The legal infrastructure that supports a Series A is not built in the four weeks before due diligence. It is built from day zero.
Indian startups raise their first cheque on momentum. Series A diligence reveals what was deferred. Founders without vesting. IP not assigned. ESOP grants without a board approved plan. Customer contracts that are emails. Vendor templates with unlimited liability. The arithmetic is brutal: founders who built compliance from day zero close in eight weeks. Founders who did not close in six months or do not close at all.
Why Most Startups Have a Legal Time Bomb in Their Cap Table
Indian startups raise their first cheque on momentum: a working prototype, three pilot customers, a small team. The legal infrastructure is treated as paperwork to be sorted later.
Later arrives at Series A.
Series A diligence reveals: founders without vesting agreements who have already left with full equity, IP not formally assigned to the company because there was no IP assignment agreement, ESOP grants made without a board approved plan, employees engaged as consultants to avoid statutory contributions, customer contracts that are emails, vendor contracts that are vendor templates accepting unlimited liability for the startup, no privacy policy, GST returns filed late, board meetings that are WhatsApp messages.
Diligence findings translate into deal friction. The transaction either: gets delayed by months while remediation happens, gets repriced because risks are now visible, or fails because the cumulative findings exceed the investor's tolerance. Founders who built compliance from day zero close in eight to twelve weeks. Founders who deferred compliance close in six months or do not close at all.
This page sequences the legal infrastructure from incorporation through Series A. Build it in the right order at the right time, and the legal foundation supports growth instead of fracturing under it.
Step One: Choose the Right Entity Structure
The first decision is the entity structure. Three options matter for Indian startups.
Private Limited Company (Pvt Ltd). Suitable for startups planning institutional fundraising. Issues equity shares. Permits ESOPs. Standardises with global VC governance. Required for IPO path. Compliance burden is highest: board meetings, AGMs, statutory registers, returns to MCA, audit, secretarial compliance.
Limited Liability Partnership (LLP). Suitable for service businesses, bootstrapped operations, and partnerships. Lower compliance burden. Cannot issue equity shares. Unsuitable for institutional investment because LLP profit shares are not equity. Conversion from LLP to Pvt Ltd later is possible but creates tax complexity.
One Person Company (OPC). Suitable for solo founders without immediate fundraising plans. Single member, single director (with one nominee). Mandatory conversion to Pvt Ltd if turnover exceeds 2 crore or paid up capital exceeds 50 lakh. Useful structure for solo professionals but limited for growth.
For VC funded technology startups: Pvt Ltd is the answer.
The incorporation process is now substantially streamlined. SPICe Plus (Simplified Proforma for Incorporating Company Electronically) is a single integrated form that handles name reservation, incorporation, PAN allotment, TAN allotment, GST registration, EPF registration, ESI registration, professional tax registration (in select states), and bank account opening. The portal is integrated with MCA, CBDT, EPFO, ESIC, and state authorities. Average incorporation timeline is 7 to 14 days.
The Founders Agreement: The Contract That Determines Survival
The founders agreement is the contract between co-founders. It governs equity split, vesting, roles, IP, decision making, and exit.
Critical clauses:
Equity split. Specific percentages allocated to each founder, agreed before incorporation.
Vesting. Standard four years with one year cliff. No equity vests in the first year. After the cliff, equity vests monthly or quarterly. Founder leaving in month 11 leaves with zero. Founder leaving in month 18 leaves with 18.75%.
IP assignment. All IP created by founders related to the business is assigned to the company. Includes pre incorporation IP and IP created during the founder relationship.
Roles and responsibilities. Functional ownership clearly defined. CEO, CTO, COO. Avoids overlap and gaps.
Decision making framework. Ordinary decisions by the responsible founder. Material decisions by majority. Reserved matters (fundraising, M&A, strategic shifts) by unanimous consent.
Exit mechanics. Good leaver vs bad leaver definitions. Buyback rights. Right of first refusal on equity sales. Drag along and tag along after first institutional round.
Dispute resolution. Mediation followed by arbitration. Avoid court litigation between founders.
The founders agreement should be executed before or simultaneously with incorporation. After incorporation, vesting cannot be retrospectively imposed on already issued shares without restructuring. Read more in our dedicated founders agreement guide.
Statutory Registrations: The Compliance Foundation
The base set of registrations:
PAN (Permanent Account Number). Mandatory. Issued automatically with SPICe Plus incorporation. Required for all financial transactions.
TAN (Tax Deduction Account Number). Mandatory once you start deducting tax at source (TDS) from payments. Issued with SPICe Plus.
