PoSH in Your Board Report: The Complete Guide to MCA’s 2025 Amendment

For years, India’s most common PoSH disclosure in a Board Report read something like this: The Company has complied with the provisions relating to the constitution of Internal Complaints Committee under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.

One line. No data. No accountability. No way for a shareholder, regulator, or employee to know whether that statement meant anything in practice.

That era is over.

On 30 May 2025, the Ministry of Corporate Affairs issued the Companies (Accounts) Second Amendment Rules, 2025 effective 14 July 2025 and changed what every Indian company must now disclose about its PoSH compliance in its Board’s Report. The amendment is not a bureaucratic tweak. It is a fundamental shift in how the Indian state holds companies accountable for workplace safety. And in the shadow of the TCS Nashik case, it could not be more timely.

This is the complete guide, what changed, what you must now disclose, what the penalties are, and what your organisation needs to do before your next Board Report is filed.

What Changed: From Declaration to Data

Until July 14, 2025, Rule 8(5)(x) of the Companies (Accounts) Rules, 2014 required companies to include in their Board’s Report only a single, vague statement confirming that the Internal Committee had been constituted under the PoSH Act. Nothing more.

The 2025 Amendment Rules have substituted that requirement with something far more substantive. Companies must now disclose, with actual numbers:

1. The number of sexual harassment complaints received during the financial year
2. The number of complaints disposed of during the financial year
3. The number of complaints pending for more than 90 days

Additionally, as part of the prescribed Extract of Board Report (the new e-Form now filed with the Registrar of Companies), companies are required to report:

4. Gender composition of the workforce the number of women, men, and transgender employees as on the closure of the financial year

The amendment also inserts Rule 8(5)(xiii), requiring a separate statement confirming compliance with the Maternity Benefit Act, 1961  but that is a separate disclosure obligation from PoSH.

What the MCA has done, in effect, is move PoSH from an assertion to an audit trail.

Why the 90-Day Disclosure Is the Most Critical Number

Of the three PoSH data points now required, the one that carries the most institutional weight is the third: cases pending for more than 90 days.

Here is why that number matters so much.

The PoSH Act mandates that the IC complete its inquiry within 90 days of receiving a written complaint. That is a statutory deadline, not a guideline. Every case that crosses the 90-day mark is, by definition, a procedural lapse and now that lapse must be reported publicly, in the Board’s Report, filed with the Registrar of Companies, accessible to shareholders, investors, and regulators.

Before this amendment, a company could sit on an unresolved case indefinitely with no external visibility. The complaint was an internal matter. Now, the board is required to put that number in front of its shareholders.

Think about what that means for governance. The Board of Directors  not just HR, not just the IC is now accountable for whether PoSH inquiries are being resolved on time. That accountability was implicit before. It is now explicit, measurable, and legally enforceable.

Who Does This Apply To?

The mandatory disclosure requirements apply to all companies required to submit a Board Report under Section 134 of the Companies Act, 2013.

This is broader than it sounds. It includes:

• • All public limited companies, listed and unlisted
  • All private limited companies required to prepare Board Reports under the Act All companies required to maintain accounts under the Companies Act

Even companies with fewer than 10 employees, which are not required to form an IC under the PoSH Act, must now make a general compliance declaration or expressly state the non-applicability in their Board Report. There is no company incorporated under the Companies Act that is entirely exempt from this disclosure obligation.

One Person Companies (OPCs) and Small Companies receive limited relief under Section 446B, with penalties reduced to half the standard amount. But the disclosure obligation itself still applies.

The Penalty Landscape: A Dual Enforcement Regime

The 2025 Amendment creates what legal experts are calling a dual enforcement framework exposure under both corporate law and PoSH law simultaneously.

Under the Companies Act, 2013 (Section 134(8):

Default	Penalty
Company	Up to ₹3,00,000
Every officer in default	Up to ₹50,000 per officer
OPCs, Small Companies, Startups (Section 446B)	Half the standard penalty (max ₹1,50,000 for company; ₹25,000 per officer)

These penalties apply not just to non-disclosure but to omission or inaccuracy in the Board Report. A company that reports zero complaints when complaints were in fact received informally or formally faces exposure for misstatement.

