.
This means POSH risk is not confined to the office. It can extend to work travel, client meetings, offsites, training events, employer-provided transport, virtual meetings, messaging platforms and hybrid work arrangements.
Employers should avoid treating remote work as outside the POSH framework. If the conduct is connected to work, the compliance risk remains.
Core employer obligations
The employer has the primary duty to prevent, prohibit and redress sexual harassment. In practical compliance terms, that means every covered organisation should have:
- A written POSH policy that is tailored to the organisation, not copied from a generic template.
- A clear complaint route, including how complaints are made, who receives them and what happens next.
- An Internal Committee where the organisation has 10 or more workers.
- Regular employee awareness training.
- Specific training for Internal Committee members.
- Visible display of Internal Committee details and consequences of sexual harassment.
- Confidential records of complaints, inquiries, findings and action taken.
- Annual reporting and disclosures.
- Procedures for interim relief, non-retaliation and safe handling of evidence.
A major compliance mistake is assuming that having a policy is enough. POSH is procedural. Employers need to show that the framework works in practice.
Internal Committees: structure and role
Every employer with 10 or more employees must constitute an Internal Committee under POSH. For businesses with multiple offices, branches or administrative units in India, a single central committee will not always be sufficient. The Act requires Internal Committees to be constituted at all administrative units or offices where the workplace is spread across different locations, including divisional or sub-divisional levels. Companies can still maintain central oversight for consistency, reporting and governance, but they should map IC coverage locally and ensure that each relevant office or unit has a properly constituted committee, current member details, training records and complaint-handling procedures.
The IC must include a Presiding Officer who is a senior woman employee, at least two internal members who are committed to the cause of women or have relevant social work or legal knowledge, and one external member from an NGO, association or a person familiar with issues relating to sexual harassment. At least half of the IC members must be women.
IC members can serve for a maximum period of three years, so organisations need a renewal calendar. Expired, improperly appointed or conflicted committees create serious legal risk. If the committee is invalidly constituted, the outcome of an inquiry may be challenged even where the underlying investigation was conducted carefully.
For organisations with fewer than 10 workers, or where the complaint is against the employer, the matter goes to the Local Committee constituted at district level.
Complaints and inquiries under POSH
The POSH complaints process is more formal than many non-Indian employers may expect. In effect it is much more than an internal HR grievance or a general misconduct investigation. Once a complaint falls within the POSH framework, the Internal Committee has a defined statutory role, and the employer must be careful not to take over the process or treat it as an ordinary line-management issue.
A complaint should generally be made in writing within three months of the incident. Where the complaint concerns a series of incidents, the three-month period runs from the date of the last incident. The Internal Committee, or the Local Committee where applicable, can extend this by a further period of up to three months, provided there are reasons for doing so and those reasons are recorded. If the complainant is unable to make the complaint in writing, the committee must provide reasonable assistance so that the complaint can be properly documented.
For a business in the UK for instance, this can feel quite different from a more flexible grievance process. For example, if a UK-headquartered company has a customer support centre in Bengaluru and a female employee complains that a manager repeatedly sent inappropriate late-night messages after a work event, the issue should not simply be passed to HR in London to “look into”. If the complaint falls under POSH, the local Internal Committee should be engaged. The complaint should be recorded, the relevant timelines should be tracked, and the process should follow the statutory POSH route.
Before a full inquiry begins, the Act allows conciliation, but only at the request of the aggrieved woman. This is an important safeguard. The employer should not suggest conciliation as a way to make the matter disappear, and the complainant should not be pressured into accepting it. Any conciliation must be voluntary, properly documented and free from coercion. Nor can a monetary settlement be the basis of conciliation. In practical terms, this means an employer should be especially cautious about any resolution that looks like payment in return for silence or withdrawal. Conciliation may be appropriate in some cases, but it should never become a shortcut around a proper inquiry.
Where an inquiry proceeds, the Internal Committee is expected to conduct it in a procedurally fair way. It should give both parties an opportunity to be heard, consider relevant evidence, maintain confidentiality and keep a clear record of the steps taken. The inquiry must be completed within 90 days. After that, the committee provides its findings to the employer, or to the District Officer where the Local Committee is involved. If the allegations are proved, the committee can recommend action under the organisation’s service rules, compensation and other appropriate measures. The employer is then expected to act on the committee’s recommendations within the statutory timeframe.
Returning to the Bengaluru example, this means the Internal Committee would need to examine the complaint, review the messages, speak to relevant witnesses if necessary, give the manager an opportunity to respond, and produce a reasoned report. If the complaint is upheld, the committee might recommend disciplinary action, training, transfer, restrictions on contact, compensation or other workplace measures, depending on the facts and the company’s service rules. The employer should not ignore, dilute or informally renegotiate those recommendations simply because the senior manager is commercially important.
