Book a free call

HR Policies for Startups in India: The Complete 2026 Guide

Last Updated on July 2, 2026 by

Which HR policies does an Indian startup actually need?

A 5-100 employee startup in India needs 9-12 core HR policies: appointment letters, leave, code of conduct, attendance, compensation, POSH (mandatory at 10+ employees), IT/data use, grievance redressal, and exit. Which ones are legally mandatory versus best-practice depends on your headcount and state.

Most founders don’t get this wrong because they don’t care. They get it wrong because nobody tells them the order things become mandatory. A 6-person startup and a 60-person startup don’t need the same HR policy stack, and building the 60-person version on day one wastes time you don’t have. Building the 6-person version at 60 employees gets you a labour inspection you didn’t see coming.

This guide breaks down exactly what you need, when it becomes legally relevant, and how to sequence it so you’re not scrambling to backfill compliance after the fact. If you’d rather skip the reading and start from a working document, grab the Startup HR Policy Pack — it’s a ready-to-edit employee handbook template built for this exact situation.

The 9-12 must-have HR policies for a growing Indian startup

1. Appointment letter and employment agreement template

This is non-negotiable from employee number one. Under the Labour Codes now in force, every employee must receive a written appointment letter — this is no longer optional or informal. It should cover role, reporting line, compensation structure, probation period, notice period, and termination terms. Get this wrong and every other policy sits on shaky ground, because the appointment letter is the legal anchor for the employment relationship.

When it’s legally relevant: Day one, employee one. No headcount threshold.

2. Code of conduct

Covers professional behaviour, conflicts of interest, use of company resources, confidentiality, and disciplinary process. This is where you set the tone for “how we work here” before culture calcifies into something you didn’t design. It also gives you a documented basis for disciplinary action if something goes wrong later — without it, terminations for misconduct become far harder to defend.

When it’s legally relevant: Best-practice from day one; becomes operationally necessary once you have more than one manager making judgment calls.

3. Leave policy

Casual leave, sick leave, earned/privilege leave, and how they accrue and carry forward. State Shops & Establishment Acts set minimum leave entitlements that vary by state, so a copy-pasted national template can under-deliver on what your state legally requires. This is one of the most common gaps HRTailor sees in founder-drafted policies — the numbers look reasonable but don’t match the applicable state law.

When it’s legally relevant: Mandatory under state Shops & Establishment registration, which most companies need from their first office or first employee.

4. Attendance and remote/hybrid work policy

Working hours, core hours for hybrid teams, late-marking rules, and work-from-home eligibility. Not heavily regulated in itself, but it interacts directly with wage deductions and standing orders once you cross the applicable headcount for those — so vague attendance rules become a liability once you’re big enough for formal standing orders to apply.

When it’s legally relevant: Best-practice early; the thresholds for formal Standing Orders under the Industrial Relations Code apply once a company crosses a certain establishment size, so tighten this up well before you get there.

5. Compensation and payroll policy

Salary structure, pay cycle, deductions, increments, and bonus criteria. This is the policy most directly reshaped by the new wage definition under the Code on Wages: allowances can no longer be structured to artificially shrink “wages” below the 50% floor of total remuneration. If your CTC breakup was designed pre-November 2025, it likely needs a review — this single change affects PF contributions, gratuity calculations, and overtime pay across the board.

When it’s legally relevant: Mandatory from your first payroll run; the 50% wage floor applies regardless of company size.

6. POSH (Prevention of Sexual Harassment) policy

A written policy plus a functioning Internal Committee (IC). The 10-employee threshold is the one founders most commonly miss, because it sneaks up during a hiring push and nobody circles back to check. Even below 10 employees, having a stated policy and grievance channel is good practice and reduces risk.

When it’s legally relevant: Internal Committee is mandatory once you have 10 or more employees. Below that, a written policy is best-practice but not yet a statutory requirement.

7. Statutory compliance and benefits policy

How PF, ESIC, Professional Tax, and gratuity apply to your team, and what employees should expect to see on their payslip. PF registration typically becomes mandatory once a company crosses a defined employee threshold (with voluntary registration possible earlier); ESIC has its own separate threshold and wage-ceiling rules. Because exact thresholds and wage ceilings are revised periodically, always confirm current figures rather than relying on a template written a year ago — our HR Compliance Checklist 2026 tracks the current 20-point list including these triggers.

When it’s legally relevant: Registration triggers apply at defined headcount thresholds; once registered, monthly compliance is ongoing regardless of headcount changes.

8. Performance and growth policy

Review cycles, promotion criteria, and how performance ties to compensation. Not a statutory requirement, but startups that skip this end up with ad-hoc, inconsistent decisions that look like favouritism from the outside — and that inconsistency is exactly what turns into a legal problem when a termination or non-promotion is challenged.

When it’s legally relevant: Best-practice; becomes protective once headcount is large enough that performance decisions can’t all be explained informally.