GST (Goods and Services Tax). Mandatory once turnover threshold is crossed. 40 lakh for goods (lower in special category states). 20 lakh for services. Voluntary registration is permitted and often advisable for B2B startups.
Shops and Establishments. State specific registration mandatory in most states for any commercial establishment. Karnataka, Maharashtra, Delhi, and other states require it within 30 days of starting operations.
Professional Tax. State specific tax on salaried persons in certain states (Maharashtra, Karnataka, West Bengal, others). Employer registration and monthly deductions.
EPF (Employees Provident Fund). Mandatory once employee count crosses 20. Some states have lower thresholds. Once registered, applies to all employees earning up to a specified wage cap.
ESI (Employees State Insurance). Mandatory once employee count crosses 10. Applies to employees earning up to 21,000 monthly.
MSME registration. Voluntary but valuable. Provides preference in government procurement, easier finance access, and certain subsidies. Free and online via Udyam portal.
IEC (Import Export Code). Mandatory for any cross border trade. Online via DGFT.
Sector specific. FSSAI (food), drug licence (pharma), TRAI (telecom), RBI (financial services), SEBI (capital markets), IRDAI (insurance). Sector dictates additional requirements.
Sequencing matters. Incorporate first. Then GST if applicable. Then state level registrations. Then EPF and ESI when employee thresholds are crossed. Then DPIIT.
DPIIT Recognition: The Asymmetric Benefit
DPIIT recognition is the single most underrated startup compliance step. It costs nothing. It unlocks substantial benefits.
Eligibility:
• Incorporated as Private Limited Company, LLP, or registered partnership
• Less than ten years old from date of incorporation
• Annual turnover not exceeding 100 crore in any financial year
• Working towards innovation, development, or improvement of products, processes, or services, OR having a scalable business model with high potential for employment generation or wealth creation
• Not formed by splitting up or reconstruction of an existing business
Benefits:
Income tax exemption (Section 80 IAC). Three consecutive years of tax holiday from any 10 year window post incorporation. Eligibility requires a separate certification from the Inter Ministerial Board.
Angel tax exemption (Section 56(2)(viib)). Exemption from tax on share premium received above fair market value. Critical for startups raising at high valuations.
Patent and trademark fast tracking. Up to 80% rebate on filing fees and expedited examination.
Fund of Funds for Startups. Access to capital deployed through SIDBI to AIFs that invest in startups.
Public procurement. Exemption from prior turnover and experience requirements in central government tenders.
Self certification. Self certification under nine labour laws and three environmental laws for the first three years.
Easy winding up. Fast track winding up in 90 days under the Insolvency and Bankruptcy Code.
Application is online via the Startup India portal. Documentation: incorporation certificate, MOA AOA, brief description of innovation, founder details. Most applications are processed within 4 to 6 weeks. Recognition is valid until the startup ceases to meet eligibility criteria.
IP Protection: The Asset Most Founders Underprotect
For most early stage startups, IP is the most valuable asset. Brand, code, algorithms, designs, content, customer data. Without IP protection, the company is unfundable.
Trademark. Brand name, logo, tagline. Register before public launch. Indian trademark registration takes 18 to 24 months but priority is established at filing date. Registered trademarks can be enforced in court. Unregistered marks rely on common law passing off claims which are harder to prove. Register in the relevant classes (Class 9 for software, Class 35 for marketing services, Class 42 for technology services, others as applicable).
Copyright. Source code, content, designs, training materials. Copyright arises automatically upon creation in India. Registration is not mandatory but provides evidence in disputes. Critical step: ensure the company owns the copyright through proper IP assignment from founders, employees, and contractors.
Patent. Novel technology, processes, methods. Patents require novelty, inventive step, and industrial applicability. File before public disclosure to preserve novelty. Indian patent prosecution takes 4 to 7 years. Provisional applications can establish priority while you finalise the complete specification.
Trade secrets. Algorithms, business processes, customer lists, pricing strategies. Trade secrets require confidentiality. NDAs with employees and contractors. Access controls on confidential information. Marking documents as confidential. Trade secrets remain protected indefinitely as long as confidentiality is maintained.
Domain names. Register the primary domain plus defensive variations and country specific domains where relevant.
Design registration. For products with distinctive industrial design. Registers the visual design (shape, configuration, pattern, ornament). Protection for 10 years renewable to 15.
The cost of day zero IP protection: 2 to 5 lakh for a baseline portfolio. The cost of remediating IP gaps before Series A: 10 to 30 lakh plus deal friction. The arithmetic is obvious.
Employment Framework: From First Hire to Series A
Even at 5 employees, the employment framework matters. By Series A diligence it must be substantively complete.