Sections 448 and 449 of the Companies Act, relating to false statements and false evidence, apply to AOC-4 filings. The MCA has expressly drawn attention to these sections in the amendment’s notification.

Under the PoSH Act (Section 26):

Default	Penalty
First offence	Fine up to ₹50,000
Repeat contravention	Higher penalty, and/or cancellation or non-renewal of business licence or registration

A failure to constitute a proper IC, failure to conduct training, or failure to report  any of these can now trigger action under both frameworks simultaneously. The MCA has, in the words of one legal analysis, turned the Companies Act into a co-enforcer of social legislation.

This is not theoretical. The ROC in Bengaluru imposed penalties on a company for failing to disclose IC constitution in its Board Report for financial years 2019-20. As scrutiny increases post-Nashik, enforcement of the 2025 requirements is likely to be significantly more active.

The Gender Composition Disclosure: Why It Is More Significant Than It Looks

Buried in the prescribed format for the Extract of Board Report is a requirement that deserves its own discussion: the disclosure of gender composition  specifically, the number of women, men, and transgender employees as of financial year-end.

This is notable for two reasons.

First, the explicit inclusion of transgender employees is a first for corporate disclosure law in India. The Business Responsibility and Sustainability Report (BRSR) framework  which applies to the top 1,000 listed companies by market capitalisation  does not currently require this level of gender disaggregation. The 2025 Amendment has leapfrogged the existing ESG reporting framework in this respect.

Second, this disclosure has immediate practical implications for HR data systems. Most companies currently collect gender data at the point of onboarding  but many do so in binary terms. The new requirement means organisations must now have systems capable of recording and reporting non-binary gender data. For companies that have not yet updated their onboarding forms and HRMS configurations, this is an urgent to-do.

The efficacy of this initiative, as legal experts have noted, will depend on whether employees feel safe enough to self-identify. But the obligation to have the system and the data is now on the employer.

The Connection to SHe-Box: A Joined-Up Enforcement Ecosystem

The 2025 Amendment does not exist in isolation. It is part of a broader tightening of PoSH enforcement that has been building since the Supreme Court’s directions in   in which the Court described the implementation of the PoSH Act as lamentable, particularly in the private sector.

That case prompted the Court to direct all states and union territories to conduct district-wise surveys verifying IC constitution, and to upload findings to the SHe-Box portal. In August 2025, the Court went further, directing Labour Commissioners and District Officers to collect and transmit compliance data, with Chief Secretaries made responsible for the process.

The SHe-Box portal has now onboarded over 148,700 workplaces. The MCA’s Board Report disclosure requirement creates a second, parallel data trail  through the Registrar of Companies  of how many complaints organisations are receiving, resolving, and sitting on.

Read together: the SHe-Box portal gives the government visibility into IC constitution. The Board Report data gives investors and regulators visibility into complaint outcomes. Neither tells the complete story on its own. Together, they create the most comprehensive PoSH enforcement architecture India has ever had.

What the Amendment Means for Your HR, Legal, and CS Teams

This is where the amendment becomes operational. The Board’s Report is not an HR document  it is a statutory document signed off by the Board of Directors, certified by the Company Secretary, filed with the Registrar of Companies, and placed before shareholders at the AGM. Getting the PoSH data wrong  or omitting it  is not an HR oversight. It is a corporate law default.

Here is what needs to change in your processes.

1. Build a Real-Time Complaint Tracking System

If your organisation does not have a system that tracks every PoSH complaint  from the date it is received, to the date of disposal, flagging cases crossing the  90-day marks  you  need one now. Spreadsheets managed by one HR executive are not sufficient. The IC’s records must be systematically maintained in a format that can be aggregated for the Board Report at year-end.

2. Define Received Clearly  and Consistently

One of the most consequential questions raised by the new disclosure is: what counts as a complaint received? The PoSH Act refers to a written complaint under Section 9. But what about verbal complaints, informal reports to managers, or ethics hotline reports that never resulted in a written complaint to the IC?

The TCS Nashik case has put this question front and centre. TCS disclosed 125 POSH cases in FY25  but the Nashik complaints were not among them, despite being raised informally over four years.

Organisations must now define, document, and consistently apply a policy on what constitutes a received complaint. If informal complaints are being received and redirected outside the IC’s formal process, that gap must be closed  not only as a matter of ethics, but because under the new disclosure regime, any misstatement creates legal exposure.