9. IT, data, and asset use policy

Device use, data handling, password practices, and what happens to company data and assets when someone exits. With India’s data protection law tightening enforcement expectations, this policy also needs to say something about how employee and customer personal data is handled — not just laptop return procedures.

When it’s legally relevant: Best-practice from early on; becomes higher-stakes once you handle customer or employee personal data at any real volume.

10. Grievance redressal policy

A clear channel for employees to raise concerns — about pay, treatment, management, or policy application — and a defined process for how those get resolved. This sits alongside POSH but is broader; it’s your general-purpose “how do I raise an issue” mechanism. Its absence is one of the fastest ways small workplace friction turns into a resignation or a legal notice.

When it’s legally relevant: Best-practice; increasingly expected as a baseline once you have more than a handful of employees and layers of management.

11. Travel and expense policy (as applicable)

Reimbursement limits, approval workflow, and documentation requirements. Relevant mainly once your team travels for work or incurs business expenses regularly — an early-stage 5-person team may not need this formalised yet, but it should exist before expense claims become a source of disputes.

When it’s legally relevant: Not statutory; sequence it in once travel or client-facing expense claims become routine.

12. Exit and full-and-final settlement policy

Notice period, handover process, and how full-and-final settlement (including gratuity where applicable and leave encashment) gets calculated and paid. Gratuity eligibility and the mechanics around it are among the areas most affected by the new wage definition, since gratuity is calculated on wages as newly defined under the Code on Wages. Get this wrong and you risk both underpayment disputes and compliance exposure.

When it’s legally relevant: Applies from your first exit, regardless of company size; gratuity-specific rules apply once eligibility conditions (including a minimum service period) are met.

Priority table: what’s mandatory vs. best-practice, and when it kicks in

Policy Mandatory or best-practice Trigger point
Appointment letter / employment agreement Mandatory Employee 1, day one
Compensation & payroll policy (incl. wage floor) Mandatory First payroll run
Leave policy Mandatory (state-specific minimums) Shops & Establishment registration
Statutory compliance (PF/ESIC/PT) Mandatory once thresholds crossed Headcount and wage-ceiling triggers (confirm current thresholds)
POSH policy + Internal Committee Mandatory (IC); policy is best-practice below threshold 10+ employees for IC
Exit / full-and-final settlement policy Mandatory in principle First exit
Code of conduct Best-practice Day one, tightens with team size
Attendance / remote work policy Best-practice; interacts with Standing Orders Formalise before Standing Orders thresholds apply
Performance and growth policy Best-practice Once informal reviews stop scaling
IT, data, and asset use policy Best-practice; higher stakes with personal data Early, tightens with data handling volume
Grievance redressal policy Best-practice, increasingly expected Beyond a handful of employees
Travel and expense policy Best-practice, situational Once travel/expense claims become routine

What changed for startup HR policies under the Labour Codes

India’s four Labour Codes — the Code on Wages, the Industrial Relations Code, the Code on Social Security, and the Occupational Safety, Health and Working Conditions (OSH) Code — came into force on 21 November 2025, replacing a patchwork of older labour laws. Two changes matter most for startup HR policy work:

  • Written appointment letters are now mandatory for every employee, not just a good idea. If your onboarding process has ever skipped a formal letter for an early hire or a “let’s sort the paperwork later” contractor-to-employee conversion, that’s now a compliance gap to close.
  • The definition of “wages” now requires at least 50% of total remuneration to count as wages (basic pay plus dearness allowance) for the purposes of calculating PF, gratuity, and other statutory dues. Compensation structures designed to minimise the “wages” component — a common cost-optimisation tactic under the old law — need to be reviewed, because they may no longer comply.

Beyond these two, the Codes also touch standing orders thresholds, social security coverage for gig and platform workers, and workplace safety obligations under the OSH Code — all qualitatively different from the pre-2025 regime, and worth a compliance review rather than assuming your existing policies still hold. For the fuller list of what’s changed and what to check, see the HR Compliance Checklist 2026.

Common mistakes founders make with HR policies

Copying a template and never touching it again. A generic policy pack downloaded once and forgotten doesn’t account for your state’s leave minimums, your actual headcount triggers, or law that’s changed since you downloaded it. Templates are a starting point, not a finished product.

Writing policies nobody has read. A policy that lives in a Google Doc nobody was told about isn’t a policy — it’s a liability with extra steps. If there’s ever a dispute, “we had a policy” only holds up if you can show employees actually received and acknowledged it.

Missing the POSH threshold. Founders track headcount for hiring plans and investor updates, but rarely for compliance triggers. Crossing 10 employees without an Internal Committee in place is one of the most common and most avoidable compliance gaps in Indian startups.

Treating compensation structuring as a one-time decision. CTC structures set up years ago, before the Labour Codes, may now fail the 50% wages floor. This isn’t something you fix once and forget — it needs periodic review as pay structures and law both evolve.