Appointment letters and employment contracts. Written documents specifying role, responsibilities, compensation, working hours, leave, confidentiality, IP assignment, non solicit, and termination. Indian Contract Act 1872 governs enforceability.
NDA and IP assignment. Standalone NDA and IP assignment with each employee, executed at joining. Assigns all IP created during employment to the company.
Employee handbook. Documenting workplace policies: leave, working hours, code of conduct, anti harassment, anti bribery, IT and data security, social media, expense reimbursement, exit. Provides clarity and protection.
POSH committee. Mandatory under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act 2013 once 10 or more employees are engaged. Internal Committee constitution, policy, complaint mechanism, annual report.
ESOP plan. Board approved Employee Stock Option Plan (ESOP). Approved by special resolution of shareholders. Grant letters to employees specifying number of options, exercise price, vesting schedule, and treatment on termination or company exit. ESOP design affects retention and exit outcomes.
Statutory deductions. Income tax (TDS), professional tax, EPF, ESI as applicable. Monthly deductions, monthly deposits, periodic returns.
Leave policies. Paid leave, sick leave, maternity leave (26 weeks under Maternity Benefit Act), paternity leave (often optional), bereavement leave, casual leave. Documented and applied consistently.
Termination procedures. Notice periods, payment in lieu, garden leave provisions where applicable, exit interviews, return of company property, post termination obligations (confidentiality, non solicit).
DPDPA from Day Zero: Build It In, Do Not Bolt It On
DPDPA 2023 has no startup exemption. Any startup processing personal data of Indian residents is a Data Fiduciary subject to the full set of obligations.
For a B2C startup with users in India, this means:
• Privacy notice in plain language available in English or Eighth Schedule languages
• Valid consent architecture: free, specific, informed, unconditional, with easy withdrawal
• Reasonable security safeguards proportionate to the data being processed
• Data Principal rights facilitation (access, correction, erasure, nomination, grievance)
• Data breach notification to the Data Protection Board within 72 hours
• Data Processing Agreements with all vendors handling personal data
• Cross border transfer arrangements where data leaves India
• Children's data protections if processing data of users under 18 (verifiable parental consent, no behavioural advertising)
For a B2B SaaS startup, additional obligations as Data Processor for customer data: DPA with each customer, sub processor management, breach notification chain.
Practical implication: build DPDPA compliance into the product from day zero. Privacy notice and consent flows during onboarding. Granular consent for marketing. User dashboard for accessing and exercising rights. Backend logs for accountability. Vendor DPAs with each tool used. Breach response runbook.
Retrofitting compliance after product market fit is significantly more expensive than building it in. Investors increasingly diligence DPDPA compliance during Series A. Read the DPDP Rules 2025 guide for operational details and the DPA drafting guide for vendor contracts.
Fundraising Readiness: From Term Sheet to Closing
Fundraising at seed and Series A involves a documented sequence.
Term sheet. Non binding (mostly) summary of commercial terms. Valuation, investment amount, type of security (typically Compulsorily Convertible Preference Shares for India deals or equity), liquidation preference, anti dilution, board composition, reserved matters, drag along, tag along, ROFR, ROFO, information rights, employment of founders, ESOP top up. The term sheet sets the framework. Negotiation here is more flexible than in definitive documents.
Due diligence. Investor diligence on legal, commercial, financial, tax, and operational matters. The legal diligence reviews everything outlined in this page. Findings translate into: deal proceeds with conditions, deal repriced, deal restructured, or deal aborted.
Definitive documents. Shareholders Agreement (SHA), Share Subscription Agreement (SSA), amended Articles of Association. The SHA governs ongoing investor rights. The SSA documents the investment transaction. The Articles incorporate the share rights and restrictions.
Conditions precedent. Tasks the company must complete before closing: regulatory approvals, statutory amendments, third party consents, tax clearances, repair of due diligence findings.
Closing. Investment funded. Shares issued. Board reconstituted. Director appointments and resignations. Statutory filings.
Post closing. Updated cap table. Updated statutory registers. ROC filings. Implementation of investor reserved matters and information rights.
Pre Series A clean up is a 4 to 6 month effort. Starting clean up after the term sheet is signed delays closing and creates leverage for the investor. Smart founders begin clean up before fundraising starts.
What You Need to Know
You are building a company. The legal infrastructure either compounds your value or undermines it. There is no neutral.
AMLEGALS advises Indian startups from incorporation through Series C: founders agreement, DPIIT, IP, employment, ESOP, DPDPA, fundraising. Speak with us at [email protected].
[email protected]