Foreign Direct Investment and FEMA Compliance

The Foreign Exchange Management Act (“FEMA”) created in 1999 and governs foreign cross-border investments (Foreign Direct Investment or FDI). FEMA has stricter reporting and valuation obligations than the Companies Act. Given that FDI is common in the case of most Indian Start-ups, it is critical to have someone within the company with a proper level of legal knowledge (i.e. trained to understand the Foreign Investment Reporting and Management System (FIRMS) portal), as this person will be important for the company’s operations.

When an Indian company issues shares to a foreign investor, it must submit an FC-GPR (Foreign Currency-Gross Provisional Return) to the Reserve Bank of India within 30 days of the allotment of the shares; the FC-GPR filing requires the company to have attached to the FC-GPR a valuation certificate prepared by either a SEBI-registered Merchant Banker or a Chartered Accountant to confirm that the issuance of shares occurred at or above fair market value as determined by the method of Discounted Cash Flow (“DCF”), when determining fair market value. If there is a secondary transfer of shares between a resident individual and a non-resident individual, the company is required to submit an FC-TRS (Foreign Currency-Transfer of Shares) within 60 days.

If the timeliness of these reports is not met, the Reserve Bank of India (RBI) may initiate a compounding proceeding and impose fines ranging from INR 10000 to three times the amount of the transaction. The attestation/authorization of “Entity User” and “Business User” registrations on the FIRMS portal will be managed by an in-house legal employee. After this occurs, the authorization dealer (AD) bank will upload the Foreign Inward Remittance Certificate (FIRC) and all refundable items requiring Know Your Customer (KYC) documentation.

Additional criteria exist under FEMA regarding sector caps and entry routes for different business sectors. Most companies starting with respect to sectors will follow the automatic route, however, specific sectors such as e-Commerce may be subject to restrictions on “inventory-driven” business models or products. An internal attorney can monitor such changes in FATCA guidance, such as revisions to Foreign Exchange Management (Non-Debt Instrument) Rules (April 2024) increasing the level of compliance required of start-ups that receive FDI.

The Digital Personal Data Protection Act 2023: A New Compliance Pillar

The Digital Personal Data Protection Act creates a brand-new category of due diligence that all startups will have to consider. Now, investors view data privacy as one of the main legal risks, as opposed to simply being a technical risk. Startups will be classified as “Data Fiduciaries” under the DPDP Act and will be accountable for personal data they process. A Data Fiduciary (Section 8 of the DPDP Act) is vicariously liable for the acts of its data processors.

Therefore, if a startup engages a cloud company to process personal data on behalf of the startup, even if the cloud company experiences a data breach, the startup will also have liability for that breach. A startup will need to hire an in-house counsel for the purposes of writing and negotiating “valid contracts” with those data processors as required under Section 8(2) of the DPDP Act, specifically addressing items such as data deletion, audit rights, and breach notification in those contracts.

Under the Act, there are heavy penalties for failing to take ‘reasonable security safeguards’ against data breaches, with maximum fines of up to INR 250 Cr for negligence. Penalties for startups are often terminal. The internal legal counsel would need to create a data governance framework that identifies the data points of interest, establishes access controls, and confirms that consent is being obtained.

The DPDP Act also provides that users (Data Principals) have the right to access, correct and delete all their data as well as withdraw consent. An in-house legal hire must develop the operational processes for implementing these requests and ensure compliance with additional requirements because of being classified as a “Significant Data Fiduciary” (SDF).

Labour Code Reform 2025-2026: The New Compliance Era

With the issue of four Labour Codes on 21 November 2025, the Indian employment law landscape is going through a major overhaul. The Codes are the means to consolidate 29 Central Acts into a single digit-first (digital-first) compliance framework, applicable for start-ups.

The Code on Wages, for example, sets out a standard definition of “wages” for purposes of all four codes, and limits the allowance components (e.g., HRA, special allowances) of the total wage package (basic + allowances) to 50% of the wage package. To the extent that the allowances exceed 50% of the total wage package, the excess will be treated as part of the wage package, which will require an increase in the company’s liability under the Provident Fund (PF), Gratuity and ESI contributions (all of which are based on the ‘wage’ definition).

Therefore, hiring in-house legal resources that can assist companies with restructuring the components of salary to meet compliance obligations will be essential and will assist with managing the impact of such resourcing decisions on company cost-to-company (CTC) structures.

The Code on Social Security, 2020 brings several new benefits for gig and platform workers, which affects startups in the fintech and e-commerce industries as well. To support this initiative, the government has established a social security fund for unorganised workers and has outlined that commencing with the current reporting year, all startups in these sectors will be required to make contributions to the fund.