3. Pull the IC and HR Into the Board Reporting Cycle

Historically, IC records and Board Report preparation have lived in different parts of the organisation, reconciled only at year-end. That cannot continue. The IC Presiding Officer, HR, Legal, and the Company Secretarial team must now have a shared data workflow  with clear ownership for ensuring PoSH data is accurate, verified, and ready for the Board Report by the filing deadline.

4. Update Your HRMS for Gender Composition Data

If your HR system does not currently allow employees to self-identify as transgender, this is the year to change that. Update onboarding forms, HRMS configurations, and workforce headcount reports. Communicate to employees sensitively, with context why this data is being collected and how it will be used.

5. The Board Must Own This Not Just HR

This is the most important cultural shift the amendment requires. PoSH compliance has long been treated as an HR function. The 2025 Amendment makes it a board-level responsibility by putting the data in a document that the board signs off on and that is filed with the Registrar of Companies.

This means the Board should be receiving PoSH data as part of its regular governance reporting not just at year-end when the Board Report is being drafted. IC annual reports should be placed before the board, not just filed with the District Officer. If even one case is pending beyond 90 days, the board should know about it before it appears in a statutory filing.

The Opportunity Within the Obligation

It would be easy to read the MCA’s 2025 Amendment purely as a compliance burden. It is not.

For organisations that are genuinely committed to safe workplaces, this amendment is an opportunity to demonstrate that commitment in a form that is verifiable, comparable, and public. Investors  particularly ESG-focused institutional investors  are increasingly scrutinising workplace safety disclosures. Global peers like Microsoft, Salesforce, and Tata Steel have long disclosed granular harassment complaint data in their annual reports. The MCA’s amendment brings Indian corporate reporting into alignment with those expectations.

For employees, particularly women, the amendment sends a signal: the company cannot simply say it is compliant and move on. The data is now on record. And if the data does not match the reality  if zero complaints are reported year after year from a workforce of thousands that is itself a signal that something is wrong.

For HR and compliance professionals, the amendment provides the institutional backing to argue for the resources, systems, and board attention that PoSH programs have historically struggled to obtain. When the Board Report is at stake, the conversation changes.

A Quick Compliance Checklist for Your Next Board Report

Before your Company Secretary drafts the PoSH section of your Board’s Report, run through this:

• Do you have a complete record of all PoSH complaints received during the financial year, including date of receipt?
• Do you have a complete record of all complaints disposed of, including date of disposal and outcome?
• Are there any cases where the 90-day inquiry timeline was breached? If so, do you know why, and has the board been informed?
• Is your IC properly constituted at every workplace/location not just at headquarters?
• Are your IC members’ tenures still valid?
• Does your IC Annual Report cover the same period as your Board Report, and has it been submitted to the District Officer?
• Do you have headcount data broken down by women, men, and transgender employees as of financial year-end?
• Has your Company Secretary aligned the PoSH disclosure language with the revised Rule 8(5)(x) not just the pre-2025 boilerplate?
• Has the board reviewed and approved the PoSH disclosures before filing?

The Bottom Line

The MCA’s 2025 Amendment has done something no amount of internal training or policy documentation could achieve: it has made PoSH compliance visible, measurable, and publicly accountable at the board level. It has pulled the Internal Committee’s work out of the HR filing cabinet and placed it, as numbers, in one of the most scrutinised statutory documents an Indian company produces.

The one-line era of PoSH compliance is over.

The organisations that respond by building real systems  accurate complaint tracking, genuinely functional ICs, board-level governance of harassment data  will be ahead. The ones that simply rephrase their old boilerplate to include three numbers will find that the regulators, investors, and employees watching those numbers can tell the difference.

Need help getting your PoSH Board Report disclosure right?

At Kelp, we help organisations audit their IC frameworks, build compliant complaint tracking systems, and train the HR and legal teams who are now accountable for the data in your Board Report. Take our free PoSH Diagnostic at kelphr.com, or reach out to our advisory team to schedule a PoSH compliance review before your next filing cycle, because the numbers in your Board Report should reflect a workplace where people are genuinely safe not just a workplace that looks compliant on paper.