Assuming policies scale linearly with headcount. The jump from 9 to 10 employees (POSH) or from a small to a larger establishment (Standing Orders) isn’t gradual — it’s a threshold. Founders who plan for “we’ll deal with it when we’re bigger” often miss the exact point where “bigger” legally arrived.

No documented grievance process. Without one, small frustrations go unaddressed until they become resignations, glassdoor reviews, or legal notices. A simple, clearly communicated process prevents most of this.

How to sequence policy rollout in the first 90 days

You don’t need all 12 policies simultaneously — you need the right ones in the right order.

Days 1-30: Appointment letter template, compensation and payroll policy (with the 50% wages floor built in), and leave policy. These are the foundation every other policy sits on top of, and two of the three are non-negotiable from your very first hire.

Days 31-60: Code of conduct, attendance/remote work policy, and statutory compliance policy covering PF/ESIC/PT as applicable to your headcount. This is also the point to confirm whether you’ve crossed any registration thresholds and act on it, rather than discovering it during an audit.

Days 61-90: POSH policy (and Internal Committee if you’re at or approaching 10 employees), grievance redressal policy, IT/data use policy, and performance policy. Travel and expense policy and exit policy can follow shortly after, or sooner if you’re already onboarding at pace.

If you’re setting this up from scratch, the Startup HR Policy Pack gives you an editable starting point for all 12 areas in one document, so you’re customising rather than writing from a blank page.

Do it yourself, or hand it to someone who does this daily

Templates work well for founders with the time to customise and maintain them. Where teams usually get stuck is keeping policies current as law changes, as headcount crosses thresholds, and as edge cases (a difficult exit, a POSH complaint, a multi-state hire) come up that a static document doesn’t answer. HRTailor’s HR policy drafting service builds and maintains this for you as part of ongoing outsourced HR support, and our HR outsourcing for startups plans bundle policy work with payroll, compliance, and HRMS so nothing falls through the cracks as you grow.

Get your policies sorted this week

Start with the free Startup HR Policy Pack if you want to draft your own, or talk to HRTailor if you’d rather have a real HR manager set it up, keep it current, and run it for you as your team grows.

{“@context”: “https://schema.org”, “@type”: “FAQPage”, “mainEntity”: [{“@type”: “Question”, “name”: “Do startups in India legally need HR policies?”, “acceptedAnswer”: {“@type”: “Answer”, “text”: “Some policies are legally mandatory the moment you hire your first employee, such as appointment letters and PF/ESIC compliance once you cross registration thresholds. Others, like a POSH policy, become mandatory once you cross 10 employees. The rest are best-practice, not law, but skipping them creates real legal and operational risk as you scale.”}}, {“@type”: “Question”, “name”: “At how many employees does POSH become mandatory in India?”, “acceptedAnswer”: {“@type”: “Answer”, “text”: “The Prevention of Sexual Harassment (POSH) Act requires an Internal Committee once an organisation has 10 or more employees. Below that threshold, founders should still have a written policy and a stated grievance route, since the obligation to provide a safe workplace applies regardless of headcount.”}}, {“@type”: “Question”, “name”: “What changed for startup HR policies under India’s new Labour Codes?”, “acceptedAnswer”: {“@type”: “Answer”, “text”: “Since the four Labour Codes came into force on 21 November 2025, written appointment letters are mandatory for every employee, and the definition of ‘wages’ now requires at least 50% of total remuneration to count as basic pay plus dearness allowance. This affects how offer letters, salary structures, and compensation policies must be worded.”}}, {“@type”: “Question”, “name”: “Can I just copy an HR policy template off the internet?”, “acceptedAnswer”: {“@type”: “Answer”, “text”: “Generic templates cover the basics but rarely match your state’s specific rules, your actual headcount thresholds, or the post-Labour-Code wording changes. A template is a fine starting draft; it becomes risky when it’s never customised to your company or reviewed against current law before employees sign anything.”}}, {“@type”: “Question”, “name”: “Which HR policy should a startup write first?”, “acceptedAnswer”: {“@type”: “Answer”, “text”: “Start with the employment agreement and appointment letter template, since these are legally required from your very first hire. Follow immediately with a leave policy and code of conduct, then layer in POSH, attendance, and compensation policies as headcount and complexity grow.”}}, {“@type”: “Question”, “name”: “How much does it cost to get HR policies professionally drafted in India?”, “acceptedAnswer”: {“@type”: “Answer”, “text”: “Costs vary by scope, from a one-time template pack to full outsourced HR support. HRTailor’s outsourced HR plans for startups start at roughly Rs 10,000/month and include policy drafting as part of ongoing compliance management, which is usually more cost-effective than piecemeal legal drafting for a growing team.”}}]}

Free HR consultation — reply in 1 business dayBook a free call