This is why POSH compliance needs strong documentation. IC proceedings may later be tested before courts, tribunals, regulators or government authorities. A brief conclusion saying that a complaint was “substantiated” or “not substantiated” is unlikely to be enough. The report should show what was alleged, what evidence was considered, how the committee approached the facts, whether the parties were given a fair opportunity to be heard, and why the committee reached its conclusion.
For any non-Indian companies where POSH is relevant, the safest approach is to treat POSH inquiries as a legally controlled process running alongside, not underneath, the company’s wider HR and disciplinary framework. HR, legal and senior management can support the process, ensure resources are available and implement recommendations. They should not compromise the independence of the Internal Committee or replace the statutory process with a familiar UK-style grievance handling model.
Training is mandatory under POSH
Training is a core part of POSH compliance. The Act does not allow employers to rely on a policy sitting in a handbook or an Internal Committee that only exists on paper. Employers are expected to organise workshops and awareness programmes at regular intervals to sensitise employees to the provisions of the Act, as well as orientation programmes for Internal Committee members.
For foreign and UK companies operating in India, this is an important distinction. POSH training is not just a general dignity at work session, and it should not be treated as a short add-on to a global anti-harassment policy. The training needs to explain the Indian legal framework, how complaints are made, what the IC does, how confidentiality is protected, and what employees and managers are expected to do if they experience, witness or receive a disclosure about sexual harassment.
A defensible POSH training programme should be role-specific. General employee training should focus on recognising sexual harassment, understanding workplace boundaries, knowing how to report concerns, and understanding protections against retaliation. It should include realistic examples, including digital communications, offsites, client events, work travel and remote or hybrid working.
Managers need a different level of training. They are often the first people to receive a concern, observe problematic behaviour or notice retaliation. Their training should cover how to respond to a disclosure without prejudging it, when to escalate a matter to the IC, how to protect confidentiality, how interim measures may work, and how to avoid informal handling that could undermine the statutory process.
Internal Committee members require the most detailed training as their role is not simply advisory. The IC performs a formal statutory function and must understand inquiry procedure, natural justice, evidence handling, witness interviews, timelines, confidentiality, report writing, recommendations and record keeping. Poorly trained IC members can create serious legal risk, because even a well-intentioned inquiry may be challenged if the process is flawed.
Senior leadership should also be trained. POSH compliance is increasingly a governance issue, especially given the greater focus on annual reporting, Board Report disclosures, SHe-Box visibility and court scrutiny. Leaders need to understand that they are responsible for resourcing the IC, ensuring training takes place, monitoring compliance, and supporting a culture where complaints can be raised safely.
Annual training is widely used as the practical baseline, with onboarding training for new joiners and refresher training when policies, laws, reporting systems or IC membership changes. Employers should also keep proper evidence of completion, including attendance records, training dates, materials, completion certificates and summaries of the topics covered. These records are not just administrative. They may be needed for annual POSH reporting, audits, board disclosures, litigation or client due diligence.
For international employers, this is where high-quality training matters. VinciWorks’ sexual harassment training is well recognised in the UK compliance market for moving beyond abstract policy statements and focusing on practical, scenario-based learning. Its approach helps organisations explain what harassment looks like in real workplace situations, how employees should report concerns, how managers should respond, and how employers can evidence that training has been delivered. For UK and global companies operating in India, that experience is especially useful: POSH compliance must be locally accurate, but it also needs to be understood by head office, HR, legal, managers and employees who may be more familiar with UK-style harassment and grievance processes.
A strong POSH programme should therefore combine Indian legal accuracy with practical workplace training. Employees should know what conduct is prohibited. Managers should know when and how to escalate. IC members should be prepared to conduct a fair inquiry. Senior leaders should understand their governance responsibilities. And the organisation should be able to prove, if challenged, that training was regular, relevant, documented and effective.
What is new in POSH for 2026?
The core POSH Act has not been replaced by a new 2026 statute. The legal framework remains the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013. What has changed is the compliance environment around it. POSH is increasingly being treated as a governance, reporting and audit issue, rather than a policy that HR can update once and then leave in place.
The most visible development is the growing role of SHe-Box, the government’s digital platform for workplace sexual harassment complaints and POSH implementation. SHe-Box is designed to support complaint routing, workplace onboarding, and visibility of Internal Committees and Local Committees. It does not replace the employer’s obligation to constitute and operate a valid IC, investigate complaints properly, train staff and file annual reports. However, it does mean that complaints and committee information may now sit within a more traceable government-monitored system. For employers, that raises the stakes. Outdated IC details, unclear complaint routing, missed timelines or poor documentation are more difficult to defend when complaints can be routed or monitored through an official portal.