An internal legal professional is responsible for monitoring these new rules as they continue to evolve, in addition to ensuring that the employment contracts and policies of the company are kept current with respect to new statutory requirements concerning minimum periods of rest, maximum periods of work and safe working environments, as stated in the Occupational Safety, Health and Working Conditions Code, 2020. Compliance with the Prevention of Sexual Harassment (POSH) at Workplace Act, 2013 is a requirement and a non-negotiable that requires an Internal Complaints Committee (ICC) and annual reporting on an ongoing basis.

The Role of In-House Counsel in Transaction Execution

When a startup is in a funding round, the in-house legal staff shifts from being a compliance officer to becoming the lead negotiator.  Because of how close these individuals are to day-to-day business operations; they will have more detailed ongoing guidance than outside counsel would because outside counsel may not have the same level of detail about what is going on with the startup.

The in-house legal person has responsibility for the Virtual Data Room (VDR) and will be responsible for developing the structure of the folders that house each of the items on the investor’s checklist (corporate ownership, corporate capital history, commercial agreements, patents and copyrights, regulatory history, etc.). Therefore, by always being in a “diligence-ready” mode, the in-house legal staff will help to close a round of funding in a period that is 40% shorter than what someone else would plan for when a startup is running around trying to gather the necessary documentation after the signing of the term sheet.

The Share Subscription Agreement (SSA) and Shareholder Agreement (SHA) include extensive Representations and Warranties (R&Ws) in the company’s definitive agreements, which include assurances by the founders with respect to the company’s legal and financial health. Further, if any founders fail to fulfill the R&Ws, they may be subject to Indemnity Claims made by Investors to seek compensation from the Founders or the Company. A legal employee working for the company will conduct a thorough examination of each individual R&W clause.

Each R&W will be qualified by “knowledge” and “materiality,” with the “Disclosure Letter” containing a listing of all exceptions to the R&Ws. In addition, the in-house counsel will work with the Founders to negotiate “Indemnity Caps” and “De Minimis” standards to limit the Founders’ liabilities disproportionate to their actual claims against the Company. Although external lawyers will typically take an independent and conservative legal approach to the negotiations, in-house counsel has a complete understanding of the Company’s risk tolerance within the context of business and can negotiate terms that ultimately support the long-term growth of the business.

The Privilege Paradox in the Indian Legal Context

The limited scope of attorney-client privilege presents a distinct challenge for in-house counsel in India. Under Rule 49 of the Bar Council of India Rules stipulate that any Advocate who becomes an employee cannot be a full-time salary employee of any corporate entity.

As a result, if a lawyer in India takes on corporate work, they must surrender their Advocate certificate of practice and their status as an Advocate ceases to exist under statutory law. The Supreme Court of India confirmed this in its 2025 Suo Motu Writ Petition by holding that an in-house attorney is not entitled to any of the protections provided under Section 132 of the Bharatiya Sakshya Adhiniyam, 2023, since in-house attorneys were employees and did not create client communications in the ordinary course of their employment.

Nevertheless, Section 134 of this same statute provides limited protection to confidential communications between an employer and their “legal advisor.” Thus, while internal advice provided by an in-house attorney may not be privileged from disclosure in litigation, the in-house attorney is critical to managing high-stakes litigation or regulatory investigations by providing a conduit between the corporation’s internal risk management and its external Advocates who are entitled to full attorney-client privileges.

Conclusion: In-House Counsel as a Business-Critical Driver of Valuation

As finality sets in around the establishment of an in-house lawyer, it will prove to be one the most significant drivers for businesses to attain long term sustainability from their past successes while able to leverage those same successes for future growth opportunities. Both now, institutional and individual investors want companies to demonstrate commitment to sound governance as well as to “legal hygiene” at least as much if not more than the revenues generated by your firm, making legal consultancy services in india increasingly important.

When using an in-house legal professional to oversee the Virtual Data Room and provide consultation as requirements for compliance under various pieces of legislation including DPDP Act, 2026 Labour codes, and various other complex and multi-faceted requirements will allow your firm to achieve business-critical results. Start-ups with in-house legal hires are positioned to experience positive outcomes through more consistently higher levels of revenue per share created than through either due diligence or acquiring an external legal provider who must mitigate the same level or different levels of risk through various processes, highlighting the value of in-house legal recruitment.

Start-ups with in-house hire present an apparent demonstration of moving away from the “garage” stage of development and sending out a clear signal to the marketplace that your organization is on track to become a compliant, sustainable, institution which is scoped to be able to assimilate into a global marketplace.