The 2025 Board Report disclosure changes are also now part of the live compliance calendar. From July 2025, Indian companies have been required to include more detailed POSH information in their Board Reports. This includes the number of sexual harassment complaints received during the year, the number disposed of, and the number pending for more than 90 days. The revised reporting framework also brings workforce gender composition into the disclosure environment. This moves POSH closer to board-level governance. Companies now need data that is accurate, current and capable of being signed off, rather than informal HR notes or incomplete local records.
Court scrutiny has also intensified. In Aureliano Fernandes v. State of Goa, the Supreme Court highlighted the need for proper constitution and functioning of committees, procedural rigour and adherence to natural justice. The lesson for employers is that the process matters. A POSH inquiry may fail, or become vulnerable to challenge, if the committee is not properly constituted, the parties are not treated fairly, the evidence is not handled properly, or the report does not explain how the committee reached its conclusions.
Recent case law has also made clear that POSH issues can arise across organisational boundaries. In Dr Sohail Malik v. Union of India, the Supreme Court confirmed that the Internal Committee at the aggrieved woman’s workplace may have jurisdiction even where the respondent works in a different workplace. For companies, this is particularly important where employees interact with clients, vendors, consultants, outsourced teams or group company staff. A complaint should not be dismissed simply because the alleged harasser is not employed by the same legal entity. The organisation may need to cooperate with another employer, preserve evidence, support the IC process and consider disciplinary or contractual action where appropriate.
For 2026, the practical message is that POSH compliance needs evidence. Employers should be able to show that their ICs are validly constituted, members are trained, external members are properly appointed, policies are current, employees have received awareness training, complaints are logged, timelines are tracked, reports are reasoned, annual returns are filed and Board Report disclosures are supported by reliable data.
This is especially important for international groups. A UK parent company may be used to treating harassment as part of a broader dignity at work, grievance or disciplinary process. In India, POSH creates a more formal statutory structure. The organisation needs a local IC, local reporting discipline and India-specific documentation. Global policies can support that framework, but they cannot replace it.
What foreign and UK companies need to know about POSH
Foreign companies operating in India must comply with POSH in India. A UK head office, global HR policy or group-wide grievance system does not remove the need for local Indian compliance for POSH.
If a UK company has any Indian subsidiary, branch or office with 10 or more workers, it should assume an Internal Committee is required. The IC should be properly constituted under Indian law, not merely under group policy.
This is particularly relevant for foreign and UK businesses using Indian subcontractors or outsourcing partners. The Indian supplier remains responsible for its own POSH compliance, but the UK company should not ignore the issue. Supplier contracts should require POSH compliance, IC constitution where applicable, employee training, annual reporting, confidentiality, non-retaliation and cooperation with investigations.
Where Indian subcontractors provide services to UK clients, the risk can be cross-organisational. A complaint may involve a UK employee, an Indian employee, a contractor, a client representative, a visitor or a manager employed by another entity. The organisation should know in advance which policy applies, which committee has jurisdiction, how evidence will be shared, and how confidentiality will be preserved.
UK companies should also be careful about data protection and confidentiality. POSH proceedings involve sensitive complaint information, witness statements and employment records. Any sharing with a UK parent company should be limited, need-to-know, lawful and aligned with confidentiality obligations under Indian law as well as applicable data protection requirements.
The best approach is to treat POSH as part of third-party risk management. If a UK company relies on an Indian call centre, BPO, software development partner or back-office provider, due diligence should include POSH. That means asking whether the supplier has an IC, whether it has trained staff, whether annual reports are filed, whether SHe-Box or state-level registrations are current, and how complaints involving client personnel are handled.
A practical POSH compliance plan for 2026
Employers should start with a structural review. Map every Indian office, branch, unit and administrative location. Confirm headcount, IC coverage, external member appointments and committee tenure. Check whether state or district-level registration requirements apply.
Next, update the POSH policy. It should cover physical and virtual workplaces, client interactions, offsites, travel, employer-provided transport, remote work, messaging tools, retaliation, confidentiality and third-party conduct.
Training should then be refreshed. Employees, managers, leadership and IC members need different versions of POSH training. Attendance, completion certificates and training materials should be retained.
The complaint process should be tested before a complaint arises. Employers should know who acknowledges complaints, who assists with written complaints, how conflicts are managed, how interim relief is considered, how evidence is preserved, how timelines are tracked, and how reports are finalised.
Finally, reporting should be centralised. HR, compliance, legal and company secretarial teams should maintain a POSH dashboard covering complaints, disposals, pending cases, IC composition, training, awareness programmes, SHe-Box or state registrations, annual reports and Board Report disclosures.
